Bitcoin Forum

I need the help of kind individuals and generous faucet owners who have build security around their faucet to help me out with any available and working security measure that could be implemented to secure faucets from hack and bot activities.

On 1st of July 2016, it was just like a dream to me when I checked my balance and it was reading 456 satoshi whereas the night before i went to bed it was 4 337 968 satoshi: https://postimg.org/image/f99gg063r

Though I wish to continue, but I really worried at the moment. There is something I tried to understand in this whole issue. 2 weeks before this very hack, I experienced such attempt, 5, 600 000 satoshi disapeared from my balance, but immediately I reported the issue to faucet box not up to 5 minutes the balance was returned, and faucetbox did not return a mail to this effect till today.

When the second one happened, I was already sleeping but once I noticed it and mailed them, the same scenario happened agained. After 3 minutes of sending the mail to faucetbox, when I checked my faucet site, I discovered the balance was returned again. Then I logged into faucetbox account area, to confirm the balance, unfortunately it didn't reflect. I returned back to my faucet site, the balance returned to 456. I was on a confused state. Another mail to faucetbox returned a reply:

"Hello,

We cancel this payout and returned coins to you.

Kind regards
Marcin"

I returned another mail with explanation of what I noticed and informed him that the balance is back to 456 satoshi.

This was his reply againn on the second of July 2016

"Hello,

We're really sorry, but there's nothing we can do now. The 0.04340155 BTC which was claimed by 18aewAbuAoHwQ3icyng6ykYj1NfUH6bQnJ was payout before you send us a message.

It looks like someone have access to your faucet's admin panel or know your api key. Why don't you have ACL enabled? Have you set up Send Limits? If you're using our Faucet Script you can also disable admin panel i config.php.

Kind regards
Marcin"


He gave me some security tips and I tried all, but I am not comfortable with the response because my hosting company told me they saw some vulnerability in funcaptcha.php.


Hi there,  After thorough analyzing the logs, our technicians didn't find any vulnerability or any suspicious activity on server from the given dates. But instead, vulnerability was found on the codes (in file /libs/funcaptcha.php => function => getIP( )).  Please consider to check this from your end.
Best regards  Michael

public function getIP() { if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { return $_SERVER["HTTP_X_FORWARDED_FOR"]; } else if (isset($_SERVER["REMOTE_ADDR"])) { return $_SERVER["REMOTE_ADDR"]; } else if (isset($_SERVER["HTTP_CLIENT_IP"])) { return $_SERVER["HTTP_CLIENT_IP"]; }

Greetings,  Thank you for contacting email support services.  HTTP_X_FORWARDED_FOR should never be used as a means to validate the user’s IP and if the coder outputs this data then there would be a problem of attacker being able to fake their IP but the "safe" data becomes a XSS injection point.  So filtration of all user supplied data including User-agent etc is needed. PHP code with just $_SERVER[‘HTTP_X_FORWARDED_FOR’] shouldn't be blindly trusted.  You may try to do a Google search for "XSS injection point" for more information about this vulnerability.  Please do not hesitate to contact us again via our chat or email support services as we are more than willing to assist you with any concern you may have regarding your account with us.
Best regards

I'm not a coder, I don't know much of this. This info was forwarded to faucetbox but uptil date they have not returned a mail with any detail.

This gives me so much worries, as I don't know what to hold on or even trust. I think of switching to another script.

I will appreciate if there are kind hearted faucet owners here that could help me with any security advice, general advice about switching to another script that is more secure if any, or just anything that could help me move on with this.

Thank you

What script did you use? did you use the faucet script from faucetbox. or you down the script from share by someone?

I think you have used same passwords for all accounts , some one who knows ur password as accessed ur faucet box and withdrawn your balance or used ur API key and withdrawn all ..

U can use faucet box script only but with some measures ,
Change password for admin panel
Change faucet box password
Enable 2FA authentication on faucet login
Set limit for withdraw within 30 minutes
Block TOR browsing
Block VPN
Block IP address in .htacess file (search for avoid bot articles on forum)

You can contact any time for any suggestions.

Make sure you dont have a keylogger installed on your computer !!

i got similar problem long time ago,

it's solved once i Enable 2FA authentication on faucet login  ;)

Additional to that is, DO NOT put too much funds on your faucet. Too much amount of funds on faucet can also attract stealers.
IMO, it is better to refill your funds daily with very small amounts than fill your faucet with big amount in one shot.

It seems that your faucet isn't drained by bot, someone has your passwords. Run AV, enable 2FA, change passwords and that should solve problem.

This is not a usual bot attack where bot uses different proxies and claim in different addresses. I think your faucetbox account got hacked and hacker had made manual payment to his address.

The first time, it was the fiverr guy who installed the script, so I do't know the version of faucetbox script he used, the second time, the guy in guru and freelancer did, same thing, but the third one, I did it myself using the most current faucetbox script. Yet I got attacked.

The guy from fiverr who first install the script had my database password. the scond guy from guru and freelancer also had my passwords, I don't use same password for all logins, the problem is that, I gave him all passwords related to my domain to enable him do the job, then I forgot to change database password, I left fttp access open. So it is easy for anyone who has faucetscript database info to access admin panel. Though my faucetbox account itself is secured, no one can access it because I didn't share the password and Im using a unic ogin info. But I didn't control payout limit from faucetbox account section. So I have learnt alot after these attacks and Im still learning. The big problem is that you can find anyone trust worthy in this niche to help, everyone with evil and negative interest even when you are paying.


Right now I want to install the ntibot link script,

Thank you alfaboy23, I have learn a lot of lessons which will help me as I make progress. I am trying to install antibot link now

Bro You made a Big Mistake That You are Funding Your Faucet with Very High Amounts Because if you Fund Your Faucet with High Amounts It will Attract Scammers to Steal your Faucet Balance So I Suggest you to Fund your Faucet With Small amounts daily and Also Enable 2FA Authentication for Faucet Login.....

That was the first thing i noticed too, a faucet with a balance of 0.04btc plus, not many faucets would need that much to get through a day or 2
Try topping up more regularly with smaller amounts., good luck.

check your login history : https://faucetbox.com/en/dashboard/security/login-history (https://faucetbox.com/en/dashboard/security/login-history)   ;D

Hello everyone,

I want to thank you all who contributed in one way or the other in my case.

Most of the advice you gave had been implemented before I made this post, I also got other advice from you which helped me to implement more security measures.

Really the hack wasn't a bot, it was the guy from gurru.com and freelancer.com who installed the faucetbox script the second time on my domain that hacked and stole the coin through my faucetbox admin panel. I have a chat script on my faucet, this script gives me details about live visitors on my site. This thief after stealing my coin droped me a message on the chat, and his IP was recorded, but the chat company sent his message to me via email since I was not online at that time. When I checked the email header, the IP was russia, then from that time we kept communicating. hE Had sent me this mail to tell me that I am scaming people with my faucet, trying to present himself as the owner of coinrotator.com. I was very careful with him as he tried to offer me assistance to install my faucet with antibot link script. Here is the site he claim to be his own: http://www.satoshiworld.club

His name on file while using my faucet chat tool is Edward Kenny, so it was recorded, then one day I saw the same name navigating through my site and I said you are the same edward who has been mailing me, behold the edward was now living in bangladesh, while his email header read russia. I was so angry and I attacked him with words and he later accepted that he hacked my faucetbox admin through recaptcha php, see his mail bellow:


Re: Responding To Your Message About Bitcoin Lordz
6 August 2016  13:26  49 KB
From:
Edward Kenway
To:
@bitcoinlordz.com

"Please Think that I have borrowed your money...

On Fri, Aug 5, 2016 at 3:58 PM, Edward Kenway <edwardkenwaywd@gmail.com> wrote:
Don't worry dear. Yes, I have stolen 0.04340155 BTC from you via recaptcha.php. I have invested it into a market. I didn't want to steal it, but some occurrence made me to do this. And when I stole it, I thought that, when I will return your money, I will return the double. Remember, I will return your money. I don't want to make you cry. I thought that, you are very rich person and 20$ would not be a lot of money to you. But, now I understood and Acknowledge that what have I done. I am sorry. I will not return the money, but return the double, I promise. But, I need somedays to collect money.

On Fri, Aug 5, 2016 at 12:57 AM, Bitcoin Lordz <@bitcoinlordz.com> wrote:

what interest do you get in doing all these? These satoshis you go about stealing from people who working hard to invest will not take you anywhere, rather it will only destroy you and your generation and anyone you spend them on. You claim to be from islamic religion and you say it is a religion of peace, but I see so many people in the islamic religion doesn't have human feelings, they don't have good heart for others and they are very mean in all attitude deep inside their hart is black. But I keep asking what gain in all these? The same religion hate stealing, lies, inpersonification, and all kinds of wickedness yet you indulge in them. Remember that whatever you do to someone somewhere, might be done to you or even to a member of your family and even worst. God is able to punish you in his own way. He can decide to take your life, the life of your child, your mother, your father or any one you love, especially those that compromise with you in your evils and even eat of out the things or money you steal, either online or physically.

I did nothing wrong to you. Your intention from day one was very clear, though I didn't know, I trusted you blindly and gave all my passwords outs and you thought I was a fool by doing that.

But all I can tell you is that you should repent while there is still time. Because I'm going to start seeking God about this, and my God who is the creator of heaven and earth, who knows I suffered to earn money, and didn't steal anyone, will surely hear my cry and will deal with you at the right time that pleases Him.

Please repent because God sees you and he will judge you soon or later. I don't know you, even if I knew you, I will never fight you, but someone is greater than you and I, the one who gave you and I the breath we have, who have power to take it any time.

Think twice and be wise. Look for something good doing and stop this.

On 27 July 2016 at 07:48:50 -00:00, Edward Kenway <edwardkenwaywd@gmail.com> wrote:"

Due to this attacks and botting, my faucet is no more getting traffic, thus I will appreciate the help of kind hearted people here to help me with a backlink if possible: here is my faucet: https://bitcoinlordz.com

Thank you all

Oh... he won't care at all, he stole $20, and now is trying to say "I do you good", k, whatever, dude.

Karma is a bitch, especially to those who make it look like they did it out of the kindness of their hearts.

Thanks for the info, good luck with your faucet. :(

Thank you Lexiatel,

This dude is trully wicked, he is constantly on my faucet everytime and will even send me messages, saying why did you unblock me, etc. But I have tried to block all proxies and vps from my faucet and keep monitoring.

I need support from everyone to help boost my faucet trafffic now!

Thank you once more

From what I read, yes, he is very twisted in the head.

I went there, I love the anti-bot reset feature. Thanks for the 90 satoshi, hope your site gets it traffic back.

Thank you too

Cheers!

If they know the password to see your SQL Database they can read your password there very easy to get Admin control or even add their own Admin name and password!   ::) ::) ::) ::) ::) ::) ::) ::) ::) :8

So after 1.5 years, I decided to repay the money I hacked from this user. I have sent the exact amount of BTC regardless of BTC price [It was 20~21$ and now it's almost 500$].
Here goes the transaction: https://blockchain.info/tx/827e45cb166cc6d1746bedca4b73c77e1a59b00707a23b25c411f884707e63d7
https://blockchain.info/address/1LuQxE82nZoT2YPqD943zG7zK5dwjiU6Q2