Bitcoin Forum
November 04, 2024, 04:22:18 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 [112] 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 »
  Print  
Author Topic: FaucetBOX.com Discussion  (Read 236999 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
CodeR70
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
April 24, 2016, 03:30:09 PM
 #2221

yep bots are bad.

I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.


Or one could code/develop his own script or one could heavily modify the faucetinabox script. Smiley

I'm actually considering that using the FIB api which seems to be pretty straight forward and simple. I'm also wondering about a custom script which includes some kind of signup mechanism but I think that would stop honest user from coming due to the extra "work" for a few satoshis. Although you probably have to up the rewards a little.

Here is the thing, if I make it open-source, would you have the same problems again? I'm convinced open-source, in the long run, makes software more secure due to the amount of "eyes" going over the source code. On the other hand, which might be an issue here with FIB, real smart scammers/bot-coders have access to the code as well.

As said before, I'm pretty new here so I'm sure it was already discussed. Of course, I don't mind to put in efforts by reviewing FIBs source code and and share my thoughts.

Cheers guys and galls
BitBustah
Hero Member
*****
Offline Offline

Activity: 1218
Merit: 534



View Profile
April 24, 2016, 04:07:21 PM
 #2222

I think, in general, that some faucet owners are "blabbing" too much about their anti-bot measurements here on the forum. It's almost like saying (almost asking) "come try to scam me now".


I have considered selling my mods/custom scripts but I don't do it for 2 reasons:
- As soon as I sell a few copies, the scripts will be resold online for less money so I won't earn what I deserve
- Scammers will get their hands on the script: Eventually no faucet will benefit from it.



 Roll Eyes
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
April 24, 2016, 05:04:19 PM
 #2223

The thing is there's no real bot protection that I'm aware of. Everything is basically security by obscurity, which only works as long as it's custom and only used by a few faucets, because people making bots don't have enough motivation to investigate and bypass given protection.

So open-sourcing your script won't be a problem directly, but if many other people start using it too, then it may hit you.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
CodeR70
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
April 24, 2016, 06:23:51 PM
 #2224

Everything is basically security by obscurity

Tbh, I don't believe in that. There are many open-source projects that are more secure because it's open. Bitcoin itself is open and the concept itself makes it secure.

BTW, I absolutely agree with you and most here that its gonna be incredible hard, or even impossible, to make a faucet script that is protected against bots and scammers. That's is also my dilemma (and mentioned by others) if this should be open or not.

But here is an analogy I would like to make. If people want to steal your bike, they probably will be able to do so, even if you put multiple locks on it. Does it mean I should park my bike without a lock? Of course not. Or worse, should I not own a bike at all? With cryptography it's the same not. It's not so much if a person or an organisation is able to crack a code, it's a matter of how much effort, energy, cost, etc. And obviously the level of current technology.

Anyway, I'm rambling.... sorry for that :-)

Cheers

PS: FIB is not open-source AFAIK. We are just able to read the source code and mod it although the last is formally not even allowed.
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
April 24, 2016, 09:06:30 PM
 #2225

Everything is basically security by obscurity

Tbh, I don't believe in that. There are many open-source projects that are more secure because it's open. Bitcoin itself is open and the concept itself makes it secure.

English is not my native language, so I think I was misunderstood Smiley. When I said "Everything is basically security by obscurity", I referred just to bot protections. Do you disagree with that too? I would love to see a protection that's not easily bypassed and isn't just another CAPTCHA.

BTW, I absolutely agree with you and most here that its gonna be incredible hard, or even impossible, to make a faucet script that is protected against bots and scammers. That's is also my dilemma (and mentioned by others) if this should be open or not.

As I said, I believe that the best bet is just to make a custom script that won't be used by tens of faucets. No one (I hope) will bother to write a bot for a script that's used just by a couple of sites.

Going open source will help you with "hard" security vulnerabilities like SQL Injection or logic errors. But can also make your script popular and popularity is something that I think is a danger here.

PS: FIB is not open-source AFAIK. We are just able to read the source code and mod it although the last is formally not even allowed.

Well, we should probably change that license. Our only concern is preventing reselling the script. I'll see if we can do that in next release.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
CodeR70
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
April 24, 2016, 09:35:13 PM
 #2226

English is not my native language, so I think I was misunderstood Smiley. When I said "Everything is basically security by obscurity", I referred just to bot protections. Do you disagree with that too? I would love to see a protection that's not easily bypassed and isn't just another CAPTCHA.

[...snip...]

Well, we should probably change that license. Our only concern is preventing reselling the script. I'll see if we can do that in next release.

Sorry about the misunderstanding. I was generalising it too much and I do agree with you that bot protection is probably impossible (hence my bike analogy in one of my posts). If people think it's worth the effort then they will try, even with closed source.

About the license, I totally understand. It's always tricky and these days you have to be high grade layer to understand all licensing issues. Maybe this helps a little:

- https://opensource.org/licenses
- https://creativecommons.org

My understanding is that the last one is formally not open source but I like the simplicity of it.
sunchaser
Member
**
Offline Offline

Activity: 73
Merit: 10

Audaces Fortuna Iuvat


View Profile
April 27, 2016, 07:11:32 PM
 #2227

Hello eveyryone, I would like to know if the faucetbox api handles negative amounts in case I need to process a charge back against a member that is cheating.

Thanks

E4ROW - A better ICO - ends on 23 May
First product released | Finished software | Tokens earning rev now | Dev tokens locked | Proof of functionality
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
April 27, 2016, 07:30:04 PM
 #2228

Hello eveyryone, I would like to know if the faucetbox api handles negative amounts in case I need to process a charge back against a member that is cheating.

Thanks

Chargin back is not possible. If you sent coins to the users it's too late, you can't revert that.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
bit7coin
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250

If we still play everything means not so badly!


View Profile
April 28, 2016, 08:04:18 PM
 #2229

Okey,thanks.

Yours faithfully to you and to your business.
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
April 28, 2016, 08:11:00 PM
 #2230

We're seeing a sudden spike of traffic. I'm not sure whether it's an attack or not, but expect small disruptions. I'm working on minimizing the issues.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
datalore
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
April 29, 2016, 09:35:09 AM
 #2231

Tips to stop the bots (do it for 02 days before criticizing)

01 - block bit.makejar.com (and their wallets)
02 - block ifaucet.net (and their wallets)
03 - block 188.166.12.134

Note that 90% of bots are gone and only become real people.
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
April 29, 2016, 09:45:44 AM
 #2232

Tips to stop the bots (do it for 02 days before criticizing)

01 - block bit.makejar.com (and their wallets)
02 - block ifaucet.net (and their wallets)
03 - block 188.166.12.134

Note that 90% of bots are gone and only become real people.

Why do you think that traffic from ifaucet.net and bit.makejar.com are bots?

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
datalore
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
April 29, 2016, 10:07:54 AM
 #2233

This IP (188.166.12.134) is the site bit.makejar.com. Right here in bitcointalk I discovered that ip are bots. If you search you will find this topic. I blocked the IP 188.166.12.134 and bots disappeared. I tested for two days and had no problems with bots.

To be sure I unlocked the ip 188.166.12.134 for 12 hours. In 12 hours the bots came back and I lost 0,43BTC. Blocked again. Today is locked and the problems have decreased dramatically.

Take the test and draw your own conclusions. I'm just trying to help.
datalore
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
April 29, 2016, 10:16:01 AM
Last edit: April 29, 2016, 10:29:35 AM by datalore
 #2234

Analysis of this IP (188.166.12.134)

https://www.hybrid-analysis.com/sample/5650dcea8070cb3b9a19d79d12068996c4123685ec71ac33d8d592e613abf7fa?environmentId=2

and:

https://bitcointalk.org/index.php?topic=1357480.0;all



and

Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
April 29, 2016, 12:17:02 PM
 #2235

This is an address of DigitalOcean VPS, related also too steep.rocks. I'll add this network to NastyHosts.

However I still don't see any connection between this address and ifaucet.net and bit.makejar.com rotators. Why do you think these rotators are related to bots?

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
larryofbtc
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
April 29, 2016, 12:30:40 PM
 #2236

This is an address of DigitalOcean VPS, related also too steep.rocks. I'll add this network to NastyHosts.

However I still don't see any connection between this address and ifaucet.net and bit.makejar.com rotators. Why do you think these rotators are related to bots?
Does anyone else have issues with this IP address
ragi
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile
April 29, 2016, 12:33:38 PM
 #2237

Does anyone else have issues with this IP address
Yes. 188.163.0.0/16 to 188.166.0.0/16 are in my .htaccess deny list

EDIT: bit.makejar.com and ifaucet.net are faucet rotators. Do not block them if you don't know what are you doing.

no.
BitBustah
Hero Member
*****
Offline Offline

Activity: 1218
Merit: 534



View Profile
April 29, 2016, 03:27:15 PM
 #2238

The DigitalOcean IP addresses are used by bots. Blocked them ages ago.  Roll Eyes
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
April 29, 2016, 03:28:20 PM
 #2239

The DigitalOcean IP addresses are used by bots. Blocked them ages ago.  Roll Eyes

Where did you get the list of all DigitalOcean networks? I was trying to find them for NastyHosts, but found nothing up-to-date.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
BitBustah
Hero Member
*****
Offline Offline

Activity: 1218
Merit: 534



View Profile
April 29, 2016, 04:06:18 PM
 #2240

The DigitalOcean IP addresses are used by bots. Blocked them ages ago.  Roll Eyes

Where did you get the list of all DigitalOcean networks? I was trying to find them for NastyHosts, but found nothing up-to-date.



https://apps.db.ripe.net/search/full-text.html

Then you type "DigitalOcean" and you will get all the RIPE IP ranges for the company. Smiley


Edit: This is just RIPE. They can have other IP addresses (ARIN, APNIC, ...).
Pages: « 1 ... 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 [112] 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!