Bitcoin Forum
June 24, 2024, 01:50:42 AM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: These fucking bots!!  (Read 2292 times)
sabotag3x
Legendary
*
Offline Offline

Activity: 2548
Merit: 2180


Crypto Swap Exchange


View Profile
June 23, 2016, 05:15:30 AM
 #41

Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...

Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register Smiley thank you
IMO, implementing a registration system is no problem if the payment method of the faucet is via FaucetBox or Direct to wallet address.
But for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid.
So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.

I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/
system block users automatically when a user solve wrong captcha 5 times .

this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script .




it works? because captchas on bots are solved by real humans(manually input or by other people wich are pay for do this.. sites like 2captcha etc)
so the probability to solve or not, its the same

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
FaucetRank.com
Hero Member
*****
Offline Offline

Activity: 868
Merit: 500



View Profile WWW
June 23, 2016, 09:56:02 AM
 #42

Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...

Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register Smiley thank you
IMO, implementing a registration system is no problem if the payment method of the faucet is via FaucetBox or Direct to wallet address.
But for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid.
So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.

I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/
system block users automatically when a user solve wrong captcha 5 times .

this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script .




it works? because captchas on bots are solved by real humans(manually input or by other people wich are pay for do this.. sites like 2captcha etc)
so the probability to solve or not, its the same
Real human solve captcha but when they make few mistakethey'll get banned for forever .

I can also trake who is using proxy and if i detect manuly that someone is abusing faucet i block him manuly .

  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
  .SCAMMERS.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
  .EXPOSED.
.
▄▄▄▄▄▄▄▄
  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
Gifted (OP)
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
June 23, 2016, 10:34:11 AM
 #43

Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot.

How can the same email address be allowed to make claims so frequently? This seems like a bug in the scripts you are using
because there  is no log in
Daffadile
Hero Member
*****
Offline Offline

Activity: 1162
Merit: 500

CryptoTalk.Org - Get Paid for every Post!


View Profile WWW
June 23, 2016, 04:39:43 PM
 #44

This is the one who's draining mine:





My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!  Angry


Huh !?

But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit AirDrop $.|.Get 700 YoDollars for Free!.🏆
Kprawn
Legendary
*
Offline Offline

Activity: 1904
Merit: 1074


View Profile
June 23, 2016, 05:56:28 PM
 #45

This is the one who's draining mine:





My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!  Angry


Huh !?

But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!


I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email

addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have

to stop withdrawals to counter this... until the exploit could be stopped.  Roll Eyes

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
zenitzz
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


View Profile
June 23, 2016, 06:12:06 PM
 #46

Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
I also have experienced similar incidents to attack bot so I shut down the site because of a loss of my faucet sites. I heard there were some there are some scripts that can prevent your site from attack bot but the price are quite expensive. now i change to create faucet rotator to get back my lost because attacked by bot.
howtoforall
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile WWW
June 23, 2016, 08:20:18 PM
 #47

what if... you just put a shortener webscript on your page.
Like adfly or shorte.st.
in this cause you have... a framebreaker, a need to click skip ad button, a adblock check and some cpm income


I have send a mail to adfly and i did get a respond that i am allowed to use it for a faucet. (what did surprise me)
i am thinking of starting a faucet-in-the-box . Not for the money alone, but for advertising my blog to.'

The downside, you can't advertisethe faucet on ptc and TE
Gifted (OP)
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
June 23, 2016, 09:14:24 PM
 #48

This is the one who's draining mine:





My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!  Angry


Huh !?

But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!


I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email

addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have

to stop withdrawals to counter this... until the exploit could be stopped.  Roll Eyes
hes opening 10 vpn accounts at once and claiming all at once with a bot  thats how
alfaboy23
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
June 24, 2016, 12:26:20 AM
 #49

-snip-

I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email

addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have

to stop withdrawals to counter this... until the exploit could be stopped.  Roll Eyes
hes opening 10 vpn accounts at once and claiming all at once with a bot  thats how
Tha VPN trick is known, but how he can claim more than the maximum amount configured on my faucet is my big question. My faucet's maximum reward is 700 that day, but he can get 1,000 to 10,000. I have 3 theories 1) SQL injection, 2) Xapo API hole or vulnerabilities, 3) the faucet script has vulnerabilities.
Gifted (OP)
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
June 24, 2016, 01:27:52 AM
 #50

-snip-

I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email

addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have

to stop withdrawals to counter this... until the exploit could be stopped.  Roll Eyes
hes opening 10 vpn accounts at once and claiming all at once with a bot  thats how
Tha VPN trick is known, but how he can claim more than the maximum amount configured on my faucet is my big question. My faucet's maximum reward is 700 that day, but he can get 1,000 to 10,000. I have 3 theories 1) SQL injection, 2) Xapo API hole or vulnerabilities, 3) the faucet script has vulnerabilities.
if its the faucet scrip admin he would have got it all and he might have an old cache from you on his browser
coinzat
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


Young but I'm not that bold


View Profile
June 24, 2016, 01:35:01 AM
 #51

AFAIK captchas can stop bots from claiming in faucets. So you need a strong captcha system like solve media . it gives very difficult captcha for the known spaming IPs and proxies
btc junkie
Sr. Member
****
Offline Offline

Activity: 265
Merit: 250


View Profile
June 24, 2016, 02:07:30 AM
 #52

AFAIK captchas can stop bots from claiming in faucets. So you need a strong captcha system like solve media . it gives very difficult captcha for the known spaming IPs and proxies

solve media allows typos and still passes the answer. Also, many of the captchas are being solved by humans by use of sites like 2captcha
Swagtoshi
Full Member
***
Offline Offline

Activity: 261
Merit: 102


View Profile
June 24, 2016, 02:09:50 AM
 #53

Is your php secure?
alfaboy23
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
June 24, 2016, 02:53:39 AM
 #54

Is your php secure?
I have a very little knowledge in PHP but I'm an easy-learner, and since I'm using just a known xapo faucet script and not updated since 2015, I think it is not secure.
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!