Bitcoin Forum
November 15, 2024, 09:24:33 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 ... 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 [144] 145 146 147 148 149 150 151 152 153 154 155 156 »
  Print  
Author Topic: FaucetBOX.com Discussion  (Read 237001 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
nipol
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
October 10, 2016, 07:44:44 PM
Last edit: October 10, 2016, 08:07:58 PM by nipol
 #2861


I use your platform to make withdrawals for users.
I use self made faucet that uses also your script to make withdrawals.
Today I decided to use also a CF.
When CF is off I can see hte payments and links from my site to admin interface in FB here: "Hosts that used your API key".
When CF is on I can't see payments and links(((( - user's didn't receive payments (((
So I decided that is necessary to set your IP's in CF whitelist...


There's no place where your CloudFlare and FaucetBOX.com IPs interact, these are two different things.

What errors do your users see exactly CF on? Do you see any errors (especially "Banned: x.x.x.x") in your web server's error log?

I'm quite sure that you didn't configure Reverse Proxy properly in your Faucet in a BOX admin panel and no payments are made because it looks like all users are bots and aren't allowed to make payment. That has nothing to do with any whitelisting.

Users didn't see anything, they only see "Pending" status in history.

No any erors.

And I use from your script only config.php file and faucetbox.php file.

May be I must enter some IP's of CF to "security" section of your site here https://faucetbox.com/en/dashboard/security/acl ? But I didn't see errors like "401 - Disallowed IP"...

Once I switch off CF all works fine.

Advise, please, what to do.

Thank you!
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 10, 2016, 08:38:36 PM
 #2862

And I use from your script only config.php file and faucetbox.php file.

In that case it's even less likely it has anything to do with interaction between FaucetBOX.com and CloudFlare. If you're using your own script then the only thing that I can help you is with our library and API. What response do you get when calling $faucetbox->send("..."); in your script? That should point us to the real problem here Smiley

May be I must enter some IP's of CF to "security" section of your site here https://faucetbox.com/en/dashboard/security/acl ? But I didn't see errors like "401 - Disallowed IP"...

No. And if you're asking these questions then I strongly suggest you to stop using CloudFlare. If you rely on your visitors IP addresses (for example to limit how much they can claim from your faucet) and you don't understand how CloudFlare works, you will get hacked.


But once again. If it works with CloudFlare off and doesn't work with CloudFlare on, then the only possible thing is that your faucet script somehow stops even trying to connect with FaucetBOX.com to send reward. Usually that's because people don't handle their users' IP addresses properly with CloudFlare enabled and either share a timer between all their users (because it looks like all users are using the same IP address) or are banned by some antibot solution (like NastyHosts).

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
yambub
Member
**
Offline Offline

Activity: 142
Merit: 11

Freedom To Live In Abundance


View Profile WWW
October 10, 2016, 09:01:09 PM
 #2863

Upload this to your server and send me a link to it:
test.php

I completely disconnected cloudflare, and changed back the IP addresses a couple of days ago. Thanks, I uploaded the file to the same directory, so
http://friendsvps.org/wp-content/plugins/99bitcoins-btc-faucet/libraries/test.php

Cheers
Andy

Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 10, 2016, 09:12:40 PM
 #2864

Upload this to your server and send me a link to it:
test.php

I completely disconnected cloudflare, and changed back the IP addresses a couple of days ago. Thanks, I uploaded the file to the same directory, so
http://friendsvps.org/wp-content/plugins/99bitcoins-btc-faucet/libraries/test.php

Cheers
Andy

As I thought, your hosting has cURL support, but it has misconfigured, missing or old CA file, so cURL works only for HTTP. You should contact your hosting and tell them that curl_exec fails when connecting to https://faucetbox.com and curl_error() returns "error setting certificate verify locations: CAfile: /etc/pki/ls/certs/ca-bundle.crt CApath: none". If they won't fix that, you can try setting 'local_cafile' => true, in your config.php file, but I don't recommend it. It would be much better if you can get your hosting to provide CA certificates properly.

EDIT: Also OpenSSL 1.0.1e has quite a few vulnerabilities (the latest is 1.0.1u, and there were only bug fixes between 1.0.1e and 1.0.1u as far as I know). That may not be a big problem when it's used as a client, but I'd be careful and consider changing hosting...

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
yambub
Member
**
Offline Offline

Activity: 142
Merit: 11

Freedom To Live In Abundance


View Profile WWW
October 10, 2016, 11:40:04 PM
 #2865

As I thought, your hosting has cURL support, but it has misconfigured, missing or old CA file, so cURL works only for HTTP. You should contact your hosting and tell them that curl_exec fails when connecting to https://faucetbox.com and curl_error() returns "error setting certificate verify locations: CAfile: /etc/pki/ls/certs/ca-bundle.crt CApath: none".

I thought, that's it now, sorted, but he says the error setting certificate verify locations is because:
Quote
"This is an error but don't get why because why its searching /etc/pki/ls/ there is no folder its /etc/pki/tls/ it's missing a t in the location, and this $error is found through cURL which has path to

    $ch = curl_init("https://faucetbox.com/faucetinabox/api/v1/version-check");

so the issue must be in their version-check, if it searching wrong directory,

I think a solution is close, one way or the other!
Guessing wildly in the dark again here, I set $verify_peer = true to false, being quite close to what you said about 'local_cafile' => true - I didn't want to try and write a whole new [statement? don't even know what they are called!] - anyway, that worked so it shows you're right about the other stuff. Setting it back to true again now cos I know it's abandoning verification altogether.
Thanks for all this, I appreciate your patience,
Andy

Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 11, 2016, 06:02:37 AM
 #2866


I thought, that's it now, sorted, but he says the error setting certificate verify locations is because:
Quote
"This is an error but don't get why because why its searching /etc/pki/ls/ there is no folder its /etc/pki/tls/ it's missing a t in the location, and this $error is found through cURL which has path to

    $ch = curl_init("https://faucetbox.com/faucetinabox/api/v1/version-check");

so the issue must be in their version-check, if it searching wrong directory,

Change your hosting. They're either incompetent or just don't care and this "explanation" is just to make you go away. CAfile path is set either during compilation of OpenSSL (I doubt they changed that, they're probably using openssl from their distribution) or in php.ini using curl.cainfo (see http://php.net/manual/en/curl.configuration.php ).

The server (faucetbox.com) doesn't have any knowledge what's happening on client (your hosting) and doesn't have any way to set your CA file path. That would be a huge security hole...

You can try changing "https://faucetbox.com/faucetinabox/api/v1/version-check" to "https://google.com" in test.php. I wonder whether they'll try to claim Google has something wrong Tongue

I think a solution is close, one way or the other!
Guessing wildly in the dark again here, I set $verify_peer = true to false, being quite close to what you said about 'local_cafile' => true - I didn't want to try and write a whole new [statement? don't even know what they are called!] - anyway, that worked so it shows you're right about the other stuff. Setting it back to true again now cos I know it's abandoning verification altogether.
Thanks for all this, I appreciate your patience,
Andy

You should already have 'local_cafile' in your config.php file, you just have to change it from false to true Smiley (it won't affect the test.php file though, it will only work for your faucet). As you said, don't set $verify_peer = false;.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
Safi3529
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
October 11, 2016, 01:29:35 PM
 #2867

I Need Help !

Recently I Received this Message From Unknown Hacker .

" fullname: The Hacker
  email: zmkpexjf@clrmail.com
  message: Hello , I have a bitcoin faucet script that i can use to hack your website anytime i want to, but if you will pay me 0.05 bitcoins to this address 1Nfff9b6Ao9W5HpcCUz5h8oPPfxRGSDrw i will not hack your website anymore and leave you alone. If you decide to not cooperate and follow my demands i will make you regret your choices later.

Failure to reply to this email in 48 hours will have serious consequences.

 User's IP Address: 46.165.197.1 ( Maybe This is VPN ) .

===================
Please Help me , How to Block this Hacker ?

Thanks in Advance .
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 11, 2016, 01:50:59 PM
 #2868

I Need Help !

Recently I Received this Message From Unknown Hacker .

" fullname: The Hacker
  email: zmkpexjf@clrmail.com
  message: Hello , I have a bitcoin faucet script that i can use to hack your website anytime i want to, but if you will pay me 0.05 bitcoins to this address 1Nfff9b6Ao9W5HpcCUz5h8oPPfxRGSDrw i will not hack your website anymore and leave you alone. If you decide to not cooperate and follow my demands i will make you regret your choices later.

Failure to reply to this email in 48 hours will have serious consequences.

 User's IP Address: 46.165.197.1 ( Maybe This is VPN ) .

===================
Please Help me , How to Block this Hacker ?

Thanks in Advance .

There's nothing really you can do. My guesses are:

1. they really have found a vulnerability in your faucet and will somehow exploit it, but it doesn't stop them from doing this after you pay them
2. they'll just DDoS your faucet, but they'll just keep extorting you after you pay the first time
3. (most likely IMHO) they don't have any "script to hack your website"

So... don't pay and hope for the best.

EDIT: I do recommend though changing all your passwords, just to be sure.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 11, 2016, 01:59:58 PM
 #2869

My Faucetbox Password OR Database Password ?

All of them. FaucetBOX.com password, database password, email password...

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
Racey
Legendary
*
Offline Offline

Activity: 1134
Merit: 1000


Soon, I have to go away.


View Profile
October 11, 2016, 02:47:07 PM
 #2870

^ @Safi3529  Some information about the IP

https://www.stopforumspam.com/ipcheck/46.165.197.1

And its gone.
Safi3529
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
October 11, 2016, 02:50:40 PM
 #2871

^ @Safi3529  Some information about the IP

https://www.stopforumspam.com/ipcheck/46.165.197.1

Thank You so much But How to Block this Hacker ?

Please Help me if someone know the method .
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 11, 2016, 04:18:05 PM
 #2872

^ @Safi3529  Some information about the IP

https://www.stopforumspam.com/ipcheck/46.165.197.1

Thank You so much But How to Block this Hacker ?

Please Help me if someone know the method .

There's no proof that he is a hacker. He's probably just lying to scare you into paying. Ignore him, that's the best way to block him.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
Safi3529
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
October 11, 2016, 04:25:01 PM
 #2873

He is a hacker because he withdraw 100 satoshi every second from my faucet while I give 30 satoshi per minute .

There is my faucet .

http://101freebitcoin.us
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 11, 2016, 04:28:06 PM
 #2874

He is a hacker because he withdraw 100 satoshi every second from my faucet while I give 30 satoshi per minute .

There is my faucet .

http://101freebitcoin.us

Did you write your faucet script yourself?

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
Safi3529
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
October 11, 2016, 04:29:40 PM
 #2875

No . from Faucetbox Vr65 .

I just include login and register system
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 12, 2016, 09:26:36 AM
 #2876

No . from Faucetbox Vr65 .

I just include login and register system

https://faucetbox.com/en/security-guide

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
ahmedjadoon
Legendary
*
Offline Offline

Activity: 1414
Merit: 1000


View Profile
October 12, 2016, 05:50:43 PM
 #2877

You have taken down a-ads ad spot on your website so please remove Ad Unit #241774 from a-ads.
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 12, 2016, 05:53:06 PM
 #2878

You have taken down a-ads ad spot on your website so please remove Ad Unit #241774 from a-ads.


How can I do that? I didn't find such option on a-ads unfortunately.

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
alfaboy23
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
October 15, 2016, 11:50:59 PM
 #2879

Good day fellas!

This last few days, everytime I access Faucetbox.com to check my wallet address in my mobile browser, I'm redirected into this:


Anyone experienced this on Faucetbox?
Kazuldur (OP)
Legendary
*
Offline Offline

Activity: 971
Merit: 1000


View Profile
October 16, 2016, 12:15:47 AM
 #2880

Good day fellas!

This last few days, everytime I access Faucetbox.com to check my wallet address in my mobile browser, I'm redirected into this:

Anyone experienced this on Faucetbox?

Huh, the new ad network we're using must be doing that. I'll see what we can do to fix that (in worst case we'll change the network, such redirects are unacceptable for us).

Unless stated otherwise, all opinions are of my own, not FaucetBOX.com's.
Pages: « 1 ... 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 [144] 145 146 147 148 149 150 151 152 153 154 155 156 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!