|
alfaboy23
|
 |
August 05, 2016, 08:54:05 AM |
|
-snip-Like a glove! (I think).. My IP is blacklisted on a lot of services so I can't test at all.. and I can't renew lol Thank you alfaboy! I think it's working http://www.bitcoinamerica.com.br/faucetanyone give me a feedback please No problemo  Anyway, your website says "Browser not supported". I'm using Firefox. Have you also block the Chrome? If this is about the plug-ins/add-ons, then we should think of other way to block just the plug-in/add-ons and not the browser. |
|
|
|
|
sabotag3x
Legendary
 Offline
Activity: 2548
Merit: 2180
Crypto Swap Exchange
|
|
August 05, 2016, 09:07:50 AM
Last edit: July 24, 2023, 07:00:38 AM by sabotag3x |
|
-snip-Like a glove! (I think).. My IP is blacklisted on a lot of services so I can't test at all.. and I can't renew lol Thank you alfaboy! I think it's working http://www.bitcoinamerica.com.br/faucetanyone give me a feedback please No problemo Anyway, your website says "Browser not supported". I'm using Firefox. Have you also block the Chrome? If this is about the plug-ins/add-ons, then we should think of other way to block just the plug-in/add-ons and not the browser. now this mesage comes and i cant acces -.- `? iam using firefox ?? Yeap, I got a lot of bot attack comming from Firefox, so I blocked it, sorry..  80%+ firefox access was bots.. don't know if it was the extensions(sql injection, proxys) or the bot use this plataform Yeap, I tried to find something to block extensions.. however I think it can't be done.. You can easily find proxy/sql injection extensions on firefox.. and chrome too, however I don't blocked chrome(yet hahah) I was thinking about make a custom browser wich users can visit faucets.. you know? without extensions, with a good faucet list/rotator.. well, I don't have knowledge to do this(and the other question is the ads clicks, maybe it can get a lower click rate) |
|
|
|
|
5ub_zer0 (OP)
|
|
August 05, 2016, 09:55:19 AM |
|
k - i opened my faucet again https://faucet.today .. if something goes wrong i will send you the bill gifted  |
|
|
|
|
|
5ub_zer0 (OP)
|
|
August 05, 2016, 10:04:42 AM |
|
Yeap, I got a lot of bot attack comming from Firefox, so I blocked it, sorry..  80%+ firefox access was bots.. don't know if it was the extensions(sql injection, proxys) or the bot use this plataform Yeap, I tried to find something to block extensions.. however I think it can't be done.. You can easily find proxy/sql injection extensions on firefox.. and chrome too, however I don't blocked chrome(yet hahah) I was thinking about make a custom browser wich users can visit faucets.. you know? without extensions, with a good faucet list/rotator.. well, I don't have knowledge to do this(and the other question is the ads clicks, maybe it can get a lower click rate) Can you tell me/us please how you block a browser .. thanx in advance |
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 05, 2016, 10:37:35 AM |
|
Yeap, I got a lot of bot attack comming from Firefox, so I blocked it, sorry.. 80%+ firefox access was bots.. don't know if it was the extensions(sql injection, proxys) or the bot use this plataform Yeap, I tried to find something to block extensions.. however I think it can't be done.. You can easily find proxy/sql injection extensions on firefox.. and chrome too, however I don't blocked chrome(yet hahah) I was thinking about make a custom browser wich users can visit faucets.. you know? without extensions, with a good faucet list/rotator.. well, I don't have knowledge to do this(and the other question is the ads clicks, maybe it can get a lower click rate) Can you tell me/us please how you block a browser .. thanx in advance Blocking Browsers is not the answer to your problem. All that shows is how many users that visit your site use that particular browser. I would think we are needing to look deeper into the way the browser is used once on your site. Cross reference Blacklist IP's against visitors and incorporate a lockout of those IP's. Anyone trying to use a BOT is going to try and use a fresh list of accepted Proxy's to access your site. Say me for example I use my mobile phone as a hot spot or wifi hot spot. I am using the IP 205.197.242.169 and i ran a cross reference to Blacklist IP's. When I did that I tested my IP against a new tool called WebRTC and found that it was leaking my actual IP address. For more information on how these Thieves are stealing personal information read this post> http://whatismyipaddress.com/webrtc-testAnd upon reading this article or post one may be able to use the WebRTC to find the actual IP behind the attacks and single them out. WebRTC is available for Chrome, FireFox, Opera and many more as it is the new and bestest thing going. Happy Defending !!!! |
|
|
|
|
|
5ub_zer0 (OP)
|
|
August 05, 2016, 11:01:21 AM |
|
Its me again .. there are still one thing what i don't like ... i will try to explain as good as i can in english ... Example: Your Xapo Faucet has a Cooldown (Timer) of 15minutes until next claim is allowed. OK here we go - a Visitor enter your Faucet solve the Captcha and Claim .. he stays on your really cool Site .. and after 15 minutes he can press F5 (Refresh) in browser .. a small window pops-up and ask if you want to send the Formular again (dont know how it is called in english - see screenshot in German)  If you answer with Yes .. the Browserwindows reloads/refreshs .. and you have automaticly claimed - without enter the Captcha again... Now if a Black-hat have found a way how to disable the timer (ok we dont allow rightclicks and so on now ) he has only press F5 press Enter all time long .. and is happy .. I am not a hero in Webdesign nor php .. but maybe a solution is to set the cookielifetime to 5mins ? or has it something to do with the session ? .. any ideas ? |
|
|
|
|
|
5ub_zer0 (OP)
|
|
August 05, 2016, 11:08:08 AM |
|
Blocking Browsers is not the answer to your problem.
yes i am with you .. i just asked because i would like to know if there is a comfortabler way as baning a specific user-agent in htaccess ... |
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 05, 2016, 11:22:59 AM
Last edit: August 05, 2016, 11:34:22 AM by ardodd |
|
Its me again .. there are still one thing what i don't like ... i will try to explain as good as i can in english ... Example: Your Xapo Faucet has a Cooldown (Timer) of 15minutes until next claim is allowed. OK here we go - a Visitor enter your Faucet solve the Captcha and Claim .. he stays on your really cool Site .. and after 15 minutes he can press F5 (Refresh) in browser .. a small window pops-up and ask if you want to send the Formular again (dont know how it is called in english - see screenshot in German) If you answer with Yes .. the Browserwindows reloads/refreshs .. and you have automaticly claimed - without enter the Captcha again... Now if a Black-hat have found a way how to disable the timer (ok we dont allow rightclicks and so on now ) he has only press F5 press Enter all time long .. and is happy .. I am not a hero in Webdesign nor php .. but maybe a solution is to set the cookielifetime to 5mins ? or has it something to do with the session ? .. any ideas ? Let me see if one of Xapo sites like you say where I can actually use the F5 and reclaim without a Captcha. BRB on that this one. I have 2 Xapo Wallet sites open ( MoonBitco.in and Whalebitco.in ) and one none Xapo site open ( Claim BTC ) will run the F5 command in 2 minutes. Ok I run the F5 command on all 3 sites and they give me the same results ( Incorrect Captcha ) Are we dealing with a weakess in the F5 Command for @Gifted's script. As I thought we had solved this previously and it was addressed by @Gifted. I am old and sea-nile and I tend to forget what i just said so I maybe wrong. |
|
|
|
|
|
5ub_zer0 (OP)
|
|
August 05, 2016, 11:43:16 AM |
|
Let me see if one of Xapo sites like you say where I can actually use the F5 and reclaim without a Captcha. BRB on that this one.
I have 2 Xapo Wallet sites open ( MoonBitco.in and Whalebitco.in ) and one none Xapo site open ( Claim BTC ) will run the F5 command in 2 minutes.
Ok I run the F5 command on all 3 sites and they give me the same results ( Incorrect Captcha )
Are we dealing with a weakess in the F5 Command for @Gifted's script. As I thought we had solved this previously and it was addressed by @Gifted.
I am old and sea-nile and I tend to forget what i just said so I maybe wrong.
I have this only testet at my faucet .. maybe i am the only with this phenomen ? |
|
|
|
|
ardodd
Member
Offline
Activity: 132
Merit: 10
|
|
August 05, 2016, 12:08:49 PM |
|
Let me see if one of Xapo sites like you say where I can actually use the F5 and reclaim without a Captcha. BRB on that this one.
I have 2 Xapo Wallet sites open ( MoonBitco.in and Whalebitco.in ) and one none Xapo site open ( Claim BTC ) will run the F5 command in 2 minutes.
Ok I run the F5 command on all 3 sites and they give me the same results ( Incorrect Captcha )
Are we dealing with a weakess in the F5 Command for @Gifted's script. As I thought we had solved this previously and it was addressed by @Gifted.
I am old and sea-nile and I tend to forget what i just said so I maybe wrong.
I have this only testet at my faucet .. maybe i am the only with this phenomen ? What was your faucet and I will see if it is possible for me to access and duplicate what you are saying? |
|
|
|
|
Salmen
Legendary
Offline
Activity: 1059
Merit: 1020
|
|
August 05, 2016, 12:16:19 PM |
|
The solution of blocking all proxies is still not a good solution at all. It blocks almost all proxies. With an advanced proxy is it possible to bypass the proxy detection.
|
Young Developer amidst Europe. Specialized in Web Programming and Creating Telegram Bots. Looking for a developer? Feel free to drop a mail to me. Running JaguarBitcoin - Your Place For Scripts |
|
|
|
5ub_zer0 (OP)
|
|
August 05, 2016, 12:30:18 PM |
|
What was your faucet and I will see if it is possible for me to access and duplicate what you are saying?
https://faucet.today |
|
|
|
|
|
5ub_zer0 (OP)
|
|
August 05, 2016, 12:42:44 PM |
|
The solution of blocking all proxies is still not a good solution at all. It blocks almost all proxies. With an advanced proxy is it possible to bypass the proxy detection.
some proxys like the elite proxys could not detected with this described solution in this thread .. the faucetbox script can do it - if nastyhost is enabled (maybe it works disabled too) and claim with a elite proxy it will a message appear "invalid address" ... testet on my faucets @salmen are your ISP Telekom ? .. because i got on the most faucets a vpn/proxy denied message with my normal connection .. so i have to use my private proxy (no worry guys - i am to old for making nonsens^^) .. than it works (funny or) .. only at faucetboxscript not as mentioned above but anyway if i read things like the connector and proxyswitcher and all this .. makes me sad ... |
|
|
|
|
|
Gifted
|
|
August 05, 2016, 06:16:24 PM |
|
Its me again .. there are still one thing what i don't like ... i will try to explain as good as i can in english ... Example: Your Xapo Faucet has a Cooldown (Timer) of 15minutes until next claim is allowed. OK here we go - a Visitor enter your Faucet solve the Captcha and Claim .. he stays on your really cool Site .. and after 15 minutes he can press F5 (Refresh) in browser .. a small window pops-up and ask if you want to send the Formular again (dont know how it is called in english - see screenshot in German) If you answer with Yes .. the Browserwindows reloads/refreshs .. and you have automaticly claimed - without enter the Captcha again... Now if a Black-hat have found a way how to disable the timer (ok we dont allow rightclicks and so on now ) he has only press F5 press Enter all time long .. and is happy .. I am not a hero in Webdesign nor php .. but maybe a solution is to set the cookielifetime to 5mins ? or has it something to do with the session ? .. any ideas ? i just fixed that if you read the security patch for xapo. Patch V1.1[/b] find this code if($response->success){
$view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>';
$url = get_main_url()."?r=".$username;
$view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';if($response->success){
header('Refresh: 30;url=[b]change to your faucets url[/b]');
$view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>';
$url = get_main_url()."?r=".$username;
$view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';
|
|
|
|
|
Salmen
Legendary
Offline
Activity: 1059
Merit: 1020
|
|
August 05, 2016, 06:27:28 PM |
|
The solution of blocking all proxies is still not a good solution at all. It blocks almost all proxies. With an advanced proxy is it possible to bypass the proxy detection.
some proxys like the elite proxys could not detected with this described solution in this thread .. the faucetbox script can do it - if nastyhost is enabled (maybe it works disabled too) and claim with a elite proxy it will a message appear "invalid address" ... testet on my faucets @salmen are your ISP Telekom ? .. because i got on the most faucets a vpn/proxy denied message with my normal connection .. so i have to use my private proxy (no worry guys - i am to old for making nonsens^^) .. than it works (funny or) .. only at faucetboxscript not as mentioned above but anyway if i read things like the connector and proxyswitcher and all this .. makes me sad ... My ISP is currently not Telekom and thereby can't check it now. However, the elite proxy is a problem and the windows vps.
Why is still no solution to block ISP? Isn't it weird if a user use proxy using vps? |
Young Developer amidst Europe. Specialized in Web Programming and Creating Telegram Bots. Looking for a developer? Feel free to drop a mail to me. Running JaguarBitcoin - Your Place For Scripts |
|
|
sabotag3x
Legendary
Offline
Activity: 2548
Merit: 2180
Crypto Swap Exchange
|
|
August 05, 2016, 10:39:49 PM
Last edit: August 05, 2016, 10:58:52 PM by sabotag3x |
|
Can you tell me/us please how you block a browser .. thanx in advance
I'm using this code <?php
// Blocks Browser Multiple
$get_name_browser = $_SERVER['HTTP_USER_AGENT']; // Get Name Broswer
$block_browser = array("Avant Browser","Firefox","Yandex", "Opera","ELinks","SeaMonkey","Chromium","Iceweasel","Konqueror","WebKit Nightly","Iron","Pale Moon","Epiphany"); // Name Broswer Block
foreach($block_browser as $new){
if(preg_match("/".$new."/",$get_name_browser)){
die("<h2>Browser not supported!</h2>");
}
}
//
?>
I don't read all replys here yet, after I'll read and reply.. just leaving the code here edit:
Blocking Browsers is not the answer to your problem.
yes i am with you .. i just asked because i would like to know if there is a comfortabler way as baning a specific user-agent in htaccess ... yeap, I know it's not the answer, however I have to try something.. I don't care about losing some access by firefox since I block some bot attack.. better a little revenue then losses |
|
|
|
|
Gifted
|
|
August 05, 2016, 10:59:15 PM |
|
Can you tell me/us please how you block a browser .. thanx in advance
I'm using this code <?php
// Blocks Browser Multiple
$get_name_browser = $_SERVER['HTTP_USER_AGENT']; // Get Name Broswer
$block_browser = array("Avant Browser","Firefox","Yandex", "Opera","ELinks","SeaMonkey","Chromium","Iceweasel","Konqueror","WebKit Nightly","Iron","Pale Moon","Epiphany"); // Name Broswer Block
foreach($block_browser as $new){
if(preg_match("/".$new."/",$get_name_browser)){
die("<h2>Browser not supported!</h2>");
}
}
//
?>
I don't read all replys here yet, after I'll read and reply.. just leaving the code here this will stop bots because they use firefox.. an old version to use with bots great job !! |
|
|
|
|
|
Gifted
|
|
August 05, 2016, 11:40:51 PM |
|
Try using your windows vps on my site http://www.bitcoinfaucetexchange.com/testing this <?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* Http utility functions.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class IpUtils
{
/**
* This class should not be instantiated.
*/
private function __construct()
{
}
/**
* Checks if an IPv4 or IPv6 address is contained in the list of given IPs or subnets.
*
* @param string $requestIp IP to check
* @param string|array $ips List of IPs or subnets (can be a string if only a single one)
*
* @return bool Whether the IP is valid
*/
public static function checkIp($requestIp, $ips)
{
if (!is_array($ips)) {
$ips = array($ips);
}
$method = substr_count($requestIp, ':') > 1 ? 'checkIp6' : 'checkIp4';
foreach ($ips as $ip) {
if (self::$method($requestIp, $ip)) {
return true;
}
}
return false;
}
/**
* Compares two IPv4 addresses.
* In case a subnet is given, it checks if it contains the request IP.
*
* @param string $requestIp IPv4 address to check
* @param string $ip IPv4 address or subnet in CIDR notation
*
* @return bool Whether the request IP matches the IP, or whether the request IP is within the CIDR subnet.
*/
public static function checkIp4($requestIp, $ip)
{
if (false !== strpos($ip, '/')) {
list($address, $netmask) = explode('/', $ip, 2);
if ($netmask === '0') {
// Ensure IP is valid - using ip2long below implicitly validates, but we need to do it manually here
return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
}
if ($netmask < 0 || $netmask > 32) {
return false;
}
} else {
$address = $ip;
$netmask = 32;
}
return 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask);
}
/**
* Compares two IPv6 addresses.
* In case a subnet is given, it checks if it contains the request IP.
*
* @author David Soria Parra <dsp at php dot net>
*
* @see https://github.com/dsp/v6tools
*
* @param string $requestIp IPv6 address to check
* @param string $ip IPv6 address or subnet in CIDR notation
*
* @return bool Whether the IP is valid
*
* @throws \RuntimeException When IPV6 support is not enabled
*/
public static function checkIp6($requestIp, $ip)
{
if (!((extension_loaded('sockets') && defined('AF_INET6')) || @inet_pton('::1'))) {
throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".');
}
if (false !== strpos($ip, '/')) {
list($address, $netmask) = explode('/', $ip, 2);
if ($netmask < 1 || $netmask > 128) {
return false;
}
} else {
$address = $ip;
$netmask = 128;
}
$bytesAddr = unpack('n*', inet_pton($address));
$bytesTest = unpack('n*', inet_pton($requestIp));
for ($i = 1, $ceil = ceil($netmask / 16); $i <= $ceil; ++$i) {
$left = $netmask - 16 * ($i - 1);
$left = ($left <= 16) ? $left : 16;
$mask = ~(0xffff >> $left) & 0xffff;
if (($bytesAddr[$i] & $mask) != ($bytesTest[$i] & $mask)) {
return false;
}
}
return true;
}
}
|
|
|
|
|
|
viralalert
|
|
August 06, 2016, 02:27:59 AM |
|
Can you tell me/us please how you block a browser .. thanx in advance
I'm using this code <?php
// Blocks Browser Multiple
$get_name_browser = $_SERVER['HTTP_USER_AGENT']; // Get Name Broswer
$block_browser = array("Avant Browser","Firefox","Yandex", "Opera","ELinks","SeaMonkey","Chromium","Iceweasel","Konqueror","WebKit Nightly","Iron","Pale Moon","Epiphany"); // Name Broswer Block
foreach($block_browser as $new){
if(preg_match("/".$new."/",$get_name_browser)){
die("<h2>Browser not supported!</h2>");
}
}
//
?>
You must add a message something like this "Browser not supported, Please use google chrome". |
|
|
|
|
|
5ub_zer0 (OP)
|
|
August 06, 2016, 04:01:03 PM |
|
i just fixed that if you read the security patch for xapo. Patch V1.1[/b] find this code if($response->success){
$view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>';
$url = get_main_url()."?r=".$username;
$view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';if($response->success){
header('Refresh: 30;url=[b]change to your faucets url[/b]');
$view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>';
$url = get_main_url()."?r=".$username;
$view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';
i did this already implemented yesterday morning ... if($response->success){
header('Refresh: 30;url=https://faucet.today');
-snip-
and the problem was still there .. but ardodd whould test it .. waiting for an answer |
|
|
|
|
|
