I have a few web security tips and anti-farming precautions you should take.
1. Spend lots of time finding ways trying to find loopholes in the countdown timer, then patch them. Better you than anyone else finding these loopholes.
2. Use good captchas, like reCaptcha or one of those interactive ones
3. Understand that there will always be bots on your site, trying to get in, and try to keep beating them.
Topic: Attempting to code a Bitcoin Faucet... (Read 918 times)
In order for you to be successful you will need an area in admin to ban ip's and if you go with Xapo too, email ban as well, also need a temporary email ban code. A payout weekly. log in + md5 encryption for passwords for log in.
Regarding the detection system, it will need different APIs to check whether the IP is blacklisted on known SPAM list such as stopforumspam.
It also needs the Nastyhost API which was made by Kazaldur, the administrator of Faucetbox.
As you know most faucet owners experienced problems with Bots. Most bots are hosted on Hosting or use IPS of Server Hosting which banning ISP is very useful in this case.
Make sure your SQL is SQL injection Protected
Regarding the detection system, it will need different APIs to check whether the IP is blacklisted on known SPAM list such as stopforumspam.
It also needs the Nastyhost API which was made by Kazaldur, the administrator of Faucetbox.
As you know most faucet owners experienced problems with Bots. Most bots are hosted on Hosting or use IPS of Server Hosting which banning ISP is very useful in this case.
Make sure your SQL is SQL injection Protected
Thanks a lot for replying 
Those are all good points, I'll definitely keep them in mind! To your specific points:
-Are there are any specific tools you'd recommend for the purpose of tracking/blocking IP's/ranges?
-I'm only mildly familiar with Ajax. I assume your point was that if I construct my timer mechanisms sloppily or in a way that is visible or able to be manipulated, that would obviously be a vulnerability (especially if I WAS doing automatic payments, which I honestly think I'd be too scared to do, at least at first, as you said). If anyone feels like explaining this (I can just Google it, of course), what characteristics of Ajax in particular make it a concern? But, as I said I'm sure there are lots of sites explaining how to implement a secure timer.
Based on your recommendations I think I could construct it sooner than I thought...I've since learned that at least some of the functionality I was puzzled about before is accomplished through things like the blockchain API, etc. But I think I'm going to finish up with JQuery and go through some in-depth PHP courses before proceeding. Thanks again!
Those are all good points, I'll definitely keep them in mind! To your specific points:-Are there are any specific tools you'd recommend for the purpose of tracking/blocking IP's/ranges?
-I'm only mildly familiar with Ajax. I assume your point was that if I construct my timer mechanisms sloppily or in a way that is visible or able to be manipulated, that would obviously be a vulnerability (especially if I WAS doing automatic payments, which I honestly think I'd be too scared to do, at least at first, as you said). If anyone feels like explaining this (I can just Google it, of course), what characteristics of Ajax in particular make it a concern? But, as I said I'm sure there are lots of sites explaining how to implement a secure timer.
Based on your recommendations I think I could construct it sooner than I thought...I've since learned that at least some of the functionality I was puzzled about before is accomplished through things like the blockchain API, etc. But I think I'm going to finish up with JQuery and go through some in-depth PHP courses before proceeding. Thanks again!
I give you my 2 cents
-do not make payments automatic if you are not experienced
-track IPs to avoid fake referrals and filter TOR network
-consider to alternate captchas http://www.deathbycaptcha.com/user/login as you can see here the new recaptcha is possible to solve
-make timers and avoid an abuse of ajax
-consider to pay your users if they share your website on social networks
-do not force them to register
-do not make payments automatic if you are not experienced
-track IPs to avoid fake referrals and filter TOR network
-consider to alternate captchas http://www.deathbycaptcha.com/user/login as you can see here the new recaptcha is possible to solve
-make timers and avoid an abuse of ajax
-consider to pay your users if they share your website on social networks
-do not force them to register
Hi guys, I'm currently operating a site which is basically a Faucet-list with some other stuff, I keep up a thread in the micro-earnings section about it. It started as a pet project and I'm sort of using it as a way to teach myself various coding languages, starting with HTML/CSS. Now, I'm exploring the possibility of creating an actual faucet or faucet-game within my site, as I branch out into JS, JQuery, PHP, MySQL, etc. (I know the first step will be to have a working knowledge of all of these, and I've been coming along well if I may say so myself). But I would definitely love some input from a much more experienced community!
My vision would be to have these kinds of features:
- An accumulate-by-the-minute generator which really just counts numbers until the user clicks to collect
- I'm leaning towards a minimum balance system that pays out...well, basically as often as I get around to it, but it seems like the largest threat to these kinds of sites is automations of some kind and I'd really feel better about the ability to not lose anything to obvious bots, etc.
- I think I'd prefer to pay out to FaucetBOX, but if I DO go with the minimum balance setup, is there any reason not to just send directly to wallets?
- A "booster" that a user can activate which increases the speed of the generator briefly (similar to cetobeto or the old Donaldcoin sites).
- Of course, a referral system!
- As much security from bots as I can reasonably achieve without having to create a user login/password database. (Unless this is really worth doing?)
- The faucet page to be consistent stylistically with the rest of my site, hence my reluctance to use pre-packaged scripts (plus, what would I learn then?) site is www.cryptocan.ca for your consideration.
I guess my specific questions would be:
-Just how far out of my depth am I, here? I'm sure someone will point out that my site right now is built in childishly simplistic HTML/CSS. But I'm pretty comfortable with those languages and now I'd say with JavaScript as well. I'm in the process of learning JQuery, which seems much simpler after the long JS tutorial. But after that, which one should I tackle next? Is there something I need only a working knowledge of, as opposed to others that I should really nail down before working with? The more I learn about JQuery and PHP the more it seems like I should have picked those up before putting anything on the Internet at all :p
-Outside of what I'd find in typical tutorial video series, are there any other fields specifically related to Bitcoin Faucets that you'd recommend I learn about? For instance, from all that I've learned, one thing I'd have no idea how to do is actually send the payments through the site (assuming I had no minimum balance and my faucet paid FaucetBOX instantly) . Like, how to actually contact and manipulate what I assume must be other url's in some form, which of the coding trees am I barking up, here?
Thanks a lot to anyone who takes the time to respond to this, I know I asked a lot and I've got a long way to go (I certainly don't think I'm going to have this up and running sometime next week!). I'm willing to learn this stuff the real way, I don't want anyone to build my faucet for me. But, if anyone's reading this thinking "The important thing this guy should know is --", then that's exactly what I'm looking for! Thanks again.
My vision would be to have these kinds of features:
- An accumulate-by-the-minute generator which really just counts numbers until the user clicks to collect
- I'm leaning towards a minimum balance system that pays out...well, basically as often as I get around to it, but it seems like the largest threat to these kinds of sites is automations of some kind and I'd really feel better about the ability to not lose anything to obvious bots, etc.
- I think I'd prefer to pay out to FaucetBOX, but if I DO go with the minimum balance setup, is there any reason not to just send directly to wallets?
- A "booster" that a user can activate which increases the speed of the generator briefly (similar to cetobeto or the old Donaldcoin sites).
- Of course, a referral system!
- As much security from bots as I can reasonably achieve without having to create a user login/password database. (Unless this is really worth doing?)
- The faucet page to be consistent stylistically with the rest of my site, hence my reluctance to use pre-packaged scripts (plus, what would I learn then?) site is www.cryptocan.ca for your consideration.
I guess my specific questions would be:
-Just how far out of my depth am I, here? I'm sure someone will point out that my site right now is built in childishly simplistic HTML/CSS. But I'm pretty comfortable with those languages and now I'd say with JavaScript as well. I'm in the process of learning JQuery, which seems much simpler after the long JS tutorial. But after that, which one should I tackle next? Is there something I need only a working knowledge of, as opposed to others that I should really nail down before working with? The more I learn about JQuery and PHP the more it seems like I should have picked those up before putting anything on the Internet at all :p
-Outside of what I'd find in typical tutorial video series, are there any other fields specifically related to Bitcoin Faucets that you'd recommend I learn about? For instance, from all that I've learned, one thing I'd have no idea how to do is actually send the payments through the site (assuming I had no minimum balance and my faucet paid FaucetBOX instantly) . Like, how to actually contact and manipulate what I assume must be other url's in some form, which of the coding trees am I barking up, here?
Thanks a lot to anyone who takes the time to respond to this, I know I asked a lot and I've got a long way to go (I certainly don't think I'm going to have this up and running sometime next week!). I'm willing to learn this stuff the real way, I don't want anyone to build my faucet for me. But, if anyone's reading this thinking "The important thing this guy should know is --", then that's exactly what I'm looking for! Thanks again.
Jump to: