Everything in this tutorial is being used on my faucet. Check it out
HERE to see it in action!
Step 1In the root directory of your server, there should be a file called .htaccess,
HERE'S WHAT MINE LOOKS LIKE Copy and paste it to yours.
This will block all the TOR relays/exit nodes from accessing your website. TOR is good to block because it's one of the main things people use to bypass your time limit. Just google "bypass faucet time limit" you will see that it's one of the ways people bypass your time limit.
To get an updated list of tor exit nodes visit
https://www.dan.me.uk/torlist/Here's a website to paste the IP's, it will generate the proper code for you.
http://www.htaccesstools.com/block-ips/
Step TwoIn your faucet template, ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php, place this code, anywhere in the <head> tag.
<?php
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("It would apprear you're using a proxy, so please, go fuck yourself!");
function checkProxy($ip){
$contactEmail="EMAIL";
$timeout=3;
$banOnProability=0.99;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");
$response=curl_exec($ch);
curl_close($ch);
if ($response > $banOnProability) {
return true;
} else {
if ($response < 0 || strcmp($response, "") == 0 ) {
//The server returned an error, you might want to do something
//like write to a log file or email yourself
//This could be true due to an invalid input or you've exceeded
//the number of allowed queries. Figure out why this is happening
//because you aren't protected by the system anymore
//Leaving this section blank is dangerous because you assume
//that you're still protected, which is incorrect
//and you might think GetIPIntel isn't accurate anymore
//which is also incorrect.
//failure to implement error handling is bad for the both of us
}
return false;
}
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy($ip)) {
echo "It would apprear you're using a proxy, so please, go fuck yourself! <br />";
}
?>
Here's a website to check if your faucet is still vulnerable.
http://boomproxy.com/
Step ThreeLog into funcaptcha, then click "site settings"
Scroll down and click on the little gear, underneath "setup".
Then scroll down to the "security" tab select "always enhanced". Click save, then wait 5-10 minutes. Your captcha will now be alot harder for bots to bypass.
Step FourIn step four we will be adding a simple math question displayed as an image as a second captcha. Faucet users cannot claim their satoshi until the math question is solved.
Download PHP captcha
HERE extract it and add the "captcha" folder to your root directory. If you don't trust that download you can find the original
HERE, it will require some configuring though.
Now open your template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) paste the following code at the very top line above <!DOCTYPE html>:
<?php session_start(); ?>
Paste the following code where you would like the equation to appear
<img id="captcha" src="/captcha/securimage_show.php" alt="CAPTCHA Image" />
<br>
<a href="#" onclick="document.getElementById('captcha').src = '/captcha/securimage_show.php?' + Math.random(); return false">[ New Problem ]</a>
<br>
<br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<br>
<br>
Now you need to create a PHP document. I use a program called Notepad++, however any text editor will work. Create a new document, then paste in the following code:
<?php>
include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue
// or you can use the following code if there is no validation or you do not know how
echo "I'm sorry but you have to answer the math question correctly!.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and use a caculator.";
exit;
}
?>
Keep the document open. Open your faucet index page, it will most likely be index.php in your ROOTDIRECTORY. (Not the template index.php) Now press CTRL+A and select everything and copy it. Go back to the document you were just making and paste it on the very bottom, underneath the ?> Now save the file as what ever you want, I called mine math.php.
Go back to your faucet template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) search for the following:
<form method="POST" class="form-horizontal" role="form">on that same line link your PHP file to it like so:
<form action="math.php" method="POST" class="form-horizontal" role="form">
Now you should have a working math eqution that users have to answer correctly before using your faucet.
I hope this helps other faucet owners, as it's terrible how bots think they can steal our valuable satoshis :3 You try and be nice, by giving people free bitcoins and they feel the need to exploit it.
