Bitcoin Forum
November 08, 2024, 01:47:21 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 »  All
  Print  
Author Topic: XAPO Script - Hacked  (Read 6090 times)
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 24, 2016, 06:24:12 PM
 #41

for proxies you can add this

Code:
# Block Proxy

RewriteCond %{HTTP:X_HTTP_BRAZIL_FORWARdEd_FOR} !^$ [OR]
<snip>


but i dont use this because i use a proxie for my internet service

This kicked me instant out .. without using a proxy .. but a lot of faucets dont let me in .. because of tor/proxy/vpn using .. if i go to http://whatismyipaddress.com/proxy-check all i green  (proxy not detectet) Grin
so this dectection is i dont now the right english words for it .. useless ?
instead of using the htacces for proxies i added this to the index file because i dont claim but i go to the site

Code:
//We do not allow proxy here
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("It would apprear you're using a proxy, so please, go fuck yourself!");

function checkProxy($ip){
$contactEmail="EMAIL";
$timeout=3;
$banOnProability=0.99;

$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");
$response=curl_exec($ch);

curl_close($ch);


if ($response > $banOnProability) {
return true;
} else {
if ($response < 0 || strcmp($response, "") == 0 ) {
//The server returned an error, you might want to do something
//like write to a log file or email yourself
//This could be true due to an invalid input or you've exceeded
//the number of allowed queries. Figure out why this is happening
//because you aren't protected by the system anymore
//Leaving this section blank is dangerous because you assume
//that you're still protected, which is incorrect
//and you might think GetIPIntel isn't accurate anymore
//which is also incorrect.
//failure to implement error handling is bad for the both of us
}
return false;
}
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy($ip)) {
$view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Bots not allowed !! If you are not a bot and not on a proxy, i still cant help you !</p></div></div>';
    $message                     = "Proxy";
    goto error;
}
 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
{
  $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Bots not allowed !! If you are not a bot and not on a proxy, i still cant help you !</p></div></div>';
    $message                     = "Proxy";
    goto error;
  }
  $q = $sql->prepare("select * from users where LOWER(username) = LOWER(?) or ip = ? order by claimed_at desc");
  $q->execute(array($username,$ip));
  $row = $q->fetch();
  //timer check
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 24, 2016, 06:26:34 PM
 #42

I believe they are using tor to get around the timer.. this blocks all tor nodes.

Create a file named .htaccess if you haven't already and add this code

Code:
<Files 403.shtml>
order allow,deny
allow from all
</Files>









What does this option do please ? .. i have asked google because i don't known this .. but can't find a good answer

This blocks all tor addresses but you cut off the addresses
5ub_zer0 (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
July 24, 2016, 06:39:31 PM
 #43

I am banned at http://check.getipintel.net/ to mutch requests .. i was in contact with this guy .. he told me i can make a custom tarif but .. lol .. seriously???  i give satohis away .. the advertising payment never covered this .. and than a damn **** steals satoshi and i should pay for this useless proxycheck ?
5ub_zer0 (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
July 24, 2016, 06:42:20 PM
 #44


Code:
<Files 403.shtml>
order allow,deny
allow from all
</Files>



This blocks all tor addresses but you cut off the addresses

i know deny and so on options - so i cut it off because i would only know what this option means 
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 24, 2016, 06:45:37 PM
 #45


Code:
<Files 403.shtml>
order allow,deny
allow from all
</Files>



This blocks all tor addresses but you cut off the addresses

i know deny and so on options - so i cut it off because i would only know what this option means  
well it allows all to go to page and denys from the ip you list

look here  http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 24, 2016, 06:48:15 PM
 #46

I am banned at http://check.getipintel.net/ to mutch requests .. i was in contact with this guy .. he told me i can make a custom tarif but .. lol .. seriously???  i give satohis away .. the advertising payment never covered this .. and than a damn **** steals satoshi and i should pay for this useless proxycheck ?
  you should try the code i left  and put your faucet back up
viralalert
Full Member
***
Offline Offline

Activity: 266
Merit: 100


View Profile WWW
July 24, 2016, 07:23:39 PM
 #47

Gifted, all the codes you posted are already implemented on my site before you even post it. It's not your own code, you just get it somewhere else. I thought the codes you are about to share are from yours. Sad . I think I wasted my time waiting for your codes as it was already implemented on my site Sad.
Ratnet
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 24, 2016, 08:13:45 PM
 #48

I am banned at http://check.getipintel.net/ to mutch requests .. i was in contact with this guy .. he told me i can make a custom tarif but .. lol .. seriously???  i give satohis away .. the advertising payment never covered this .. and than a damn **** steals satoshi and i should pay for this useless proxycheck ?

In order to not get banned from IPGetIntel you should make some kind of "cache" (store in db) of the result returned from them and not to make a request again if you already made one for an IP in the past (some amount of time).

I have 3 faucets with one email on IPGetIntel and never had any problem.

Cheers!
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 24, 2016, 08:55:52 PM
Last edit: July 25, 2016, 04:43:47 PM by Gifted
 #49

Gifted, all the codes you posted are already implemented on my site before you even post it. It's not your own code, you just get it somewhere else. I thought the codes you are about to share are from yours. Sad . I think I wasted my time waiting for your codes as it was already implemented on my site Sad.
so your saying you have all the tor nodes ip's in htaccess?? and i did make the htaccess  Roll Eyes  feel free to help too !!!!
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 24, 2016, 08:58:06 PM
 #50

I am banned at http://check.getipintel.net/ to mutch requests .. i was in contact with this guy .. he told me i can make a custom tarif but .. lol .. seriously???  i give satohis away .. the advertising payment never covered this .. and than a damn **** steals satoshi and i should pay for this useless proxycheck ?

In order to not get banned from IPGetIntel you should make some kind of "cache" (store in db) of the result returned from them and not to make a request again if you already made one for an IP in the past (some amount of time).

I have 3 faucets with one email on IPGetIntel and never had any problem.

Cheers!
so your saying cal an array of somekind???
zenitzz
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


View Profile
July 25, 2016, 01:29:52 AM
 #51

My Xapo-Faucet faucet.today got attaked .. as you can see in the list below .. my 30min timer is useless :-) ..

Here is my statement of account:
https://xapofau.xyz/wp-content/uploads/2016/07/Personal-Wallet_2016-07-21.csv

Be careful all with the same script ...
Yes now it's too bad for anyone who wants to have a faucet sites will suffer an attack of bots to make up for losses, if that attacked from bot so not a problem with a script.
FaucetRank.com
Hero Member
*****
Offline Offline

Activity: 868
Merit: 500



View Profile WWW
July 25, 2016, 01:35:27 AM
 #52

My Xapo-Faucet faucet.today got attaked .. as you can see in the list below .. my 30min timer is useless :-) ..

Here is my statement of account:
https://xapofau.xyz/wp-content/uploads/2016/07/Personal-Wallet_2016-07-21.csv

Be careful all with the same script ...
Yes now it's too bad for anyone who wants to have a faucet sites will suffer an attack of bots to make up for losses, if that attacked from bot so not a problem with a script.

It doesn't seem a bot attack because user is using different emails and I think he is manually doing this but little bit faster.
His all emails should be banned and than his game over.

  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
  .SCAMMERS.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
  .EXPOSED.
.
▄▄▄▄▄▄▄▄
  ████
█ ████
█ ████
█ ████
█ ████ █
█ ████ █
█ ████ █
█ ████ █
█ ████ █
  ████ █
  ████ █
  ████ █
  ████
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 25, 2016, 11:04:38 AM
 #53

My Xapo-Faucet faucet.today got attaked .. as you can see in the list below .. my 30min timer is useless :-) ..

Here is my statement of account:
https://xapofau.xyz/wp-content/uploads/2016/07/Personal-Wallet_2016-07-21.csv

Be careful all with the same script ...
Yes now it's too bad for anyone who wants to have a faucet sites will suffer an attack of bots to make up for losses, if that attacked from bot so not a problem with a script.

It doesn't seem a bot attack because user is using different emails and I think he is manually doing this but little bit faster.
His all emails should be banned and than his game over.
i agree with you its done manual. this is why i think hes using TOR and this is why i updated the TOR IP'S in the .htaccess    so far it might be working.



here my thought... with vpn or proxie you can own so many but with TOR there is over 3000 of them so Blocking TOR is the solution
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 25, 2016, 11:24:00 AM
 #54

Ok, so that didn't work ! I will be personally building a login and extra CAPTCHA for the Script and putting together a ready download. This will take a few days or a week because i have a day job that takes a lot out of me, so i will work a few hours a day with it and when i'm done i will post the improved Xapo Script.
alfaboy23
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
July 25, 2016, 01:59:11 PM
 #55

These known Xapo faucets are also using the same script as Gifted's:

www.aliensbitcoin.eu
www.animalscoin.eu
www.freebtc.kz
www.gentlebitcoin.eu
www.goldcoinjar.com
www.ilovebtc.eu
www.jupiterbitcoin.com
www.onoxvo.es
www.pandabitcoin.eu
www.storesxbox.es
www.sunbitcoin.com
www.whalebitcoin.in
www.xapobtc.com

Althought they used the same script, most of them modified the script. I wonder if they also experienced the same attack?
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 25, 2016, 04:42:40 PM
 #56

These known Xapo faucets are also using the same script as Gifted's:

www.aliensbitcoin.eu
www.animalscoin.eu
www.freebtc.kz
www.gentlebitcoin.eu
www.goldcoinjar.com
www.ilovebtc.eu
www.jupiterbitcoin.com
www.onoxvo.es
www.pandabitcoin.eu
www.storesxbox.es
www.sunbitcoin.com
www.whalebitcoin.in
www.xapobtc.com

Althought they used the same script, most of them modified the script. I wonder if they also experienced the same attack?
ok, so i figured out that the timer only applies to the ip not the email or btc address... this is the mistake "its needs both"
dibon
Member
**
Offline Offline

Activity: 64
Merit: 10


View Profile WWW
July 26, 2016, 07:54:14 AM
 #57

Hey guys,
Im using different script which checks IPs & emails also, but....
Im getting drained by people with multi accounts (that is sure) and some bots may be too.

They found a method for creating multiple accounts. This is how it works:

1. create temporary email
2. go to textnow.com and create virtual phone number (for free!)
3. create another xapo account veryfing it using these fake emails and phones
4. join all your accounts so they can be operated from one xapo account
5. use proxies, vpns

As I can see in my phpmyadmin there is a lot of people that have 5-8 accounts. Even with the same login just in different provider (mostly from RU and UA).
But there is also A LOT (!!!!) of accounts like tyejsalinjet1988@yandex.ru, webcokoku1985@yandex.ru etc.. Random letters and year...

So what can we do?!?!

At this moment I turned on another captcha verification for those countries in Cloud Flare. But it did not stopped some of them..

http://hotcoins.cf - Free Bitcoins every 10 minutes, Jackpots, Bonuses.
dibon
Member
**
Offline Offline

Activity: 64
Merit: 10


View Profile WWW
July 26, 2016, 09:15:34 AM
 #58

Sorry guys from yandex.ru, you will not be able to payout from my faucet.
Also there is a huge problem with determining proxy when you are behind cloudflare, so I decided to turn it off and check for proxies..
We will see if that helps.

http://hotcoins.cf - Free Bitcoins every 10 minutes, Jackpots, Bonuses.
alfaboy23
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
July 26, 2016, 12:45:27 PM
 #59

Sorry guys from yandex.ru, you will not be able to payout from my faucet.
Also there is a huge problem with determining proxy when you are behind cloudflare, so I decided to turn it off and check for proxies..
We will see if that helps.

After the last attack on my faucet, aside from Ind0n3s!a, I also block most IP's that is using yandex.ru, and most of them are in Ru5s!a, but some of them are using non-Ru5s!an IP.
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 26, 2016, 03:58:15 PM
Last edit: July 26, 2016, 04:25:59 PM by Gifted
 #60

So even if i built a login and timed by emails and ips it still would have no effect... The best thing i can think of is blocking the whole country

Block Russia like this in .htaccess  https://www.countryipblocks.net/deny_russia.txt
Pages: « 1 2 [3] 4 5 6 7 8 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!