〖ⓉⓊⓉⓄⓇⒾⒶⓁ〗 Stop Bots + Proxies From Using Your Faucet

[BitcoinFX]

Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"  


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalk.org/index.php?topic=1094930.msg13184663#msg13184663

Good job OP for starting this thread!  

[pinger]

Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"  


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalk.org/index.php?topic=1094930.msg13184663#msg13184663

Good job OP for starting this thread!  

This can be useful for the site I was developing, thanks all of you people that create and collaborate in this thread.

[minifrij]

bro. a more in-depth explanation will be fine for me. if you do ,it will be appreciated by me thanx.

Sorry about the delay, something like this should work (on a default config). You obviously need the recaptcha keys, which you can find here.
Keep in mind that this will only work if you do not have recaptcha as a main captcha, and that recaptcha isn't the most secure in stopping bots. This code is also untested, so might need slight alterations.

templates/default/index.php - line 11 (in the <head> tag):

Code:

<script src='https://www.google.com/recaptcha/api.js'></script>

templates/default/index.php - line 175 (below the PHP which decides which captcha to use):

Code:

<div class="text-center">
      <div class="g-recaptcha" data-sitekey="SITE_KEY"></div>
</div>

index.php - line 2200 (under the PHP which determines if the main captcha was correct):

Code:

$data['captcha_valid_2'] = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=SECRET_KEY&response=' . $_POST['g-recaptcha-response']))->success;

index.php - line 2249:

Code:

 if (array_key_exists('address', $_POST) &&
           $data['captcha_valid'] &&
           $data['captcha_valid_2'] &&
           $data['enabled'] &&
           $data['eligible']
        ) {

With this it should say the normal error whenever you get the captcha wrong, though probably won't be special. It should work at least though.

[matt007]

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate , i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets

Best regards,

Mat

[pinger]

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate , i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets

Best regards,

Mat

That looks interesting, how is this configured? I mean about codecanyon safeguard pro.

[matt007]

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate , i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets

Best regards,

Mat

That looks interesting, how is this configured? I mean about codecanyon safeguard pro.

Yes, it looks good but i did not install it yet. I'm still in the process of choosing the best method. If i install Safeguard Pro, i'll get back to you with the details and follow up   It's a php script and it has good reviews and ratings...

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

[misterbit]

Ranges from Amazon if someone wants to block
https://ipinfo.io/AS14618

[pinger]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

[pinger]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.

OK, but I have no idea concerning the honeypot with 24 hours

[felicita]

can you show the code how you added the math question in a second frame 

can someone show me the code to open a frame in the same window to put there the math question ?

kind regrads

can someone show me the code to open a frame in the same window to put there the math question ?

[pinger]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.

OK, but I have no idea concerning the honeypot with 24 hours

https://stackoverflow.com/questions/6181513/setting-up-a-sql-injection-honeypot

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.

OK, but I have no idea concerning the honeypot with 24 hours

https://stackoverflow.com/questions/6181513/setting-up-a-sql-injection-honeypot

Thanks a lot

[Butord]

Hi,
The faucetbox script has Security tab where we can add list of IP addresses or IP networks in CIDR notation to ban and List of hostnames to ban. Is it the same as using .htaccess file? Thanks

[myrfaucets]

 

thank for the great info 

[creepland]

Hi,
The faucetbox script has Security tab where we can add list of IP addresses or IP networks in CIDR notation to ban and List of hostnames to ban. Is it the same as using .htaccess file? Thanks

I think it's probably is the same.

[FaucetRank.com]

Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"  


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalk.org/index.php?topic=1094930.msg13184663#msg13184663

Good job OP for starting this thread!  

This is helpful for me but I would like to be more soft for proxy users instead of banning them I'll show them a message that sorry proxy user can't claim free btc .

They will see this message when they solve captcha and hit submit button so this way proxy /Google bots are allowed to visit site but a proxy user trying to claim will get nothing except above message.

[misterbit]

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

Finally I do not recommend buying the script, programmer lies in features on separate ISP blocking also blocks fake attacks SQL with Bitcoin addresses and any url.