Bitcoin Forum
November 08, 2024, 03:30:43 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 [8]  All
  Print  
Author Topic: XAPO Script - Hacked  (Read 6090 times)
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
August 06, 2016, 04:25:44 PM
 #141



i just fixed that if you read the security patch for xapo.

Patch V1.1[/b]

find this code
Code:
if($response->success){
      $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>';
      $url = get_main_url()."?r=".$username;
      $view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';

and replace with this


Code:
if($response->success){
   header('Refresh: 30;url=[b]change to your faucets url[/b]');
 $view['main']['result_html'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Congratulations you have won '.$amount.' Satoshis !!!</p></div></div>';
      $url = get_main_url()."?r=".$username;
      $view['main']['ref_link'] = '<div class="row text-center"><div class="col-sm-6 col-md-offset-3 bg-success"><p>Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'</p></div></div>';

This redirects back to your page after 30 seconds so that the captcha resets so that a imacro program cannot be programmed to just refresh and get credit every hour when they are sleeping. i would suggest do this immediately!  Make sure you put your faucet address where is says change to your faucet url.


i did this already implemented yesterday morning ...

Code:
    if($response->success){
      header('Refresh: 30;url=https://faucet.today');
   -snip-

and the problem was still there ..

but ardodd whould test it .. waiting for an answer

its a 30m second timer... you can change where its highlited   header('Refresh: 30;url=change to your faucets url');

take out the bold code where the address goes.. that does not go there
sabotag3x
Legendary
*
Offline Offline

Activity: 2702
Merit: 2318



View Profile
August 08, 2016, 12:42:24 PM
 #142

Can someone try to use any proxy/vpn in my faucet? By "use" I mean CLAIM.. and give me a feedback please!
http://www.bitcoinamerica.com.br/faucet

Thanks a lot!

5ub_zer0 (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
August 08, 2016, 12:54:22 PM
 #143

Can someone try to use any proxy/vpn in my faucet? By "use" I mean CLAIM.. and give me a feedback please!
http://www.bitcoinamerica.com.br/faucet

Thanks a lot!

Notice: REFERER CHECK FAILED, ASSUMING CSRF! in /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php on line 100 Warning: Cannot modify header information - headers already sent by (output started at /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php:100) in /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php on line 356 Notice: Banned: xxx.xxx.xxx.xxx in /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php on line 309
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
August 08, 2016, 04:57:27 PM
 #144

Can someone try to use any proxy/vpn in my faucet? By "use" I mean CLAIM.. and give me a feedback please!
http://www.bitcoinamerica.com.br/faucet

Thanks a lot!
Notice: Banned: 46.101.138.168 in /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php on line 309
sabotag3x
Legendary
*
Offline Offline

Activity: 2702
Merit: 2318



View Profile
August 09, 2016, 06:29:12 AM
 #145

Can someone try to use any proxy/vpn in my faucet? By "use" I mean CLAIM.. and give me a feedback please!
http://www.bitcoinamerica.com.br/faucet

Thanks a lot!

Notice: REFERER CHECK FAILED, ASSUMING CSRF! in /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php on line 100 Warning: Cannot modify header information - headers already sent by (output started at /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php:100) in /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php on line 356 Notice: Banned: xxx.xxx.xxx.xxx in /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php on line 309

Can someone try to use any proxy/vpn in my faucet? By "use" I mean CLAIM.. and give me a feedback please!
http://www.bitcoinamerica.com.br/faucet

Thanks a lot!
Notice: Banned: 46.101.138.168 in /customers/c/f/6/bitcoinamerica.com.br/httpd.www/faucet/script/common.php on line 309

Thanks! I think it's working, I can't block all VPN/Proxy/TOR systems however it can block a lot of services..
I banned 15.000 ASNs

ardodd
Member
**
Offline Offline

Activity: 132
Merit: 10


View Profile
August 12, 2016, 03:44:49 AM
 #146

I am so sorry for not being around everyone. This is one of those weeks no cares to go through. I am fighting cancer and it is not pretty. And on top of that i am fighting diabetes at the same time.

Spent all week in hospital with blood sugar levels at or above 500 and infections. Just have not had the energy to even get online til now.

I was trying to catch up some but things are kind of cobb webbed inside my head right now. So if someone could catch me up on where we are with the security i would love to get back into the conversation. 
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
August 12, 2016, 04:07:45 AM
 #147

I am so sorry for not being around everyone. This is one of those weeks no cares to go through. I am fighting cancer and it is not pretty. And on top of that i am fighting diabetes at the same time.

Spent all week in hospital with blood sugar levels at or above 500 and infections. Just have not had the energy to even get online til now.

I was trying to catch up some but things are kind of cobb webbed inside my head right now. So if someone could catch me up on where we are with the security i would love to get back into the conversation. 
Well it seems in our combined efforts bot are no more. I believe the most significance is the fact that firefox is used with bots and is blocked on my faucet.Also the  captcha reset was another flaw was fixed... seems all is well
ardodd
Member
**
Offline Offline

Activity: 132
Merit: 10


View Profile
August 12, 2016, 04:28:13 AM
 #148

@Gifted,

Do you know how to make a searchable database that would host the Faucet List. I had time on my hands this week and remember back in 2000 when I first started doing online html and coding i had a website that i made which had a interface I could actually program myself.

Back then it was simple as all i did was create a database of websites, and then broke them down into specific categories for what they did. And created a simple search where anyone could enter the category they were interested in and then check the radio boxes for which specific areas they wanted to lookup.

Example:
 

I was pondering that thought about all these Faucets. As it would need to be able to scrap for Faucet sites and then be able to host the information. The developer would have the advantage as when they are found he/she would have to join that Faucet so others could see it. I was pondering on this while laying i the hospital bed. And had seen a big list on Faucet List that had Bitcoin, Dogecoin, Peercoin, Darkcoin, Litecoin, etc...and noticed that a Xapo List was not available. And with so many cryptocurrencies I remember having a multi-wallet with Cryptonator that had many wallets.

But am asking if one could code a database interface like above to list all these Faucets and make it use your crypto-wallet address to join them. One at a time so when opening up the program the complete list comes up and they can check off the websites as they surf for coins. I DO NOT want a bot to do the work, only to register for all the sites with. The parameters could be anything from amount of coins collected to time in between intervals. Say you have 100 websites with 5 minute intervals we could create one parameter for them. And every different time frame could be a set of parameters. Or we could set parameters for alphabetical listing. The possibilities is endless on parameters.

One of the things i figured needed would be a way to store the e-wallet addresses so it can be entered according that sites crypto-currency. The e-wallet addresses would have to be stored off-site for the users protection and only pulled up if they log into it securely to use the database.

I don't know if you would want to do something like that or not, but I am interested in seeing if you could make something like this and make dam sure that a BOT can not join the website with a firewall.

***Update***

I had a feeling that my computer had been infected so out of curiousity I used Norton Power Eraser even after I used MalwareBytes Anti-Malware to check my computer for any virus. And not surprised at all i found 3 trojans attached to .exe files. What amazed me is that it was called molested.exe and it was attached to one of my Processor programs. I can remember one day my computer shut down completely and I had to manually restart it. And when I did it told me that one or more of my drivers had stopped working or was going out. So it led me to what looked exactly like a Toshiba Official page and pulled up that Drive and so called updated it. To find out that it come from Faucet that had a backdoor virus which had a popup virus. And once the darn computer started opening page after page at a astounding rate i knew something got through the firewall.

But anyways the morale to the story is that the attacks may not be because of a security issue on the website, but a security issue on our computer itself in the Root or .exe files where they are able to communicate with your site through the Root or .exe file

Just a simple reminder to scan the Root files and .exe files even if you think you virus protection is up to date and see a warning to repair or upgrade. Watch it with multiple virus scans that remove trojans.    
ardodd
Member
**
Offline Offline

Activity: 132
Merit: 10


View Profile
August 12, 2016, 04:29:30 AM
 #149

I am so sorry for not being around everyone. This is one of those weeks no cares to go through. I am fighting cancer and it is not pretty. And on top of that i am fighting diabetes at the same time.

Spent all week in hospital with blood sugar levels at or above 500 and infections. Just have not had the energy to even get online til now.

I was trying to catch up some but things are kind of cobb webbed inside my head right now. So if someone could catch me up on where we are with the security i would love to get back into the conversation. 
Well it seems in our combined efforts bot are no more. I believe the most significance is the fact that firefox is used with bots and is blocked on my faucet.Also the  captcha reset was another flaw was fixed... seems all is well

Great job !!!!! I felt like Firefox and the iMacros would cause problems.
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
August 12, 2016, 08:10:23 PM
 #150

I am so sorry for not being around everyone. This is one of those weeks no cares to go through. I am fighting cancer and it is not pretty. And on top of that i am fighting diabetes at the same time.

Spent all week in hospital with blood sugar levels at or above 500 and infections. Just have not had the energy to even get online til now.

I was trying to catch up some but things are kind of cobb webbed inside my head right now. So if someone could catch me up on where we are with the security i would love to get back into the conversation. 
Well it seems in our combined efforts bot are no more. I believe the most significance is the fact that firefox is used with bots and is blocked on my faucet.Also the  captcha reset was another flaw was fixed... seems all is well

Great job !!!!! I felt like Firefox and the iMacros would cause problems.
About your virus... just use this only https://www.microsoft.com/en-us/download/details.aspx?id=5201  Most virus's comes from antivirus !
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
August 12, 2016, 08:14:51 PM
 #151

@Gifted,

Do you know how to make a searchable database that would host the Faucet List. I had time on my hands this week and remember back in 2000 when I first started doing online html and coding i had a website that i made which had a interface I could actually program myself.

Back then it was simple as all i did was create a database of websites, and then broke them down into specific categories for what they did. And created a simple search where anyone could enter the category they were interested in and then check the radio boxes for which specific areas they wanted to lookup.

Example:
 

I was pondering that thought about all these Faucets. As it would need to be able to scrap for Faucet sites and then be able to host the information. The developer would have the advantage as when they are found he/she would have to join that Faucet so others could see it. I was pondering on this while laying i the hospital bed. And had seen a big list on Faucet List that had Bitcoin, Dogecoin, Peercoin, Darkcoin, Litecoin, etc...and noticed that a Xapo List was not available. And with so many cryptocurrencies I remember having a multi-wallet with Cryptonator that had many wallets.

But am asking if one could code a database interface like above to list all these Faucets and make it use your crypto-wallet address to join them. One at a time so when opening up the program the complete list comes up and they can check off the websites as they surf for coins. I DO NOT want a bot to do the work, only to register for all the sites with. The parameters could be anything from amount of coins collected to time in between intervals. Say you have 100 websites with 5 minute intervals we could create one parameter for them. And every different time frame could be a set of parameters. Or we could set parameters for alphabetical listing. The possibilities is endless on parameters.

One of the things i figured needed would be a way to store the e-wallet addresses so it can be entered according that sites crypto-currency. The e-wallet addresses would have to be stored off-site for the users protection and only pulled up if they log into it securely to use the database.

I don't know if you would want to do something like that or not, but I am interested in seeing if you could make something like this and make dam sure that a BOT can not join the website with a firewall.

***Update***

I had a feeling that my computer had been infected so out of curiousity I used Norton Power Eraser even after I used MalwareBytes Anti-Malware to check my computer for any virus. And not surprised at all i found 3 trojans attached to .exe files. What amazed me is that it was called molested.exe and it was attached to one of my Processor programs. I can remember one day my computer shut down completely and I had to manually restart it. And when I did it told me that one or more of my drivers had stopped working or was going out. So it led me to what looked exactly like a Toshiba Official page and pulled up that Drive and so called updated it. To find out that it come from Faucet that had a backdoor virus which had a popup virus. And once the darn computer started opening page after page at a astounding rate i knew something got through the firewall.

But anyways the morale to the story is that the attacks may not be because of a security issue on the website, but a security issue on our computer itself in the Root or .exe files where they are able to communicate with your site through the Root or .exe file

Just a simple reminder to scan the Root files and .exe files even if you think you virus protection is up to date and see a warning to repair or upgrade. Watch it with multiple virus scans that remove trojans.    

This wont happen unless all faucets are built the same... the hard part is getting all the faucets to be able to bind with our site and this will never happen. each website is different so the code would have to me crazy ! Unless you go with standerd faucetbox then it might work but those usually fail in a month or so because of lack of  coding,  experience ETC.
ardodd
Member
**
Offline Offline

Activity: 132
Merit: 10


View Profile
August 12, 2016, 10:15:51 PM
 #152

I would say so. Seem to be too many Fly-by-Night shops setting up now.

Guess most of them don't realize that you have to make a commitment long term as the ads on the Faucet are mostly referral Faucets and/or Adsense which are long-long term commitments.

Shoot I have 10 websites and they all have Adsense and in 5 years i have made $9.45 from it. Not even enough to to meet withdrawal limit.

Some don't realize that they income from the site to sustain the Faucet payout commitment on their end. It is not something you buy $50 worth of Bitcoins and payout slowly depending on the amount of traffic and of course BOT's stealing too.

By-the-way what kind of drugs was I on when I posted this last night?Huh Must of been good too.
Pages: « 1 2 3 4 5 6 7 [8]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!