[Updated 19/Jul/2016] Faucet Owners Against Scammers and Bots

[rkandrades]

How do you know if those addresses are suspicious ?

The same guy used these address sequentially this evening.

I was watiching his beahvior through social networks while He shared a lot of links of my faucet.

[1714911579]

1714911579

[1714911579]

1714911579

[Gifted]

How do you know if those addresses are suspicious ?

The same guy used these address sequentially this evening.

I was watiching his beahvior through social networks while He shared a lot of links of my faucet.

so he's sharing your page to get the claim button and it the same account sharing on social media???  Thats good enough to me to know hes using VPN or TOR

[rkandrades]

How do you know if those addresses are suspicious ?

The same guy used these address sequentially this evening.

I was watiching his beahvior through social networks while He shared a lot of links of my faucet.

so he's sharing your page to get the claim button and it the same account sharing on social media???  Thats good enough to me to know hes using VPN or TOR

I think some of them are just reseting their modem to get a new IP.

They are using different bitcoin address too...

Do you use some technique or tool to block TOR users ind addintion to the htaccess?

[LosingAlpha]

I think some of them are just reseting their modem to get a new IP.

They are using different bitcoin address too...

Do you use some technique or tool to block TOR users?

If you're not protected against that kind of thing already, you'll be paying hundreds of thousands, possibly millions out to guys coming in from hosting providers. Amazon AWS is a common one they use.

But yeah to a lesser extent you'll be getting hit by people with access to IP ranges too. I can post code snippets to sort that stuff out when I'm on a PC in a few hours, but I'd also suggest you use google analytics or something similar to get visibility of the networks which are causing you problems.

[Racey]

My wallet id is blocked on Bitconker as is others, see for ref https://bitcointalk.org/index.php?topic=1159864.msg12218506#msg12218506
I do not know about bots nor do I scam any faucet, I use another wallet now on there and all is ok, but if I cannot use my old wallet as its still blocked.

I did send the owner email but he just ignored it, the only faucet Admin ever to not answer why.

I did have issues with other faucets once upon a time, as some of them had never heard of my browser (Maxthon) Once I got in touch with them, it all got resolved.

So I guess if I never, I would still be banned from those websites.

Can you be really sure that all those addys are bots and scammers? 100%

[Gifted]

I think some of them are just reseting their modem to get a new IP.

They are using different bitcoin address too...

Do you use some technique or tool to block TOR users?

If you're not protected against that kind of thing already, you'll be paying hundreds of thousands, possibly millions out to guys coming in from hosting providers. Amazon AWS is a common one they use.

But yeah to a lesser extent you'll be getting hit by people with access to IP ranges too. I can post code snippets to sort that stuff out when I'm on a PC in a few hours, but I'd also suggest you use google analytics or something similar to get visibility of the networks which are causing you problems.

Dont block AWS if you are using funcapthca because thats what they use

[Gifted]

Faucets use btc address and ip's to make sure people are not scamming....what else can we use for this problem??

[Gifted]

Maybe if our faucet could get the computer name as well if its possible

[BitMaxz]

I think the address is not using anymore or the owner is generating new wallet address...

[rkandrades]

Guys... How are you blocking Proxy Servers?

I tried to block by PHP codes and htaccess. No success.

[Gifted]

This will kill 99% of proxy servers...put this in your htaccess file

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]


source:  https://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/

[rkandrades]

My wallet id is blocked on Bitconker as is others, see for ref https://bitcointalk.org/index.php?topic=1159864.msg12218506#msg12218506
I do not know about bots nor do I scam any faucet, I use another wallet now on there and all is ok, but if I cannot use my old wallet as its still blocked.

I did send the owner email but he just ignored it, the only faucet Admin ever to not answer why.

I did have issues with other faucets once upon a time, as some of them had never heard of my browser (Maxthon) Once I got in touch with them, it all got resolved.

So I guess if I never, I would still be banned from those websites.

Can you be really sure that all those addys are bots and scammers? 100%

No. I'm not sure. But I'm getting good results acting this way.

I think some of them are just reseting their modem to get a new IP.

They are using different bitcoin address too...

Do you use some technique or tool to block TOR users?

If you're not protected against that kind of thing already, you'll be paying hundreds of thousands, possibly millions out to guys coming in from hosting providers. Amazon AWS is a common one they use.

But yeah to a lesser extent you'll be getting hit by people with access to IP ranges too. I can post code snippets to sort that stuff out when I'm on a PC in a few hours, but I'd also suggest you use google analytics or something similar to get visibility of the networks which are causing you problems.

TOR is blocked for my faucet now. I will keep the TOR IPs blacklist updated every week. This is the best I can do for now... :T

This will kill 99% of proxy servers...put this in your htaccess file

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]


source:  https://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/

Thank you. But I am already using this code.

The problem is that I tested my site with the 3 first proxies retrieved by Google and all of them accessed normally my faucet.

Are you having this problem too?

[rkandrades]

Following two more scam address:

1mf8XF6cM777vkGm47KVMsSRgkmaApt9f
1BgQKKqWLXHjUXq8k8858pr9UjLcdzMUMi

[rkandrades]

Guys... I'm paying a lot of referrals for these two address:

17dzhZ3JG5jfKMd45BowS1Pr1cH9FW8zzK
1CMam3ZHtFysv3jvLfzrDraXy4dNGDKQJv

How could I identify if they are bots/scammers or legit?

[Gifted]

Guys... I'm paying a lot of referrals for these two address:

17dzhZ3JG5jfKMd45BowS1Pr1cH9FW8zzK
1CMam3ZHtFysv3jvLfzrDraXy4dNGDKQJv

How could I identify if they are bots/scammers or legit?

  I doubt they are bots.  Bots dont waste there time with refs...someone probably has your faucet on a list of there

[rkandrades]

Guys... I'm paying a lot of referrals for these two address:

17dzhZ3JG5jfKMd45BowS1Pr1cH9FW8zzK
1CMam3ZHtFysv3jvLfzrDraXy4dNGDKQJv

How could I identify if they are bots/scammers or legit?

 I doubt they are bots.  Bots dont waste there time with refs...someone probably has your faucet on a list of there

But none of their referrals really share my faucet. They o tricks...

In addintion to, they dont are shown as referrals on my Google Analytics. THey are shown as direct access. They sent me a lot of user and I cant se from where through the Analytics tool.

Doesn't seem weird for you?

take a look on their very huge super monster fucker referrals gains in FaucetBox.

[LosingAlpha]

Dont block AWS if you are using funcapthca because thats what they use

Funcaptcha's not opening up your site to work, your script just needs to talk out to it.

You can just target it by name (and add conditionals for whatever other networks are causing problems)

Code:

$remoteHostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if(strpos($remoteHostname, 'amazonaws') !== false)die("No AWS, later jabroni!");

You'll also want to sort out nearby IPs, on faucetbox after $sql has been set up you can do something like this - I'm just matching IPs in the database to the visitor's IP minus the last digit here so it's not very sophisticated, but a lot of people with access to IP ranges are willing to chance their arm. You may get the odd false positive here and there, but it'll cut down on the abuse:

Code:

$partialIP = substr($_SERVER['REMOTE_ADDR'], 0, strlen($_SERVER['REMOTE_ADDR'])-1);
$matchedIPs = $sql->query("SELECT COUNT(*) FROM `Faucetinabox_IPs` WHERE `ip` LIKE '".$partialIP."%'")->fetch();
if($matchedIPs[0]>1)die("You look shady, sorry bro.");

Guys... How are you blocking Proxy Servers?

I tried to block by PHP codes and htaccess. No success.

It's impossible without a list of their IP addresses so I just didn't bother. Rewrite rules or checking headers in PHP won't get you very far because you're relying on the proxy telling you it's a proxy, you can't rely on that.

[rkandrades]

Dont block AWS if you are using funcapthca because thats what they use

Funcaptcha's not opening up your site to work, your script just needs to talk out to it.

You can just target it by name (and add conditionals for whatever other networks are causing problems)

Code:

$remoteHostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if(strpos($remoteHostname, 'amazonaws') !== false)die("No AWS, later jabroni!");

You'll also want to sort out nearby IPs, on faucetbox after $sql has been set up you can do something like this - I'm just matching IPs in the database to the visitor's IP minus the last digit here so it's not very sophisticated, but a lot of people with access to IP ranges are willing to chance their arm. You may get the odd false positive here and there, but it'll cut down on the abuse:

Code:

$partialIP = substr($_SERVER['REMOTE_ADDR'], 0, strlen($_SERVER['REMOTE_ADDR'])-1);
$matchedIPs = $sql->query("SELECT COUNT(*) FROM `Faucetinabox_IPs` WHERE `ip` LIKE '".$partialIP."%'")->fetch();
if($matchedIPs[0]>1)die("You look shady, sorry bro.");

Guys... How are you blocking Proxy Servers?

I tried to block by PHP codes and htaccess. No success.

It's impossible without a list of their IP addresses so I just didn't bother. Rewrite rules or checking headers in PHP won't get you very far because you're relying on the proxy telling you it's a proxy, you can't rely on that.

But if I try to block a huge list of known proxy servers by IP in the htaccess? Won't it work?

I think this is a good alternative way.

[examplens]

Following two more scam address:

1mf8XF6cM777vkGm47KVMsSRgkmaApt9f
1BgQKKqWLXHjUXq8k8858pr9UjLcdzMUMi

i think that is better option to update your first post, not than to add in single separate post.
anyway thanks for sharing your info with us

[minifrij]

This will kill 99% of proxy servers...put this in your htaccess file

snip

No, it won't. Anyone that is running a proxy server should know how to fake HTTP headers on requests, the things that this code is checking for. It will perhaps block about 1% of proxy owners that have no idea what they're doing.

Dont block AWS if you are using funcapthca because thats what they use

As said blocking AWS would have no problems with using FunCaptcha or anything else running on an AWS web server. By blocking AWS you would be (I hope) checking the incoming information of a visitor then checking if the IP resolves to an AWS address, then blocking if necessary. While using FunCaptcha, it never actually visits your site. The FunCaptcha code runs in the back end and communicates with your website, therefore not being affected by any AWS blocks.

Also, I would just like to point out, trying to stop bots by blocking BTC addresses is futile; an attacker can just create a new Bitcoin address automatically and use that one in the case of the previous being blocked. It is likely more of an inconvenience to you blocking them than to the attacker.