BitcoinFuture99
Member
Offline
Activity: 120
Merit: 10
|
|
April 21, 2016, 04:14:31 PM |
|
By putting some random visible field and changing it daily with different questions. Instead of honeypot Some what like captcha. Can this reduce bots or not. Along side actual captcha.
I think bot maker will have to edit bot each time to claim
|
|
|
|
forseed
Newbie
Offline
Activity: 3
Merit: 0
|
|
April 21, 2016, 04:59:41 PM |
|
Just a simple question - if the newly installed faucet just showing a blank page, usual cpanel hosting.
|
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
April 21, 2016, 05:07:30 PM |
|
By putting some random visible field and changing it daily with different questions. Instead of honeypot Some what like captcha. Can this reduce bots or not. Along side actual captcha.
I think bot maker will have to edit bot each time to claim
No, bot can identify this automatically, just like a human can. I don't know if you noticed it, but the name of a address field in Faucet in a BOX is randomized. That means that bots already have to analyze the page and guess which field is the address input. If they can do that already, then it's no issue at all for them to also identify a honeypot and ignore it.
|
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
April 21, 2016, 05:08:02 PM |
|
Just a simple question - if the newly installed faucet just showing a blank page, usual cpanel hosting.
Set $display_errors = true; in your config.php file. Does it show any errors now? Also make sure you're using PHP 5.4 or newer.
|
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
dhavin
|
|
April 21, 2016, 06:22:04 PM |
|
The disclaimer would allow people to make a decision about whether or not they want to risk their bitcoins. Since we know that the faucetinabox script is under heavy bot pressure, it is the right thing to do. I do realize that this is open source and that you have to think outside of that box when you design something to be hardened. This project is php driven. All input fields can have a randomly generated id with only the server side knowing which IDs are valid and which are honeypots. Randomly moving the fields will also help.
|
|
|
|
forseed
Newbie
Offline
Activity: 3
Merit: 0
|
|
April 21, 2016, 06:36:13 PM |
|
cheap hosting -> default 5.3, now works! Thank You!
|
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
April 21, 2016, 09:01:07 PM |
|
The disclaimer would allow people to make a decision about whether or not they want to risk their bitcoins. Since we know that the faucetinabox script is under heavy bot pressure, it is the right thing to do. I do realize that this is open source and that you have to think outside of that box when you design something to be hardened. This project is php driven. All input fields can have a randomly generated id with only the server side knowing which IDs are valid and which are honeypots. Randomly moving the fields will also help.
We already do random ids for the address field, it doesn't work. That's because most bots are using browser-based extensions, so it doesn't matter what id a honeypot have and how random it's position is, because bot can just directly "ask" browser if the input is visible or not. There's really nothing more you can do in Faucet in a BOX that can't be bypassed by a bot. All it takes is 5 minutes to update the bot to handle things like random position, random names and 10 minutes to bypass things like checking mouse movement and keyboard inputs. Diversity and - as you said - thinking outside the box is the only protection until CAPTCHA providers get better. And the problem with bots isn't that high if you don't submit your faucet to our list. Looks like most bots are lazy and only crawl https://faucetbox.com/list when looking for victims...
|
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
zenitzz
|
|
April 22, 2016, 02:45:08 AM |
|
Hi there, i planned to create another faucet site but i need faucet theme. where i can get free custom theme for faucetbox.
|
|
|
|
Holdaaja
Legendary
Offline
Activity: 1274
Merit: 1000
|
|
April 22, 2016, 12:16:06 PM |
|
Hi there, i planned to create another faucet site but i need faucet theme. where i can get free custom theme for faucetbox.
What kind of custom theme you are looking for? You can make quite unique looking faucet with the tools in your admin panel already but if that isn't enough I think you should just pay someone few bucks to create cool looking theme for you.
|
|
|
|
CodeR70
Newbie
Offline
Activity: 19
Merit: 0
|
|
April 22, 2016, 06:47:48 PM |
|
Finally figured it out but I sure hope the script will be changed to include this in the future.
For a few days I noticed a high amount of payouts on my faucet from a specific ref address. Currently there are 700+ addresses related to this ref address. Each address has an auto payout of 0.5 bitcoin (via address checker). Obviously, I did ban the ref address but this only rejects ref payouts to that address. I did some private modding on the script so all sessions that include that ref address are no longer paying out. That is all that are processed with the /?r=ADDRESS url or even the addresses for which the ref address was registered.
I'm pretty new to the whole faucet concept and the FIB script. Not sure if the developer is reading this, if so, please include the above checks (optionally or not) in your next script version. If you know that a ref address is used by a scammer/bot then most likely addresses that are using the ref address are also from a scammer/bot.
Hope it all makes sense. If not then feel free to ask of course.
|
|
|
|
Kazuldur (OP)
Legendary
Offline
Activity: 971
Merit: 1000
|
|
April 22, 2016, 07:11:29 PM |
|
Finally figured it out but I sure hope the script will be changed to include this in the future.
For a few days I noticed a high amount of payouts on my faucet from a specific ref address. Currently there are 700+ addresses related to this ref address. Each address has an auto payout of 0.5 bitcoin (via address checker). Obviously, I did ban the ref address but this only rejects ref payouts to that address. I did some private modding on the script so all sessions that include that ref address are no longer paying out. That is all that are processed with the /?r=ADDRESS url or even the addresses for which the ref address was registered.
I'm pretty new to the whole faucet concept and the FIB script. Not sure if the developer is reading this, if so, please include the above checks (optionally or not) in your next script version. If you know that a ref address is used by a scammer/bot then most likely addresses that are using the ref address are also from a scammer/bot.
Hope it all makes sense. If not then feel free to ask of course.
What stops the scammer/bot from changing his ref address as soon as he sees that you blocked him?
|
Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
|
|
|
BitBustah
|
|
April 22, 2016, 07:58:31 PM |
|
Finally figured it out but I sure hope the script will be changed to include this in the future.
For a few days I noticed a high amount of payouts on my faucet from a specific ref address. Currently there are 700+ addresses related to this ref address. Each address has an auto payout of 0.5 bitcoin (via address checker). Obviously, I did ban the ref address but this only rejects ref payouts to that address. I did some private modding on the script so all sessions that include that ref address are no longer paying out. That is all that are processed with the /?r=ADDRESS url or even the addresses for which the ref address was registered.
I'm pretty new to the whole faucet concept and the FIB script. Not sure if the developer is reading this, if so, please include the above checks (optionally or not) in your next script version. If you know that a ref address is used by a scammer/bot then most likely addresses that are using the ref address are also from a scammer/bot.
Hope it all makes sense. If not then feel free to ask of course.
700 is a lot, but where to draw the line? Some faucets are listed on popular rotators/faucet lists. Where to draw the line between suspicious and real?
|
|
|
|
CodeR70
Newbie
Offline
Activity: 19
Merit: 0
|
|
April 22, 2016, 08:45:26 PM |
|
700 is a lot, but where to draw the line?
Some faucets are listed on popular rotators/faucet lists. Where to draw the line between suspicious and real?
My faucet is new and I get a handful, sometimes even none, payouts per day. These 700 where only in 1.5 days. The ref address was discussed in another thread here on the forums as suspicious as well. But you are right, on a normal working mature faucet, what is suspicious and what is real? But I think faucet owners probably notice patterns which are odd. For me it was that all addresses had an auto payout limit of 0.5 bitcoins. 700 addresses with the same ref address and 0.5 auto payout address is a pattern.... ;-) Anyway, it was a good lessons as well. I added proxy checks, IP checks, updates my ban lists, etc. So it was not a waste of time. In the mean time I learned some of the FIB coding as well. I'm just wondering, do faucet owners "babysit" their faucets? Is it a constant watch and fight against bots/scammers? I probably know the answer seeing so much 'double your btc' and the likes.
|
|
|
|
mexicantarget
Legendary
Offline
Activity: 1652
Merit: 1043
Cypherpunk (& cyberpunk)
|
|
April 23, 2016, 12:50:37 PM |
|
Notice to all faucetbox users: Address: 1D5wA2gcxXxdmbqpksAoanGheKXP5H9t5F e-mail: telepopa04@yandex.ruGuy's a hacker. He's been attempting to hack my site with different methods. Patched everything so far. Free pentester lol Make sure you blacklist that address + mail. Not that it'll do much, since he can make a new mail + address, but yeah.
|
|
|
|
Bytecoiner419
|
|
April 23, 2016, 04:27:22 PM |
|
Finally figured it out but I sure hope the script will be changed to include this in the future.
For a few days I noticed a high amount of payouts on my faucet from a specific ref address. Currently there are 700+ addresses related to this ref address. Each address has an auto payout of 0.5 bitcoin (via address checker). Obviously, I did ban the ref address but this only rejects ref payouts to that address. I did some private modding on the script so all sessions that include that ref address are no longer paying out. That is all that are processed with the /?r=ADDRESS url or even the addresses for which the ref address was registered.
I'm pretty new to the whole faucet concept and the FIB script. Not sure if the developer is reading this, if so, please include the above checks (optionally or not) in your next script version. If you know that a ref address is used by a scammer/bot then most likely addresses that are using the ref address are also from a scammer/bot.
Hope it all makes sense. If not then feel free to ask of course.
700 is a lot, but where to draw the line? Some faucets are listed on popular rotators/faucet lists. Where to draw the line between suspicious and real? I have over 800 referrals in some faucets and I earned them all the honest way. Please make sure that person has gained the referrals using bad methods before you ban them.
|
|
|
|
mexicantarget
Legendary
Offline
Activity: 1652
Merit: 1043
Cypherpunk (& cyberpunk)
|
|
April 23, 2016, 07:34:05 PM |
|
|
|
|
|
minifrij
Legendary
Offline
Activity: 2352
Merit: 1267
In Memory of Zepher
|
|
April 23, 2016, 09:17:01 PM |
|
I'm just wondering, do faucet owners "babysit" their faucets? Is it a constant watch and fight against bots/scammers? I probably know the answer seeing so much 'double your btc' and the likes.
From what I can see and hear from other faucet owners, yes. Since you have had a possible bot visit your faucet, they may come back with another address/ip. You will have to consistently look out for this to stop your faucet being botted. Try to be sure that you distinguish legitimate members from bots however. Install Google Analytics and see what site refers users to your faucet. It may give an idea on whether it's a bot or just an advertising campaign/rotator.
|
|
|
|
BitBustah
|
|
April 24, 2016, 05:21:51 AM |
|
I'm just wondering, do faucet owners "babysit" their faucets? Is it a constant watch and fight against bots/scammers?
Yes. It takes hours and hours each day.
|
|
|
|
bassdude
Legendary
Offline
Activity: 1120
Merit: 1000
|
|
April 24, 2016, 07:25:13 AM |
|
yep bots are bad.
I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.
|
|
|
|
BitBustah
|
|
April 24, 2016, 09:50:53 AM |
|
yep bots are bad.
I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.
Or one could code/develop his own script or one could heavily modify the faucetinabox script.
|
|
|
|
|