Bitcoin Forum
January 18, 2022, 02:51:14 PM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Detecting fraudulent activity on a bitcoin testnet faucet  (Read 398 times)
nkuttler
Jr. Member
*
Offline Offline

Activity: 38
Merit: 15


View Profile WWW
June 15, 2020, 02:01:57 PM
Merited by ETFbitcoin (11), HeRetiK (1), hugeblack (1), NotATether (1)
 #1

I have written a post about my experience running a bitcoin testnet faucet for the last seven years. It is about how I have created countermeasures against people who try to spam the faucet with requests: https://kuttler.eu/en/post/detecting-fraudulent-activity-bitcoin-testnet-faucet/
1642517474
Hero Member
*
Offline Offline

Posts: 1642517474

View Profile Personal Message (Offline)

Ignore
1642517474
Reply with quote  #2

1642517474
Report to moderator
1642517474
Hero Member
*
Offline Offline

Posts: 1642517474

View Profile Personal Message (Offline)

Ignore
1642517474
Reply with quote  #2

1642517474
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1642517474
Hero Member
*
Offline Offline

Posts: 1642517474

View Profile Personal Message (Offline)

Ignore
1642517474
Reply with quote  #2

1642517474
Report to moderator
1642517474
Hero Member
*
Offline Offline

Posts: 1642517474

View Profile Personal Message (Offline)

Ignore
1642517474
Reply with quote  #2

1642517474
Report to moderator
HeRetiK
Legendary
*
Offline Offline

Activity: 2086
Merit: 1664


the forkings will continue until morale improves


View Profile
June 15, 2020, 03:31:40 PM
 #2

Nice post! I'm kinda curious about the "badness score", what metrics have you found to be the most effective? Geolocation, browser, screen resolution? Something else entirely?


Most of the fraudulent requests originated from less wealthy regions and were performed manually, which is not surprising I guess.

I'll be honest, I didn't expect people to manually farm testnet faucets. And there I was thinking the existence of Captcha farms is depressing.


Regarding people accumulating testnet coins rather than using regtest -- Might also be that they're being used for scamming people, occasionally threads pop up with people being sold tBTC rather than the real thing. Probably not that common though.

nkuttler
Jr. Member
*
Offline Offline

Activity: 38
Merit: 15


View Profile WWW
June 15, 2020, 04:07:42 PM
 #3

Nice post! I'm kinda curious about the "badness score", what metrics have you found to be the most effective? Geolocation, browser, screen resolution? Something else entirely?

Thanks! Adding the origin of the request to the mix was the most interesting step. Browser fingerprinting itself is not terribly useful, but when you combine the geolocation with browser info like locale and timezone some users start to look more suspicious. Of course there are legit reasons for mismatches there, so blocked requests need to have multiple "suspicious" characteristics. I also keep track of some VPN provider IP ranges to group requests that can not be grouped through geoip data.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 2114
Merit: 3608


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
June 16, 2020, 09:51:50 AM
 #4

Many captcha or anti-bot services in general analyze mouse movement to determine whether it's user or bot. IMO it'd be easy to detect bot with mouse movement analysis since bot either don't move mouse at all or have stiff movement (e.g. straight or diagonal line).

NotATether
Hero Member
*****
Offline Offline

Activity: 770
Merit: 2510


Cryptographic Crawler


View Profile WWW
June 16, 2020, 07:27:55 PM
 #5

Many captcha or anti-bot services in general analyze mouse movement to determine whether it's user or bot. IMO it'd be easy to detect bot with mouse movement analysis since bot either don't move mouse at all or have stiff movement (e.g. straight or diagonal line).

Here's an example of how not to make a captcha service: the newer recaptcha v3 tracks different activity than mouse movements, as there is no puzzle to solve. It checks the browser type and gives a higher score to popular browsers over more obscure ones or alpha builds of browsers (or even Chromium). It also gives you a low score if it can't set tracking cookies in the browser and temporarily gives a higher score if you log into google services https://stackoverflow.com/questions/52546045/how-to-pass-recaptcha-v3. I think IP addresses and device information is still the best way to distinguish a bot from a human.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 2114
Merit: 3608


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
June 17, 2020, 11:53:10 AM
 #6

Many captcha or anti-bot services in general analyze mouse movement to determine whether it's user or bot. IMO it'd be easy to detect bot with mouse movement analysis since bot either don't move mouse at all or have stiff movement (e.g. straight or diagonal line).

Here's an example of how not to make a captcha service: the newer recaptcha v3 tracks different activity than mouse movements, as there is no puzzle to solve. It checks the browser type and gives a higher score to popular browsers over more obscure ones or alpha builds of browsers (or even Chromium). It also gives you a low score if it can't set tracking cookies in the browser and temporarily gives a higher score if you log into google services https://stackoverflow.com/questions/52546045/how-to-pass-recaptcha-v3. I think IP addresses and device information is still the best way to distinguish a bot from a human.

Not bad example, but in this case (claiming tBTC faucet) human usually mouse to select input area for bitcoin address and click "Claim" button.
While i agree IP addresses and device information is still the best way to distinguish a bot from a human, mouse movement would be good indicator in this case.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!