A guide for building Xapo faucets + download script

coin_curious

full member

Activity: 409

Merit: 103

Quote from: bitmedia on July 24, 2019, 01:46:02 AM

@Gifted

Thanks for your support and putting us in your list, it’s much appreciated!

wow! this is just funny. nearly 3 years later..

Maybe update bitmedia than, eh?. They do chargebacks on publishers. Before you know it your balance suddenly is -0.015 BTC.

bitmedia

full member

Activity: 291

Merit: 100

BitMedia.IO

@Gifted

Thanks for your support and putting us in your list, it’s much appreciated!

ahhuan

newbie

Activity: 1

Merit: 0

Hi Gifted,

I do not understand where have gone wrong in installing the script.

I did as per instructed, changing all the required values. However upon claiming the faucet using xapo email(not the same email which contact the xapo app), nothing happens. There is no error message. Upon checking my main xapo account, there is no transaction made at all.

Please help, http://rsclix.com

Gifted

hero member

Activity: 504

Merit: 501

Bump

arcanaaerobics

sr. member

Activity: 364

Merit: 250

Quote from: Moedas on November 11, 2016, 03:32:57 PM

My Xapo Faucet. For those who want to add XAPO rotator. http://www.lavajato.top

Lava jato! HUEHUEbr

You should use some anti adblock script and make something with the site design, you can start removing the "Admin Panel" link.

Moedas

hero member

Activity: 670

Merit: 511

My Xapo Faucet. For those who want to add XAPO rotator. http://www.lavajato.top

Gifted

hero member

Activity: 504

Merit: 501

I want everyone to know this script has not been hacked.... there is a security flaw with xapo not this script !

Gifted

hero member

Activity: 504

Merit: 501

Quote from: Newcoins2020 on July 20, 2016, 04:46:40 PM

Quote from: Gifted on July 20, 2016, 04:26:55 PM

Bump

Hi mate, I contacted you some time ago. The installation went stuck with the xapo hash. I tried many things but I was not able to get it to work.
So I used the faucetbox script. Will there be a fix for this script?

Hash key is just random 32 characters random you can just type a 32 character hash or look in the manual and it gives a website to make it for free. if you still have a problem i will make you one and you can change a few letters

Newcoins2020

sr. member

Activity: 406

Merit: 250

Quote from: Gifted on July 20, 2016, 04:26:55 PM

Bump

Hi mate, I contacted you some time ago. The installation went stuck with the xapo hash. I tried many things but I was not able to get it to work.
So I used the faucetbox script. Will there be a fix for this script?

Gifted

hero member

Activity: 504

Merit: 501

Bump

Gifted

hero member

Activity: 504

Merit: 501

Put this where i had the old proxy code and change email in the code
I just modified the code So people can go to site but not claim or they get another screen

Code:

//We do not allow proxy here
 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("It would apprear you're using a proxy, so please, go fuck yourself!");

function checkProxy($ip){
		$contactEmail="[email protected]";
		$timeout=3; 
		$banOnProability=0.99;
		
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
		curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");
		$response=curl_exec($ch);
		
		curl_close($ch);
		
		
		if ($response > $banOnProability) {
				return true;
		} else {
			if ($response < 0 || strcmp($response, "") == 0 ) {
				//The server returned an error, you might want to do something
				//like write to a log file or email yourself
				//This could be true due to an invalid input or you've exceeded
				//the number of allowed queries. Figure out why this is happening
				//because you aren't protected by the system anymore
				//Leaving this section blank is dangerous because you assume
				//that you're still protected, which is incorrect
				//and you might think GetIPIntel isn't accurate anymore
				//which is also incorrect.
				//failure to implement error handling is bad for the both of us
			}
				return false;
		}
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy($ip)) {
	echo "It would appear you're using a proxy, so please, go fuck yourself 
";
}

change you htaccess to this instead

Code:

# Block Proxy
#5
RewriteCond %{HTTP:X_HTTP_BRAZIL_FORWARDED_FOR} !^$ [OR]
#5
RewriteCond %{HTTP:HTTP_X_BRAZIL_FORWARDED_FOR} !^$ [OR]
#4
RewriteCond %{HTTP:X_HTTP_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:X_HTTP_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:X_HTTP_XROXY_ID}             !^$ [OR]
#4
RewriteCond %{HTTP:FORWARDED_HTTP_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR_IP}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR}         !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED_FOR}        !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_CONNECTION}     !^$ [OR]
RewriteCond %{HTTP:HTTP_X_PROXY_ID}             !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XPROXY_ID}            !^$ [OR]
RewriteCond %{HTTP:HTTP_X_XROXY_ID}             !^$ [OR]
#3
RewriteCond %{HTTP:X_FORWARDED_FOR}             !^$ [OR]
RewriteCond %{HTTP:X_HTTP_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:X_PROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_PROXY_ID}                  !^$ [OR]
RewriteCond %{HTTP:X_USERAGENT_VIA}             !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_CONNECTION}         !^$ [OR]
RewriteCond %{HTTP:X_XPROXY_ID}                 !^$ [OR]
RewriteCond %{HTTP:X_XROXY_CONNECTION}          !^$ [OR]
RewriteCond %{HTTP:X_XROXY_ID}                  !^$ [OR]
#3
RewriteCond %{HTTP:CLIENT_HTTP_IP}              !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP}            !^$ [OR]
RewriteCond %{HTTP:FORWARDED_HTTP_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}              !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED_FOR}          !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_USERAGENT_VIA}          !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY_ID}              !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY_ID}               !^$ [OR]
RewriteCond %{HTTP:HTTP_X_FORWARDED}            !^$ [OR]
RewriteCond %{HTTP:PC_REMOTE_ADDR}              !^$ [OR]
RewriteCond %{HTTP:PROXY_HTTP_CONNECTION}       !^$ [OR]
RewriteCond %{HTTP:USERAGENT_HTTP_VIA}          !^$ [OR]
RewriteCond %{HTTP:XPROXY_HTTP_CONNECTION}      !^$ [OR]
RewriteCond %{HTTP:XROXY_HTTP_CONNECTION}       !^$ [OR]
#2
RewriteCond %{HTTP:X_FORWARDED}                 !^$ [OR]
RewriteCond %{HTTP:X_PROXY}                     !^$ [OR]
RewriteCond %{HTTP:X_XPROXY}                    !^$ [OR]
RewriteCond %{HTTP:X_XROXY}                     !^$ [OR]
#2
RewriteCond %{HTTP:CLIENT_IP}                   !^$ [OR]
RewriteCond %{HTTP:FORWARDED_FOR}               !^$ [OR]
RewriteCond %{HTTP:HTTP_FORWARDED}              !^$ [OR]
RewriteCond %{HTTP:HTTP_PROXY}                  !^$ [OR]
RewriteCond %{HTTP:HTTP_VIA}                    !^$ [OR]
RewriteCond %{HTTP:HTTP_XPROXY}                 !^$ [OR]
RewriteCond %{HTTP:HTTP_XROXY}                  !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:PROXY_ID}                    !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}               !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}           !^$ [OR]
RewriteCond %{HTTP:XPROXY_ID}                   !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION}            !^$ [OR]
RewriteCond %{HTTP:XROXY_ID}                    !^$ [OR]
#1
RewriteCond %{HTTP:FORWARDED}                   !^$ [OR]
RewriteCond %{HTTP:PROXY}                       !^$ [OR]
RewriteCond %{HTTP:USERAGENT}                   !^$ [OR]
RewriteCond %{HTTP:VIA}                         !^$ [OR]
RewriteCond %{HTTP:XPROXY}                      !^$ [OR]
RewriteCond %{HTTP:XROXY}                       !^$ [OR]
RewriteRule ^(.*)$ – [F]


    AddType text/css .css
    AddType text/x-component .htc
    AddType application/x-javascript .js
    AddType application/javascript .js2
    AddType text/javascript .js3
    AddType text/x-js .js4
    AddType text/html .html .htm
    AddType text/richtext .rtf .rtx
    AddType image/svg+xml .svg .svgz
    AddType text/plain .txt
    AddType text/xsd .xsd
    AddType text/xsl .xsl
    AddType text/xml .xml
    AddType video/asf .asf .asx .wax .wmv .wmx
    AddType video/avi .avi
    AddType image/bmp .bmp
    AddType application/java .class
    AddType video/divx .divx
    AddType application/msword .doc .docx
    AddType application/vnd.ms-fontobject .eot
    AddType application/x-msdownload .exe
    AddType image/gif .gif
    AddType application/x-gzip .gz .gzip
    AddType image/x-icon .ico
    AddType image/jpeg .jpg .jpeg .jpe
    AddType application/json .json
    AddType application/vnd.ms-access .mdb
    AddType audio/midi .mid .midi
    AddType video/quicktime .mov .qt
    AddType audio/mpeg .mp3 .m4a
    AddType video/mp4 .mp4 .m4v
    AddType video/mpeg .mpeg .mpg .mpe
    AddType application/vnd.ms-project .mpp
    AddType application/x-font-otf .otf
    AddType application/vnd.ms-opentype .otf
    AddType application/vnd.oasis.opendocument.database .odb
    AddType application/vnd.oasis.opendocument.chart .odc
    AddType application/vnd.oasis.opendocument.formula .odf
    AddType application/vnd.oasis.opendocument.graphics .odg
    AddType application/vnd.oasis.opendocument.presentation .odp
    AddType application/vnd.oasis.opendocument.spreadsheet .ods
    AddType application/vnd.oasis.opendocument.text .odt
    AddType audio/ogg .ogg
    AddType application/pdf .pdf
    AddType image/png .png
    AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
    AddType audio/x-realaudio .ra .ram
    AddType application/x-shockwave-flash .swf
    AddType application/x-tar .tar
    AddType image/tiff .tif .tiff
    AddType application/x-font-ttf .ttf .ttc
    AddType application/vnd.ms-opentype .ttf .ttc
    AddType audio/wav .wav
    AddType audio/wma .wma
    AddType application/vnd.ms-write .wri
    AddType application/font-woff .woff
    AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
    AddType application/zip .zip


    ExpiresActive On
    ExpiresByType text/css A31536000
    ExpiresByType text/x-component A31536000
    ExpiresByType application/x-javascript A31536000
    ExpiresByType application/javascript A31536000
    ExpiresByType text/javascript A31536000
    ExpiresByType text/x-js A31536000
    ExpiresByType text/html A3600
    ExpiresByType text/richtext A3600
    ExpiresByType image/svg+xml A3600
    ExpiresByType text/plain A3600
    ExpiresByType text/xsd A3600
    ExpiresByType text/xsl A3600
    ExpiresByType text/xml A3600
    ExpiresByType video/asf A31536000
    ExpiresByType video/avi A31536000
    ExpiresByType image/bmp A31536000
    ExpiresByType application/java A31536000
    ExpiresByType video/divx A31536000
    ExpiresByType application/msword A31536000
    ExpiresByType application/vnd.ms-fontobject A31536000
    ExpiresByType application/x-msdownload A31536000
    ExpiresByType image/gif A31536000
    ExpiresByType application/x-gzip A31536000
    ExpiresByType image/x-icon A31536000
    ExpiresByType image/jpeg A31536000
    ExpiresByType application/json A31536000
    ExpiresByType application/vnd.ms-access A31536000
    ExpiresByType audio/midi A31536000
    ExpiresByType video/quicktime A31536000
    ExpiresByType audio/mpeg A31536000
    ExpiresByType video/mp4 A31536000
    ExpiresByType video/mpeg A31536000
    ExpiresByType application/vnd.ms-project A31536000
    ExpiresByType application/x-font-otf A31536000
    ExpiresByType application/vnd.ms-opentype A31536000
    ExpiresByType application/vnd.oasis.opendocument.database A31536000
    ExpiresByType application/vnd.oasis.opendocument.chart A31536000
    ExpiresByType application/vnd.oasis.opendocument.formula A31536000
    ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
    ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
    ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
    ExpiresByType application/vnd.oasis.opendocument.text A31536000
    ExpiresByType audio/ogg A31536000
    ExpiresByType application/pdf A31536000
    ExpiresByType image/png A31536000
    ExpiresByType application/vnd.ms-powerpoint A31536000
    ExpiresByType audio/x-realaudio A31536000
    ExpiresByType image/svg+xml A31536000
    ExpiresByType application/x-shockwave-flash A31536000
    ExpiresByType application/x-tar A31536000
    ExpiresByType image/tiff A31536000
    ExpiresByType application/x-font-ttf A31536000
    ExpiresByType application/vnd.ms-opentype A31536000
    ExpiresByType audio/wav A31536000
    ExpiresByType audio/wma A31536000
    ExpiresByType application/vnd.ms-write A31536000
    ExpiresByType application/font-woff A31536000
    ExpiresByType application/vnd.ms-excel A31536000
    ExpiresByType application/zip A31536000


    
        Header append Vary User-Agent env=!dont-vary
    
        AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
    
        # DEFLATE by extension
        AddOutputFilter DEFLATE js css htm html xml
    


    FileETag MTime Size
  







# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript



    ExpiresActive on
    ExpiresByType text/css "access plus 60 days"
    ExpiresByType text/javascript "access plus 60 days"
    ExpiresByType image/ico "access plus 60 days"
    ExpiresByType image/jpg "access plus 60 days"
    ExpiresByType image/jpeg "access plus 60 days"
    ExpiresByType image/gif "access plus 60 days"
    ExpiresByType image/png "access plus 60 days"
    ExpiresByType text/css "access plus 60 days"
    ExpiresByType text/html "access plus 60 days"

alfaboy23

hero member

Activity: 546

Merit: 500

I PMed you sir.

By the way, this is the sucker stealing my Xapo bits:

I have to block the IP addresses in Indonesian country on my faucet because of him.
Problem is, my ISP is also blocked, I think my ISP is getting a resources from that country, dang.

Gifted

hero member

Activity: 504

Merit: 501

If you download this please ask me for the security update

Gifted

hero member

Activity: 504

Merit: 501

Quote from: alfaboy23 on June 15, 2016, 07:28:45 PM

My experience is the same with this:

https://bitcointalk.org/index.php?topic=1301917.80

Although that thread is five months ago, I think the trick is still alive, since the script from destinybogan was last updated on 2015, it hasn't patched yet.

For now I'm relying on .htaccess while I'm finding a way how to protect from SQL injection and hacking.

I have fixed the security flaw message me for details

alfaboy23

hero member

Activity: 546

Merit: 500

My experience is the same with this:

https://bitcointalk.org/index.php?topic=1301917.80

Although that thread is five months ago, I think the trick is still alive, since the script from destinybogan was last updated on 2015, it hasn't patched yet.

For now I'm relying on .htaccess while I'm finding a way how to protect from SQL injection and hacking.

Gifted

hero member

Activity: 504

Merit: 501

Quote from: alfaboy23 on June 15, 2016, 04:42:07 AM

I got a bot yesterday, and it hit me hard.

Despite of having a maximum of 700 satoshis configured on my faucet, the bot claimed 1,000 to 10,000 satoshis yesterday.

IP address is: 39.248.108.96 and 109.193.194.27

some how they are accessing your faucet, when i first got the faucet i was hacked and upgraded to the new faucet with better security and it never happened again but i might have gave you the wrong copy... go here and get the latest to make sure https://github.com/destinybogan/Faucet-Builder

How are they claiming 8 times times in a row??? i would be surprised if the are doing some kind of sql injection but the faucet has security for that in the code.

I was getting robbed this morning at 630 Am when i looked and to shut off faucet until i can figure out how to stop them. The thing is there is always someone smarter then you or me and we just have to deal with it accordingly. one kick in the ass is one step forward!

I plan on updating this script in the download when i can.

alfaboy23

hero member

Activity: 546

Merit: 500

I got a bot yesterday, and it hit me hard.

Despite of having a maximum of 700 satoshis configured on my faucet, the bot claimed 1,000 to 10,000 satoshis yesterday.

IP address is: 39.248.108.96 and 109.193.194.27

Gifted

hero member

Activity: 504

Merit: 501

Many new Xapo faucets being made with this package and its free!

Gifted

hero member

Activity: 504

Merit: 501

bump for the noobs Cool

Gifted

hero member

Activity: 504

Merit: 501

Quote from: Newcoins2020 on June 11, 2016, 11:21:00 AM

Quote from: Gifted on June 11, 2016, 11:08:43 AM

Quote from: Newcoins2020 on June 11, 2016, 11:06:20 AM

Hi Gifted,

I installed the faucet script on my domain but it seems to be stuck. It keeps giving an error while i checked and double check the APP id? What could be the problem?
I've sent an email to the developers of XAPO, but no response yet (4 days has passed).

What is the error saying? if you are testing with your email or btc address of the same account as the app ID it will give you and error.

Thanks for getting back at me.

The error I get is:
Either the App token or Hash are invalid

I've tested it with 3 different bitcoin addresses and even changed he hash a few time (32 digits)

Did you put a hash key in config? the instructions came with a generator for hash key if your having problems ill give you one to use

use this one ZgWIRBsarthKx2m9J3ouDhXMvxtcIdQW just change a few letters but make sure its cap if needs to be. if that doesnt work i will have to help you setting up your app key correctly

Topic: A guide for building Xapo faucets + download script (Read 9227 times)