felicita
Legendary
Offline
Activity: 1582
Merit: 1031
|
|
August 18, 2016, 04:48:10 PM |
|
you can test here with a proxy !it blocks only ISP so it will only bann Servers no real users !!! http://yannik.biz/vpntest.phpif you get good isp but u using a proxy give me the proxy ip and i can add this to my blocklist soon we will block all bots !! kind regards
|
|
|
|
|
|
|
|
If you want to be a moderator, report many posts with accuracy. You will be noticed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
vartox
Newbie
Offline
Activity: 41
Merit: 0
|
|
August 18, 2016, 05:14:24 PM |
|
Just noticed that I have no protection against scammers and bots on my facet, thanks for this epic thread
|
|
|
|
alfaboy23
|
|
August 19, 2016, 12:08:41 AM |
|
you can test here with a proxy !it blocks only ISP so it will only bann Servers no real users !!! http://yannik.biz/vpntest.phpif you get good isp but u using a proxy give me the proxy ip and i can add this to my blocklist soon we will block all bots !! kind regards I'm using a proxy, but still says "good isp". I think you missed the ISP named Hurricane Electric.
|
|
|
|
felicita
Legendary
Offline
Activity: 1582
Merit: 1031
|
|
August 19, 2016, 01:51:54 PM |
|
you can test here with a proxy !it blocks only ISP so it will only bann Servers no real users !!! http://yannik.biz/vpntest.phpif you get good isp but u using a proxy give me the proxy ip and i can add this to my blocklist soon we will block all bots !! kind regards I'm using a proxy, but still says "good isp". I think you missed the ISP named Hurricane Electric. thanks for this great infromation . Added this to the blocklist . Can you name the proxy u used ? kind regards
|
|
|
|
alfaboy23
|
|
August 20, 2016, 12:37:54 AM |
|
you can test here with a proxy !it blocks only ISP so it will only bann Servers no real users !!! http://yannik.biz/vpntest.phpif you get good isp but u using a proxy give me the proxy ip and i can add this to my blocklist soon we will block all bots !! kind regards I'm using a proxy, but still says "good isp". I think you missed the ISP named Hurricane Electric. thanks for this great infromation . Added this to the blocklist . Can you name the proxy u used ? kind regards It's a Windows application called Freegate by Dynaweb. It uses the Hurricane Electric as ISP.
|
|
|
|
alfaboy23
|
|
August 28, 2016, 10:57:57 AM Last edit: August 29, 2016, 08:07:32 AM by alfaboy23 |
|
I just want to add this for a little security to Xapo faucet script: First, find this in your /index.php on your root directory: if ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_POST["new_password"])) {
$view['main']['result_html'] = ''; $view['main']['waiting_time'] = 0; $success = "false"; $ip = get_ip();
Just after that, place this: $disallowedWords = array( 'yandex.', 'inbox.', 'mail.', 'ukr.net', 'bigmir.net', 'meta.ua' ); // Search for disallowed words. foreach ($disallowedWords as $xword) { if (strpos($_POST['username'], $xword) !== false) { $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p><b>The e-mail you are using is not allowed!</font></b></p></div></div>'; $message = "Forbidden"; goto error; } }
It will not allow the e-mail addresses with that specified word. You can also specify whole e-mail addresses. I hope it will help even just a little.
|
|
|
|
BitBustah
|
|
August 28, 2016, 07:27:12 PM |
|
you can test here with a proxy !it blocks only ISP so it will only bann Servers no real users !!! http://yannik.biz/vpntest.phpif you get good isp but u using a proxy give me the proxy ip and i can add this to my blocklist soon we will block all bots !! kind regards "nothing to look here !" Is that good or bad?
|
|
|
|
FaucetRank.com
|
|
August 29, 2016, 03:21:09 AM |
|
I'm again saying blocking proxy is not solution for bots you have to be tricky to flight with them I also tired many ip blocking tricks but did not get the success because bot may come from any country and you can't block all countries just to keep your faucet live, you also have to earn money from your traffic.
|
| | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | .SCAMMERS. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ .EXPOSED. | | | | | | . ▄▄▄▄▄▄▄▄ | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | |
|
|
|
|
NeedIfFindIt
|
|
September 09, 2016, 08:30:25 PM |
|
Bots are insane today 50% of the claims from a ~100 satoshi faucet with nastyhosts disabled + no anti bot links. They continue to try even when I stopped paying them a week ago. I've port scanned few of the bot IPs - no open ports at all He probably uses "port knocking". The only common thing between his IPs is that they are not pingable (it is not really practical to check for this). confirmed: - the default puzzles of anti-bot links 2.x are broken - either delete the default ones and create your own or upgrade to 5.01 - once the antibotlinks 5+ is in place (make sure ttf/otf fonts work) the bot will stop trying to claim (I hope for long).
|
|
|
|
catcatcatcaty
|
|
September 09, 2016, 08:51:11 PM |
|
Bots are insane today 50% of the claims from a ~100 satoshi faucet with nastyhosts disabled + no anti bot links. They continue to try even when I stopped paying them a week ago. I've port scanned few of the bot IPs - no open ports at all He probably uses "port knocking". The only common thing between his IPs is that they are not pingable (it is not really practical to check for this). confirmed: - the default puzzles of anti-bot links 2.x are broken - either delete the default ones and create your own or upgrade to 5.01 - once the antibotlinks 5+ is in place (make sure ttf/otf fonts work) the bot will stop trying to claim (I hope for long). looking at that screenshot - what is waterfallmanager? how to use it in my faucet? it looks effective against bots!
|
|
|
|
NeedIfFindIt
|
|
September 09, 2016, 09:39:47 PM |
|
Bots are insane today 50% of the claims from a ~100 satoshi faucet with nastyhosts disabled + no anti bot links. They continue to try even when I stopped paying them a week ago. I've port scanned few of the bot IPs - no open ports at all He probably uses "port knocking". The only common thing between his IPs is that they are not pingable (it is not really practical to check for this). confirmed: - the default puzzles of anti-bot links 2.x are broken - either delete the default ones and create your own or upgrade to 5.01 - once the antibotlinks 5+ is in place (make sure ttf/otf fonts work) the bot will stop trying to claim (I hope for long). looking at that screenshot - what is waterfallmanager? how to use it in my faucet? it looks effective against bots! It is still in development (planned to be paid service since it uses alot of resources) but it is not perfect for now. Today it screwed 3 legit users Maybe in a week or two I'll start a beta with all the users that have helped in the past few months and if everything is ok I'll make it available to everybody else.
|
|
|
|
sabotag3x
Legendary
Online
Activity: 2534
Merit: 2170
Crypto Swap Exchange
|
|
September 10, 2016, 12:55:12 PM |
|
Bots are insane today 50% of the claims from a ~100 satoshi faucet with nastyhosts disabled + no anti bot links. They continue to try even when I stopped paying them a week ago. I've port scanned few of the bot IPs - no open ports at all He probably uses "port knocking". The only common thing between his IPs is that they are not pingable (it is not really practical to check for this). confirmed: - the default puzzles of anti-bot links 2.x are broken - either delete the default ones and create your own or upgrade to 5.01 - once the antibotlinks 5+ is in place (make sure ttf/otf fonts work) the bot will stop trying to claim (I hope for long). Same here, my faucet is dry(2-3 days) and still have ~1500 visits from bots.. I think they have a faucetlist and keep trying to enter/claim in everyone I was using a big blacklist, well it ban real user too, however it can stop a lot of bots.. I'm waiting your defense system be ready to everyone!
|
|
|
|
felicita
Legendary
Offline
Activity: 1582
Merit: 1031
|
|
September 10, 2016, 06:26:51 PM |
|
Bots are insane today 50% of the claims from a ~100 satoshi faucet with nastyhosts disabled + no anti bot links. They continue to try even when I stopped paying them a week ago. I've port scanned few of the bot IPs - no open ports at all He probably uses "port knocking". The only common thing between his IPs is that they are not pingable (it is not really practical to check for this). confirmed: - the default puzzles of anti-bot links 2.x are broken - either delete the default ones and create your own or upgrade to 5.01 - once the antibotlinks 5+ is in place (make sure ttf/otf fonts work) the bot will stop trying to claim (I hope for long). looking at that screenshot - what is waterfallmanager? how to use it in my faucet? it looks effective against bots! It is still in development (planned to be paid service since it uses alot of resources) but it is not perfect for now. Today it screwed 3 legit users Maybe in a week or two I'll start a beta with all the users that have helped in the past few months and if everything is ok I'll make it available to everybody else. great to here this we need this ! iam also working on a VPN Defense !!http://shielded.cf/index.php?id=1but its not ready yet !! kind regards
|
|
|
|
sabotag3x
Legendary
Online
Activity: 2534
Merit: 2170
Crypto Swap Exchange
|
|
September 10, 2016, 08:01:58 PM |
|
Bots are insane today 50% of the claims from a ~100 satoshi faucet with nastyhosts disabled + no anti bot links. They continue to try even when I stopped paying them a week ago. I've port scanned few of the bot IPs - no open ports at all He probably uses "port knocking". The only common thing between his IPs is that they are not pingable (it is not really practical to check for this). confirmed: - the default puzzles of anti-bot links 2.x are broken - either delete the default ones and create your own or upgrade to 5.01 - once the antibotlinks 5+ is in place (make sure ttf/otf fonts work) the bot will stop trying to claim (I hope for long). looking at that screenshot - what is waterfallmanager? how to use it in my faucet? it looks effective against bots! It is still in development (planned to be paid service since it uses alot of resources) but it is not perfect for now. Today it screwed 3 legit users Maybe in a week or two I'll start a beta with all the users that have helped in the past few months and if everything is ok I'll make it available to everybody else. great to here this we need this ! iam also working on a VPN Defense !!http://shielded.cf/index.php?id=1but its not ready yet !! kind regards I thinked in your system too felicita, and other day I saw this topic https://bitcointalk.org/index.php?topic=1599533.0, is your alt account? Well, a lot of people trying to bring security for faucet owners, that's great!
|
|
|
|
CroSany
|
|
September 10, 2016, 08:06:44 PM |
|
I suggest you guys update your script or add some sort of email verification for users. I have reduced my botting almost completely since I implemented this change - in fact, I predict that most large faucets will need to implement such features if they are to survive.
The Faucetbox script as standard suits small-medium faucets, anyone offering more than 500 satoshi per hour is at risk.
You need to surgically remove bots and not delete large referral trees.
|
|
|
|
FaucetRank.com
|
|
September 12, 2016, 03:06:35 AM |
|
I just want to add this for a little security to Xapo faucet script: First, find this in your /index.php on your root directory: if ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_POST["new_password"])) {
$view['main']['result_html'] = ''; $view['main']['waiting_time'] = 0; $success = "false"; $ip = get_ip();
Just after that, place this: $disallowedWords = array( 'yandex.', 'inbox.', 'mail.', 'ukr.net', 'bigmir.net', 'meta.ua' ); // Search for disallowed words. foreach ($disallowedWords as $xword) { if (strpos($_POST['username'], $xword) !== false) { $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p><b>The e-mail you are using is not allowed!</font></b></p></div></div>'; $message = "Forbidden"; goto error; } }
It will not allow the e-mail addresses with that specified word. You can also specify whole e-mail addresses. I hope it will help even just a little. This is very useful code because recently I got bot attack from these domains email but now they gone forever because of this code. thanks for sharing this with us.
|
| | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | .SCAMMERS. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ .EXPOSED. | | | | | | . ▄▄▄▄▄▄▄▄ | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | |
|
|
|
viperzero
Member
Offline
Activity: 301
Merit: 10
|
|
September 18, 2016, 12:30:37 AM |
|
Bots are insane today 50% of the claims from a ~100 satoshi faucet with nastyhosts disabled + no anti bot links. They continue to try even when I stopped paying them a week ago. I've port scanned few of the bot IPs - no open ports at all He probably uses "port knocking". The only common thing between his IPs is that they are not pingable (it is not really practical to check for this). confirmed: - the default puzzles of anti-bot links 2.x are broken - either delete the default ones and create your own or upgrade to 5.01 - once the antibotlinks 5+ is in place (make sure ttf/otf fonts work) the bot will stop trying to claim (I hope for long). looking at that screenshot - what is waterfallmanager? how to use it in my faucet? it looks effective against bots! It is still in development (planned to be paid service since it uses alot of resources) but it is not perfect for now. Today it screwed 3 legit users Maybe in a week or two I'll start a beta with all the users that have helped in the past few months and if everything is ok I'll make it available to everybody else. great to here this we need this ! iam also working on a VPN Defense !!http://shielded.cf/index.php?id=1but its not ready yet !! kind regards I thinked in your system too felicita, and other day I saw this topic https://bitcointalk.org/index.php?topic=1599533.0, is your alt account? Well, a lot of people trying to bring security for faucet owners, that's great! I upgraded today to faucetbox R65 and NeeditFindit's antiBotlinks 5.01 is not working anymore. I posted a message to him and hopefully this will be sorted out soon. So don't upgrade yet if you have antibotlinks in use and plan to continue to use it. I made a small donation and hope everybody else makes the same so we can have an update to antibotlinks. Keep up the good work fighting against bots!
|
|
|
|
Butord
Member
Offline
Activity: 95
Merit: 10
|
|
September 18, 2016, 11:44:53 AM |
|
Hi, everyone. I know that faucetbox script has btc address block function but what the code for it? For ex. if I want to use the code to block some certain btc address on other faucet script could smn write what the code it can be?
|
|
|
|
MONKEYJUNK
|
|
September 18, 2016, 05:32:54 PM |
|
Hi, everyone. I know that faucetbox script has btc address block function but what the code for it? For ex. if I want to use the code to block some certain btc address on other faucet script could smn write what the code it can be?
Maybe it's this part of the code $security_settings = array(); $q = $sql->query("SELECT `name`, `value` FROM `Faucetinabox_Settings` WHERE `name` in ('ip_check_server', 'ip_ban_list', 'hostname_ban_list', 'address_ban_list')"); while($row = $q->fetch()) { if(stripos($row["name"], "_list") !== false) { $security_settings[$row["name"]] = array(); if(preg_match_all("/[^,;\s]+/", $row["value"], $matches)) { foreach($matches[0] as $m) { $security_settings[$row["name"]][] = $m; } } } else { $security_settings[$row["name"]] = $row["value"]; } }
if(!empty($_POST["mmc"])) { $_SESSION["mouse_movement_detected"] = true; die(); }
if($_SERVER["REQUEST_METHOD"] == "POST") { if($security_settings["ip_check_server"]) { if(!preg_match("#/$#", $security_settings["ip_check_server"])) { $security_settings["ip_check_server"] .= "/"; } }
And you will have to add the address to this table on sql 'address_ban_list'
|
|
|
|
|