sabotag3x
Legendary
 Offline
Activity: 2548
Merit: 2180
Crypto Swap Exchange
|
 |
June 23, 2016, 05:15:30 AM |
|
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register  thank you IMO, implementing a registration system is no problem if the payment method of the faucet is via FaucetBox or Direct to wallet address. But for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid. So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system. I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/system block users automatically when a user solve wrong captcha 5 times . this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script . it works? because captchas on bots are solved by real humans(manually input or by other people wich are pay for do this.. sites like 2captcha etc) so the probability to solve or not, its the same |
|
|
|
|
FaucetRank.com
|
|
June 23, 2016, 09:56:02 AM |
|
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register thank you IMO, implementing a registration system is no problem if the payment method of the faucet is via FaucetBox or Direct to wallet address. But for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid. So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system. I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/system block users automatically when a user solve wrong captcha 5 times . this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script . it works? because captchas on bots are solved by real humans(manually input or by other people wich are pay for do this.. sites like 2captcha etc) so the probability to solve or not, its the same Real human solve captcha but when they make few mistakethey'll get banned for forever . I can also trake who is using proxy and if i detect manuly that someone is abusing faucet i block him manuly . |
| | | ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
████ █
████ █
████ █
████ | | | | | | ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
████ █
████ █
████ █
████ | | | .SCAMMERS.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
.EXPOSED. | | | | | | .
▄▄▄▄▄▄▄▄ | | | ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
████ █
████ █
████ █
████ | | | |
|
|
|
|
Gifted (OP)
|
|
June 23, 2016, 10:34:11 AM |
|
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot. How can the same email address be allowed to make claims so frequently? This seems like a bug in the scripts you are using because there is no log in |
|
|
|
|
|
Daffadile
|
|
June 23, 2016, 04:39:43 PM |
|
This is the one who's draining mine:   My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!  Huh !? But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !! |
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1074
|
|
June 23, 2016, 05:56:28 PM |
|
This is the one who's draining mine: My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute! Huh !? But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !! I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have to stop withdrawals to counter this... until the exploit could be stopped.  |
|
|
|
|
zenitzz
|
|
June 23, 2016, 06:12:06 PM |
|
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
I also have experienced similar incidents to attack bot so I shut down the site because of a loss of my faucet sites. I heard there were some there are some scripts that can prevent your site from attack bot but the price are quite expensive. now i change to create faucet rotator to get back my lost because attacked by bot. |
|
|
|
|
howtoforall
Newbie
Offline
Activity: 8
Merit: 0
|
|
June 23, 2016, 08:20:18 PM |
|
what if... you just put a shortener webscript on your page.
Like adfly or shorte.st.
in this cause you have... a framebreaker, a need to click skip ad button, a adblock check and some cpm income
I have send a mail to adfly and i did get a respond that i am allowed to use it for a faucet. (what did surprise me)
i am thinking of starting a faucet-in-the-box . Not for the money alone, but for advertising my blog to.'
The downside, you can't advertisethe faucet on ptc and TE
|
|
|
|
|
|
Gifted (OP)
|
|
June 23, 2016, 09:14:24 PM |
|
This is the one who's draining mine: My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute! Huh !? But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !! I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have to stop withdrawals to counter this... until the exploit could be stopped. hes opening 10 vpn accounts at once and claiming all at once with a bot thats how |
|
|
|
|
|
alfaboy23
|
|
June 24, 2016, 12:26:20 AM |
|
-snip-I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have to stop withdrawals to counter this... until the exploit could be stopped. hes opening 10 vpn accounts at once and claiming all at once with a bot thats how Tha VPN trick is known, but how he can claim more than the maximum amount configured on my faucet is my big question. My faucet's maximum reward is 700 that day, but he can get 1,000 to 10,000. I have 3 theories 1) SQL injection, 2) Xapo API hole or vulnerabilities, 3) the faucet script has vulnerabilities. |
|
|
|
|
|
Gifted (OP)
|
|
June 24, 2016, 01:27:52 AM |
|
-snip-I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have to stop withdrawals to counter this... until the exploit could be stopped. hes opening 10 vpn accounts at once and claiming all at once with a bot thats how Tha VPN trick is known, but how he can claim more than the maximum amount configured on my faucet is my big question. My faucet's maximum reward is 700 that day, but he can get 1,000 to 10,000. I have 3 theories 1) SQL injection, 2) Xapo API hole or vulnerabilities, 3) the faucet script has vulnerabilities. if its the faucet scrip admin he would have got it all and he might have an old cache from you on his browser |
|
|
|
|
coinzat
Sr. Member
Offline
Activity: 434
Merit: 250
Young but I'm not that bold
|
|
June 24, 2016, 01:35:01 AM |
|
AFAIK captchas can stop bots from claiming in faucets. So you need a strong captcha system like solve media . it gives very difficult captcha for the known spaming IPs and proxies
|
|
|
|
|
|
btc junkie
|
|
June 24, 2016, 02:07:30 AM |
|
AFAIK captchas can stop bots from claiming in faucets. So you need a strong captcha system like solve media . it gives very difficult captcha for the known spaming IPs and proxies
solve media allows typos and still passes the answer. Also, many of the captchas are being solved by humans by use of sites like 2captcha |
|
|
|
|
|
Swagtoshi
|
|
June 24, 2016, 02:09:50 AM |
|
Is your php secure?
|
|
|
|
|
|
alfaboy23
|
|
June 24, 2016, 02:53:39 AM |
|
Is your php secure?
I have a very little knowledge in PHP but I'm an easy-learner, and since I'm using just a known xapo faucet script and not updated since 2015, I think it is not secure. |
|
|
|
|
|
