Let me see if one of Xapo sites like you say where I can actually use the F5 and reclaim without a Captcha. BRB on that this one.

I have 2 Xapo Wallet sites open ( MoonBitco.in and Whalebitco.in ) and one none Xapo site open ( Claim BTC ) will run the F5 command in 2 minutes.

Ok I run the F5 command on all 3 sites and they give me the same results ( Incorrect Captcha )

Are we dealing with a weakess in the F5 Command for @Gifted's script. As I thought we had solved this previously and it was addressed by @Gifted.

I am old and sea-nile and I tend to forget what i just said so I maybe wrong.

Blocking Browsers is not the answer to your problem. All that shows is how many users that visit your site use that particular browser. I would think we are needing to look deeper into the way the browser is used once on your site. Cross reference Blacklist IP's against visitors and incorporate a lockout of those IP's. Anyone trying to use a BOT is going to try and use a fresh list of accepted Proxy's to access your site.

Say me for example I use my mobile phone as a hot spot or wifi hot spot. I am using the IP 205.197.242.169 and i ran a cross reference to Blacklist IP's. When I did that I tested my IP against a new tool called WebRTC and found that it was leaking my actual IP address. For more information on how these Thieves are stealing personal information read this post>  http://whatismyipaddress.com/webrtc-test

And upon reading this article or post one may be able to use the WebRTC to find the actual IP behind the attacks and single them out. WebRTC is available for Chrome, FireFox, Opera and many more as it is the new and bestest thing going.

Happy Defending !!!! 

@Gifted,

I do apologize for pushing so hard. And I apologize for my impatience, as I understand your position and wanting to help others protect their sites and incomes from this script. I can not only be an idiot but also a pushy idiot.

My Apologies.....

ardodd

Yes sir you are 100% correct about them needing to know right now to close these backdoors. Do you have a problem with hosting a private membership section for those that do use your code for their website. One that would allow them access to a secure site where only they can have access to your details.

Most people may not worry about where or how they got the script to use on a faucet. Like I can a S2Membership plugin on wordpress that only allows members if I approve them. And it is hard to get into it since i verify that they are who they say they are. And yours could be adapted to verifying that they use your script and it come from you if they wish to get details from the updates.

More like a private support for your script since you modified and made it secure now.

@Gifted would it not be better if we wait til you have made a full new version with all the changes in it. As if we keep changing the code to what comes next seems alot of extra work on you also. Call them v1.1 and use the new v1.2 so we know it is the updated version.

Example: Yesterdays security updates
v1.1

Todays security update
v1.2

And every update could have ( v ) attached to it. Would it not seem better if you made the change and then just updated the name of the change. In the description you can tell or explain what is updated.

How much you want to bet that hackers read these post and see the code change and are already looking for counter measures to it. Personally I would think posting code that fixes a security measure should not be posted and kept inside your files so no one seems it. The only way they can get the fix is by downloading the newest Version in a update.

Just my thoughts   

@Gifted have you considered trying out the Sandboxie Software. And asking if it can be incorporated into the script?

http://www.sandboxie.com/

I am just asking cause on one of my Wordpress sites I setup Woocommerce and conected it to Paypal Gateway. And I had to set it up using Sandboxie Software to make it Secure.

Where would he allow proxy servers at now that he has disabled them completey.

When I go there it just tells me that I am using a Proxy. And nothing else. But I am looking into the source page for it right now and this is what I am seeing on it under properties.

body
aLink:""
accessKey:""
attributes:NamedNodeMap
background:""
baseURI:"http://www.bitcoinamerica.com.br/faucet/"
bgColor:""
childElementCount:0
childNodes:NodeList[1]
children:HTMLCollection[0]
classList:DOMTokenList[0]
className:""
clientHeight:775
clientLeft:0
clientTop:0
clientWidth:1042
contentEditable:"inherit"
dataset:DOMStringMap
dir:""
draggable:false
firstChild:text
firstElementChild:null
hidden:false
id:""
innerHTML:"You are using a proxy!"
innerText:"You are using a proxy!"
isConnected:true
isContentEditable:false
lang:""
lastChild:text
lastElementChild:null
link:""
localName:"body"
namespaceURI:"http://www.w3.org/1999/xhtml"
nextElementSibling:null
nextSibling:null
nodeName:"BODY"
nodeType:1
nodeValue:null
offsetHeight:759
offsetLeft:0
offsetParent:null
offsetTop:0
offsetWidth:1026
onabort:null
onbeforecopy:null
onbeforecut:null
onbeforepaste:null
onbeforeunload:null
onblur:null
oncancel:null
oncanplay:null
oncanplaythrough:null
onchange:null
onclick:null
onclose:null
oncontextmenu:null
oncopy:null
oncuechange:null
oncut:null
ondblclick:null
ondrag:null
ondragend:null
ondragenter:null
ondragleave:null
ondragover:null
ondragstart:null
ondrop:null
ondurationchange:null
onemptied:null
onended:null
onerror:null
onfocus:null
onhashchange:null
oninput:null
oninvalid:null
onkeydown:null
onkeypress:null
onkeyup:null
onlanguagechange:null
onload:null
onloadeddata:null
onloadedmetadata:null
onloadstart:null
onmessage:null
onmousedown:null
onmouseenter:null
onmouseleave:null
onmousemove:null
onmouseout:null
onmouseover:null
onmouseup:null
onmousewheel:null
onoffline:null
ononline:null
onpagehide:null
onpageshow:null
onpaste:null
onpause:null
onplay:null
onplaying:null
onpopstate:null
onprogress:null
onratechange:null
onrejectionhandled:null
onreset:null
onresize:null
onscroll:null
onsearch:null
onseeked:null
onseeking:null
onselect:null
onselectstart:null
onshow:null
onstalled:null
onstorage:null
onsubmit:null
onsuspend:null
ontimeupdate:null
ontoggle:null
onunhandledrejection:null
onunload:null
onvolumechange:null
onwaiting:null
onwebkitfullscreenchange:null
onwebkitfullscreenerror:null
onwheel:null
outerHTML:"<body>You are using a proxy!</body>"
outerText:"You are using a proxy!"
ownerDocument:document
parentElement:html
parentNode:html
prefix:null
previousElementSibling:head
previousSibling:head
scrollHeight:775
scrollLeft:0
scrollTop:0
scrollWidth:1042
shadowRoot:null
spellcheck:true
style:CSSStyleDeclaration
tabIndex:-1
tagName:"BODY"
text:""
textContent:"You are using a proxy!"
title:""
translate:true
vLink:""
webkitdropzone:""
__proto__:HTMLBodyElement

@Gifted,

I know I don't contribute much to this topic other than stirring things up.

I was looking at some backend app's that can actually steal the information and download it into CSV files and they can program their Bot to work. I am wondering if you have looked into ( iMacros ) for Chrome and Firefox as I just got them to see if they can in anyway effect your Script. Not sure how to use them but adding them and the Free Proxy List from Chrome it may be possible for them to find backdoors.

Again I am new to this and am trying to fully understand the script so i can use it.

iMacros for Chrome #1:


Free Proxy List for Chrome:


iMacros for Firefox #1:


iMacros for Firefox #2:

WOW !!!!!

Guess I am glad I come here to read up on some the problems before I started the project I have been wanting to do.

Gifted your script was and still is what I been looking for. But i wanted to add a Bitcoin Cycler on the side to double the bitcoins for users. But knowing that information here does make me very hesitant to start on it. And since I do not have any experience with manipulating code I might would need to seek professional help on this matter.

If you get the bugs fixed I definitely am interested in using the script and having the bitcoin cycler script running together. 

Gifted,

As I said before I did not much experience in this but just wanted to give it a try. Thats no problem I have been called worse by better. And yes I am a idiot, I dont claim to be a genius by any means. Put a ROCK beside me and the ROCK would look like a ROCKET Scientist.

But to enhance this thread I went out looking for ways to get Bitcoins Fast and come back with this little contraption. It is called CoinCollector and I got it for $1.00 online. Now I did have to do some digging into it before I learned how it operated ( 30 Minutes to be exact ). And it was up and running gathering Bitcoins for me.

And this may not even be what you are talking about nor the whole conversation. But it is how I interpreted it.

#1 CoinCollector v4


#2 CoinCollector v4 Settings


#3 CoinCollector v4 ProxyList


#4 CoinCollector v4 Captcha Reading Services


I am sure any idiot could figure this out...I just need a little longer than your normal idoit...   

@Gifted I am new here but been reading this post for about two hours now. And been wondering how to effectively STOP BOTS from doing so much damage. I know everyone here has way more experience than myself.

I am ( In my little squirrel brain ) ( And yes not much room for thinking either ) mind ( hint smoke coming out of ears ) two things that come to mind are Log-in and Time on Site after Log-in.

Example #1
1) ABC user comes to site.
2) ABC user has to enter bitcoin wallet address or for Xapo a email address.
3) ABC user has to Solve Captcha.
4) ABC user is credited with xxx amount of satoshi.

***BOTS use a Captcha Service to Solve the Captcha's***

If the previous BOT or Hacker is running consecutive transactions is he/she or it having to Solve Captcha's before the transaction or has this BOT or person found a weakness in the script where they can call the same Captcha over and over. Not exactly sure how they would be able to freeze that Captcha but in theory it is possible and can explain how they are able to process so many transactions in a short period of time. 

I would like to ask if you are able to incorporate two ideas into the script and close all back doors for Captcha problems.

1) I know it is more of a bother than anything for any site to use a Password. But if we want the script to be secure we need to incorporate counter measures to STOP them. I would propose to add a Random Password from Random ORG with a Timer on it to input the Password or PassCode ( In theory it takes 20 seconds to see the code or password and enter it ) maybe longer if you are blind like me. By limiting the time on the Password or PassCode it stops the BOT from having time get it solved from a outsourcing place. This is for being able to STOP the BOT from entering. As the Password or PassCode is a one time thing and can not be duplicated for other users to benefit from.

2) If that is too much trouble then I would suggest as a last resort to have the user verify the Xapo email by sending them a Password or PassCode to enable automatic withdrawals. Which means the BOT or person would be hindered and frustrated so they would quit trying to hack it. As it keeps Honest Users Honest and DisHonest Users Away.

3) Use both methods and change the time limit on the Captcha Solving to under 20 seconds and Password or PassCode times to less than 20 seconds to respond. Adjust the time accordingly if needed.

 BOT = Password or PassCode  = BOT  = Owner  = Owner Reply