[ANN] FaucetBOX.com - API & faucet script, create your own crypto faucet

[Erkallys]

Do you plan to add some other cryptos ?

Yes. Someday... . No promises, no ETAs. However we've ruled out Paycoin (we won't add it in near future) and we're currently testing and considering Darkcoin and Mintcoin.
However currently we have general performance issues and we want to address them first.

Kazuldur is right, it was a server-related problem. Contacted hosting support and they whitelisted some security rules and problem resolved.

I'm glad it works

Yeah sure ! I would like Darkcoin, Blackcoin, Megacoin or Spreadcoin !

[Kazuldur]

Make it that way:
- everybody is able to change the value without pin or password (like it is now) BUT
- if he decides to change the value providing a signed message then require a signed message if he wants to change the value in the future.

This is both Safe and Painless (at least for the users ).

That's what we're already implementing . However it doesn't help people that for some reason can't sign a message, so - based on the feedback after implementing it as an option - we may decide to require signing a message by everyone. ETA: up to 2 weeks.

[bitrecoin]

I have fixed the issues on my BTC faucet please review it again..

bitrecoin.herokuapp.com

Thanks

[Kazuldur]

I have fixed the issues on my BTC faucet please review it again..

bitrecoin.herokuapp.com

Thanks

You can resend the application in your Dashboard, no need to ask here

[bitrecoin]

I already did hehehe .. I just tried posting it here maybe the approval can be expedited here

[FundsMoney]

I know this may not be the place for technical support, but I see there are many faucet admins watching this topic and may suggest some tips.

I am the admin of bitprepay.net and for some time now I see on my cPanel that I hit over 20 Entry Processes (which is the limit), daily. Currently I am hosted on Namecheap (Shared Plan). I mainly chose NC because they accept bitcoins, but I would reconsider for a better host soon.

What would you guys recommend , taking into consideration that my site gets >20k pageviews daily (and ~10k uniques)?
I want a reliable and quick webhosting.

Someone recommended me to buy a VPS for this. What do you guys think?

[Muhammed Zakir]

I know this may not be the place for technical support, but I see there are many faucet admins watching this topic and may suggest some tips.

I am the admin of bitprepay.net and for some time now I see on my cPanel that I hit over 20 Entry Processes (which is the limit), daily. Currently I am hosted on Namecheap (Shared Plan). I mainly chose NC because they accept bitcoins, but I would reconsider for a better host soon.

What would you guys recommend , taking into consideration that my site gets >20k pageviews daily (and ~10k uniques)?
I want a reliable and quick webhosting.

Someone recommended me to buy a VPS for this. What do you guys think?

I still recommend NC to you. It is one of the best you can get. I suggest you to go for a costly one in NC. Enterprise maybe good if you are getting a good amount from it.

   -MZ

[minifrij]

I find Hostinger to be pretty good, though it may have the same problems that you're facing.

[FundsMoney]

Thanks for the suggestions, guys. I will update as soon as this month's payment from Adsense hits my bank account, just to be sure.
I have to get rid of this error, this is the main priority:


If this means I'd have to upgrade to a VPS, I will... Shared hosting always has a limit of up to 30 EP...

Best wishes.

[NeedIfFindIt]

I know this may not be the place for technical support, but I see there are many faucet admins watching this topic and may suggest some tips.

I am the admin of bitprepay.net and for some time now I see on my cPanel that I hit over 20 Entry Processes (which is the limit), daily. Currently I am hosted on Namecheap (Shared Plan). I mainly chose NC because they accept bitcoins, but I would reconsider for a better host soon.

What would you guys recommend , taking into consideration that my site gets >20k pageviews daily (and ~10k uniques)?
I want a reliable and quick webhosting.

Someone recommended me to buy a VPS for this. What do you guys think?

By 20 Entry Processes you mean simultaneous connections?

- If you know HTML/JS/CSS you can try combining both JS files into one. And both CSS files into one. Or at least load the jquery from google (or other) CDN.

- then make the img/themes/js/css folders cache for a ~week.
Make a .htaccess with:

Code:

ExpiresActive On
ExpiresByType image/jpeg "access plus 604800 seconds"
ExpiresByType image/png "access plus 604800 seconds"

Header unset ETag
FileETag None

and put it in all of the folders img/themes/js/css (if you already have .htaccess there then just merge).
Check if it works (In some cases you may be getting 500 Internal Server error).
DON'T put it in the main folder.

- then use cloudflare. In combination with the caching you will be able to survive at least 2X the current load.

Finally the main thing is not to forget that the resources are being cached. Don't loose a day in debugging why you upload one image ... and you still see the old one. CTRL+F5 will ignore the browser cache but it will not cause the cloudflare to send you the new image  

Generally that's all that could be done without paying extra $$$.

[FundsMoney]

@NeedIfFindIt - many thanks for the fix

I don't have any advanced web programming skills, so I won't try to merge the js and css files.
However, I started creating the htaccess file as you proposed on each and every image/js/css folders. I guess I ll start to see the results soon.

I have Cloudflare disabled on my cpanel because I experienced some errors in he past (like "resource limit exceeded").
I will re-enable it to see if I get that error again.
Note: Cloudflare I'm getting is the "lite" version. Do I need to apply for a paid subscription ?

[Kazuldur]

@NeedIfFindIt - many thanks for the fix

I have Cloudflare disabled on my cpanel because I experienced some errors in he past (like "resource limit exceeded").
I will re-enable it to see if I get that error again.
Note: Cloudflare I'm getting is the "lite" version. Do I need to apply for a paid subscription ?

Don't use CloudFlare for a faucet if you don't know what you're doing. You'll end up either with a timer shared between many users or users bypassing your timer entirely.

[FundsMoney]

Well, this picture represents me entirely right now - http://i1.kym-cdn.com/photos/images/facebook/000/234/765/b7e.jpg

So... Won't touch Cloudflare, thanks for the heads-up @Kazuldur .
I've made some pageload tests and it seems the speeds are already improved with the fix @NeedifFindit proposed, so I'm sticking with that for the moment.

I will see if the Entry Processes get over 20 again in the following 24h. If not, I owe you a beer @NeedifFindIt .
If the problem still remains, I am going to get a VPS at the end of the month and despite the fact that I will pay 5x more for the host, I think the user experience will be better and the website could handle at least 2-3x the volume I'm already getting.

Best wishes and many thanks everyone.

[NeedIfFindIt]

@NeedIfFindIt - many thanks for the fix

I have Cloudflare disabled on my cpanel because I experienced some errors in he past (like "resource limit exceeded").
I will re-enable it to see if I get that error again.
Note: Cloudflare I'm getting is the "lite" version. Do I need to apply for a paid subscription ?

Don't use CloudFlare for a faucet if you don't know what you're doing. You'll end up either with a timer shared between many users or users bypassing your timer entirely.

True if you don't know what you are doing (actually MF script is able to detect CF but I'm not sure it is bug free).

Plan B is enabling CloudFlare only for a sub-domain and loading the resources from there while the php script is accessed directly (but it is LOL for newbie).

I'm using custom script and have no issues with CloudFlare (free plan). Maybe the only thing I can't detect are the socks proxies.

[Kazuldur]

I'm using custom script and have no issues with CloudFlare (free plan). Maybe the only thing I can't detect are the socks proxies.

I must say that I didn't really check thoroughly, but I see that it's possible to bypass CloudFlare and connect to your server directly and it responds with your faucet. That possibly means that one can simply connect directly to your server, spoof the CF-Connecting-IP header and bypass your timer without using any proxies. Unless you're checking whether the real socket-level connecting ip address (aka REMOTE_ADDR in PHP) matches CloudFlare and only use CF-Connecting-IP then. I recommend you double-checking that

[NeedIfFindIt]

I'm using custom script and have no issues with CloudFlare (free plan). Maybe the only thing I can't detect are the socks proxies.

I must say that I didn't really check thoroughly, but I see that it's possible to bypass CloudFlare and connect to your server directly and it responds with your faucet. That possibly means that one can simply connect directly to your server, spoof the CF-Connecting-IP header and bypass your timer without using any proxies. Unless you're checking whether the real socket-level connecting ip address (aka REMOTE_ADDR in PHP) matches CloudFlare and only use CF-Connecting-IP then. I recommend you double-checking that

Nice point. Thanks for the advice. Direct access is now blocked.

Anyway, I don't believe anybody will waste his time to cheat 4~5 step faucet to get average ~300 satoshi per captcha 

[Kazuldur]

Anyway, I don't believe anybody will waste his time to cheat 4~5 step faucet to get average ~300 satoshi per captcha 

I believe it depends on the captcha . Allegedly there are bots for SolveMedia and Are you a Human captchas, so that plus broken timer means that cheating can be fully automated and that would be quite profitable.

[Werko]

I have also tried with mouse movement and click detection, FingerprintJS, measurement of time, Evaluation of the header, etc.
This everything works not so good. These bots are written especially for your faucet and that is really hard to detect.

Some bots use PhantomJS and thats is pretty good for a bot.

[NeedIfFindIt]

Anyway, I don't believe anybody will waste his time to cheat 4~5 step faucet to get average ~300 satoshi per captcha  

I believe it depends on the captcha . Allegedly there are bots for SolveMedia and Are you a Human captchas, so that plus broken timer means that cheating can be fully automated and that would be quite profitable.

I'm often spitting random JS code to be solved by the browser to detect the bots that know nothing about JS. But I'm not blocking ... just logging ... at the end I have nice list IPs, addresses and the method of abuse. Ofc this does not help for the JS capable ones.

The deal is not to stay with the "default" faucet script. Even adding one little extra custom protection will add extra hour for the abuser to change his bot (or he will move to the next unprotected one).

Anyway I don't see difference between "before" and "after" I stopped the direct access ... so probably I was the lucky one.

But I have another issue. Sometimes (when under heavy load) FaucetBox (CloudFlare) returns 522 (timeout) but actually sends the amount. Sometimes it returns 522 and does not send the amount. Since in this situation I'm not deduction the amount a user having 10000 satoshi could wait when FaucetBox become sluggish (this happens 5-10 times a day for 2-3 minutes) and try to cashout multiple times taking 20~100k.

I suppose I'll have to disable the cashout for 5 minutes for all users once I get error.

[elm]

maybe this could give some ideas regarding bot spotting
http://stackoverflow.com/questions/2717599/defeating-a-poker-bot

just please dont kill if not