〖ⓉⓊⓉⓄⓇⒾⒶⓁ〗 Stop Bots + Proxies From Using Your Faucet

[AlexAce420]

Everything in this tutorial is being used on my faucet. Check it out HERE to see it in action!

Step 1

In the root directory of your server, there should be a file called .htaccess, HERE'S WHAT MINE LOOKS LIKE Copy and paste it to yours.

This will block all the TOR relays/exit nodes from accessing your website. TOR is good to block because it's one of the main things people use to bypass your time limit. Just google "bypass faucet time limit" you will see that it's one of the ways people bypass your time limit.

To get an updated list of tor exit nodes visit https://www.dan.me.uk/torlist/

Here's a website to paste the IP's, it will generate the proper code for you. http://www.htaccesstools.com/block-ips/


Step Two

In your faucet template, ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php, place this code, anywhere in the <head> tag.

Code:

<?php
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("It would apprear you're using a proxy, so please, go fuck yourself!");

function checkProxy($ip){
		$contactEmail="EMAIL";
		$timeout=3; 
		$banOnProability=0.99;
		
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
		curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");
		$response=curl_exec($ch);
		
		curl_close($ch);
		
		
		if ($response > $banOnProability) {
				return true;
		} else {
			if ($response < 0 || strcmp($response, "") == 0 ) {
				//The server returned an error, you might want to do something
				//like write to a log file or email yourself
				//This could be true due to an invalid input or you've exceeded
				//the number of allowed queries. Figure out why this is happening
				//because you aren't protected by the system anymore
				//Leaving this section blank is dangerous because you assume
				//that you're still protected, which is incorrect
				//and you might think GetIPIntel isn't accurate anymore
				//which is also incorrect.
				//failure to implement error handling is bad for the both of us
			}
				return false;
		}
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy($ip)) {
	echo "It would apprear you're using a proxy, so please, go fuck yourself! <br />";
}
?>

Here's a website to check if your faucet is still vulnerable. http://boomproxy.com/


Step Three

Log into funcaptcha, then click "site settings"


Scroll down and click on the little gear, underneath "setup".

Then scroll down to the "security" tab select "always enhanced". Click save, then wait 5-10 minutes. Your captcha will now be alot harder for bots to bypass.




Step Four

In step four we will be adding a simple math question displayed as an image as a second captcha. Faucet users cannot claim their satoshi until the math question is solved.

Download PHP captcha HERE extract it and add the "captcha" folder to your root directory. If you don't trust that download you can find the original HERE, it will require some configuring though.

Now open your template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) paste the following code at the very top line above <!DOCTYPE html>:

Code:

<?php session_start(); ?>

Paste the following code where you would like the equation to appear

Code:

<img id="captcha" src="/captcha/securimage_show.php" alt="CAPTCHA Image" />
<br>
<a href="#" onclick="document.getElementById('captcha').src = '/captcha/securimage_show.php?' + Math.random(); return false">[ New Problem ]</a>
<br>
<br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<br>
<br>

Now you need to create a PHP document. I use a program called Notepad++, however any text editor will work. Create a new document, then paste in the following code:

Code:

<?php>
include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
  // the code was incorrect
  // you should handle the error so that the form processor doesn't continue

  // or you can use the following code if there is no validation or you do not know how
  echo "I'm sorry but you have to answer the math question correctly!.<br /><br />";
  echo "Please go <a href='javascript:history.go(-1)'>back</a> and use a caculator.";
  exit;
}

?>

Keep the document open. Open your faucet index page, it will most likely be index.php in your ROOTDIRECTORY. (Not the template index.php) Now press CTRL+A and select everything and copy it. Go back to the document you were just making and paste it on the very bottom, underneath the ?>  Now save the file as what ever you want, I called mine math.php.

Go back to your faucet template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) search for the following: <form method="POST" class="form-horizontal" role="form">
on that same line link your PHP file to it like so:

Code:

<form action="math.php" method="POST" class="form-horizontal" role="form">

Now you should have a working math eqution that users have to answer correctly before using your faucet.


I hope this helps other faucet owners, as it's terrible how bots think they can steal our valuable satoshis :3 You try and be nice, by giving people free bitcoins and they feel the need to exploit it.

[1715109247]

1715109247

[1715109247]

1715109247

[1715109247]

1715109247

[1715109247]

1715109247

[AlexAce420]

Optional

I have google analytics on my faucet and I realized that, almost all the traffic was coming from Russia or China.... So I found out about this site called http://www.blockacountry.com, it allows you to block whole countries from accessing your website. This route is optional, but super effective. The only downside is it affects real people from accessing your faucet.

[nijkamp]

There are a lot of fuking ips mate! all are ips bots?

can i talk with u via skype?

best regards

[AlexAce420]

They're TOR ips and in my new .htaccess I've blocked Russia and China from accessing my faucet. It appears to have stopped them.

[misterbit]

But if this is a copy of which I did. ¿?
https://bitcointalk.org/index.php?topic=1210279.0

[AlexAce420]

But if this is a copy of which I did. ¿?
https://bitcointalk.org/index.php?topic=1210279.0

Yes, except yours didn't work very well, I was still getting ALOT of bots.

[nijkamp]

how is going for u essence owner? 6700 ip`s banned o.O?

[misterbit]

OK, pass your website here to see  
https://www.vpnbook.com/webproxy
https://www.sumrando.com/proxy.aspx

But if this is a copy of which I did. ¿?
https://bitcointalk.org/index.php?topic=1210279.0

Yes, except yours didn't work very well, I was still getting ALOT of bots.

[misterbit]

Thus more complete

Code:

# Block Proxy
#5
RewriteCond %{HTTP:X_HTTP_BRAZIL_FORWARDED_FOR} !^$ [OR]
#5
RewriteCond %{HTTP:HTTP_X_BRAZIL_FORWARDED_FOR} !^$ [OR]
#4
RewriteCond %{HTTP:X_HTTP_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_ID}             !^$ [OR]
#4
RewriteCond %{HTTP:FORWARDED_HTTP_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR}         !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_ID}             !^$ [OR]
#3
RewriteCond %{HTTP:X_FORWARDED_FOR}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:X_PROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_PROXY_ID}                  !^$ [OR]
RewriteCond %{HTTP:X_USERAGENT_VIA}             !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_CONNECTION}         !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_ID}                 !^$ [OR]
RewriteCond %{HTTP:X_XROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_XROXY_ID}                  !^$ [OR]
#3
RewriteCond %{HTTP:CLIENT_HTTP_IP}              !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP}            !^$ [OR]
RewriteCond %{HTTP:FORWARDED_HTTP_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}              !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_USERAGENT_VIA}          !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_ID}              !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:PC_REMOTE_ADDR}              !^$ [OR]
RewriteCond %{HTTP:PROXY_HTTP_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:USERAGENT_HTTP_VIA}          !^$ [OR]
RewriteCond %{HTTP:XPROXY_HTTP_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:XROXY_HTTP_CONNECTION}       !^$ [OR]
#2
RewriteCond %{HTTP:X_FORWARDED}                 !^$ [OR]
RewriteCond %{HTTP:X_PROXY}                     !^$ [OR]
RewriteCond %{HTTP:X_XPROXY}                    !^$ [OR]
RewriteCond %{HTTP:X_XROXY}                     !^$ [OR]
#2
RewriteCond %{HTTP:CLIENT_IP}                   !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR}               !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED}              !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY}                  !^$ [OR]
RewriteCond %{HTTP:HTTP_VIA}                    !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY}                 !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY}                  !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:PROXY_ID}                    !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}               !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}           !^$ [OR]
RewriteCond %{HTTP:XPROXY_ID}                   !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:XROXY_ID}                    !^$ [OR]
#1
RewriteCond %{HTTP:FORWARDED}                   !^$ [OR]
RewriteCond %{HTTP:PROXY}                       !^$ [OR]
RewriteCond %{HTTP:USERAGENT}                   !^$ [OR]
RewriteCond %{HTTP:VIA}                         !^$ [OR]
RewriteCond %{HTTP:XPROXY}                      !^$ [OR]
RewriteCond %{HTTP:XROXY}                       !^$ [OR]
RewriteRule ^(.*)$ – [F]

[AlexAce420]

how is going for u essence owner? 6700 ip`s banned o.O?

They're TOR relays and IP's that I don't want accessing my faucet, It's going very well since I've banned them, my faucet is doing ALOT better.

OK, pass your website here to see  
https://www.vpnbook.com/webproxy
https://www.sumrando.com/proxy.aspx

But if this is a copy of which I did. ¿?
https://bitcointalk.org/index.php?topic=1210279.0

Yes, except yours didn't work very well, I was still getting ALOT of bots.

Well played, it would be impossible to stop every VPN though. So I'm satisfied.

[nijkamp]

what is that misterbit? can u explain a bit please ?

[misterbit]

Hello, it is a rule that I found on the net to block proxies

what is that misterbit? can u explain a bit please ?

[misterbit]

great dude, but I believe that I did it I is almost the same as that.

how is going for u essence owner? 6700 ip`s banned o.O?

They're TOR relays and IP's that I don't want accessing my faucet, It's going very well since I've banned them, my faucet is doing ALOT better.

OK, pass your website here to see  
https://www.vpnbook.com/webproxy
https://www.sumrando.com/proxy.aspx

But if this is a copy of which I did. ¿?
https://bitcointalk.org/index.php?topic=1210279.0

Yes, except yours didn't work very well, I was still getting ALOT of bots.

Well played, it would be impossible to stop every VPN though. So I'm satisfied.

[AlexAce420]

Thus more complete

Code:

# Block Proxy
#5
RewriteCond %{HTTP:X_HTTP_BRAZIL_FORWARDED_FOR} !^$ [OR]
#5
RewriteCond %{HTTP:HTTP_X_BRAZIL_FORWARDED_FOR} !^$ [OR]
#4
RewriteCond %{HTTP:X_HTTP_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_ID}             !^$ [OR]
#4
RewriteCond %{HTTP:FORWARDED_HTTP_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR}         !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_ID}             !^$ [OR]
#3
RewriteCond %{HTTP:X_FORWARDED_FOR}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:X_PROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_PROXY_ID}                  !^$ [OR]
RewriteCond %{HTTP:X_USERAGENT_VIA}             !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_CONNECTION}         !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_ID}                 !^$ [OR]
RewriteCond %{HTTP:X_XROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_XROXY_ID}                  !^$ [OR]
#3
RewriteCond %{HTTP:CLIENT_HTTP_IP}              !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP}            !^$ [OR]
RewriteCond %{HTTP:FORWARDED_HTTP_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}              !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_USERAGENT_VIA}          !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_ID}              !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:PC_REMOTE_ADDR}              !^$ [OR]
RewriteCond %{HTTP:PROXY_HTTP_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:USERAGENT_HTTP_VIA}          !^$ [OR]
RewriteCond %{HTTP:XPROXY_HTTP_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:XROXY_HTTP_CONNECTION}       !^$ [OR]
#2
RewriteCond %{HTTP:X_FORWARDED}                 !^$ [OR]
RewriteCond %{HTTP:X_PROXY}                     !^$ [OR]
RewriteCond %{HTTP:X_XPROXY}                    !^$ [OR]
RewriteCond %{HTTP:X_XROXY}                     !^$ [OR]
#2
RewriteCond %{HTTP:CLIENT_IP}                   !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR}               !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED}              !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY}                  !^$ [OR]
RewriteCond %{HTTP:HTTP_VIA}                    !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY}                 !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY}                  !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:PROXY_ID}                    !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}               !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}           !^$ [OR]
RewriteCond %{HTTP:XPROXY_ID}                   !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:XROXY_ID}                    !^$ [OR]
#1
RewriteCond %{HTTP:FORWARDED}                   !^$ [OR]
RewriteCond %{HTTP:PROXY}                       !^$ [OR]
RewriteCond %{HTTP:USERAGENT}                   !^$ [OR]
RewriteCond %{HTTP:VIA}                         !^$ [OR]
RewriteCond %{HTTP:XPROXY}                      !^$ [OR]
RewriteCond %{HTTP:XROXY}                       !^$ [OR]
RewriteRule ^(.*)$ – [F]

THANK YOU!

[misterbit]

Friend beside, if you put the email as I did by passing the limit of requests would you email like this that I got to my.

Code:

Hi there,
I've noticed in the error logs that you're exceeding the amount of
requests per minute, which results in a HTTP 429 error and the web page
will return a blank result. When this happens, your online application
will no longer be protected.

This is just a notification, if you'd like to discuss guarantees in
query amounts higher than the one listed on the website, let me know.
Otherwise, there's no action required on your part.

That means having a bumper and passing it the anti proxy system does not serve unfortunately for us.

[nijkamp]

Then we need to copy and paste that to unable proxyes in our web? did i understand well?

[lol3c]

Thanks for this information, we are in really need of this topics. I also applied some of them.

[mari88]

really big thanks will test your code on my Faucet

[FaucetRank.com]

Thus more complete

Code:

# Block Proxy
#5
RewriteCond %{HTTP:X_HTTP_BRAZIL_FORWARDED_FOR} !^$ [OR]
#5
RewriteCond %{HTTP:HTTP_X_BRAZIL_FORWARDED_FOR} !^$ [OR]
#4
RewriteCond %{HTTP:X_HTTP_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_ID}             !^$ [OR]
#4
RewriteCond %{HTTP:FORWARDED_HTTP_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR}         !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_ID}             !^$ [OR]
#3
RewriteCond %{HTTP:X_FORWARDED_FOR}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:X_PROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_PROXY_ID}                  !^$ [OR]
RewriteCond %{HTTP:X_USERAGENT_VIA}             !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_CONNECTION}         !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_ID}                 !^$ [OR]
RewriteCond %{HTTP:X_XROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_XROXY_ID}                  !^$ [OR]
#3
RewriteCond %{HTTP:CLIENT_HTTP_IP}              !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP}            !^$ [OR]
RewriteCond %{HTTP:FORWARDED_HTTP_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}              !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_USERAGENT_VIA}          !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_ID}              !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:PC_REMOTE_ADDR}              !^$ [OR]
RewriteCond %{HTTP:PROXY_HTTP_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:USERAGENT_HTTP_VIA}          !^$ [OR]
RewriteCond %{HTTP:XPROXY_HTTP_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:XROXY_HTTP_CONNECTION}       !^$ [OR]
#2
RewriteCond %{HTTP:X_FORWARDED}                 !^$ [OR]
RewriteCond %{HTTP:X_PROXY}                     !^$ [OR]
RewriteCond %{HTTP:X_XPROXY}                    !^$ [OR]
RewriteCond %{HTTP:X_XROXY}                     !^$ [OR]
#2
RewriteCond %{HTTP:CLIENT_IP}                   !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR}               !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED}              !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY}                  !^$ [OR]
RewriteCond %{HTTP:HTTP_VIA}                    !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY}                 !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY}                  !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:PROXY_ID}                    !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}               !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}           !^$ [OR]
RewriteCond %{HTTP:XPROXY_ID}                   !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:XROXY_ID}                    !^$ [OR]
#1
RewriteCond %{HTTP:FORWARDED}                   !^$ [OR]
RewriteCond %{HTTP:PROXY}                       !^$ [OR]
RewriteCond %{HTTP:USERAGENT}                   !^$ [OR]
RewriteCond %{HTTP:VIA}                         !^$ [OR]
RewriteCond %{HTTP:XPROXY}                      !^$ [OR]
RewriteCond %{HTTP:XROXY}                       !^$ [OR]
RewriteRule ^(.*)$ – [F]

where to put this ? in .htaccess file ?

[rkandrades]

Friend beside, if you put the email as I did by passing the limit of requests would you email like this that I got to my.

Code:

Hi there,
I've noticed in the error logs that you're exceeding the amount of
requests per minute, which results in a HTTP 429 error and the web page
will return a blank result. When this happens, your online application
will no longer be protected.

This is just a notification, if you'd like to discuss guarantees in
query amounts higher than the one listed on the website, let me know.
Otherwise, there's no action required on your part.

That means having a bumper and passing it the anti proxy system does not serve unfortunately for us.

I'm thinking to develop a way to send just the authorizated amount of request to avoid exceed the limits. In addition to I will log the non requested issues to have an idea of how many request I would need for my site... The IpGetIntel owner sells daily packages of queries also...

When I finish this script I will share with you.

Thus more complete

Code:

# Block Proxy
#5
RewriteCond %{HTTP:X_HTTP_BRAZIL_FORWARDED_FOR} !^$ [OR]
#5
RewriteCond %{HTTP:HTTP_X_BRAZIL_FORWARDED_FOR} !^$ [OR]
#4
RewriteCond %{HTTP:X_HTTP_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_ID}             !^$ [OR]
#4
RewriteCond %{HTTP:FORWARDED_HTTP_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR}         !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_ID}             !^$ [OR]
#3
RewriteCond %{HTTP:X_FORWARDED_FOR}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:X_PROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_PROXY_ID}                  !^$ [OR]
RewriteCond %{HTTP:X_USERAGENT_VIA}             !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_CONNECTION}         !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_ID}                 !^$ [OR]
RewriteCond %{HTTP:X_XROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_XROXY_ID}                  !^$ [OR]
#3
RewriteCond %{HTTP:CLIENT_HTTP_IP}              !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP}            !^$ [OR]
RewriteCond %{HTTP:FORWARDED_HTTP_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}              !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_USERAGENT_VIA}          !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_ID}              !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:PC_REMOTE_ADDR}              !^$ [OR]
RewriteCond %{HTTP:PROXY_HTTP_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:USERAGENT_HTTP_VIA}          !^$ [OR]
RewriteCond %{HTTP:XPROXY_HTTP_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:XROXY_HTTP_CONNECTION}       !^$ [OR]
#2
RewriteCond %{HTTP:X_FORWARDED}                 !^$ [OR]
RewriteCond %{HTTP:X_PROXY}                     !^$ [OR]
RewriteCond %{HTTP:X_XPROXY}                    !^$ [OR]
RewriteCond %{HTTP:X_XROXY}                     !^$ [OR]
#2
RewriteCond %{HTTP:CLIENT_IP}                   !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR}               !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED}              !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY}                  !^$ [OR]
RewriteCond %{HTTP:HTTP_VIA}                    !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY}                 !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY}                  !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:PROXY_ID}                    !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}               !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}           !^$ [OR]
RewriteCond %{HTTP:XPROXY_ID}                   !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:XROXY_ID}                    !^$ [OR]
#1
RewriteCond %{HTTP:FORWARDED}                   !^$ [OR]
RewriteCond %{HTTP:PROXY}                       !^$ [OR]
RewriteCond %{HTTP:USERAGENT}                   !^$ [OR]
RewriteCond %{HTTP:VIA}                         !^$ [OR]
RewriteCond %{HTTP:XPROXY}                      !^$ [OR]
RewriteCond %{HTTP:XROXY}                       !^$ [OR]
RewriteRule ^(.*)$ – [F]

where to put this ? in .htaccess file ?

Yes. This is a code to be inserted into .htaccess file.

[FaucetRank.com]

I'm having problem after putting above code in my htaccess file

[FaucetWorld]

They're TOR ips and in my new .htaccess I've blocked Russia and China from accessing my faucet. It appears to have stopped them.

Blocking Russia, China or other country will not help you! Only blocking proxies can help with this fight!

Thank you guys for great job!

[mari88]

i have added your code to my template and nothing happens i can visit faucet with boomproxy.com
and i have added your .htaccess to my root



kind regrads

[FaucetRank.com]

i have added your code to my template and nothing happens i can visit faucet with boomproxy.com
and i have added your .htaccess to my root



kind regrads

Probably you did something wrong

[altcoinhosting]

Nice function...

For the sake of completeness, it would be nice if you would also filter out tor exit nodes... I saw a post yesterday with a guy having problems with a bot over tor, and a fucntion like yours (but with tor filtering) would have been his sollution.

Thanks for contributing to the community  

EDIT: for the sake of honesty, i haven't tested out your script, so i'm not sure if it doesn't already do this

[mari88]

i have added your code to my template and nothing happens i can visit faucet with boomproxy.com
and i have added your .htaccess to my root



kind regrads

Probably you did something wrong

whooooow what a helping user you spamer
i know that something is wrong
hat these spamers ...... i have fixxed the problem with CTRL+F5
Script now working thanks.


kind regrads

[rkandrades]

Guys... I just developed a very effective proxy server barrier!

My solution has 4 layers of protection.

1st layer: Custom IPs blacklist and cache. Supported by the layers above and customizable if your personal IPs blacklist.
2nd layer: TOR users protection. Almost 100% effective.
3rd layer: Popular and Known Proxy Servers blocked.
4th layer: Unknown proxies blocked by intelligent algorithms.

It works for any site running PHP.

If you are interested in a deal, send me a PM. You can test the service first.

[AlexAce420]

Morning everyone, I have just updated my original post and I am having great luck in the fight against bots!

Nice function...

For the sake of completeness, it would be nice if you would also filter out tor exit nodes... I saw a post yesterday with a guy having problems with a bot over tor, and a fucntion like yours (but with tor filtering) would have been his sollution.

Thanks for contributing to the community  

EDIT: for the sake of honesty, i haven't tested out your script, so i'm not sure if it doesn't already do this

Check out step one on my original post, it explains how to block tor exit nodes.

Guys... I just developed a very effective proxy server barrier!

My solution has 4 layers of protection.

1st layer: Custom IPs blacklist and cache. Supported by the layers above and customizable if your personal IPs blacklist.
2nd layer: TOR users protection. Almost 100% effective.
3rd layer: Popular and Known Proxy Servers blocked.
4th layer: Unknown proxies blocked by intelligent algorithms.

It works for any site running PHP.


I challenge you to try some proxies on my site: http://bitcoin-catcher.com/faucet (only works on the faucet page).

If you are interested in a deal, send me a PM.

https://www.vpnbook.com/webproxy

http://bitcoin-catcher.com/faucet

Yours isn't flawless, quit trying to "make a deal"/advertise your faucet on my thread. My thread is intended for free public knowledge, so please leave.

[rkandrades]

Morning everyone, I have just updated my original post and I am having great luck in the fight against bots!

Guys... I just developed a very effective proxy server barrier!

My solution has 4 layers of protection.

1st layer: Custom IPs blacklist and cache. Supported by the layers above and customizable if your personal IPs blacklist.
2nd layer: TOR users protection. Almost 100% effective.
3rd layer: Popular and Known Proxy Servers blocked.
4th layer: Unknown proxies blocked by intelligent algorithms.

It works for any site running PHP.


I challenge you to try some proxies on my site: http://bitcoin-catcher.com/faucet (only works on the faucet page).

If you are interested in a deal, send me a PM.

https://www.vpnbook.com/webproxy

http://bitcoin-catcher.com/faucet

Yours isn't flawless, quit trying to "make a deal"/advertise your faucet on my thread. My thread is intended for free public knowledge, so please leave.

No problem, friend. I just edited my post and removed the link.

Anyways, I'm just trying to trade knowledge.

Do not forget that I am helping faucet owners about security questions for free about weeks in this forum...

>>> https://bitcointalk.org/index.php?topic=1200700.0

[AlexAce420]

No problem, friend. I just edited my post and removed the link.

Anyways, I'm just trying to trade knowledge.

Do not forget that I am helping faucet owners about security questions for free about weeks in this forum...

>>> https://bitcointalk.org/index.php?topic=1200700.0

I totally didn't realize that was you! I'm sorry if I sounded rude, I just think that this knowledge should be freely available to the public. If I buy it from you, can I post it on this thread?

[rkandrades]

No problem, friend. I just edited my post and removed the link.

Anyways, I'm just trying to trade knowledge.

Do not forget that I am helping faucet owners about security questions for free about weeks in this forum...

>>> https://bitcointalk.org/index.php?topic=1200700.0

I totally didn't realize that was you! I'm sorry if I sounded rude, I just think that this knowledge should be freely available to the public. If I buy it from you, can I post it on this thread?

No problem.

Just one observation, that proxy tou tested on my site failed. My barrier is redirecting it to an other site.

About the deal, I'm trying to do trades because I spent a lot of efforts and hours without sleep to create this barrier.

Of course if you buy this knowledge you could share it.

I would not do this because this way we are revealing our defenses to tje scammers too. They will break the barrier easily.

Then I decided that I won't share this for free. To protect my work and make its effective for a long time.

[rkandrades]

No problem, friend. I just edited my post and removed the link.

Anyways, I'm just trying to trade knowledge.

Do not forget that I am helping faucet owners about security questions for free about weeks in this forum...

>>> https://bitcointalk.org/index.php?topic=1200700.0

I totally didn't realize that was you! I'm sorry if I sounded rude, I just think that this knowledge should be freely available to the public. If I buy it from you, can I post it on this thread?

No problem.

Just one observation, that proxy tou tested on my site failed. My barrier is redirecting it to an other site.

About the deal, I'm trying to do trades because I spent a lot of efforts and hours without sleep to create this barrier.

Of course if you buy this knowledge you could share it.

I would not do this because this way we are revealing our defenses to tje scammers too. They will break the barrier easily.

Then I decided that I won't share this for free. To protect my work and make its effective for a long time.

Ah... One more thing.

My barrier is producing good stats and logs.

In some days I will share the most identified proxies IP list with everyone for free.

Give me two or three days.

[rkandrades]

No problem, friend. I just edited my post and removed the link.

Anyways, I'm just trying to trade knowledge.

Do not forget that I am helping faucet owners about security questions for free about weeks in this forum...

>>> https://bitcointalk.org/index.php?topic=1200700.0

I totally didn't realize that was you! I'm sorry if I sounded rude, I just think that this knowledge should be freely available to the public. If I buy it from you, can I post it on this thread?

No problem.

Just one observation, that proxy tou tested on my site failed. My barrier is redirecting it to an other site.

About the deal, I'm trying to do trades because I spent a lot of efforts and hours without sleep to create this barrier.

Of course if you buy this knowledge you could share it.

I would not do this because this way we are revealing our defenses to tje scammers too. They will break the barrier easily.

Then I decided that I won't share this for free. To protect my work and make its effective for a long time.

Ah... One more thing.

My barrier is producing good stats and logs.

In some days I will share the most identified proxies IP list with everyone for free.

Give me two or three days.

Guys... These are the proxy servers and scam IPs that my barrier blocked yesterday. Use for your safe and for free.

Code:

162.254.149.195
85.25.201.120
149.210.131.21
159.253.128.175
95.141.187.216
5.13.207.5
52.5.121.103
179.107.42.151
199.115.117.194
216.218.131.173
65.49.14.148
81.95.123.216
199.115.117.242
173.245.65.202
37.27.61.32
162.213.40.198
107.170.17.131
162.243.158.7
95.141.20.199
45.55.49.75
162.243.127.7
122.155.34.42
199.115.117.243
159.253.128.172
46.34.213.220
159.253.128.169
46.23.66.106
188.138.8.70
66.171.228.75
188.166.121.88
188.226.170.140
145.249.150.87
178.255.153.247
207.244.86.211
108.168.239.92
5.14.141.64
103.10.199.38
66.171.228.247
49.213.18.108
104.236.70.228
217.118.23.97
108.168.159.147
50.116.9.34
45.114.116.209
198.7.58.81
46.101.35.224
119.247.191.114
194.169.217.14
46.4.79.135
93.184.65.176
128.199.53.63
144.76.44.114
146.185.28.178
51.39.128.155
190.248.68.138
173.245.65.88
54.176.17.88
31.47.127.155
38.95.109.38
B81.169.156.135
B146.0.32.8
B198.204.255.122
B162.220.59.66
B195.154.49.144
B96.31.64.186
169.57.121.204
108.168.159.138
38.95.108.244
157.7.164.19
5.13.214.38
188.126.71.90
200.219.249.89
46.28.53.125
108.168.159.144
209.95.51.184
65.49.14.168
116.193.159.34
103.10.197.130
5.45.255.102
5.63.149.102
188.138.56.112
37.48.116.165
23.235.227.109
162.245.145.229
104.131.147.112
103.10.197.90
103.10.197.154
208.123.223.158
B185.28.191.30
45.114.116.66
37.143.95.218
104.236.195.147
66.102.9.40
64.233.172.194
B1.234.45.50
207.244.79.151
B59.8.174.50
23.101.61.176
192.95.47.194
54.191.171.19
173.245.65.3
37.27.44.202
104.156.233.66
5.39.126.59
207.244.79.141
193.109.196.47
107.170.186.79
B52.68.132.0
188.226.155.106
195.58.245.142
173.247.227.146
208.123.223.147
104.232.37.35
49.213.21.108
46.167.121.31
217.78.6.229
104.209.188.207
37.143.89.206
46.165.234.137
148.251.232.140
216.158.192.226
104.131.66.8
176.9.2.173
193.164.133.40
61.19.228.78
4.26.209.54
198.7.59.110
46.165.210.87
123.202.90.219
94.76.233.203
100.43.90.8
54.210.237.68
54.175.89.172
46.23.66.109
37.130.224.22
159.253.128.168
8.28.16.254
46.23.66.107
69.160.43.237
54.176.137.163
176.9.2.173
159.253.128.166
37.99.89.224
209.85.238.18
46.236.26.103
106.187.49.88
162.213.197.190
5.13.239.179
50.117.34.138
66.249.73.242
66.249.73.138
209.85.238.9
54.209.60.63
66.249.73.130
209.85.238.127
78.106.208.116
46.118.100.186
54.219.106.162
206.190.138.20
66.249.84.103
37.27.62.221
128.75.125.34
168.235.194.180
100.43.81.134
128.199.81.128
179.43.147.83
64.233.173.57
65.49.68.194
207.244.79.152
217.118.23.115
208.123.223.152
5.45.192.81
37.229.123.234
128.199.106.5
208.123.223.215
109.86.244.239
208.123.223.52
5.166.194.82
208.123.223.231
176.15.106.169
188.166.109.30
208.123.223.169
5.248.35.11
94.153.44.107
208.123.223.36
69.80.103.148
95.211.226.38
104.196.9.35
106.186.118.77
209.95.51.183
109.86.47.88
208.123.223.127
52.23.156.32
188.138.147.22
188.163.99.194
178.162.208.141
208.123.223.94
104.197.56.196
207.244.76.210
176.194.119.107
178.162.217.146
168.235.198.84
162.245.144.253
5.45.255.69
208.123.223.91
54.173.202.107
8.37.224.103
208.123.223.148
148.251.83.41
207.244.77.1
208.123.223.251
207.244.96.236
93.80.158.30
208.123.223.199
208.123.223.101
5.63.149.98
104.131.209.90
66.85.139.246
178.162.197.211
173.245.65.198

I will update this list weekly at this topic: https://bitcointalk.org/index.php?topic=1200700.0

[ofirbeigel]

Hi, just found this awesome thread.

So just to make things clear (since I'm not very technical) - is the information on the OP good enough or do I need to add any of the other scripts you've put in here?

[FaucetWorld]

Hi, just found this awesome thread.

So just to make things clear (since I'm not very technical) - is the information on the OP good enough or do I need to add any of the other scripts you've put in here?

Probably this what you see in this thread is not enough to protect your faucet good enough, but for sure will help a lot.

New features are now tested and soon will be published update.

[rkandrades]

Hi, just found this awesome thread.

So just to make things clear (since I'm not very technical) - is the information on the OP good enough or do I need to add any of the other scripts you've put in here?

Probably this what you see in this thread is not enough to protect your faucet good enough, but for sure will help a lot.

New features are now tested and soon will be published update.

Exactly.

All in this topic will help you so much. But it isn't enough.

We are posting new techniques and security solutions here everyday. Stay visiting this topic to learn more and develop your own solutions too.

Do you now how to do simple changes in a PHP code?

[ofirbeigel]

Hi, just found this awesome thread.

So just to make things clear (since I'm not very technical) - is the information on the OP good enough or do I need to add any of the other scripts you've put in here?

Probably this what you see in this thread is not enough to protect your faucet good enough, but for sure will help a lot.

New features are now tested and soon will be published update.

Exactly.

All in this topic will help you so much. But it isn't enough.

We are posting new techniques and security solutions here everyday. Stay visiting this topic to learn more and develop your own solutions too.

Do you now how to do simple changes in a PHP code?

Yes I do and I already implemented what's in here. Hope this helps.

[ofirbeigel]

I can't seem to find the FunCaptcha security options you talk about in the OP. I just get a very basic webpage where I can retrieve my keys.

[Gifted]

Alright, so my faucet www.bit-essence.com was getting raped by bots. Here are two pictures, one showing how bad it was, the other showing how much better I made it.

Before I go and take credit for this, I got some information from MASETRBIT in this thread:https://bitcointalk.org/index.php?topic=1210279.0

Before


After


As you can see, from the time the payouts were made, I have made a huge dent in bots accessing my faucet. Here's how:

First

In the root directory of your server, there should be a file called .htaccess, HERE'S WHAT MINE LOOK LIKE Copy and paste it to yours.

This will block all the TOR relays/exit nodes from accessing your website. TOR is good to block because it's one of the main things people use to bypass your time limit. Just google "bypass faucet time limit" you will see that it's one of the ways people bypass your time limit.

To get an updated list of tor exit nodes visit https://www.dan.me.uk/torlist/

Here's a website to paste the IP's, it will generate the proper code for you. http://www.htaccesstools.com/block-ips/

Second

In your faucet template, ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php, place this code, above <!DOCTYPE html>

Code:

<?php
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("It would apprear you're using a proxy, so please, go fuck yourself!");

function checkProxy($ip){
		$contactEmail="EMAIL";
		$timeout=3; 
		$banOnProability=0.99;
		
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
		curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");
		$response=curl_exec($ch);
		
		curl_close($ch);
		
		
		if ($response > $banOnProability) {
				return true;
		} else {
			if ($response < 0 || strcmp($response, "") == 0 ) {
				//The server returned an error, you might want to do something
				//like write to a log file or email yourself
				//This could be true due to an invalid input or you've exceeded
				//the number of allowed queries. Figure out why this is happening
				//because you aren't protected by the system anymore
				//Leaving this section blank is dangerous because you assume
				//that you're still protected, which is incorrect
				//and you might think GetIPIntel isn't accurate anymore
				//which is also incorrect.
				//failure to implement error handling is bad for the both of us
			}
				return false;
		}
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy($ip)) {
	echo "It would apprear you're using a proxy, so please, go fuck yourself! <br />";
}
?>

Here's a website to check if your faucet is still vulnerable. http://boomproxy.com/

Second

On funcaptcha's website edit you captcha, on the "security" tab select "always enhanced". Click save, then wait 5-10 minutes. Your captcha will now be alot harder for bots to bypass.



I hope this helps other faucet owners, as it's terrible how bots think they can steal our valuable satoshis :3 You try and be nice, by giving people free bitcoins and they feel the need to exploit it.

just so you know this site says im on a proxy and im not . So this is deferring real people too .

[thefaucetrunner]

GetIPIntel won't work for high traffic faucets, too many requests will spit our 404/403 errors. I spoke with the admin recently and tested it.

Not sure about the rest. Proxies are an issue but adding features to limit claims from more than X amount of IP addresses is a step in the right direction.

For MiniFaucet based faucets, it helps to have a limit on large cashouts. Botters are keeping up with things, that's for sure. I don't quite understand how.

Some of the best devs out there haven't been able to do much. Catching repeat offenders and blacklisting IPs helps, but you'll have to pay a few bots before you get that knowledge.

[rkandrades]

GetIPIntel won't work for high traffic faucets, too many requests will spit our 404/403 errors. I spoke with the admin recently and tested it.

Not sure about the rest. Proxies are an issue but adding features to limit claims from more than X amount of IP addresses is a step in the right direction.

For MiniFaucet based faucets, it helps to have a limit on large cashouts. Botters are keeping up with things, that's for sure. I don't quite understand how.

Some of the best devs out there haven't been able to do much. Catching repeat offenders and blacklisting IPs helps, but you'll have to pay a few bots before you get that knowledge.

As you said the best way to work with getIpIntel is caching the results and coding a counter to limit your requests daily.

For me, the fight against the scammers and bots is teaching me many things. As you know I'm developing my own security system without need to use antibot links or anything like this.

I think I am winning this battle for now...

[thefaucetrunner]

One of the main things to remember with these bots is that they are using a script, which is fairly rigid. You can do several things to foil the bots, including switching your captcha randomly, implementing legitimate anti-bot math problems and buttons, thresholds for cashouts and other features.

Unfortunately for many of the users on here, these sort of features require knowledge or the money to hire someone with the knowledge. We are lucky to have people like Minifrij etc to help users.

I've made it my task in recent months to fight these bots where I can, but I think it's an uphill struggle most of the time. I have banned so many addresses today...

[rkandrades]

One of the main things to remember with these bots is that they are using a script, which is fairly rigid. You can do several things to foil the bots, including switching your captcha randomly, implementing legitimate anti-bot math problems and buttons, thresholds for cashouts and other features.

Unfortunately for many of the users on here, these sort of features require knowledge or the money to hire someone with the knowledge. We are lucky to have people like Minifrij etc to help users.

I've made it my task in recent months to fight these bots where I can, but I think it's an uphill struggle most of the time. I have banned so many addresses today...

Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.

My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).

This move should block a lot of bots (At leas the not customizable ones).

I will study how to do this...

[AlexAce420]

Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.

My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).

This move should block a lot of bots (At leas the not customizable ones).

I will study how to do this...

Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works.
I will make a tutorial on this post as soon as I get home from work.

[misterbit]

Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.

My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).

This move should block a lot of bots (At leas the not customizable ones).

I will study how to do this...

Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works.
I will make a tutorial on this post as soon as I get home from work.

Hi, watch this, feel me good, only would have to adapt it.
http://jsfiddle.net/Ztq83/
Someone who knows how to do it please

[rkandrades]

Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.

My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).

This move should block a lot of bots (At leas the not customizable ones).

I will study how to do this...

Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works.
I will make a tutorial on this post as soon as I get home from work.

Hi, watch this, feel me good, only would have to adapt it.
http://jsfiddle.net/Ztq83/
Someone who knows how to do it please

Yes. It seems good.

But you should implement this making the field mandatory to the submit button. I need to study how to do this yet.
 
Recently I implemented a second simple captcha in my faucet but It just works to hide the claim button. Solving the captcha the claim button is shown.

However if the scammer uses a bot that send automatic commands like HTML POSTs and GETs, my second captcha should fail.

I will take a look in the faucetbox script tomorrow...

[misterbit]

Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.

My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).

This move should block a lot of bots (At leas the not customizable ones).

I will study how to do this...

Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works.
I will make a tutorial on this post as soon as I get home from work.

Hi, watch this, feel me good, only would have to adapt it.
http://jsfiddle.net/Ztq83/
Someone who knows how to do it please

Yes. It seems good.

But you should implement this making the field mandatory to the submit button. I need to study how to do this yet.
 
Recently I implemented a second simple captcha in my faucet but It just works to hide the claim button. Solving the captcha the claim button is shown.

However if the scammer uses a bot that send automatic commands like HTML POSTs and GETs, my second captcha should fail.

I will take a look in the faucetbox script tomorrow...

It would be great

[FaucetRank.com]

Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.

My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).

This move should block a lot of bots (At leas the not customizable ones).

I will study how to do this...

Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works.
I will make a tutorial on this post as soon as I get home from work.

Hi, watch this, feel me good, only would have to adapt it.
http://jsfiddle.net/Ztq83/
Someone who knows how to do it please

Yes. It seems good.

But you should implement this making the field mandatory to the submit button. I need to study how to do this yet.
 
Recently I implemented a second simple captcha in my faucet but It just works to hide the claim button. Solving the captcha the claim button is shown.

However if the scammer uses a bot that send automatic commands like HTML POSTs and GETs, my second captcha should fail.

I will take a look in the faucetbox script tomorrow...

instead of hiding submit button disable it when captcha solved enable it.
will it still fail ? can a bot post disabled button ?

[rkandrades]

Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.

My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).

This move should block a lot of bots (At leas the not customizable ones).

I will study how to do this...

Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works.
I will make a tutorial on this post as soon as I get home from work.

Hi, watch this, feel me good, only would have to adapt it.
http://jsfiddle.net/Ztq83/
Someone who knows how to do it please

Yes. It seems good.

But you should implement this making the field mandatory to the submit button. I need to study how to do this yet.
 
Recently I implemented a second simple captcha in my faucet but It just works to hide the claim button. Solving the captcha the claim button is shown.

However if the scammer uses a bot that send automatic commands like HTML POSTs and GETs, my second captcha should fail.

I will take a look in the faucetbox script tomorrow...

instead of hiding submit button disable it when captcha solved enable it.
will it still fail ? can a bot post disabled button ?

Yes. I'm doing this. The button born as disabled.

Te problem is that a bot can set it to enabled using a java script since the button is being loaded in the client side (HTML).

A button generated by PHP code should solve this problem. But the faucetbox script is a mix of PHP and HTML unfortunately.

[minifrij]

A button generated by PHP code should solve this problem. But the faucetbox script is a mix of PHP and HTML unfortunately.

A button generated by PHP? How do you plan to get this to work without using any HTML?

[rkandrades]

A button generated by PHP code should solve this problem. But the faucetbox script is a mix of PHP and HTML unfortunately.

A button generated by PHP? How do you plan to get this to work without using any HTML?

Sorry... I said a miisleading thing.

I am thinking about create the timer and the enable button fuction in PHP to replace javascript functions into the HTML, for example.

[minifrij]

Sorry... I said a miisleading thing.

I am thinking about create the timer and the enable button fuction in PHP to replace javascript functions into the HTML, for example.

I can see where you're coming from, but you cannot create things like timers in PHP. Since PHP is a server side language, it loads only once when the page first loads. If you would want to make a timer in PHP, you would have to somehow delay the loading of the page entirely.

You could perhaps add some sort of verification on the PHP submit if you wanted. For example, create a PHP session variable of the time before the form, then compare it to the time after the submission of the form to be sure that it is at least your timer's length between asking for both pages.
Something like this maybe:

Code:

<?php
//Before submission
$_SESSION['preSubmissionTime'] = time();

//After submission
//Captcha checks here
if((time()-$_SESSION['preSubmissionTime']) >= 5){ //Assuming your timer is 5 seconds long
     //Pay the user
}else{
     die('You\'re submitting too fast');
}
?>

If you're going to do something like this though, I would suggest hiding the captcha as well as the claim button with the timer. This way, the user cannot solve the captcha and press enter before the claim button has been enabled, posting the form and making themselves look like a bot/a user cheating the system. I'm not sure how the above code would work in practice, though if you can see the logic behind it you could likely add it in yourself.

[AlexAce420]

Finally winning the fight against bots! :') I have updated the original post with some helpful information.

[minifrij]

Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.

[misterbit]

Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.

You're right, in the same article that is 2013 a young says of his weakness.
Friend this not serve? do you know how to adapt it?
http://jsfiddle.net/Ztq83/

[AlexAce420]

Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.

In that case I'll have to make the numbers display as images, I'll update my tutorial once I do. Thanks for pointing out such a big flaw lol.

You're right, in the same article that is 2013 a young says of his weakness.
Friend this not serve? do you know how to adapt it?
http://jsfiddle.net/Ztq83/

So you want a confirmation dialog to appear before receiving the satoshi? Maybe I'll implement the math question on the popup?

[misterbit]

Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.

In that case I'll have to make the numbers display as images, I'll update my tutorial once I do. Thanks for pointing out such a big flaw lol.

You're right, in the same article that is 2013 a young says of his weakness.
Friend this not serve? do you know how to adapt it?
http://jsfiddle.net/Ztq83/

So you want a confirmation dialog to appear before receiving the satoshi? Maybe I'll implement the math question on the popup?

I don't know, I guess if he gives OK receives and if not then not.
I have not much idea about the mechanism of the bots

[FaucetRank.com]

Hey guys got an idea 
Instead of using anti bot links if you create a new captcha like click identical image. many Ptc site have this captcha.

[AlexAce420]

Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.

Check out my faucet now, I'm using a image instead of text. Is that better?

[minifrij]

Check out my faucet now, I'm using a image instead of text. Is that better?

If your faucet is bit-essence.com, I get a 403 Forbidden error trying to access.

[AlexAce420]

Check out my faucet now, I'm using a image instead of text. Is that better?

If your faucet is bit-essence.com, I get a 403 Forbidden error trying to access.

How about now? :O

[minifrij]

How about now? :O

Yeah, that seems to be fine. Just as long as the problem is not in plain text that a bot can just scrape you should be fine.

[rkandrades]

Check out my faucet now, I'm using a image instead of text. Is that better?

If your faucet is bit-essence.com, I get a 403 Forbidden error trying to access.

Take a look in my faucet, please: bitcon-catcher.com/faucet


Ate the page bottom there is a second simple captcha. I will improve it changing text/numbers to image or something better soon.

My point now is about other problem.

I would like to transform this captcha in a mandatory captcha as the first (funcaptcha). I mean if the visitor claim without solve that captcha the faucetbox script (PHP) won't send the reward and will return: missing parameters.

How could I do that? Do you know how?

[ofirbeigel]

Step Four

In step four we will be adding a simple math question displayed as an image as a second captcha. Faucet users cannot claim their satoshi until the math question is solved.

Download PHP captcha HERE extract it and add the "captcha" folder to your root directory. If you don't trust that download you can find the original HERE, it will require some configuring though.

Now open your template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) paste the following code at the very top line above <!DOCTYPE html>:

Code:

<?php session_start(); ?>

Paste the following code where you would like the equation to appear

Code:

<img id="captcha" src="/captcha/securimage_show.php" alt="CAPTCHA Image" />
<br>
<a href="#" onclick="document.getElementById('captcha').src = '/captcha/securimage_show.php?' + Math.random(); return false">[ New Problem ]</a>
<br>
<br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<br>
<br>

Now you need to create a PHP document. I use a program called Notepad++, however any text editor will work. Create a new document, then paste in the following code:

Code:

<?php>
include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
  // the code was incorrect
  // you should handle the error so that the form processor doesn't continue

  // or you can use the following code if there is no validation or you do not know how
  echo "I'm sorry but you have to answer the math question correctly!.<br /><br />";
  echo "Please go <a href='javascript:history.go(-1)'>back</a> and use a caculator.";
  exit;
}

?>

Keep the document open. Open your faucet index page, it will most likely be index.php in your ROOTDIRECTORY. (Not the template index.php) Now press CTRL+A and select everything and copy it. Go back to the document you were just making and paste it on the very bottom, underneath the ?>  Now save the file as what ever you want, I called mine math.php.

Go back to your faucet template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) search for the following: <form method="POST" class="form-horizontal" role="form">
on that same line link your PHP file to it like so:

Code:

<form action="math.php" method="POST" class="form-horizontal" role="form">

Now you should have a working math eqution that users have to answer correctly before using your faucet.

1. Where do I put the math.php file?
2. I implemented the file in the template directory but I can still claim the coins without solving the problem. Here's the website.

[AlexAce420]

The math.php file is essential, it's basically what checks to make sure the captcha is correct. Place it inside the root directory of your server.

[AlexAce420]

Take a look in my faucet, please: bitcon-catcher.com/faucet


Ate the page bottom there is a second simple captcha. I will improve it changing text/numbers to image or something better soon.

My point now is about other problem.

I would like to transform this captcha in a mandatory captcha as the first (funcaptcha). I mean if the visitor claim without solve that captcha the faucetbox script (PHP) won't send the reward and will return: missing parameters.

How could I do that? Do you know how?

I checked your faucet, I really like it! The captcha is mandatory already, isn't it?

[ofirbeigel]

The math.php file is essential, it's basically what checks to make sure the captcha is correct. Place it inside the root directory of your server.

I placed it in the root folder but it still doesn't work. I'm able to get the coins without solving the math problem.

[AlexAce420]

Here's what you currently have in your code:


I wasn't very clear in my original post, but

Code:

<form method="POST" class="form-horizontal" role="form">

&

Code:

<form action="math.php" method="POST" class="form-horizontal" role="form">

Are supposed to be on the same line

Just delete the first one, you should be fine.

Currently your form is only applying the POST method, and ignoring your second line with the math.php action.

[ofirbeigel]

Here's what you currently have in your code:


I wasn't very clear in my original post, but

Code:

<form action="math.php" method="POST" class="form-horizontal" role="form">

&

Code:

<form method="POST" class="form-horizontal" role="form">

Are supposed to be on the same line

Just delete the second one, you should be fine.

Currently your form is only applying the POST method, and ignoring your second line with the math.php action.

Thanks for clarifying this, unfortunately now I get an invalid answer page even when I answer correctly.

[AlexAce420]

Make sure your math.php file looks like THIS.

Also, you deleted the wrong one. Delete:

Code:

<form method="POST" class="form-horizontal" role="form">

and use:

Code:

<form action="math.php" method="POST" class="form-horizontal" role="form">

[rkandrades]

Take a look in my faucet, please: bitcon-catcher.com/faucet


Ate the page bottom there is a second simple captcha. I will improve it changing text/numbers to image or something better soon.

My point now is about other problem.

I would like to transform this captcha in a mandatory captcha as the first (funcaptcha). I mean if the visitor claim without solve that captcha the faucetbox script (PHP) won't send the reward and will return: missing parameters.

How could I do that? Do you know how?

I checked your faucet, I really like it! The captcha is mandatory already, isn't it?

So so... Hehehe... The second captcha is "mandatory" but coun be broken altering the javascript through a firefox tool/plugin.

But this is working fine for now.

Soon I will improve it.

[misterbit]

Thank you very much, now fits image 

[misterbit]

I think it would be good that instead of opening a page with the notice of

Code:

I'm sorry but you have to answer the math question correctly!.

It was for example a popup

[pickupcoin]

hm. thank for this share.
i try to put math step on faucet, but have two erorrs
first i have line: Notice: A session had already been started - ignoring session_start() in /home/domains/domain.com/public_html/faucet/templates/default/index.php on line 1

this is 1 line:

<?php session_start(); ?>

and second: I'm sorry but you have to answer the math question correctly!. Please go back and use a caculator.

but i am 100% sure to answer coorect math problem 

any idea where i am wrong?
regards

[minifrij]

hm. thank for this share.
i try to put math step on faucet, but have two erorrs
first i have line: Notice: A session had already been started - ignoring session_start() in /home/domains/domain.com/public_html/faucet/templates/default/index.php on line 1

this is 1 line:

<?php session_start(); ?>

I'm unsure what the second problem is, though you do not need that line. FaucetBox starts a session on it's own, so you can just remove/comment out that session_start();

[pickupcoin]

hm. thank for this share.
i try to put math step on faucet, but have two erorrs
first i have line: Notice: A session had already been started - ignoring session_start() in /home/domains/domain.com/public_html/faucet/templates/default/index.php on line 1

this is 1 line:

<?php session_start(); ?>

I'm unsure what the second problem is, though you do not need that line. FaucetBox starts a session on it's own, so you can just remove/comment out that session_start();

yes, you're right for this, seems that is not need that line. thanks

but still problem with answer the math question correctly!.

[ofirbeigel]

hm. thank for this share.
i try to put math step on faucet, but have two erorrs
first i have line: Notice: A session had already been started - ignoring session_start() in /home/domains/domain.com/public_html/faucet/templates/default/index.php on line 1

this is 1 line:

<?php session_start(); ?>

I'm unsure what the second problem is, though you do not need that line. FaucetBox starts a session on it's own, so you can just remove/comment out that session_start();

yes, you're right for this, seems that is not need that line. thanks

but still problem with answer the math question correctly!.

I get that a lot as well (the second problem).
I answer the math question correctly but it still tells me that I'm wrong.

[pickupcoin]

i am remove math captcha from my faucet, i do not solve problem with correctly math question
I would like to hear some idea with double captcha, definitely bots passing by funcaptcha.
does anyone have experience with solvemedia vs. funcaptcha, who's better?

[minifrij]

does anyone have experience with solvemedia vs. funcaptcha, who's better?

Unless SolveMedia has suddenly upped their security tenfold, FunCaptcha is almost certainly better. SolveMedia is flawed in that all that's needed to complete it is for the user to input text, which can be fairly easy for a bot to solve with some human assistance.

[elson]

can you explain who to open the math chapacha in a new popup window like your site ?

[dart vader]

your site just shows a blank page to me.

of course im not behind any proxy.

i was thinking using your steps but im worried of blocking real people (or people not behind proxies).

[FaucetRank.com]

i am remove math captcha from my faucet, i do not solve problem with correctly math question
I would like to hear some idea with double captcha, definitely bots passing by funcaptcha.
does anyone have experience with solvemedia vs. funcaptcha, who's better?

You can do it .
1st captcha at login page
2nd captcha when user make a claim

[misterbit]

i am remove math captcha from my faucet, i do not solve problem with correctly math question
I would like to hear some idea with double captcha, definitely bots passing by funcaptcha.
does anyone have experience with solvemedia vs. funcaptcha, who's better?

You can do it .
1st captcha at login page
2nd captcha when user make a claim

Hi, how do the captcha on login?

[thinkinger]

(ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php)

i couldnt understand that. where is it in paytoshi script. can anyone help me?

[pickupcoin]

(ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php)

i couldnt understand that. where is it in paytoshi script. can anyone help me?

this YOURTEMPLATE if you don't change anything is probably "default"
like this ../faucet/templates/default/index.php

[minifrij]

this YOURTEMPLATE if you don't change anything is probably "default"
like this ../faucet/templates/default/index.php

He isn't asking about FaucetBox, please read his post. Paytoshi is a bit different.

Since the Paytoshi script is a bit more split up into how it does things, the file that you're looking for is probably at this path:
../themes/default/index.html.twig
The other files are aptly named for what they do, though index.html.twig is likely the one you want for editing the main body of your faucet.

[pickupcoin]

this YOURTEMPLATE if you don't change anything is probably "default"
like this ../faucet/templates/default/index.php

He isn't asking about FaucetBox, please read his post. Paytoshi is a bit different.

Since the Paytoshi script is a bit more split up into how it does things, the file that you're looking for is probably at this path:
../themes/default/index.html.twig
The other files are aptly named for what they do, though index.html.twig is likely the one you want for editing the main body of your faucet.

I worked a long time ago with paytoshi, I completely forgot for .html.twig files.

[thinkinger]

this YOURTEMPLATE if you don't change anything is probably "default"
like this ../faucet/templates/default/index.php

He isn't asking about FaucetBox, please read his post. Paytoshi is a bit different.

Since the Paytoshi script is a bit more split up into how it does things, the file that you're looking for is probably at this path:
../themes/default/index.html.twig
The other files are aptly named for what they do, though index.html.twig is likely the one you want for editing the main body of your faucet.

Thanx bros. as soon as paytoshi works ill try it.and write here what happened.

[Jacce]

So the "proxy check" only checks if you can connect to port 80 or not? That is a very bad solution, not only is the possibility of false positives high (I got rejected from one faucet site just because I run a local WampServer), but what about proxies using other ports?

Edit: I saw that you also used Getipintel. Still, the chance of having false positives is high.

[thinkinger]

sorry bros again me. i did the first step and how can i learn that i did true. second where do ı have to paste the fourth one in Paytoshi. and also if you want to smile a while you can go to my faucet to see how i made it.this way http://stonefaucet.esy.es/ just below the head.

In step four we will be adding a simple math question displayed as an image as a second captcha. Faucet users cannot claim their satoshi until the math question is solved.

Download PHP captcha HERE extract it and add the "captcha" folder to your root directory. If you don't trust that download you can find the original HERE, it will require some configuring though.

Now open your template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) paste the following code at the very top line above <!DOCTYPE html>:

Code:

<?php session_start(); ?>

Paste the following code where you would like the equation to appear

Code:

<img id="captcha" src="/captcha/securimage_show.php" alt="CAPTCHA Image" />
<br>
<a href="#" onclick="document.getElementById('captcha').src = '/captcha/securimage_show.php?' + Math.random(); return false">[ New Problem ]</a>
<br>
<br>[/quote]
<input type="text" name="captcha_code" size="10" maxlength="6" />
<br>
<br>

Now you need to create a PHP document. I use a program called Notepad++, however any text editor will work. Create a new document, then paste in the following code:

Code:

<?php>
include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
  // the code was incorrect
  // you should handle the error so that the form processor doesn't continue

  // or you can use the following code if there is no validation or you do not know how
  echo "I'm sorry but you have to answer the math question correctly!.<br /><br />";
  echo "Please go <a href='javascript:history.go(-1)'>back</a> and use a caculator.";
  exit;
}

?>

Keep the document open. Open your faucet index page, it will most likely be index.php in your ROOTDIRECTORY. (Not the template index.php) Now press CTRL+A and select everything and copy it. Go back to the document you were just making and paste it on the very bottom, underneath the ?>  Now save the file as what ever you want, I called mine math.php.

Go back to your faucet template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) search for the following: <form method="POST" class="form-horizontal" role="form">
on that same line link your PHP file to it like so:

Code:

<form action="math.php" method="POST" class="form-horizontal" role="form">

Now you should have a working math eqution that users have to answer correctly before using your faucet.


I hope this helps other faucet owners, as it's terrible how bots think they can steal our valuable satoshis :3 You try and be nice, by giving people free bitcoins and they feel the need to exploit it.

[minifrij]

sorry bros again me. i did the first step and how can i learn that i did true. second where do ı have to paste the fourth one in Paytoshi. and also if you want to smile a while you can go to my faucet to see how i made it.this way http://stonefaucet.esy.es/ just below the head.

No problem, we're here to help. AFAIK you paste the fourth block of code on themes/default/index.html.twig at around line 30, though the script wasn't built for Paytoshi so I'm not sure the outcome will be.
You also seem to have some PHP showing on your faucet. You should probably try to fix that.

[thinkinger]

sorry bros again me. i did the first step and how can i learn that i did true. second where do ı have to paste the fourth one in Paytoshi. and also if you want to smile a while you can go to my faucet to see how i made it.this way http://stonefaucet.esy.es/ just below the head.

No problem, we're here to help. AFAIK you paste the fourth block of code on themes/default/index.html.twig at around line 30, though the script wasn't built for Paytoshi so I'm not sure the outcome will be.
You also seem to have some PHP showing on your faucet. You should probably try to fix that.

hi i pasted it and it ended like that.some scripts that can be seen by visitors.here is  themes/default/index.html.twig as pasted.can anyone tell me where to paste it?

{% extends "default/layout.html.twig" %}

{% block content %}
    <section class="container">
        <h1 class="text-center title">{{ name|default('Paytoshi Faucet') }}</h1>
        <h3 class="text-center headline">{{ description|default('...faucet? Paytoshi!') }}</h3>
        <hr />
        <div class="custom-content">
            {{ content.header_box|raw }}
        </div>
        <hr />
<?php
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("It would apprear you're using a proxy, so please, go fuck yourself!");

function checkProxy($ip){
      $contactEmail="EMAIL";
      $timeout=3;
      $banOnProability=0.99;
      
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
      curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
      curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");
      $response=curl_exec($ch);
      
      curl_close($ch);
      
      
      if ($response > $banOnProability) {
            return true;
      } else {
         if ($response < 0 || strcmp($response, "") == 0 ) {
            //The server returned an error, you might want to do something
            //like write to a log file or email yourself
            //This could be true due to an invalid input or you've exceeded
            //the number of allowed queries. Figure out why this is happening
            //because you aren't protected by the system anymore
            //Leaving this section blank is dangerous because you assume
            //that you're still protected, which is incorrect
            //and you might think GetIPIntel isn't accurate anymore
            //which is also incorrect.
            //failure to implement error handling is bad for the both of us
         }
            return false;
      }
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy($ip)) {
   echo "It would apprear you're using a proxy, so please, go fuck yourself! <br />";
}
?>
        <div class="row">
            <div class="col-md-3 hidden-xs hidden-sm custom-content">
                {{ content.left_box|raw }}
            </div>
            <div class="col-md-6 col-sm-12">
                <div class="faucet">
                    {% include "default/alerts.html.twig" %}
                    <h3 class="text-center">Rewards:</h3>

                    <ul class="reward-list text-center">
                        {% for reward in rewards %}
                            <li class="reward">{{ reward.amount }} satoshi ({{ reward.probability }}%)</li>
                        {% endfor %}
                    </ul>
                    <h4 class="text-center">Get a reward every {{ waiting_interval / 60 }} mins!</h4>
                    <hr>

                    <form action="{{ urlFor('reward') }}" novalidate="novalidate" method="POST" class="form">
                        <div class="form-group">
                            <input class="form-control input-lg" type="text" name="address"
                                   value="{% if address is defined %}{{ address }}{% endif %}"
                                   placeholder="Enter your Bitcoin address">
                        </div>

                        <div class="custom-content">
                            {{ content.center1_box|raw }}
                        </div>

                        <div class="form-group captcha">
                            <center>
                                {% include "default/" ~ captcha.name ~ ".html.twig" with { server: captcha.server, public_key: captcha.public_key } %}
                            </center>
                        </div>

                        <div class="custom-content">
                            {{ content.center2_box|raw }}
                        </div>

                        <button class="form-control input-lg btn-info get-reward">Get a reward!</button>
                        <input type="hidden" name="referral" value="{{ referral }}">

                        <div class="custom-content">
                            {{ content.center3_box|raw }}
                        </div>

                    </form>

                    <div class="well well-sm text-center referral-box">Earn {{ referral_percentage }}% referral bonus!
                        Share your referral URL:<br>{{ base_url ~ '?r=' ~ address|default('Bitcoin Address') }}</div>

                </div>
                       
                <div class="text-center">
                    <h3>What is a Bitcoin Faucet?</h3>
                    <p>
                        A faucet is a FREE Bitcoin site paying out up to {{ rewards_max }} satoshi every hour. Each time you visit this page and complete the captcha you will receive a payout amount randomly selected from the available amounts shown above. You will receive your payment directly to your <a href="https://paytoshi.org">Paytoshi wallet.</a><br/>
                        <a href="{{ urlFor('faq') }}">Read more</a>
                    </p>
                </div>
            </div>
            <div class="col-md-3 hidden-xs hidden-sm ">               
                <div class="custom-content">
                    {{ content.right_box|raw }}
                </div>
            </div>
        </div>
        <div class="row">
            <div class="col-md-12 custom-content" >
                {{ content.footer_box|raw }}
            </div>
        </div>
    </section>

{% endblock %}

[minifrij]

hi i pasted it and it ended like that.some scripts that can be seen by visitors.here is  themes/default/index.html.twig as pasted.can anyone tell me where to paste it?

snip

Replace this line:
<form action="{{ urlFor('reward') }}" novalidate="novalidate" method="POST" class="form">

Also, try putting your PHP codes in the head in the file layout.html.twig. It's not that great practice to put them in the body imo.

[felicita]

can you show the code how you added the math question in a second frame 

[BrannigansLaw]

Thus more complete

Code:

# Block Proxy
#5
RewriteCond %{HTTP:X_HTTP_BRAZIL_FORWARDED_FOR} !^$ [OR]
#5
RewriteCond %{HTTP:HTTP_X_BRAZIL_FORWARDED_FOR} !^$ [OR]
#4
RewriteCond %{HTTP:X_HTTP_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_ID}             !^$ [OR]
#4
RewriteCond %{HTTP:FORWARDED_HTTP_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR}         !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_ID}             !^$ [OR]
#3
RewriteCond %{HTTP:X_FORWARDED_FOR}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:X_PROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_PROXY_ID}                  !^$ [OR]
RewriteCond %{HTTP:X_USERAGENT_VIA}             !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_CONNECTION}         !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_ID}                 !^$ [OR]
RewriteCond %{HTTP:X_XROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_XROXY_ID}                  !^$ [OR]
#3
RewriteCond %{HTTP:CLIENT_HTTP_IP}              !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP}            !^$ [OR]
RewriteCond %{HTTP:FORWARDED_HTTP_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}              !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_USERAGENT_VIA}          !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_ID}              !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:PC_REMOTE_ADDR}              !^$ [OR]
RewriteCond %{HTTP:PROXY_HTTP_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:USERAGENT_HTTP_VIA}          !^$ [OR]
RewriteCond %{HTTP:XPROXY_HTTP_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:XROXY_HTTP_CONNECTION}       !^$ [OR]
#2
RewriteCond %{HTTP:X_FORWARDED}                 !^$ [OR]
RewriteCond %{HTTP:X_PROXY}                     !^$ [OR]
RewriteCond %{HTTP:X_XPROXY}                    !^$ [OR]
RewriteCond %{HTTP:X_XROXY}                     !^$ [OR]
#2
RewriteCond %{HTTP:CLIENT_IP}                   !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR}               !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED}              !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY}                  !^$ [OR]
RewriteCond %{HTTP:HTTP_VIA}                    !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY}                 !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY}                  !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:PROXY_ID}                    !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}               !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}           !^$ [OR]
RewriteCond %{HTTP:XPROXY_ID}                   !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:XROXY_ID}                    !^$ [OR]
#1
RewriteCond %{HTTP:FORWARDED}                   !^$ [OR]
RewriteCond %{HTTP:PROXY}                       !^$ [OR]
RewriteCond %{HTTP:USERAGENT}                   !^$ [OR]
RewriteCond %{HTTP:VIA}                         !^$ [OR]
RewriteCond %{HTTP:XPROXY}                      !^$ [OR]
RewriteCond %{HTTP:XROXY}                       !^$ [OR]
RewriteRule ^(.*)$ – [F]

Does this replace:
 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]

? thank you all! Such great tips here

[misterbit]

Thus more complete

Code:

# Block Proxy
#5
RewriteCond %{HTTP:X_HTTP_BRAZIL_FORWARDED_FOR} !^$ [OR]
#5
RewriteCond %{HTTP:HTTP_X_BRAZIL_FORWARDED_FOR} !^$ [OR]
#4
RewriteCond %{HTTP:X_HTTP_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_ID}             !^$ [OR]
#4
RewriteCond %{HTTP:FORWARDED_HTTP_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR}         !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_ID}             !^$ [OR]
#3
RewriteCond %{HTTP:X_FORWARDED_FOR}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:X_PROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_PROXY_ID}                  !^$ [OR]
RewriteCond %{HTTP:X_USERAGENT_VIA}             !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_CONNECTION}         !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_ID}                 !^$ [OR]
RewriteCond %{HTTP:X_XROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_XROXY_ID}                  !^$ [OR]
#3
RewriteCond %{HTTP:CLIENT_HTTP_IP}              !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP}            !^$ [OR]
RewriteCond %{HTTP:FORWARDED_HTTP_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}              !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_USERAGENT_VIA}          !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_ID}              !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:PC_REMOTE_ADDR}              !^$ [OR]
RewriteCond %{HTTP:PROXY_HTTP_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:USERAGENT_HTTP_VIA}          !^$ [OR]
RewriteCond %{HTTP:XPROXY_HTTP_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:XROXY_HTTP_CONNECTION}       !^$ [OR]
#2
RewriteCond %{HTTP:X_FORWARDED}                 !^$ [OR]
RewriteCond %{HTTP:X_PROXY}                     !^$ [OR]
RewriteCond %{HTTP:X_XPROXY}                    !^$ [OR]
RewriteCond %{HTTP:X_XROXY}                     !^$ [OR]
#2
RewriteCond %{HTTP:CLIENT_IP}                   !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR}               !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED}              !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY}                  !^$ [OR]
RewriteCond %{HTTP:HTTP_VIA}                    !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY}                 !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY}                  !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:PROXY_ID}                    !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}               !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}           !^$ [OR]
RewriteCond %{HTTP:XPROXY_ID}                   !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:XROXY_ID}                    !^$ [OR]
#1
RewriteCond %{HTTP:FORWARDED}                   !^$ [OR]
RewriteCond %{HTTP:PROXY}                       !^$ [OR]
RewriteCond %{HTTP:USERAGENT}                   !^$ [OR]
RewriteCond %{HTTP:VIA}                         !^$ [OR]
RewriteCond %{HTTP:XPROXY}                      !^$ [OR]
RewriteCond %{HTTP:XROXY}                       !^$ [OR]
RewriteRule ^(.*)$ – [F]

Does this replace:
 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]

? thank you all! Such great tips here

Yes friend.

[BrannigansLaw]

Thank you for clearing that up misterbit

1 problem, I used to get the "It would apprear you're using a proxy, so please, go fuck yourself" but no longer do when checking via boomproxy.com. I no longer do, even after updating .htaccess. Could someone double check for me and see if you can use my faucet and successfully get satoshi via boomproxy.com? Its faucetfm.com

I don't get the message ""It would apprear you're using a proxy, so please, go fuck yourself"" but I cannot click the "I'm not a bot" links also, so perhaps it is working in a way? I tried again with unticking all the boxes 'Remove Scripts' etc and it had the same result.

[misterbit]

Thank you for clearing that up misterbit

1 problem, I used to get the "It would apprear you're using a proxy, so please, go fuck yourself" but no longer do when checking via boomproxy.com. I no longer do, even after updating .htaccess. Could someone double check for me and see if you can use my faucet and successfully get satoshi via boomproxy.com? Its faucetfm.com

I don't get the message ""It would apprear you're using a proxy, so please, go fuck yourself"" but I cannot click the "I'm not a bot" links also, so perhaps it is working in a way? I tried again with unticking all the boxes 'Remove Scripts' etc and it had the same result.

Unfortunately I don't speak English and use the translator who is not very coherent.
This code unfortunately does not detect all the proxies, apart from that there are hundreds of people who use servers it's the biggest problem

[bargain]

Optional

I have google analytics on my faucet and I realized that, almost all the traffic was coming from Russia or China.... So I found out about this site called http://www.blockacountry.com, it allows you to block whole countries from accessing your website. This route is optional, but super effective. The only downside is it affects real people from accessing your faucet.

THAT IS KNOW AS DISCIMINATION!
Don't use that, you will face legal issues!
For stopping people from earning as you are blocking an entier countrie's IPs from accessing a site and free money (if it is a faucet)!

[FaucetRank.com]

Thank you for clearing that up misterbit

1 problem, I used to get the "It would apprear you're using a proxy, so please, go fuck yourself" but no longer do when checking via boomproxy.com. I no longer do, even after updating .htaccess. Could someone double check for me and see if you can use my faucet and successfully get satoshi via boomproxy.com? Its faucetfm.com

I don't get the message ""It would apprear you're using a proxy, so please, go fuck yourself"" but I cannot click the "I'm not a bot" links also, so perhaps it is working in a way? I tried again with unticking all the boxes 'Remove Scripts' etc and it had the same result.

Unfortunately I don't speak English and use the translator who is not very coherent.
This code unfortunately does not detect all the proxies, apart from that there are hundreds of people who use servers it's the biggest problem

you can't stop 100% proxy users .

[FBCTorg]

just blocked a bot using 158.69.103. range

Location:
    Lake Forest, California, United States
IP Address:
    Sparta Inc. Aeso (158.69.103.219) [Label IP Address]
Referring URL:
    (No referring link)
Visit Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK

[misterbit]

just blocked a bot using 158.69.103. range

Location:
    Lake Forest, California, United States
IP Address:
    Sparta Inc. Aeso (158.69.103.219) [Label IP Address]
Referring URL:
    (No referring link)
Visit Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK

OVH SAS

[FBCTorg]

just blocked a bot using 158.69.103. range

Location:
    Lake Forest, California, United States
IP Address:
    Sparta Inc. Aeso (158.69.103.219) [Label IP Address]
Referring URL:
    (No referring link)
Visit Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK

OVH SAS

yes, it uses same ref addy, same os, browser,.etc but different IPs on that range. block it asap

[misterbit]

just blocked a bot using 158.69.103. range

Location:
    Lake Forest, California, United States
IP Address:
    Sparta Inc. Aeso (158.69.103.219) [Label IP Address]
Referring URL:
    (No referring link)
Visit Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK

OVH SAS

yes, it uses same ref addy, same os, browser,.etc but different IPs on that range. block it asap

One moment...

[misterbit]

just blocked a bot using 158.69.103. range

Location:
    Lake Forest, California, United States
IP Address:
    Sparta Inc. Aeso (158.69.103.219) [Label IP Address]
Referring URL:
    (No referring link)
Visit Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK

OVH SAS

yes, it uses same ref addy, same os, browser,.etc but different IPs on that range. block it asap

One moment...

the range I think it is 158.69.

[FBCTorg]

just blocked a bot using 158.69.103. range

Location:
    Lake Forest, California, United States
IP Address:
    Sparta Inc. Aeso (158.69.103.219) [Label IP Address]
Referring URL:
    (No referring link)
Visit Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK

OVH SAS

yes, it uses same ref addy, same os, browser,.etc but different IPs on that range. block it asap

One moment...

the range I think it is 158.69.

i see visits from 158.69.103.193/194/197/199/201/202/213/214/215/216/217/218/219/221
same ref and same machine:
Browser:
    Firefox 37.0
OS:
    Linux
Resolution:
    2048x1536

i blocked all 158.69.103.0/24

now it appeared with new IPs:
Location:
    Montréal, Quebec, Canada
IP Address:
    Ovh Hosting (167.114.180.179) [Label IP Address]
Referring URL:
    (No referring link)
Entry Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK
Latest Page:
     freebitcoindice.com/faucetboxgame/

Browser:
    Firefox 38.0
OS:
    Linux
Resolution:
    2048x1536

same machine

[misterbit]

just blocked a bot using 158.69.103. range

Location:
    Lake Forest, California, United States
IP Address:
    Sparta Inc. Aeso (158.69.103.219) [Label IP Address]
Referring URL:
    (No referring link)
Visit Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK

OVH SAS

yes, it uses same ref addy, same os, browser,.etc but different IPs on that range. block it asap

One moment...

the range I think it is 158.69.

i see visits from 158.69.103.193/194/197/199/201/202/213/214/215/216/217/218/219/221
same ref and same machine:
Browser:
    Firefox 37.0
OS:
    Linux
Resolution:
    2048x1536

i blocked all 158.69.103.0/24

now it appeared with new IPs:
Location:
    Montréal, Quebec, Canada
IP Address:
    Ovh Hosting (167.114.180.179) [Label IP Address]
Referring URL:
    (No referring link)
Entry Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK
Latest Page:
     freebitcoindice.com/faucetboxgame/

Browser:
    Firefox 38.0
OS:
    Linux
Resolution:
    2048x1536

same machine

http://www.speedguide.net/ip/158.69.0

[misterbit]

just blocked a bot using 158.69.103. range

Location:
    Lake Forest, California, United States
IP Address:
    Sparta Inc. Aeso (158.69.103.219) [Label IP Address]
Referring URL:
    (No referring link)
Visit Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK

OVH SAS

yes, it uses same ref addy, same os, browser,.etc but different IPs on that range. block it asap

One moment...

the range I think it is 158.69.

i see visits from 158.69.103.193/194/197/199/201/202/213/214/215/216/217/218/219/221
same ref and same machine:
Browser:
    Firefox 37.0
OS:
    Linux
Resolution:
    2048x1536

i blocked all 158.69.103.0/24

now it appeared with new IPs:
Location:
    Montréal, Quebec, Canada
IP Address:
    Ovh Hosting (167.114.180.179) [Label IP Address]
Referring URL:
    (No referring link)
Entry Page:
     freebitcoindice.com/faucetbox/?ref=1HCVQXXvhEWtU5URbXDSDD441i1agpnwkK
Latest Page:
     freebitcoindice.com/faucetboxgame/

Browser:
    Firefox 38.0
OS:
    Linux
Resolution:
    2048x1536

same machine

And that is not all friend, there are hundreds and hundreds of servers 

[FBCTorg]

i see  

is there any way to block all hosting company IPs, is such service out there?

edit: i mean like database of IP ranges of hosting providers

[misterbit]

i see 

is there any way to block all hosting company IPs, is such service out there?

It is very complicated, it would be to search for a pattern in the data base

[FBCTorg]

i see 

is there any way to block all hosting company IPs, is such service out there?

It is very complicated, it would be to search for a pattern in the data base

i could find websites with such databases and also some requests for such service on other forums, proxy or script filtering those IPs would be handy for many people not only faucets 

[FaucetRank.com]

The better solution is reduce claim timers . Faucet owner put high timers and high rewards but its very risky because users get enough time to multiclaim.

You can't imagine how many lazy faucetors are in this world who don't bother to visit other faucets and makes multiple claims on single faucet.That's why bitcoinker has 15 mins timer.

[felicita]

can you show the code how you added the math question in a second frame 

can someone show me the code to open a frame in the same window to put there the math question ?

kind regrads

[BrannigansLaw]

Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.

[minifrij]

Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.

I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.

[BrannigansLaw]

Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.

I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.

Yes! I was looking for this, I knew someone posted somewhere but couldn't find it. Cheers for posting, I should be ok

[thinkinger]

Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.

I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.

bro. a more in-depth explanation will be fine for me. if you do ,it will be appreciated by me thanx.
By the way a guy from russia said that he cant use my faucet, im not sure but can it be he is using proxy or sth else and i did anti-bot scrypt right placed?

[BitcoinFX]

i see  

is there any way to block all hosting company IPs, is such service out there?

It is very complicated, it would be to search for a pattern in the data base

i could find websites with such databases and also some requests for such service on other forums, proxy or script filtering those IPs would be handy for many people not only faucets  

Herewith, a list I posted in the faucetbox thread for 'Not an access provider or ISP'

- https://bitcointalk.org/index.php?topic=1094930.msg13125867#msg13125867

Also, a mod. for the Bad-Behavior Anti-SPAM script, which is quite effective if you get a free httpbl_key .

- https://bitcointalk.org/index.php?topic=1094930.msg13122044#msg13122044

[Klarck]

Can any1 confirm if this actually stop people from acessing your faucet using Tor?

[Klarck]

PSA!!!

Guys, there's something very important you need to know before you proceed. I had to make the .htaccess file myself bc my website didn't have one, but when i uploaded it i fucking lost access to my website!!! I had to use a VPN to check if the site was still working and it was. Then i fixed it by adding the following code to the top of the file created by this site:

<ifModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]
</ifModule>

I'm just saying that bc the site mentioned by OP only makes the code that goes below that one above, so it looks like this:

Order Deny,Allow
Deny from 1.169.204.75
Deny from 103.10.197.50
Deny from 103.236.201.110
Deny from 103.240.91.7...

when it should actually look like this:

<ifModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]
</ifModule>
Order Deny,Allow
Deny from 1.169.204.75
Deny from 103.10.197.50
Deny from 103.236.201.110
Deny from 103.240.91.7
Deny from 103.3.61.158...

So in case it happens to you, don't worry, just add the line code to the file and upload it again.

BTW i must thank OP bc only the step 1 already seems to do some work, when i try to acess my faucet via Tor now it says:


"Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."


OP = Nice guy

[BitcoinFX]

Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"  


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalk.org/index.php?topic=1094930.msg13184663#msg13184663

Good job OP for starting this thread!  

[pinger]

Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"  


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalk.org/index.php?topic=1094930.msg13184663#msg13184663

Good job OP for starting this thread!  

This can be useful for the site I was developing, thanks all of you people that create and collaborate in this thread.

[minifrij]

bro. a more in-depth explanation will be fine for me. if you do ,it will be appreciated by me thanx.

Sorry about the delay, something like this should work (on a default config). You obviously need the recaptcha keys, which you can find here.
Keep in mind that this will only work if you do not have recaptcha as a main captcha, and that recaptcha isn't the most secure in stopping bots. This code is also untested, so might need slight alterations.

templates/default/index.php - line 11 (in the <head> tag):

Code:

<script src='https://www.google.com/recaptcha/api.js'></script>

templates/default/index.php - line 175 (below the PHP which decides which captcha to use):

Code:

<div class="text-center">
      <div class="g-recaptcha" data-sitekey="SITE_KEY"></div>
</div>

index.php - line 2200 (under the PHP which determines if the main captcha was correct):

Code:

$data['captcha_valid_2'] = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=SECRET_KEY&response=' . $_POST['g-recaptcha-response']))->success;

index.php - line 2249:

Code:

 if (array_key_exists('address', $_POST) &&
           $data['captcha_valid'] &&
           $data['captcha_valid_2'] &&
           $data['enabled'] &&
           $data['eligible']
        ) {

With this it should say the normal error whenever you get the captcha wrong, though probably won't be special. It should work at least though.

[matt007]

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate , i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets

Best regards,

Mat

[pinger]

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate , i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets

Best regards,

Mat

That looks interesting, how is this configured? I mean about codecanyon safeguard pro.

[matt007]

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate , i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets

Best regards,

Mat

That looks interesting, how is this configured? I mean about codecanyon safeguard pro.

Yes, it looks good but i did not install it yet. I'm still in the process of choosing the best method. If i install Safeguard Pro, i'll get back to you with the details and follow up   It's a php script and it has good reviews and ratings...

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

[misterbit]

Ranges from Amazon if someone wants to block
https://ipinfo.io/AS14618

[pinger]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

[pinger]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.

OK, but I have no idea concerning the honeypot with 24 hours

[felicita]

can you show the code how you added the math question in a second frame 

can someone show me the code to open a frame in the same window to put there the math question ?

kind regrads

can someone show me the code to open a frame in the same window to put there the math question ?

[pinger]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.

OK, but I have no idea concerning the honeypot with 24 hours

https://stackoverflow.com/questions/6181513/setting-up-a-sql-injection-honeypot

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.

OK, but I have no idea concerning the honeypot with 24 hours

https://stackoverflow.com/questions/6181513/setting-up-a-sql-injection-honeypot

Thanks a lot

[Butord]

Hi,
The faucetbox script has Security tab where we can add list of IP addresses or IP networks in CIDR notation to ban and List of hostnames to ban. Is it the same as using .htaccess file? Thanks

[myrfaucets]

 

thank for the great info 

[creepland]

Hi,
The faucetbox script has Security tab where we can add list of IP addresses or IP networks in CIDR notation to ban and List of hostnames to ban. Is it the same as using .htaccess file? Thanks

I think it's probably is the same.

[FaucetRank.com]

Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"  


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalk.org/index.php?topic=1094930.msg13184663#msg13184663

Good job OP for starting this thread!  

This is helpful for me but I would like to be more soft for proxy users instead of banning them I'll show them a message that sorry proxy user can't claim free btc .

They will see this message when they solve captcha and hit submit button so this way proxy /Google bots are allowed to visit site but a proxy user trying to claim will get nothing except above message.

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

Finally I do not recommend buying the script, programmer lies in features on separate ISP blocking also blocks fake attacks SQL with Bitcoin addresses and any url.

[uchijashisui]

@AlexAce420
Just playing in my back up website... but the math questions does not load:
http://i67.tinypic.com/mh7ziq.png


I just have done everthing ypu have told us: (include math in the root, adding the lines, etc.)

[KnightTrader]

@AlexAce420
Just playing in my back up website... but the math questions does not load:



I just have done everthing ypu have told us: (include math in the root, adding the lines, etc.)

Got same error when tried this some time ago.

This would be great to get working, because looks like it could be added to any faucet without modifying faucet code.

[BrannigansLaw]

@AlexAce420
Just playing in my back up website... but the math questions does not load:



I just have done everthing ypu have told us: (include math in the root, adding the lines, etc.)

Got same error when tried this some time ago.

This would be great to get working, because looks like it could be added to any faucet without modifying faucet code.

I had the same problem but managed to fix it. It's a directory issue.
/libs/captcha/securimage_show.php - put that, the original code misses the libs section as shown below.

<img id="captcha" src="/captcha/securimage_show.php" alt="CAPTCHA Image" />
<br>
<a href="#" onclick="document.getElementById('captcha').src = '/captcha/securimage_show.php?' + Math.random(); return false">[ New Problem ]</a>

[KnightTrader]

Thanks BrannigansLaw! I will try that later and edit in this post if got it working or not.

Edit: Well, I did not got it working, but I did also remember wrong, thats not too easy to add to any faucet. Did not tried in "Faucet in a BOX".

[BrannigansLaw]

Thanks BrannigansLaw! I will try that later and edit in this post if got it working or not.

Edit: Well, I did not got it working, but I did also remember wrong, thats not too easy to add to any faucet. Did not tried in "Faucet in a BOX".

oh you're not using faucetinabox. hmm it still is probably a directory issue. Just mess around with it until you get it right. If you need to go back a directors its like so ./libs if you need to go back 2, 3 4 times? its. /../libs, or /../../libs etc.

[KnightTrader]

Thanks BrannigansLaw! I will try that later and edit in this post if got it working or not.

Edit: Well, I did not got it working, but I did also remember wrong, thats not too easy to add to any faucet. Did not tried in "Faucet in a BOX".

oh you're not using faucetinabox. hmm it still is probably a directory issue. Just mess around with it until you get it right. If you need to go back a directors its like so ./libs if you need to go back 2, 3 4 times? its. /../libs, or /../../libs etc.

Hey, thanks for extra help. I have already added other antibot to my faucetinabox faucets, but in two other scripts where I would like to get extra protection is bigger problems. Other has captcha in root index, not in themes/index and other has already action in <form method="post".. and there might come more problems even if I somehow could pass those problems.

So, maybe it is easier just to use only faucetinabox, because that is common and most addons and help are for that script. Dont know yet, but that is enough offtopic.

[BrannigansLaw]

Thanks BrannigansLaw! I will try that later and edit in this post if got it working or not.

Edit: Well, I did not got it working, but I did also remember wrong, thats not too easy to add to any faucet. Did not tried in "Faucet in a BOX".

oh you're not using faucetinabox. hmm it still is probably a directory issue. Just mess around with it until you get it right. If you need to go back a directors its like so ./libs if you need to go back 2, 3 4 times? its. /../libs, or /../../libs etc.

Hey, thanks for extra help. I have already added other antibot to my faucetinabox faucets, but in two other scripts where I would like to get extra protection is bigger problems. Other has captcha in root index, not in themes/index and other has already action in <form method="post".. and there might come more problems even if I somehow could pass those problems.

So, maybe it is easier just to use only faucetinabox, because that is common and most addons and help are for that script. Dont know yet, but that is enough offtopic.

Well the maths question hasn't helped me at all! infact I'm a bit suspicious of it but I'm probably just paranoid. Since installing I've had a big bot problem!
Just today 14/01
3886 claims! at 1-2 satoshi! Who would bother, there is a message that says only rewarding 1-2 satoshi as well.

[felicita]

wow loks like many bots visit your faucet 

[BrannigansLaw]

wow loks like many bots visit your faucet 

Rather me than you guys. I will work on it and if I find a way to stop them I'll update you.

[FaucetRank.com]

if you are using anti bot links and still your faucet boted then all faucet owner should start to worry because it means now bots know how to solve them.

[BrannigansLaw]

if you are using anti bot links and still your faucet boted then all faucet owner should start to worry because it means now bots know how to solve them.

ah I switched web host and it didnt copy over the htaccess file. My goodness does it make a difference! I will also install antibot links.

[FaucetRank.com]

if you are using anti bot links and still your faucet boted then all faucet owner should start to worry because it means now bots know how to solve them.

ah I switched web host and it didnt copy over the htaccess file. My goodness does it make a difference! I will also install antibot links.

Should make some difference . Add anti bot and feel the difference.

[Klarck]

I'm having a problem with the final step of the secure image captcha 

Where do i upload math.php after save it? And how do i link it on "action="math.php""?

I uploaded math.php to the root folder and linked as "action="/math.php"", but my faucet keep saying "Fatal error: Class 'Securimage' not found in /home/vhosts/www.cryptobox.xyz/math.php on line 4" when i try to get a reward.

[BTC NOW]

Hello everyone , it worked , but I have a problem, the result is , I have to double click! , As I change the text color, to black?

http://i65.tinypic.com/21e3mnb.png

[datalore]

I have the same problem, where should I put the file "" math.php""

[felicita]

I have the same problem, where should I put the file "" math.php""

put the math.php fiel in your root directory !

[datalore]

I have the same problem, where should I put the file "" math.php""

put the math.php fiel in your root directory !

Does not work.

It has an error in the image.

Captcha image.


The same error also >>>

[datalore]

ninguém?

[LyQaN]

I'm having a problem with the final step of the secure image captcha 

Where do i upload math.php after save it? And how do i link it on "action="math.php""?

I uploaded math.php to the root folder and linked as "action="/math.php"", but my faucet keep saying "Fatal error: Class 'Securimage' not found in /home/vhosts/www.cryptobox.xyz/math.php on line 4" when i try to get a reward.

Will You please share the link of this image captcha anti-bot?

[datalore]

I also have this problem . the image does not load .

[FaucetRank.com]

I also have this problem . the image does not load .

Use antibot script easy to add and prevent bots .
typing any math question user would not like that.

[felicita]

most users also dont linke antibot clicks

[FaucetRank.com]

most users also dont linke antibot clicks

Because anti bots are hidden behind ads but if you put antibot at clear visible place then surly people have no problem to click only 3 antibot links . it just takes 2 seconds extra .

see user friendly antibot links here http://faucetrank.com/faucet

[smashbtc]

Thanks for sharing this preventive measures to protect sites from bots. This is really helpful to anyone who owns a faucet. If you're looking for a script to stop bots, I would recommend this one.

[kilopa]

Hello sir.

Google bring me here.

I think this script has a problem (or no), because when I join to some sites it give me "It would apprear you're using a proxy, so please, go fuck yourself!".

I'm not using proxies or anything like that. Still, I go to myip.es to check my IP, and show me my IP, not a proxy. Next I go to amibehindaproxy.com, and it show me "No proxyserver detected.". So I decided to google the error, and I see this page at first.

I check the site of script http://check.getipintel.net/check.php?ip=heremyip, and show me -6. I don't know what is mean.

The bad is that my IP is static so I can't change it. I'm from Spain (I don't know if your script block spanish people).

Is for that or what else?

Sorry if my english is pretty poor, but I needed to ask you. Thanks.

[misterbit]

Greetings guys, I found this list of IP that I think can help us

Code:

https://lists.blocklist.de:4343/lists/

[primera]

Greetings guys, I found this list of IP that I think can help us

Code:

https://lists.blocklist.de:4343/lists/

Nice Thanks..

[KnightTrader]

Many bots/bot owners pass through these already. We need new tricks

Solution would be some capthcha with several simple games randomly, one of them need to play before claim. Just a thought..

[hoop]

Many bots/bot owners pass through these already. We need new tricks

Solution would be some capthcha with several simple games randomly, one of them need to play before claim. Just a thought..

Yeah, but that need dev sickles .

[KnightTrader]

Many bots/bot owners pass through these already. We need new tricks

Solution would be some capthcha with several simple games randomly, one of them need to play before claim. Just a thought..

Yeah, but that need dev sickles .

They could earn by that too by showing ads

[shintosai]

Many bots/bot owners pass through these already. We need new tricks

Solution would be some capthcha with several simple games randomly, one of them need to play before claim. Just a thought..

Yeah, but that need dev sickles .

They could earn by that too by showing ads

we need to understand that faucet owners needed also extra earnings
I don't know why bots has been develop since it just an easy task
to solve captcha.

[hoop]

Many bots/bot owners pass through these already. We need new tricks

Solution would be some capthcha with several simple games randomly, one of them need to play before claim. Just a thought..

Yeah, but that need dev sickles .

They could earn by that too by showing ads

we need to understand that faucet owners needed also extra earnings
I don't know why bots has been develop since it just an easy task
to solve captcha.

Bots develop not only for solve captcha task.

[Lutzow]

I applied both step 1 and step 2 but now I cannot access my faucet using my mobile provider showing that I'm behind a proxy. I removed the anti proxy then and things are already working ok. Is that really the case? Is it because the mobile providers are using some kind of proxy as well?

[herbst]

Has anyone tried Cloudflare (And maybe the "I am under attack" mode) to prevent bots? I just switched it on on mine, will report back in the next days if i dont forget.

[hoop]

Has anyone tried Cloudflare (And maybe the "I am under attack" mode) to prevent bots? I just switched it on on mine, will report back in the next days if i dont forget.

Waiting  for your report about prevent bots by Cloudflare.

[alfaboy23]

I use the math captcha but there is a slight problem,
The referral becomes http://xfaucet.digi-eye.xyz/math.php/?r=address instead of the original http://xfaucet.digi-eye.xyz/?r=address

Notice the math.php appended on the original ref link? Is there a way to fix that?

[datalore]

Has anyone tried Cloudflare (And maybe the "I am under attack" mode) to prevent bots? I just switched it on on mine, will report back in the next days if i dont forget.

Waiting  for your report about prevent bots by Cloudflare.

cloudfare = problem adsense

[hoop]

Has anyone tried Cloudflare (And maybe the "I am under attack" mode) to prevent bots? I just switched it on on mine, will report back in the next days if i dont forget.

Waiting  for your report about prevent bots by Cloudflare.

cloudfare = problem adsense

You can googled for solution.

[ankit10]

i cant understand last step (of 4th method)
I M NEW

[JerryMotov]

Hi,
I can't find <form method="POST" class="form-horizontal" role="form"> in my faucetbox template.
Where should I put this? <form action="math.php" method="POST" class="form-horizontal" role="form">
?

[Gifted]

If your using a xapo script or it might  work in faucetbox here is a way to let them go to your page but not able to collect as a proxy,

Code:

//We do not allow proxy here
 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
{ 
  $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Sorry Proxy not allowed !!</p></div></div>';
    $message                     = "Proxy";
    goto error; 
  }
  $q = $sql->prepare("select * from users where LOWER(username) = LOWER(?) or ip = ? order by claimed_at desc");
  $q->execute(array($username,$ip));
  $row = $q->fetch();

[vodaljepa]

If your using a xapo script or it might  work in faucetbox here is a way to let them go to your page but not able to collect as a proxy,

Code:

//We do not allow proxy here
 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
{ 
  $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Sorry Proxy not allowed !!</p></div></div>';
    $message                     = "Proxy";
    goto error; 
  }
  $q = $sql->prepare("select * from users where LOWER(username) = LOWER(?) or ip = ? order by claimed_at desc");
  $q->execute(array($username,$ip));
  $row = $q->fetch();

What about VPNs? or VPS?

[minifrij]

If your using a xapo script or it might  work in faucetbox here is a way to let them go to your page but not able to collect as a proxy,
snip

This would likely work somewhat, however would throw some false-positives for anyone with Port 80 on their network open (E.G running a web server, using a public WiFi network and other things all may have Port 80 open), not to mention this port can simply be remapped if needed meaning attackers can bypass this anyway. You can even check if it is open on your network here, if it is this script will block you.

What about VPNs? or VPS?

OpenVPN automatically uses Port 80, however this can be remapped to a different Port as the page describes allowing it to pass. My AWS VPS currently has Port 80 closed, meaning this script would let me pass using it.

[alfaboy23]

If your using a xapo script or it might  work in faucetbox here is a way to let them go to your page but not able to collect as a proxy,

Code:

//We do not allow proxy here
 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
{ 
  $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Sorry Proxy not allowed !!</p></div></div>';
    $message                     = "Proxy";
    goto error; 
  }
  $q = $sql->prepare("select * from users where LOWER(username) = LOWER(?) or ip = ? order by claimed_at desc");
  $q->execute(array($username,$ip));
  $row = $q->fetch();

I also tried this script and the one from the OP, but it's both not working, I test my site with several proxy apps and sites and I can still access my site.

The most effective way is via the .htaccess file.

The problem is, it is also blocking my local IP.

[botdetector]

Hi to all
As we all know, detecting proxy is one of the basic strategy. The better one is to analize what user is doing on the website. After analysis we are able to decite whether is a real user or a bot. My small team has wrote early beta of the service allows the recognize the bot.

If you are interested in, please write to me

also please take a look at:
https://bitcointalk.org/index.php?topic=1501132.0

best!

[datalore]

not updates???

[wetrust]

there is anyway to stop proxy users from earn only i mean how to make them enter and see the index or main page but disable the reward botton or redirect them to error page when they hit on get reward
any genus way here  

[Gifted]

there is anyway to stop proxy users from earn only i mean how to make them enter and see the index or main page but disable the reward botton or redirect them to error page when they hit on get reward
any genus way here  

Yes there is... in function you can put a if code for proxy die code

[Gifted]

best thing to do is use Step Four

[wetrust]

best thing to do is use Step Four

yes i did that step and step 2 also both work great
but it would be great if all proxy users can access main page but not get reward
i think this better for CPM ads ?

[Gifted]

best thing to do is use Step Four

yes i did that step and step 2 also both work great
but it would be great if all proxy users can access main page but not get reward
i think this better for CPM ads ?

i will look into this and get back to you using better code then the one i posted

[Gifted]

so yes i have figured out how to do that for you using an xapo faucet... i will check it with faucetbox
Alfaboy you might want to use this

Code:

//Checks that the username is not empty
  if (!isset($_POST['username'])||$_POST['username']=="") {
    $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Missing email address!</p></div></div>';
    $message                     = "Missing email address";
    goto error;
  }

  $username = $_POST['username'];
   //Checks if the user has written something in the captcha box

  $captchaChallange = $_POST['adcopy_challenge'];
  $captchaResponse  = $_POST['adcopy_response'];

  if (empty($captchaChallange) || empty($captchaResponse)) {

    $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Missing captcha, try again!</p></div></div>';
    $message                     = "Missing captcha";
    goto error;
  }


  $response = @file('http://verify.solvemedia.com/papi/verify?privatekey=' . $settings['solvemedia_verification_key'] . '&challenge=' . rawurlencode($captchaChallange) . '&response=' . rawurlencode($captchaResponse) . '&remoteip=' . $ip);

  if (!isset($response[0]) || trim($response[0]) === 'false'){
    $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Wrong captcha!</p></div></div>';
    $message                     = "Wrong captcha";
  }
//We do not allow proxy here
 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("It would apprear you're using a proxy, so please, go fuck yourself!");

function checkProxy($ip){
		$contactEmail="EMAIL";
		$timeout=3; 
		$banOnProability=0.99;
		
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
		curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");
		$response=curl_exec($ch);
		
		curl_close($ch);
		
		
		if ($response > $banOnProability) {
				return true;
		} else {
			if ($response < 0 || strcmp($response, "") == 0 ) {
				//The server returned an error, you might want to do something
				//like write to a log file or email yourself
				//This could be true due to an invalid input or you've exceeded
				//the number of allowed queries. Figure out why this is happening
				//because you aren't protected by the system anymore
				//Leaving this section blank is dangerous because you assume
				//that you're still protected, which is incorrect
				//and you might think GetIPIntel isn't accurate anymore
				//which is also incorrect.
				//failure to implement error handling is bad for the both of us
			}
				return false;
		}
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy($ip)) {
	echo "It would apprear you're using a proxy, so please, go fuck yourself! <br />";
}
  //timer check

[Gifted]

best thing to do is use Step Four

yes i did that step and step 2 also both work great
but it would be great if all proxy users can access main page but not get reward
i think this better for CPM ads ?

Try this !! Just replace the index.php with this on in the main root http://bitcoinfaucetrelay.com/wp-content/uploads/2016/06/faucetbox-fix.zip

[Gifted]

best thing to do is use Step Four

yes i did that step and step 2 also both work great
but it would be great if all proxy users can access main page but not get reward
i think this better for CPM ads ?

Try this !! Just replace the index.php with this on in the main root http://bitcoinfaucetrelay.com/wp-content/uploads/2016/06/faucetbox-fix.zip

bump for security update  i made for faucetbox bots attacking

[Swagtoshi]

What does that script do exactly?

[Swagtoshi]

How do bot get past the captchas exactly?

[minifrij]

What does that script do exactly?

Which script do you mean? The first one in the thread?

How do bot get past the captchas exactly?

They use an API which sends the captcha's image to a server (for a small fee) where another person then solves it for a reward.

[Swagtoshi]

I was wondering what gifted's index.php script did.

[vodaljepa]

I was wondering what gifted's index.php script did.

Probably steals your coins

[minifrij]

I was wondering what gifted's index.php script did.

The new index.php script added this code at lines 1575 - 1614:

Code:

<?php
//We do not allow proxy here		
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))		
	die("It would apprear you're using a proxy, so please, go fuck yourself!");		
			
function checkProxy($ip){		
	$contactEmail="Goldkey0070@gmail.com";		
	$timeout=3; 		
	$banOnProability=0.99;		
					
	$ch = curl_init();		
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);		
	curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);		
	curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");		
	$response=curl_exec($ch);					
	curl_close($ch);		
									
	if ($response > $banOnProability) {		
		return true;		
	} else {		
		if ($response < 0 || strcmp($response, "") == 0 ) {		
			//There's a lot of comment here that I removed, look it up on the index.php file if you're interested in what it says		
		}		
		return false;		
	}		
}		

$ip=$_SERVER['REMOTE_ADDR'];		
if (checkProxy($ip)) {		
	echo "It would apprear you're using a proxy, so please, go fuck yourself! <br />";		
}
?>

Basically, here is what it does:

Code:

if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))		
	die("It would apprear you're using a proxy, so please, go fuck yourself!");

If port 80 is open on the user's computer, then display the message in the die("") and kill the rest of the script. I've explained previously why doing this can cause a lot of false positives, you can read it here:

...

This would likely work somewhat, however would throw some false-positives for anyone with Port 80 on their network open (E.G running a web server, using a public WiFi network and other things all may have Port 80 open), not to mention this port can simply be remapped if needed meaning attackers can bypass this anyway. You can even check if it is open on your network here, if it is this script will block you.
...
OpenVPN automatically uses Port 80, however this can be remapped to a different Port as the page describes allowing it to pass. My AWS VPS currently has Port 80 closed, meaning this script would let me pass using it.

It would probably work for some bots, however it is not completely foolproof and may stop real users accessing your faucet.

Code:

function checkProxy($ip){		
	$contactEmail="Goldkey0070@gmail.com";		
	$timeout=3; 		
	$banOnProability=0.99;	

Create a function which will be called later and create three variables inside of it. These variables are:

• Some random e-mail address, not too sure what that is for (as it is not used anywhere else in the script).
• The amount of seconds for PHP to try to access the URL. If the URL can't be found in this amount of seconds (3) then the connection will die.
• If the URL returns higher than this number, then the user is banned - This should be explained more in the next few chunks of code. (It should also be spelled probability)

Code:

$ch = curl_init();		
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);		
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);		
curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");		
$response=curl_exec($ch);					
curl_close($ch);

This basically gets the content from the page http://check.getipintel.net/check.php?ip=USERSIP with the timeout set previously. GetIPIntel is a service that scores IP addresses on how 'bad' they are (E.G if they are a proxy or bot). However, this API is only free for a certain amount of requests per day (500 / 15 per minute), so if your faucet gets a lot of unique users this could do very little for you.

Code:

if ($response > $banOnProability) {		
	return true;		
} else {		
	if ($response < 0 || strcmp($response, "") == 0 ) {		
		//snip		
	}		
	return false;		
}	

This code checks if the return from GetIPIntel is greater than the variable banOnProability. If it is, then the function returns true and marks the user to be blocked. Otherwise, the function returns false and lets them pass.
The if ($response < 0 || strcmp($response, "") == 0 ) {    is used to find if the response was empty and if the server is having any problems, though the code doesn't do anything in this so it is somewhat useless (unless you want to edit it yourself).

Code:

$ip=$_SERVER['REMOTE_ADDR'];		
if (checkProxy($ip)) {		
	echo "It would apprear you're using a proxy, so please, go fuck yourself! <br />";		
}

Finally, this piece of code gets the user's IP, checks it against GetIPIntel and if the function returns true, it says the exact same is if port 80 were open.
This is a more reliable method of detecting bots and other attackers than seeing if a port is open, however (unless you're winning to pay) it is only functional for 500 users per day.

There are no other changes to the original code as far as I can see, feel free to check it yourself using a difference checking tool. It should also be noted that this script only works with FaucetInABox version r63, as r64 changes the code in index.php significantly I believe.

[kaytokeyos]

<?php>
include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
  // the code was incorrect
  // you should handle the error so that the form processor doesn't continue

  // or you can use the following code if there is no validation or you do not know how
  echo "I'm sorry but you have to answer the math question correctly!.<br /><br />";
  echo "Please go <a href='javascript:history.go(-1)'>back</a> and use a caculator.";
  exit;
}

?>

how about i change this script
echo "Please go <a href='javascript:history.go(-1)'>back</a> and use a caculator.";
to this
echo "Please go <a href='index.php'>back</a> and use a caculator.";

its ok?

if i use script above i got eror but if i change the link its work

[alw1tt]

http://i51.photobucket.com/albums/f353/Ace_Of_Fades/Untitled-1_zpsnfwjriuq.png

Everything in this tutorial is being used on my faucet. Check it out HERE to see it in action!

Step Four

In step four we will be adding a simple math question displayed as an image as a second captcha. Faucet users cannot claim their satoshi until the math question is solved.

Download PHP captcha HERE extract it and add the "captcha" folder to your root directory. If you don't trust that download you can find the original HERE, it will require some configuring though.

Now open your template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) paste the following code at the very top line above <!DOCTYPE html>:

Code:

<?php session_start(); ?>

Paste the following code where you would like the equation to appear

Code:

<img id="captcha" src="/captcha/securimage_show.php" alt="CAPTCHA Image" />
<br>
<a href="#" onclick="document.getElementById('captcha').src = '/captcha/securimage_show.php?' + Math.random(); return false">[ New Problem ]</a>
<br>
<br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<br>
<br>

Now you need to create a PHP document. I use a program called Notepad++, however any text editor will work. Create a new document, then paste in the following code:

Code:

<?php>
include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
  // the code was incorrect
  // you should handle the error so that the form processor doesn't continue

  // or you can use the following code if there is no validation or you do not know how
  echo "I'm sorry but you have to answer the math question correctly!.<br /><br />";
  echo "Please go <a href='javascript:history.go(-1)'>back</a> and use a caculator.";
  exit;
}

?>

Keep the document open. Open your faucet index page, it will most likely be index.php in your ROOTDIRECTORY. (Not the template index.php) Now press CTRL+A and select everything and copy it. Go back to the document you were just making and paste it on the very bottom, underneath the ?>  Now save the file as what ever you want, I called mine math.php.

Go back to your faucet template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) search for the following: <form method="POST" class="form-horizontal" role="form">
on that same line link your PHP file to it like so:

Code:

<form action="math.php" method="POST" class="form-horizontal" role="form">

About the Step 4... Why don't you just use:

Code:

include_once $_SERVER['DOCUMENT_ROOT'] . '/faucet/index.php';

Instead of select everything, copy it, go back to the document you were just making and paste it on the very bottom?


And there is a Problem!
After using this math script, the referral link become:
-- http://yoursite.com/faucet/math.php?r=1XX9xXXZ3XTXXX5kTXxXKCvxkiXNXxdGXN
Instead of:
-- http://yoursite.com/faucet/?r=1XX9xXXZ3XTXXX5kTXxXKCvxkiXNXxdGXN

How to fix it?

[alfaboy23]

...

And there is a Problem!
After using this math script, the referral link become:
-- http://yoursite.com/faucet/math.php?r=1XX9xXXZ3XTXXX5kTXxXKCvxkiXNXxdGXN
Instead of:
-- http://yoursite.com/faucet/?r=1XX9xXXZ3XTXXX5kTXxXKCvxkiXNXxdGXN

How to fix it?

I've asked that a long time ago

I use the math captcha but there is a slight problem,
The referral becomes http://xfaucet.digi-eye.xyz/math.php/?r=address instead of the original http://xfaucet.digi-eye.xyz/?r=address

Notice the math.php appended on the original ref link? Is there a way to fix that?

But, still no answer, it seems that there is no fix for this.

[Gifted]

use a <div> and closing </div>

[alw1tt]

There is always a fix... 

Open your Template index.php

Replace:

Code:

<code><?php echo $data["reflink"]; ?></code>

with:

Code:

<code><?php echo str_replace("math.php","",$data["reflink"]); ?></code>

That's it! 

[Butord]

Is there a method to block certain btc address if I'm not using faucetbox script? Yjahnks

[FaucetRank.com]

Is there a method to block certain btc address if I'm not using faucetbox script? Yjahnks

Which script are you using 1st tell me. If you' are using xapo than I can help you easily. It's very easy to block email add or btc address.
…………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹……………

[Butord]

Is there a method to block certain btc address if I'm not using faucetbox script? Yjahnks

Which script are you using 1st tell me. If you' are using xapo than I can help you easily. It's very easy to block email add or btc address.
…………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹……………

I'm using paytoshi script. Actually I've already have the code. Yje only problem is where to add it

[pkhuba082]

Hi,

Thanks for your support and help

Can anyone help me how to implement this code in Wordpress site?



Thanks