sabotag3x
Legendary
Offline
Activity: 2632
Merit: 2252
Crypto Swap Exchange
|
|
August 04, 2016, 09:21:11 AM |
|
says im on a proxie and im not Yeap, other user tell me the same thing, I'm trying to fix it.. With this code I'm blocking everyone <?PHP IF(ISSET($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){ DIE("Proxy servers not allowed."); } $proxy_headers = ARRAY( 'HTTP_VIA', 'HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_FORWARDED_FOR_IP', 'VIA', 'X_FORWARDED_FOR', 'FORWARDED_FOR', 'X_FORWARDED', 'FORWARDED', 'CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION' ); FOREACH($proxy_headers AS $x){ IF (ISSET($_SERVER[$x])) DIE("You are using a proxy."); EXIT; } ?>
and with other script, any proxy can enter on the faucet.. well.. I go to sleep and try again tomorrow
|
|
|
|
Gifted
|
|
August 04, 2016, 09:23:25 AM |
|
@Gifted thank you for your amazing script, i ear about security problem of your code.. if you want i can help to fix the problems.
what can you do?? @babo improve your script, for work im a real frontenders fullstack.. im working with javascript but i also know php Sure take a look https://github.com/destinybogan/Faucet-Builder/archive/master.zip
I think it needs some kind of better admin for banning ip's and seeing whos been claiming, also better security for multi claiming with proxies vpn etc. maybe a timer for button to get better bounce rate
Feel free to give it a shot @Gifted, I know I don't contribute much to this topic other than stirring things up. I was looking at some backend app's that can actually steal the information and download it into CSV files and they can program their Bot to work. I am wondering if you have looked into ( iMacros ) for Chrome and Firefox as I just got them to see if they can in anyway effect your Script. Not sure how to use them but adding them and the Free Proxy List from Chrome it may be possible for them to find backdoors. Again I am new to this and am trying to fully understand the script so i can use it. iMacros for Chrome #1: Free Proxy List for Chrome: iMacros for Firefox #1: iMacros for Firefox #2: yes, this is very possible to use you can read more about it here. its very usefull gambling but could maybe be used in faucets http://www.howtogeek.com/113789/how-to-automate-repetitive-web-browser-tasks-with-imacros/
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 04, 2016, 09:24:55 AM |
|
When I go there it just tells me that I am using a Proxy. And nothing else. But I am looking into the source page for it right now and this is what I am seeing on it under properties. body aLink:"" accessKey:"" attributes:NamedNodeMap background:"" baseURI:" http://www.bitcoinamerica.com.br/faucet/" bgColor:"" childElementCount:0 childNodes:NodeList[1] children:HTMLCollection[0] classList:DOMTokenList[0] className:"" clientHeight:775 clientLeft:0 clientTop:0 clientWidth:1042 contentEditable:"inherit" dataset:DOMStringMap dir:"" draggable:false firstChild:text firstElementChild:null hidden:false id:"" innerHTML:"You are using a proxy!" innerText:"You are using a proxy!" isConnected:true isContentEditable:false lang:"" lastChild:text lastElementChild:null link:"" localName:"body" namespaceURI:" http://www.w3.org/1999/xhtml" nextElementSibling:null nextSibling:null nodeName:"BODY" nodeType:1 nodeValue:null offsetHeight:759 offsetLeft:0 offsetParent:null offsetTop:0 offsetWidth:1026 onabort:null onbeforecopy:null onbeforecut:null onbeforepaste:null onbeforeunload:null onblur:null oncancel:null oncanplay:null oncanplaythrough:null onchange:null onclick:null onclose:null oncontextmenu:null oncopy:null oncuechange:null oncut:null ondblclick:null ondrag:null ondragend:null ondragenter:null ondragleave:null ondragover:null ondragstart:null ondrop:null ondurationchange:null onemptied:null onended:null onerror:null onfocus:null onhashchange:null oninput:null oninvalid:null onkeydown:null onkeypress:null onkeyup:null onlanguagechange:null onload:null onloadeddata:null onloadedmetadata:null onloadstart:null onmessage:null onmousedown:null onmouseenter:null onmouseleave:null onmousemove:null onmouseout:null onmouseover:null onmouseup:null onmousewheel:null onoffline:null ononline:null onpagehide:null onpageshow:null onpaste:null onpause:null onplay:null onplaying:null onpopstate:null onprogress:null onratechange:null onrejectionhandled:null onreset:null onresize:null onscroll:null onsearch:null onseeked:null onseeking:null onselect:null onselectstart:null onshow:null onstalled:null onstorage:null onsubmit:null onsuspend:null ontimeupdate:null ontoggle:null onunhandledrejection:null onunload:null onvolumechange:null onwaiting:null onwebkitfullscreenchange:null onwebkitfullscreenerror:null onwheel:null outerHTML:"<body>You are using a proxy!</body>" outerText:"You are using a proxy!" ownerDocument:document parentElement:html parentNode:html prefix:null previousElementSibling:head previousSibling:head scrollHeight:775 scrollLeft:0 scrollTop:0 scrollWidth:1042 shadowRoot:null spellcheck:true style:CSSStyleDeclaration tabIndex:-1 tagName:"BODY" text:"" textContent:"You are using a proxy!" title:"" translate:true vLink:"" webkitdropzone:"" __proto__:HTMLBodyElement
|
|
|
|
Gifted
|
|
August 04, 2016, 09:28:47 AM |
|
@viralalert: its working for your page
|
|
|
|
Gifted
|
|
August 04, 2016, 09:32:19 AM |
|
Thanks for bringing up the imacros thing...i just found another security problem but i dont want to share here untill its fixed
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 04, 2016, 09:38:00 AM |
|
Where would he allow proxy servers at now that he has disabled them completey.
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 04, 2016, 09:48:35 AM |
|
Thanks for bringing up the imacros thing...i just found another security problem but i dont want to share here untill its fixed
@Gifted have you considered trying out the Sandboxie Software. And asking if it can be incorporated into the script? http://www.sandboxie.com/I am just asking cause on one of my Wordpress sites I setup Woocommerce and conected it to Paypal Gateway. And I had to set it up using Sandboxie Software to make it Secure.
|
|
|
|
babo
Legendary
Offline
Activity: 3710
Merit: 4356
tupi tupi tapa tapa ciupi ciupi ciapa ciapa
|
|
August 04, 2016, 06:25:09 PM |
|
@Gifted thank you for your amazing script, i ear about security problem of your code.. if you want i can help to fix the problems.
what can you do?? @babo improve your script, for work im a real frontenders fullstack.. im working with javascript but i also know php Sure take a look https://github.com/destinybogan/Faucet-Builder/archive/master.zip
I think it needs some kind of better admin for banning ip's and seeing whos been claiming, also better security for multi claiming with proxies vpn etc. maybe a timer for button to get better bounce rate
Feel free to give it a shot ok gifted, in holidays i try to improve admin panel, in specific way ip banning admin panel page
|
|
|
|
Gifted
|
|
August 04, 2016, 07:25:41 PM |
|
@Gifted thank you for your amazing script, i ear about security problem of your code.. if you want i can help to fix the problems.
what can you do?? @babo improve your script, for work im a real frontenders fullstack.. im working with javascript but i also know php Sure take a look https://github.com/destinybogan/Faucet-Builder/archive/master.zip
I think it needs some kind of better admin for banning ip's and seeing whos been claiming, also better security for multi claiming with proxies vpn etc. maybe a timer for button to get better bounce rate
Feel free to give it a shot ok gifted, in holidays i try to improve admin panel, in specific way ip banning admin panel page great, would love to see what you add
|
|
|
|
Gifted
|
|
August 04, 2016, 08:08:55 PM |
|
Ok guys, there is another hack that can be fixed by replacing this code in your index.php file not the one in style. find this code if($response->success){ $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>'; $url = get_main_url()."?r=".$username; $view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>'; and replace with thisif($response->success){ header('Refresh: 30;url=[b]change to your faucets url[/b]'); $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>'; $url = get_main_url()."?r=".$username; $view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';
This redirects back to your page after 30 seconds so that the captcha resets so that a imacro program cannot be programmed to just refresh and get credit every hour when they are sleeping. i would suggest do this immediately! Make sure you put your faucet address where is says change to your faucet url.
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 04, 2016, 09:24:52 PM |
|
Ok guys, there is another hack that can be fixed by replacing this code in your index.php file not the one in style. find this code if($response->success){ $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>'; $url = get_main_url()."?r=".$username; $view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>'; and replace with thisif($response->success){ header('Refresh: 30;url=[b]change to your faucets url[/b]'); $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>'; $url = get_main_url()."?r=".$username; $view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';
This redirects back to your page after 30 seconds so that the captcha resets so that a imacro program cannot be programmed to just refresh and get credit every hour when they are sleeping. i would suggest do this immediately! Make sure you put your faucet address where is says change to your faucet url. @Gifted would it not be better if we wait til you have made a full new version with all the changes in it. As if we keep changing the code to what comes next seems alot of extra work on you also. Call them v1.1 and use the new v1.2 so we know it is the updated version. Example: Yesterdays security updates v1.1 Todays security update v1.2 And every update could have ( v ) attached to it. Would it not seem better if you made the change and then just updated the name of the change. In the description you can tell or explain what is updated. How much you want to bet that hackers read these post and see the code change and are already looking for counter measures to it. Personally I would think posting code that fixes a security measure should not be posted and kept inside your files so no one seems it. The only way they can get the fix is by downloading the newest Version in a update. Just my thoughts
|
|
|
|
Gifted
|
|
August 04, 2016, 09:27:52 PM |
|
The patch is in php server side they cant have access and this needs to be fixed right away . i can see your point but a lot of people downloaded my script and they need to know now. i started a security patch thread already
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 04, 2016, 09:36:12 PM |
|
The patch is in php server side they cant have access and this needs to be fixed right away . i can see your point but a lot of people downloaded my script and they need to know now. i started a security patch thread already
Yes sir you are 100% correct about them needing to know right now to close these backdoors. Do you have a problem with hosting a private membership section for those that do use your code for their website. One that would allow them access to a secure site where only they can have access to your details. Most people may not worry about where or how they got the script to use on a faucet. Like I can a S2Membership plugin on wordpress that only allows members if I approve them. And it is hard to get into it since i verify that they are who they say they are. And yours could be adapted to verifying that they use your script and it come from you if they wish to get details from the updates. More like a private support for your script since you modified and made it secure now.
|
|
|
|
Gifted
|
|
August 04, 2016, 10:08:00 PM |
|
The patch is in php server side they cant have access and this needs to be fixed right away . i can see your point but a lot of people downloaded my script and they need to know now. i started a security patch thread already
Yes sir you are 100% correct about them needing to know right now to close these backdoors. Do you have a problem with hosting a private membership section for those that do use your code for their website. One that would allow them access to a secure site where only they can have access to your details. Most people may not worry about where or how they got the script to use on a faucet. Like I can a S2Membership plugin on wordpress that only allows members if I approve them. And it is hard to get into it since i verify that they are who they say they are. And yours could be adapted to verifying that they use your script and it come from you if they wish to get details from the updates. More like a private support for your script since you modified and made it secure now. Im just giving immediate patches at the moment the rest of the updates will be in the download when im finished
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 04, 2016, 10:57:19 PM |
|
@Gifted,
I do apologize for pushing so hard. And I apologize for my impatience, as I understand your position and wanting to help others protect their sites and incomes from this script. I can not only be an idiot but also a pushy idiot.
My Apologies.....
ardodd
|
|
|
|
Gifted
|
|
August 04, 2016, 11:03:09 PM |
|
@Gifted,
I do apologize for pushing so hard. And I apologize for my impatience, as I understand your position and wanting to help others protect their sites and incomes from this script. I can not only be an idiot but also a pushy idiot.
My Apologies.....
ardodd
no, it was a good idea ...so dont worry
|
|
|
|
alfaboy23
|
|
August 05, 2016, 12:39:44 AM |
|
says im on a proxie and im not Yeap, other user tell me the same thing, I'm trying to fix it.. With this code I'm blocking everyone <?PHP IF(ISSET($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){ DIE("Proxy servers not allowed."); } $proxy_headers = ARRAY( 'HTTP_VIA', 'HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_FORWARDED_FOR_IP', 'VIA', 'X_FORWARDED_FOR', 'FORWARDED_FOR', 'X_FORWARDED', 'FORWARDED', 'CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION' ); FOREACH($proxy_headers AS $x){ IF (ISSET($_SERVER[$x])) DIE("You are using a proxy."); EXIT; } ?>
and with other script, any proxy can enter on the faucet.. well.. I go to sleep and try again tomorrow I'll try to help. That proxy header from that code, try to put that in in your .htaccess file, then instead of that PHP code, try this and put it above <!DOCTYPE html> in your template public_html/yourfaucet/style/template/index.php: Like this: <?php if( @fsockopen( $_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1 ) ) { echo "<h2 align=center>It appears that you are using a PROXY, please BE FAIR! </h2>"; exit; } ?>
<!DOCTYPE html>
Then test it in boomproxy, then after accessing your site in boomproxy click the clear cookies link and see if proxy blocking is successful. It should result like this: Hope that helps even a little.
|
|
|
|
sabotag3x
Legendary
Offline
Activity: 2632
Merit: 2252
Crypto Swap Exchange
|
|
August 05, 2016, 01:03:45 AM Last edit: July 24, 2023, 07:01:01 AM by sabotag3x |
|
says im on a proxie and im not Yeap, other user tell me the same thing, I'm trying to fix it.. With this code I'm blocking everyone <?PHP IF(ISSET($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){ DIE("Proxy servers not allowed."); } $proxy_headers = ARRAY( 'HTTP_VIA', 'HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_FORWARDED_FOR_IP', 'VIA', 'X_FORWARDED_FOR', 'FORWARDED_FOR', 'X_FORWARDED', 'FORWARDED', 'CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION' ); FOREACH($proxy_headers AS $x){ IF (ISSET($_SERVER[$x])) DIE("You are using a proxy."); EXIT; } ?>
and with other script, any proxy can enter on the faucet.. well.. I go to sleep and try again tomorrow I'll try to help. That proxy header from that code, try to put that in in your .htaccess file, then instead of that PHP code, try this and put it above <!DOCTYPE html> in your template public_html/yourfaucet/style/template/index.php: Like this: <?php if( @fsockopen( $_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1 ) ) { echo "<h2 align=center>It appears that you are using a PROXY, please BE FAIR! </h2>"; exit; } ?>
<!DOCTYPE html>
Then test it in boomproxy, then after accessing your site in boomproxy click the clear cookies link and see if proxy blocking is successful. It should result like this: Hope that helps even a little. Like a glove! (I think).. My IP is blacklisted on a lot of services so I can't test at all.. and I can't renew lol Thank you alfaboy! I think it's working http://www.bitcoinamerica.com.br/faucetanyone give me a feedback please
|
|
|
|
Gifted
|
|
August 05, 2016, 01:35:07 AM |
|
I have same thing but i still let them go to page just not claim.Security Patch V1.2 : Got to index.php in the main root and find this:$response = @file('http://verify.solvemedia.com/papi/verify?privatekey=' . $settings['solvemedia_verification_key'] . '&challenge=' . rawurlencode($captchaChallange) . '&response=' . rawurlencode($captchaResponse) . '&remoteip=' . $ip);
if (!isset($response[0]) || trim($response[0]) === 'false'){ $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Wrong captcha!</p></div></div>'; $message = "Wrong captcha"; } $q = $sql->prepare("select * from users where LOWER(username) = LOWER(?) or ip = ? order by claimed_at desc"); $q->execute(array($username,$ip)); $row = $q->fetch(); Put this code right underneath the one you find above: //We do not allow proxy here
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1)) { $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-danger"><p>Bots not allowed !! If you are not a bot and not on a proxy, i still cant help you !</p></div></div>'; $message = "Proxy"; goto error; } //end proxie check This will stop proxies if they try to claim and throw a message as you can see in the picture
|
|
|
|
alfaboy23
|
|
August 05, 2016, 02:24:49 AM |
|
IMHO, we should totally blockout bad ISP and do not show anything to the users with bad ISPs since it is giving bad traffic to the network ads.
|
|
|
|
|