I have added .htaccess restriction to config.php, faucethub.php and function.php. allowed only server ip access.
then made new database user/pw/name.
regenerated api and changed it all. now only faucet has access to those files.
I hope this will restict and prevent stealing those access codes/api and sending info to thos files.
That's good, but if you see any problem then Change your faucet script
my problem is that every faucet script ive used got botted eventualy. I think ive used 4 diffrent ones by now.
I like how it all works now and just want it more secure. I do get less claims in already now.
Now i like to find out if i close port 3306 for MySQL database will be even better. but just havent figured that out yet.