rkandrades (OP)
Sr. Member
 Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
 |
November 07, 2015, 03:49:26 PM |
|
OK, well I wanted to keep the ips in the database to remove load
AFAIK it wouldn't make much of a difference if you had the IPs in a database to be called or in your .htaccess file. The only difference I could imagine increasing load is it if were reading and writing from a txt document constantly. Neither of these options does that, so you should be fine. Of courser there are some differences: 1. In htcaccess you will put the IPs manually. Is a little more hard to automate a script to write into htaccess (and this will cause more load). Then you cant make a real-time grow of your blacklist using the htaccess manually. 2. Into your database you can save more information like day and time of the incoming bad IP, how many time this IP attacked you, etc. You could do statistics. 3. Querying your database, you are mre flexible to put your check code where you want. If you just want to check an IP when it completes a claim action, for example. With htaccess you can not do this. |
|
|
|
jjavmk
Newbie
Offline
Activity: 18
Merit: 0
|
|
November 07, 2015, 03:51:16 PM |
|
We want to share this small contribution, because in the database does not leave us in some cases to save more than 1900 wallet bot log in address_ban_list I made a change to be enabled to save more than 100 thousand wallet bot.
I explain:
Enter the phpmyadmin then seek Faucetinabox_Setting structure table, the value field give change instead of TEXT and placed MEDIUMTEXT
Then the index of the root seek the line of code
$default_data_query = <<<QUERY
create table if not exists Faucetinabox_Settings (
`name` varchar(64) not null,
`value` text not null,
primary key(`name`)
);
Change the text by being so MEDIUMTEXT, being so
$default_data_query = <<<QUERY
create table if not exists Faucetinabox_Settings (
`name` varchar(64) not null,
`value` mediumtext not null,
primary key(`name`)
);
Now if they can save many wallet bot to be blocked
|
|
|
|
|
minifrij
Legendary
Offline
Activity: 2352
Merit: 1268
In Memory of Zepher
|
|
November 07, 2015, 04:11:50 PM |
|
Of courser there are some differences:
1. In htcaccess you will put the IPs manually. Is a little more hard to automate a script to write into htaccess (and this will cause more load). Then you cant make a real-time grow of your blacklist using the htaccess manually.
2. Into your database you can save more information like day and time of the incoming bad IP, how many time this IP attacked you, etc. You could do statistics.
3. Querying your database, you are mre flexible to put your check code where you want. If you just want to check an IP when it completes a claim action, for example. With htaccess you can not do this.
That's true, though I was more referring to the difference on the load on the server. |
|
|
|
|
|
|
pickupcoin
Legendary
Offline
Activity: 1203
Merit: 1000
|
|
November 07, 2015, 10:00:48 PM |
|
i send you on PM checked TOR ip lists on my faucets, and if you found something new..  i am not sure for this about block entire country, i am block only Ukraine because have some attack from here and lot of the claim visitors without banner click or very pitiful ads payback if you want "deny Ukraine" lists for .htassess shot me PM |
|
|
|
|
|
misterbit
|
|
November 07, 2015, 10:34:18 PM |
|
I think this is the best way of blocking countries http://www.geoplugin.com/Create a php with the following contents and call it geoplugin.class.php <?php
class geoPlugin {
//the geoPlugin server
var $host = 'http://www.geoplugin.net/php.gp?ip={IP}&base_currency={CURRENCY}';
//the default base currency
var $currency = 'USD';
//initiate the geoPlugin vars
var $ip = null;
var $city = null;
var $region = null;
var $areaCode = null;
var $dmaCode = null;
var $countryCode = null;
var $countryName = null;
var $continentCode = null;
var $latitude = null;
var $longitude = null;
var $currencyCode = null;
var $currencySymbol = null;
var $currencyConverter = null;
function geoPlugin() {
}
function locate($ip = null) {
global $_SERVER;
if ( is_null( $ip ) ) {
$ip = $_SERVER['REMOTE_ADDR'];
}
$host = str_replace( '{IP}', $ip, $this->host );
$host = str_replace( '{CURRENCY}', $this->currency, $host );
$data = array();
$response = $this->fetch($host);
$data = unserialize($response);
//set the geoPlugin vars
$this->ip = $ip;
$this->city = $data['geoplugin_city'];
$this->region = $data['geoplugin_region'];
$this->areaCode = $data['geoplugin_areaCode'];
$this->dmaCode = $data['geoplugin_dmaCode'];
$this->countryCode = $data['geoplugin_countryCode'];
$this->countryName = $data['geoplugin_countryName'];
$this->continentCode = $data['geoplugin_continentCode'];
$this->latitude = $data['geoplugin_latitude'];
$this->longitude = $data['geoplugin_longitude'];
$this->currencyCode = $data['geoplugin_currencyCode'];
$this->currencySymbol = $data['geoplugin_currencySymbol'];
$this->currencyConverter = $data['geoplugin_currencyConverter'];
}
function fetch($host) {
if ( function_exists('curl_init') ) {
//use cURL to fetch data
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $host);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, 'geoPlugin PHP Class v1.0');
$response = curl_exec($ch);
curl_close ($ch);
} else if ( ini_get('allow_url_fopen') ) {
//fall back to fopen()
$response = file_get_contents($host, 'r');
} else {
trigger_error ('geoPlugin class Error: Cannot retrieve data. Either compile PHP with cURL support or enable allow_url_fopen in php.ini ', E_USER_ERROR);
return;
}
return $response;
}
function convert($amount, $float=2, $symbol=true) {
//easily convert amounts to geolocated currency.
if ( !is_numeric($this->currencyConverter) || $this->currencyConverter == 0 ) {
trigger_error('geoPlugin class Notice: currencyConverter has no value.', E_USER_NOTICE);
return $amount;
}
if ( !is_numeric($amount) ) {
trigger_error ('geoPlugin class Warning: The amount passed to geoPlugin::convert is not numeric.', E_USER_WARNING);
return $amount;
}
if ( $symbol === true ) {
return $this->currencySymbol . round( ($amount * $this->currencyConverter), $float );
} else {
return round( ($amount * $this->currencyConverter), $float );
}
}
function nearby($radius=10, $limit=null) {
if ( !is_numeric($this->latitude) || !is_numeric($this->longitude) ) {
trigger_error ('geoPlugin class Warning: Incorrect latitude or longitude values.', E_USER_NOTICE);
return array( array() );
}
$host = "http://www.geoplugin.net/extras/nearby.gp?lat=" . $this->latitude . "&long=" . $this->longitude . "&radius={$radius}";
if ( is_numeric($limit) )
$host .= "&limit={$limit}";
return unserialize( $this->fetch($host) );
}
}
?>
Now create a file named geoip.php add inside <?php
require_once('geoplugin.class.php');
$geoplugin = new geoPlugin();
$geoplugin->locate();
$country_code = $geoplugin->countryCode;
switch($country_code) {
case 'UA': //Ukraine
header('Location: http://example.com');
exit;
}
?>
'UA' is the country code that gets on the same page by putting the ip below. To add a new country case 'CODE': //Other
header('Location: http://example.com');
exit;
Then wherever you want to run the blockade put geoip.php on <!DOCTYPE html> <?php include("geoip.php"); ?>
: There are some rotator cuff like ifaucet.net that do not allow the blocking of countries. |
|
|
|
|
|
misterbit
|
|
November 08, 2015, 12:18:22 AM |
|
Does several hours which does not update the torlist.txt, someone passes you the same?
|
|
|
|
|
|
misterbit
|
|
November 08, 2015, 07:08:17 AM |
|
It is the time of looters, protect their faucets!
|
|
|
|
|
rkandrades (OP)
Sr. Member
Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
|
November 09, 2015, 03:09:19 AM |
|
i send you on PM checked TOR ip lists on my faucets, and if you found something new.. i am not sure for this about block entire country, i am block only Ukraine because have some attack from here and lot of the claim visitors without banner click or very pitiful ads payback if you want "deny Ukraine" lists for .htassess shot me PM I think that block Ukraine is not enough since the bots use Proxies to attack faucets. The most used proxy servers are from USA or Europe because the faucets with GeoiP Location rewards pay more for these countries. Combine the country block with other techniques to have more chance to block bots. --- In addition to this I just added a new white listed IP addres to the OP: 1EaHa6BCV7twxnPJuyPYaKi4fb5ZuGWUHp This is a good referral address. Please, white list it. I discovered some bots in the internet recently. I will study those programs to understand How we can block them. The problem is that I'm timeless this month. As soon as possible I will post here the good news about this job. |
|
|
|
FaucetEnthusiast
Newbie
Offline
Activity: 2
Merit: 0
|
|
November 09, 2015, 07:05:15 PM
Last edit: November 09, 2015, 07:29:28 PM by FaucetEnthusiast |
|
Hello there. First of all, thanks for this post. As I will launch soon my very first faucet, it helps me a lot in order to avoid my faucetto be dry by bots. But I need some clarifications about this: Real AntiBot LinksDownload & unpack: http://bit.makejar.com/labs/anti-bot-links-200/antibotlinks.zipFiles to add:
/libs/antibotlinks.php
Files to edit:
/index.php
/templates/*theme-name*/index.php
Ok, let's start.
First make a backup of your faucet (everything could go wrong, better safe than sorry).
Then
Copy:
antibotlinks.php
To:
/libs/antibotlinks.php
Now you will need to edit 2 files. I suggest using Notepad++ https://notepad-plus-plus.org/ to edit files but any good editor will do the job.
This is based on FB R60 but should work with newer/older versions.
Open:
/index.php
Find:
$data['captcha_info'] = $captcha;
add after:
# AntiBotLinks
require_once('libs/antibotlinks.php');
$antibotlinks = new antibotlinks(true);// true if GD is on on the server, false is less secure
if (array_key_exists('address', $_POST)) {
if (!$antibotlinks->check()) {
$antibotlinks->generate(5, true);// number of links once they fail to solve min 3 - max 5, the second param MUST BE true
}
} else {
$antibotlinks->generate(3);// initial number of links min 3 - max 5
}
Find:
$data['captcha_valid'] &&
add after:
# AntiBotLinks
$antibotlinks->is_valid() &&
Open:
/templates/*theme-name*/index.php
Find:
</head>
Add before:
<?php
# AntiBotLinks START
?>
<script style="text/javascript">
$(function() {
var clicks = 0;
$('.antibotlinks').click(function() {
clicks++;
$('#antibotlinks').val($('#antibotlinks').val()+' '+$(this).attr('rel'));
if(clicks == <?php echo $antibotlinks->get_link_count(); ?>) {
var rand = Math.floor((Math.random() * clicks) + 1);
var button = '<input type="submit" class="btn btn-primary btn-lg" value="Get Reward!">';
var z=0;
$('.antibotlinks').each(function(){
z++;
if (z==rand) {
$(this).replaceWith(button);
}
});
}
$(this).hide();
return false;
});
});
</script>
<?php
# AntiBotLinks END
?>
Find:
<?php if(!$data["captcha_valid"]): ?>
<p class="alert alert-danger">Invalid captcha code!</p>
<?php endif; ?>
Add after (the input field must be between <form> and </form>):
<?php
# AntiBotLinks START
?>
<input type="hidden" name="antibotlinks" id="antibotlinks" value="" />
<?php if(!$antibotlinks->is_valid()): ?>
<p class="alert alert-danger">Invalid AntiBot verification!</p>
<?php endif; ?>
<?php
# AntiBotLinks END
?>
Somewhere between <form> and </form> add (you need to do it 5 times, this is where the links will appear):
<?php
# AntiBotLinks START
?>
<?php echo $antibotlinks->show_link(); ?>
<?php
# AntiBotLinks END
?>
And finally remove the default CLAIM button :) What are supposed to be the effect of this one ? I don't know if I do right but I've got this appearing on my faucet: https://i.imgur.com/jxcVefV.pngAnd when I tried to claim from my faucet, I've got this one appearing: https://i.imgur.com/K5VPo1f.pngIs this supposed to happen ? If not, can you tell me where I could be wrong. Thanks for your answers |
|
|
|
|
minifrij
Legendary
Offline
Activity: 2352
Merit: 1268
In Memory of Zepher
|
|
November 09, 2015, 07:10:16 PM |
|
snip
It seems that you're trying to show us thumbnail images rather than the full size. Try using a simple uploader like Imgur to upload your images and we can try to help you. |
|
|
|
|
|
LosingAlpha
|
|
November 09, 2015, 07:15:28 PM |
|
Those antibot links are a puzzle made to be difficult for machines to solve, but easy for humans.
In other words, they're a captcha, except they're more annoying because the user has to hunt around all over page. So why not just use a second captcha?
|
|
|
|
FaucetEnthusiast
Newbie
Offline
Activity: 2
Merit: 0
|
|
November 09, 2015, 07:18:30 PM
Last edit: November 09, 2015, 07:32:42 PM by FaucetEnthusiast |
|
snip
It seems that you're trying to show us thumbnail images rather than the full size. Try using a simple uploader like Imgur to upload your images and we can try to help you. Oh, my bad. I edit my post with full size links. Thanks minifrij. |
|
|
|
|
|
grosminer
|
|
November 10, 2015, 04:59:23 PM |
|
A new suspicious ip appeared in my logs since november:
77.222.106.36 9000 hits in 4 days only..
And the faucet got milked.. i'm not sure yet but this ip looks really suspicious
~ Hi, friend. I checked this IP for suspicious activities in the internet (SPAM, BOTs and Malicious attacks) and then I did some tests to check if it is a proxy IP. I didn't found anything about this IP. It seems to be a normal IP. However, it is a Russian IP. If I was you I would keep on open eye on my logs to monitor this IP actions... Hi , thanks for the checkup. I'll keep checking |
|
|
|
|
|
grosminer
|
|
November 10, 2015, 05:23:54 PM |
|
New suspicious IP's and wallet address
37.53.226.42
46.98.124.237
178.44.218.154
With same ref: 15WYfNSFQ6GiB9gHMj8fC58WqPAUb1W4Kp 1 hit every minute for 3 hours in a row.
Still under investigation...
|
|
|
|
|
|
nawaraj
|
|
November 11, 2015, 10:15:00 AM |
|
Where I have to create .htaccess file to do all thing which you mentation on first page.
|
|
|
|
|
minifrij
Legendary
Offline
Activity: 2352
Merit: 1268
In Memory of Zepher
|
|
November 11, 2015, 10:16:54 AM |
|
Where I have to create .htaccess file to do all thing which you mentation on first page.
Just create it in the root directory of your site, where your index.php is. Just create a file called '.htaccess' and put the code in the first post inside that file. |
|
|
|
|
|
nawaraj
|
|
November 11, 2015, 10:37:05 AM |
|
I think there are 4 index.php in the script . I have to create ".htaccess" near to first index.php where libs located or I have to create this on currently using template.
|
|
|
|
|
rkandrades (OP)
Sr. Member
Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
|
November 11, 2015, 11:03:37 AM |
|
I think there are 4 index.php in the script . I have to create ".htaccess" near to first index.php where libs located or I have to create this on currently using template.
You Shoould create the .htaccess file into the main/root directory. I mean next to the first index.php (not the templates index.php). Remember to check others ways to block attacks by .htaccess file in the internet. There are many implementations to make in this file aiming to get a higger security. It is a powerfull resource if you know how to use it. |
|
|
|
rkandrades (OP)
Sr. Member
Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
|
November 11, 2015, 11:37:40 AM |
|
New suspicious IP's and wallet address
37.53.226.42
46.98.124.237
178.44.218.154
With same ref: 15WYfNSFQ6GiB9gHMj8fC58WqPAUb1W4Kp 1 hit every minute for 3 hours in a row.
Still under investigation...
Friend, I just checked those three IPs with some public malicious records databases in the internet and I didn't found any proof to consider them bad IPs. Of course t doesn't means that they are safe. But we don't have how to guarantee this. About the 15WYfNSFQ6GiB9gHMj8fC58WqPAUb1W4Kp address. I just looked at its Faucetbox historic and it hasn't a bot/scam behavior. For me it seems to be a normal bitcoin address. I hope these information are helpful to you. Good luck! |
|
|
|
|
