Ya it could be done through small transactions also. But also changed IP access of API should also be verified by faucet owner through email.
That's also already implemented. You can limit what IP addresses can use your API in the security tab in FaucetBOX.com Dashboard. It's called ACL. Also faucetbox API is just like key to bank account. Hosting provider can easily access it. There must be some security feature for protection from hosting provider
It's technically impossible. If the script can send coins, so can a hosting provider. The only safe way is to host it yourself.
|
|
|
I think Faucetbox should introduce new restriction for Suspicious faucet payouts. for amount more than 0.001 BTC there must be a verification withdrawal email sent to owner of the faucet.
If the owner verify that then he/she can approve it. Ahmad lost allot of amount.
I think more than 0.001 BTC faucetbox payouts are rarely seen so for huge amount there must be verification. Now who will recover the amount stolen from Ahmad
It wouldn't help. The attacker could just withdraw the same amount in hundreds smaller payouts. What helps is a limit how much can be withdrawn in a given timeframe and it's already implemented as a safety limit in faucet's dashboard. So necessary protections are already there, owners just have to use them responsibly. Soon we'll also add optional email notifications and a panic mode that'll disable API access completely if these limits are reached.
|
|
|
You should keep your balance low and refill it when needed. You had A LOT of satoshis in there...
It wasn't that much, it's quite possible that it was only enough for a day or two.
|
|
|
Someone just emptied my Faucetbox wallet! It must have 0.2-0.25BTC in it. Can you check it my username: ahmedjadoon . I believe it was done through through database.
Where it was sent? Don't know. Check PM. Usually FaucetBOX.com Dashboard gives you really lots of information when hack happens: 1. you can check the history of logins to your FaucetBOX.com account (to check if the account itself is compromised) 2. you can check what IP addresses used your API keys (to check if someone withdraw coins using the script somehow or just stole the API key) 3. you can check all the payouts from your faucets (to check where the funds went to) You should always start with that. Is it possible to steal api keys ? Or he got hacked his account ?
It's possible to steal API key by hacking into your faucet's admin panel, your hosting account or FaucetBOX.com account. In this case it probably started by hacking into hosting account.
|
|
|
Kazuldur, what was wrong with NastyHosts the last couple of days?
We run out of disk space. We don't have any monitoring set up for NastyHosts so we didn't notice it until today. I'll add monitoring in coming days finally.
|
|
|
nastyhosts service is down?
Fixed.
|
|
|
@Kazuldu any chance to add ETH support for your faucet hosting service?
Thanks for the great service you are providing.
From https://www.ethereum.org/cli: Frontier is an early access to the Ethereum network. Bugs and security issues might be present. No chance we'll consider it for now. I got this message " This faucet didn't make any payout in the last 48 hours. It won't be shown on the list" but i claim coins on my address. How long I have to wait to get my faucet to faucet box faucet list?
Are you sure you're using correct API key? Each faucet you want to add to the list should have separate API key.
|
|
|
@Kazuldur what do you think about creating subforum for faucet owners? It could be nice place for changing ideas and new features We've tried launching a platform for feature requests once, but only a few people used it. We add all requests from this topic to our internal bug tracker though.
|
|
|
Is there option to increase number of lines in "List of IP addresses or IP networks in CIDR notation to ban (one value per line)" in security tab ?
Just press Enter and a scroll will show. If you want to increase the height, then try using Google Chrome, it allows you to resize textareas by dragging bottom-left corner. I want to ban 23080 IPs (all Russia na Ukrainian IP addresses) and I can't paste all of them to that window You can't paste them at all or not all entries get saved after clicking the save button? It paste all but save only 3815 lines Try running this on your database (through phpmyadmin or something similar): ALTER TABLE `Faucetinabox_Settings` MODIFY `value` LONGTEXT NOT NULL;
And try saving it again.
|
|
|
Is there option to increase number of lines in "List of IP addresses or IP networks in CIDR notation to ban (one value per line)" in security tab ?
Just press Enter and a scroll will show. If you want to increase the height, then try using Google Chrome, it allows you to resize textareas by dragging bottom-left corner. I want to ban 23080 IPs (all Russia na Ukrainian IP addresses) and I can't paste all of them to that window You can't paste them at all or not all entries get saved after clicking the save button?
|
|
|
Is there option to increase number of lines in "List of IP addresses or IP networks in CIDR notation to ban (one value per line)" in security tab ?
Just press Enter and a scroll will show. If you want to increase the height, then try using Google Chrome, it allows you to resize textareas by dragging bottom-left corner.
|
|
|
I made good test yesterday and I reinstalled the database from 0, the problem occurred again when trying to activate the service NastyHost.com Every time I try to turn the problem happens again. But if you do not try to activate the faucet works normally.
some help ?
I confirm there's a problem with NastyHosts.com not responding. I'm working on it. Thanks for test I believe it's fixed now, can you confirm that?
|
|
|
I made good test yesterday and I reinstalled the database from 0, the problem occurred again when trying to activate the service NastyHost.com Every time I try to turn the problem happens again. But if you do not try to activate the faucet works normally.
some help ?
I confirm there's a problem with NastyHosts.com not responding. I'm working on it. Thanks for test
|
|
|
but I have not changed anything, this happened last night and I have not made any changes: / and not only to me has happened to me, if not to other faucets
You can read on possible causes of this error here: http://dev.mysql.com/doc/refman/5.7/en/gone-away.html . Almost all point to hosting problems, which is also confirmed by the fact that you didn't change anything. Either your traffic increased a lot and your hosting plan can't handle that or the hosting company changed something. I'm using godaddy.com Economy Package my daily avg. traffic is 2000-2500 & its never cause a problem even 4000 in start(Shity bots) But last day my total visitors was just 700.I don't think its hosting problem and i didn't change anything in script in last 2 days. Ok, so I guess the error you've shown has nothing to do with it. Are there any other errors in error_log? What exactly happens, because I've already heard 3 unrelated issues.
|
|
|
but I have not changed anything, this happened last night and I have not made any changes: / and not only to me has happened to me, if not to other faucets
You can read on possible causes of this error here: http://dev.mysql.com/doc/refman/5.7/en/gone-away.html . Almost all point to hosting problems, which is also confirmed by the fact that you didn't change anything. Either your traffic increased a lot and your hosting plan can't handle that or the hosting company changed something.
|
|
|
how do I solve it ?
What hosting do you have? I think you have to either upgrade your hosting plan, change your hosting or (if you have multiple faucets) split your faucets on a few hosting plans (to have separate database quotas).
|
|
|
not only is he, I too feel the same from yesterday, and several taps as e-satoshi.com, satoshididu.com, boxfaucet.net, etc.
In trying to seek reward, placed 500 error need help to fix it.
I have restored all files and databases on day 7 when everything worked correctly, but still placing the same error.
Error log:
[11-Feb-2016 19:15:43 UTC] PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE [HY000]: General error: 2006 MySQL server has gone away' in /home/index.php:2040 Stack trace: # 0 /home/index.php(2040): PDO-> query ('SELECT value FR ...') # 1 {main} thrown in /home/index.php on line 2040
Vertion Apache 2.4.18 Vertion PHP 5.5.32 Vertion MySQL 5.5.48-cll
I can not fix. help.
Got thesame error today. Strange. That means that your database server closed connection during processing the query. As this one happens before even connecting to FaucetBOX.com, it suggests that maybe your hosting can't keep up with the traffic anymore.
|
|
|
Its possible to make nastyhosts service with public database where can anyone put suspicions IPs and it will be updated automatically to all users who run nastyhosts protection?
It's possible. However we won't add this to nastyhosts itself, it's too easy to abuse it (someone could just add 0.0.0.0/0 network and effectively break all faucets using such a service), a heavy moderation would be needed. I think someone has already mentioned this problem but - the problem is with timer. Faucet give some satoshis every 180 minutes. But visitors say that after 3 hours thay can't collect satoshi because they see "You have to wait 179 minutes" as if they've already claim satoshi
That's always a problem with a reverse proxy. All users share IP addresses of a reverse proxy, so if one user claim, they all have the timer.
|
|
|
Hi,
How to use nastyhosts?
& what is this? Use external IP address check service (it'll also report suspicious addresses to this service):
Nastyhosts is an "external IP address check service". To use it just select it from the list there. Its possible that we will back to previous faucet list desing? If you said that was able to manipulate before check first top 10 now. Looks cheap.
It's much better now, we won't return to previous list. However we might remove it completely or make the order totally random. It's not really very popular.
|
|
|
I was trying to enable it, but my faucet system change it to "none". Is it better to turn off cloudflare, or try again to enable it in advance tab?
If it was disabled automatically, then you don't have Cloudflare configured properly, it's possible to bypass Cloudflare and connect to your faucet directly. Read everything that's written on the Advanced tab. If you don't understand it, you shouldn't use Cloudflare at all, as it's unsafe.
|
|
|
|