rkandrades
Sr. Member
Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
|
October 27, 2015, 12:32:03 PM |
|
GetIPIntel won't work for high traffic faucets, too many requests will spit our 404/403 errors. I spoke with the admin recently and tested it.
Not sure about the rest. Proxies are an issue but adding features to limit claims from more than X amount of IP addresses is a step in the right direction.
For MiniFaucet based faucets, it helps to have a limit on large cashouts. Botters are keeping up with things, that's for sure. I don't quite understand how.
Some of the best devs out there haven't been able to do much. Catching repeat offenders and blacklisting IPs helps, but you'll have to pay a few bots before you get that knowledge.
As you said the best way to work with getIpIntel is caching the results and coding a counter to limit your requests daily. For me, the fight against the scammers and bots is teaching me many things. As you know I'm developing my own security system without need to use antibot links or anything like this. I think I am winning this battle for now...
|
|
|
|
thefaucetrunner
Sr. Member
Offline
Activity: 714
Merit: 250
Defend Bitcoin and its PoW: bitcoincleanup.com
|
|
October 27, 2015, 05:42:22 PM |
|
One of the main things to remember with these bots is that they are using a script, which is fairly rigid. You can do several things to foil the bots, including switching your captcha randomly, implementing legitimate anti-bot math problems and buttons, thresholds for cashouts and other features.
Unfortunately for many of the users on here, these sort of features require knowledge or the money to hire someone with the knowledge. We are lucky to have people like Minifrij etc to help users.
I've made it my task in recent months to fight these bots where I can, but I think it's an uphill struggle most of the time. I have banned so many addresses today...
|
|
|
|
rkandrades
Sr. Member
Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
|
October 27, 2015, 09:09:34 PM |
|
One of the main things to remember with these bots is that they are using a script, which is fairly rigid. You can do several things to foil the bots, including switching your captcha randomly, implementing legitimate anti-bot math problems and buttons, thresholds for cashouts and other features.
Unfortunately for many of the users on here, these sort of features require knowledge or the money to hire someone with the knowledge. We are lucky to have people like Minifrij etc to help users.
I've made it my task in recent months to fight these bots where I can, but I think it's an uphill struggle most of the time. I have banned so many addresses today...
Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim. My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...). This move should block a lot of bots (At leas the not customizable ones). I will study how to do this...
|
|
|
|
AlexAce420 (OP)
Member
Offline
Activity: 155
Merit: 10
|
|
October 27, 2015, 09:18:37 PM |
|
Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.
My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).
This move should block a lot of bots (At leas the not customizable ones).
I will study how to do this...
Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works. I will make a tutorial on this post as soon as I get home from work.
|
|
|
|
misterbit
|
|
October 27, 2015, 11:35:53 PM |
|
Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.
My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).
This move should block a lot of bots (At leas the not customizable ones).
I will study how to do this...
Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works. I will make a tutorial on this post as soon as I get home from work. Hi, watch this, feel me good, only would have to adapt it. http://jsfiddle.net/Ztq83/Someone who knows how to do it please
|
|
|
|
rkandrades
Sr. Member
Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
|
October 28, 2015, 01:44:05 AM |
|
Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.
My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).
This move should block a lot of bots (At leas the not customizable ones).
I will study how to do this...
Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works. I will make a tutorial on this post as soon as I get home from work. Hi, watch this, feel me good, only would have to adapt it. http://jsfiddle.net/Ztq83/Someone who knows how to do it please Yes. It seems good. But you should implement this making the field mandatory to the submit button. I need to study how to do this yet. Recently I implemented a second simple captcha in my faucet but It just works to hide the claim button. Solving the captcha the claim button is shown. However if the scammer uses a bot that send automatic commands like HTML POSTs and GETs, my second captcha should fail. I will take a look in the faucetbox script tomorrow...
|
|
|
|
misterbit
|
|
October 28, 2015, 01:55:02 AM |
|
Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.
My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).
This move should block a lot of bots (At leas the not customizable ones).
I will study how to do this...
Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works. I will make a tutorial on this post as soon as I get home from work. Hi, watch this, feel me good, only would have to adapt it. http://jsfiddle.net/Ztq83/Someone who knows how to do it please Yes. It seems good. But you should implement this making the field mandatory to the submit button. I need to study how to do this yet. Recently I implemented a second simple captcha in my faucet but It just works to hide the claim button. Solving the captcha the claim button is shown. However if the scammer uses a bot that send automatic commands like HTML POSTs and GETs, my second captcha should fail. I will take a look in the faucetbox script tomorrow... It would be great
|
|
|
|
FaucetRank.com
|
|
October 28, 2015, 04:18:36 AM |
|
Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.
My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).
This move should block a lot of bots (At leas the not customizable ones).
I will study how to do this...
Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works. I will make a tutorial on this post as soon as I get home from work. Hi, watch this, feel me good, only would have to adapt it. http://jsfiddle.net/Ztq83/Someone who knows how to do it please Yes. It seems good. But you should implement this making the field mandatory to the submit button. I need to study how to do this yet. Recently I implemented a second simple captcha in my faucet but It just works to hide the claim button. Solving the captcha the claim button is shown. However if the scammer uses a bot that send automatic commands like HTML POSTs and GETs, my second captcha should fail. I will take a look in the faucetbox script tomorrow... instead of hiding submit button disable it when captcha solved enable it. will it still fail ? can a bot post disabled button ?
|
| | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | .SCAMMERS. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ .EXPOSED. | | | | | | . ▄▄▄▄▄▄▄▄ | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | |
|
|
|
rkandrades
Sr. Member
Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
|
October 28, 2015, 04:52:42 PM |
|
Are you using the FaucetBox script in your faucet? I'm looking for a way to include more mandatory fields to claim.
My idea is to ask for the e-mail or for a second captcha solution> If the user don't put it, the FaucetBox will show that default message: Missing inputs (or something like this...).
This move should block a lot of bots (At leas the not customizable ones).
I will study how to do this...
Hey bud, I implemented this on my faucet. Let me know what you think. http://g-liu.com/blog/2013/08/walkthrough-captcha-php/. Check out my faucet to see how it works. I will make a tutorial on this post as soon as I get home from work. Hi, watch this, feel me good, only would have to adapt it. http://jsfiddle.net/Ztq83/Someone who knows how to do it please Yes. It seems good. But you should implement this making the field mandatory to the submit button. I need to study how to do this yet. Recently I implemented a second simple captcha in my faucet but It just works to hide the claim button. Solving the captcha the claim button is shown. However if the scammer uses a bot that send automatic commands like HTML POSTs and GETs, my second captcha should fail. I will take a look in the faucetbox script tomorrow... instead of hiding submit button disable it when captcha solved enable it. will it still fail ? can a bot post disabled button ? Yes. I'm doing this. The button born as disabled. Te problem is that a bot can set it to enabled using a java script since the button is being loaded in the client side (HTML). A button generated by PHP code should solve this problem. But the faucetbox script is a mix of PHP and HTML unfortunately.
|
|
|
|
minifrij
Legendary
Offline
Activity: 2352
Merit: 1268
In Memory of Zepher
|
|
October 28, 2015, 04:57:42 PM |
|
A button generated by PHP code should solve this problem. But the faucetbox script is a mix of PHP and HTML unfortunately.
A button generated by PHP? How do you plan to get this to work without using any HTML?
|
|
|
|
rkandrades
Sr. Member
Offline
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
|
|
October 28, 2015, 05:23:50 PM |
|
A button generated by PHP code should solve this problem. But the faucetbox script is a mix of PHP and HTML unfortunately.
A button generated by PHP? How do you plan to get this to work without using any HTML? Sorry... I said a miisleading thing. I am thinking about create the timer and the enable button fuction in PHP to replace javascript functions into the HTML, for example.
|
|
|
|
minifrij
Legendary
Offline
Activity: 2352
Merit: 1268
In Memory of Zepher
|
|
October 28, 2015, 05:56:04 PM |
|
Sorry... I said a miisleading thing.
I am thinking about create the timer and the enable button fuction in PHP to replace javascript functions into the HTML, for example.
I can see where you're coming from, but you cannot create things like timers in PHP. Since PHP is a server side language, it loads only once when the page first loads. If you would want to make a timer in PHP, you would have to somehow delay the loading of the page entirely. You could perhaps add some sort of verification on the PHP submit if you wanted. For example, create a PHP session variable of the time before the form, then compare it to the time after the submission of the form to be sure that it is at least your timer's length between asking for both pages. Something like this maybe: <?php //Before submission $_SESSION['preSubmissionTime'] = time();
//After submission //Captcha checks here if((time()-$_SESSION['preSubmissionTime']) >= 5){ //Assuming your timer is 5 seconds long //Pay the user }else{ die('You\'re submitting too fast'); } ?>
If you're going to do something like this though, I would suggest hiding the captcha as well as the claim button with the timer. This way, the user cannot solve the captcha and press enter before the claim button has been enabled, posting the form and making themselves look like a bot/a user cheating the system. I'm not sure how the above code would work in practice, though if you can see the logic behind it you could likely add it in yourself.
|
|
|
|
AlexAce420 (OP)
Member
Offline
Activity: 155
Merit: 10
|
|
October 28, 2015, 10:30:23 PM |
|
Finally winning the fight against bots! :') I have updated the original post with some helpful information.
|
|
|
|
minifrij
Legendary
Offline
Activity: 2352
Merit: 1268
In Memory of Zepher
|
|
October 28, 2015, 10:52:07 PM |
|
Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.
|
|
|
|
misterbit
|
|
October 28, 2015, 11:36:00 PM |
|
Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.
You're right, in the same article that is 2013 a young says of his weakness. Friend this not serve? do you know how to adapt it? http://jsfiddle.net/Ztq83/
|
|
|
|
AlexAce420 (OP)
Member
Offline
Activity: 155
Merit: 10
|
|
October 29, 2015, 12:06:04 AM |
|
Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.
In that case I'll have to make the numbers display as images, I'll update my tutorial once I do. Thanks for pointing out such a big flaw lol. You're right, in the same article that is 2013 a young says of his weakness. Friend this not serve? do you know how to adapt it? http://jsfiddle.net/Ztq83/So you want a confirmation dialog to appear before receiving the satoshi? Maybe I'll implement the math question on the popup?
|
|
|
|
misterbit
|
|
October 29, 2015, 12:34:15 AM |
|
Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.
In that case I'll have to make the numbers display as images, I'll update my tutorial once I do. Thanks for pointing out such a big flaw lol. You're right, in the same article that is 2013 a young says of his weakness. Friend this not serve? do you know how to adapt it? http://jsfiddle.net/Ztq83/So you want a confirmation dialog to appear before receiving the satoshi? Maybe I'll implement the math question on the popup? I don't know, I guess if he gives OK receives and if not then not. I have not much idea about the mechanism of the bots
|
|
|
|
FaucetRank.com
|
|
October 29, 2015, 01:45:29 AM |
|
Hey guys got an idea Instead of using anti bot links if you create a new captcha like click identical image. many Ptc site have this captcha.
|
| | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | .SCAMMERS. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ .EXPOSED. | | | | | | . ▄▄▄▄▄▄▄▄ | | | ████ █ ████ █ ████ █ ████ █ ████ █ █ ████ █ █ ████ █ █ ████ █ █ ████ █ ████ █ ████ █ ████ █ ████ | | | |
|
|
|
AlexAce420 (OP)
Member
Offline
Activity: 155
Merit: 10
|
|
October 29, 2015, 01:58:16 AM |
|
Just saying, if you're displaying the maths problems in plain text it is very easy for bots to get around. There's a reason that captchas are images of text rather than the plain words, similar to this. While bots can read images, it makes their life a lot harder if they are.
Check out my faucet now, I'm using a image instead of text. Is that better?
|
|
|
|
minifrij
Legendary
Offline
Activity: 2352
Merit: 1268
In Memory of Zepher
|
|
October 29, 2015, 02:17:47 AM |
|
Check out my faucet now, I'm using a image instead of text. Is that better?
If your faucet is bit-essence.com, I get a 403 Forbidden error trying to access.
|
|
|
|
|