He is a hacker because he withdraw 100 satoshi every second from my faucet while I give 30 satoshi per minute . There is my faucet . http://101freebitcoin.usDid you write your faucet script yourself?
|
|
|
Thank You so much But How to Block this Hacker ? Please Help me if someone know the method . There's no proof that he is a hacker. He's probably just lying to scare you into paying. Ignore him, that's the best way to block him.
|
|
|
My Faucetbox Password OR Database Password ?
All of them. FaucetBOX.com password, database password, email password...
|
|
|
I Need Help ! Recently I Received this Message From Unknown Hacker . " fullname: The Hacker email: zmkpexjf@clrmail.com message: Hello , I have a bitcoin faucet script that i can use to hack your website anytime i want to, but if you will pay me 0.05 bitcoins to this address 1Nfff9b6Ao9W5HpcCUz5h8oPPfxRGSDrw i will not hack your website anymore and leave you alone. If you decide to not cooperate and follow my demands i will make you regret your choices later. Failure to reply to this email in 48 hours will have serious consequences. User's IP Address: 46.165.197.1 ( Maybe This is VPN ) . =================== Please Help me , How to Block this Hacker ? Thanks in Advance . There's nothing really you can do. My guesses are: 1. they really have found a vulnerability in your faucet and will somehow exploit it, but it doesn't stop them from doing this after you pay them 2. they'll just DDoS your faucet, but they'll just keep extorting you after you pay the first time 3. (most likely IMHO) they don't have any "script to hack your website" So... don't pay and hope for the best. EDIT: I do recommend though changing all your passwords, just to be sure.
|
|
|
I thought, that's it now, sorted, but he says the error setting certificate verify locations is because: "This is an error but don't get why because why its searching /etc/pki/ls/ there is no folder its /etc/pki/tls/ it's missing a t in the location, and this $error is found through cURL which has path to $ch = curl_init(" https://faucetbox.com/faucetinabox/api/v1/version-check"); so the issue must be in their version-check, if it searching wrong directory, Change your hosting. They're either incompetent or just don't care and this "explanation" is just to make you go away. CAfile path is set either during compilation of OpenSSL (I doubt they changed that, they're probably using openssl from their distribution) or in php.ini using curl.cainfo (see http://php.net/manual/en/curl.configuration.php ). The server (faucetbox.com) doesn't have any knowledge what's happening on client (your hosting) and doesn't have any way to set your CA file path. That would be a huge security hole... You can try changing " https://faucetbox.com/faucetinabox/api/v1/version-check" to " https://google.com" in test.php. I wonder whether they'll try to claim Google has something wrong I think a solution is close, one way or the other! Guessing wildly in the dark again here, I set $verify_peer = true to false, being quite close to what you said about 'local_cafile' => true - I didn't want to try and write a whole new [statement? don't even know what they are called!] - anyway, that worked so it shows you're right about the other stuff. Setting it back to true again now cos I know it's abandoning verification altogether. Thanks for all this, I appreciate your patience, Andy
You should already have 'local_cafile' in your config.php file, you just have to change it from false to true (it won't affect the test.php file though, it will only work for your faucet). As you said, don't set $verify_peer = false;.
|
|
|
As I thought, your hosting has cURL support, but it has misconfigured, missing or old CA file, so cURL works only for HTTP. You should contact your hosting and tell them that curl_exec fails when connecting to https://faucetbox.com and curl_error() returns "error setting certificate verify locations: CAfile: /etc/pki/ls/certs/ca-bundle.crt CApath: none". If they won't fix that, you can try setting 'local_cafile' => true, in your config.php file, but I don't recommend it. It would be much better if you can get your hosting to provide CA certificates properly. EDIT: Also OpenSSL 1.0.1e has quite a few vulnerabilities (the latest is 1.0.1u, and there were only bug fixes between 1.0.1e and 1.0.1u as far as I know). That may not be a big problem when it's used as a client, but I'd be careful and consider changing hosting...
|
|
|
And I use from your script only config.php file and faucetbox.php file.
In that case it's even less likely it has anything to do with interaction between FaucetBOX.com and CloudFlare. If you're using your own script then the only thing that I can help you is with our library and API. What response do you get when calling $faucetbox->send("..."); in your script? That should point us to the real problem here No. And if you're asking these questions then I strongly suggest you to stop using CloudFlare. If you rely on your visitors IP addresses (for example to limit how much they can claim from your faucet) and you don't understand how CloudFlare works, you will get hacked. But once again. If it works with CloudFlare off and doesn't work with CloudFlare on, then the only possible thing is that your faucet script somehow stops even trying to connect with FaucetBOX.com to send reward. Usually that's because people don't handle their users' IP addresses properly with CloudFlare enabled and either share a timer between all their users (because it looks like all users are using the same IP address) or are banned by some antibot solution (like NastyHosts).
|
|
|
I use your platform to make withdrawals for users. I use self made faucet that uses also your script to make withdrawals. Today I decided to use also a CF. When CF is off I can see hte payments and links from my site to admin interface in FB here: "Hosts that used your API key". When CF is on I can't see payments and links(((( - user's didn't receive payments ((( So I decided that is necessary to set your IP's in CF whitelist...
There's no place where your CloudFlare and FaucetBOX.com IPs interact, these are two different things. What errors do your users see exactly CF on? Do you see any errors (especially "Banned: x.x.x.x") in your web server's error log? I'm quite sure that you didn't configure Reverse Proxy properly in your Faucet in a BOX admin panel and no payments are made because it looks like all users are bots and aren't allowed to make payment. That has nothing to do with any whitelisting.
|
|
|
Hello!
How to add faucetbox IP's to whitelist in CloudFlare? Which IP's I need to add?
Now when CloudFlare is active it blocks payments to users.
Thanks!
What you said doesn't make sense. If you started using CloudFlare for your faucet and payments to users stopped working then it's not related to FaucetBOX.com IPs in any way. How exactly are payments "blocked"? Do all users see a timer? Or maybe you're using NastyHosts and everyone is reported as "Banned" in your error log?
|
|
|
Is this any use? They are insisting cURL is working fine. I'm using the solvemedia api and that's working ok, and I installed the faucetinabox as a test, outside of WP and that didn't work.
Thanks Andy
I would guess that they have really old OpenSSL, misconfigured CA certificates or CloudFlare doesn't like your hosting. Upload this to your server and send me a link to it: https://faucetinabox.com/static/download/tools/test.php
|
|
|
Your hosting disabled external HTTP(S) connections. Contact your hosting (you can send them the first line of logs you've quoted to make it clear for them what are you asking).
Hi, host says it should be using curl, but the script says $fp = fopen($this->api_base . $method, 'rb', null, $ctx); Can I just change it to curl or will that screw everything up? Thanks Andy It uses cURL by default, if you have 'disable_curl' => false, in your config.php file. It only fall backs to fopen if cURL fails.
|
|
|
It looks like you're guessing blindly and it may be something else entirely. What error do you see exactly? Set $display_errors = true; in your config.php file to see details.
You are probably right. I did what you said, here's the errors I am getting: Warning: fopen(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/friendsv/public_html/wp-content/plugins/99bitcoins-btc-faucet/libraries/faucetbox.php on line 31 Warning: fopen( https://faucetbox.com/api/v1/balance): failed to open stream: no suitable wrapper could be found in /home/friendsv/public_html/wp-content/plugins/99bitcoins-btc-faucet/libraries/faucetbox.php on line 31 Warning: stream_get_contents() expects parameter 1 to be resource, boolean given in /home/friendsv/public_html/wp-content/plugins/99bitcoins-btc-faucet/libraries/faucetbox.php on line 32 Warning: fclose() expects parameter 1 to be resource, boolean given in /home/friendsv/public_html/wp-content/plugins/99bitcoins-btc-faucet/libraries/faucetbox.php on line 36 Hope that makes progress possible, if you can interpret it for me, thanks Andy Your hosting disabled external HTTP(S) connections. Contact your hosting (you can send them the first line of logs you've quoted to make it clear for them what are you asking).
|
|
|
Yes, it uses cURL, as listed in the requirements on https://faucetinabox.com/ . If it fails it'll try using PHP's fopen, but that detection of failure may not work properly on some hostings. You can set 'disable_curl' => true, in your config.php file to always use fopen, but I really recommend you to use cURL if possible. Thanks NeedIfFindIt and Kazuldur. Host says your IPs are not blocked. I tried installing a separate faucetinabox to test and that fails as well. Host says you may have blocked their IP, can you check? server IP is 82.221.129.20 It may well be blocked because they are a privacy-focussed ISP based in Iceland. They do VPSs among other things, so you might have their IP range blocked. I want to use faucetbox, hope you can help or I will have to figure out manual payments. Cheers Andy It looks like you're guessing blindly and it may be something else entirely. What error do you see exactly? Set $display_errors = true; in your config.php file to see details.
|
|
|
I setup a new faucet for the purpose of making micropayments for a giveaway. I was able to make payments but sometime I keep getting this error "There was an error while sending 15000 satoshi to "1DaG54To2jhE6MvGGuGq6qYRZmKQrEUZpw": This faucet made too many requests, try again later!" . How to fix this?
The IP address of your server (the one you have faucet on) or your FaucetBOX.com account exceeded the limit for API operations. From API docs: "There's a rate limit of 1000 requests per 10 minutes and 4000 requests per hour. If you need to make more requests, please contact our Support Team."
|
|
|
It is behind cloudflare reverse proxy.
Sorry aobut this... My host says that it should be working then, no server reason for it not to. He asked is the script using curl to connect to the API? Anyone know the answer? Andy Yes, it uses cURL, as listed in the requirements on https://faucetinabox.com/ . If it fails it'll try using PHP's fopen, but that detection of failure may not work properly on some hostings. You can set 'disable_curl' => true, in your config.php file to always use fopen, but I really recommend you to use cURL if possible.
|
|
|
I recently updated to r65 with antibotlinks 5.50, but after solving antibotlinks, claim button says "disable ad block and reload" but it's clickable, it works like get reward button, also the button timer seems to be gone. Any idea?
Did you update the template too? No I did not :/, will update it now, thanks for fast answer You probably just need to add "claim-button" class to the button in index.php of your template. That way you won't have to redo all your customizations.
|
|
|
I recently updated to r65 with antibotlinks 5.50, but after solving antibotlinks, claim button says "disable ad block and reload" but it's clickable, it works like get reward button, also the button timer seems to be gone. Any idea?
Did you update the template too?
|
|
|
How can I use Facuetbox API to directly send payment to a bitcoin address. I remember there used to be such option in Faucetbox account but I can't find it now. Looking to make some micropayments.
https://faucetbox.com/en/apiIf you want an UI, there is a "Manual send" option in Faucet in a BOX admin panel. I'm looking for Manual send option and still couldn't find it in my Faucetbox admin panel. It's not in the FaucetBOX.com panel, it's in the panel provided by Faucet in a BOX faucet script: https://i.imgur.com/cBkUlsK.png
|
|
|
How can I use Facuetbox API to directly send payment to a bitcoin address. I remember there used to be such option in Faucetbox account but I can't find it now. Looking to make some micropayments.
https://faucetbox.com/en/apiIf you want an UI, there is a "Manual send" option in Faucet in a BOX admin panel.
|
|
|
|