Author

Topic: FaucetBOX.com Discussion - page 105. (Read 237020 times)

legendary
Activity: 1288
Merit: 1000
November 02, 2015, 01:08:37 PM
Dashboard not working. Like see payouts or faucet stats.
sr. member
Activity: 350
Merit: 250
November 02, 2015, 12:38:23 PM
I friend, if I put the torlist.txt in the index should activate the Nastyhost?
foreach (file('torlist.txt') as $torIP) {
If (getIP () == trim ($torIP)) {
banned();
}
}
Greetings thank you.
The Tor list and NastyHosts both achieve different purposes. You should have both.
Also. I fixed your code. You only need the opening brace '{' on lines 1 and 2, not both braces.
OK thanks, seems that the code was changed when I put it here.
Then I activate Nastyhost to run the torlist?

Friend... you can do this way:

Code:
// Put your site IP bellow (you can ping your URL to get the IP)
$mySiteIp = '111.111.111.111'

//Get the visitor IP
$ip=$_SERVER['REMOTE_ADDR'];

//get the list of nodes that can achieve your site
$torList = file_get_contents("https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$mySiteIp&port=80");

//remove your IP address from the list. It is listed in the file header.
$torList = str_replace((string)$mySiteIp,"",$torList);

//check if the visitor IP is in the TOR list
if ((strpos((string)$torList, (string)$ip)) !== false)
{
banned();
}
Thank you, this we put it in the index.php instead torlist?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
November 02, 2015, 12:32:08 PM
How would you do it?
It is that I have the full IPS htaccess
Personally I would keep on checks like NastyHosts and keep the minority of real people that are blacklisted wouldn't be able to access the faucet. I cannot imagine there being a safe way to prove that you are an owner of a real IP for whitelisting, and not just a bot owner asking for his bot to be unblocked.
However, I am not a faucet owner and I'm only speaking from what I have read and my own judgement. You would be better perhaps asking other owners of major faucets how they keep away bots and such.

No problem.

You were just trying to help.

Both of us learn with these tests. Smiley
Thank you for being understanding.

sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
November 02, 2015, 12:27:30 PM
I am talking about this code:

Code:
if(strpos('abcdefghijklmnopqrstuvwxyz', 'hello') !== false){
     //executable code
}

It isn't returning true as you suggested. Th code inside the if does't execute.
In that case, I may have made a mistake and mixed it up with another function. My apologies.

E: Yes, I am incorrect about strpos. My greatest apologies.

No problem.

You were just trying to help.

Both of us learn with these tests. Smiley

sr. member
Activity: 350
Merit: 250
November 02, 2015, 12:23:50 PM
That is the bad thing, apparently Nastyhost can block legitimate ips.
Is there no way to use the Tor ip only?
I expect that it is a very low chance of doing so. You can use the Tor test without NastyHosts by not turning it on, as the Tor checker runs separately. I wouldn't advise it though, as your faucet would be less secure.
How would you do it?
It is that I have the full IPS htaccess
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
November 02, 2015, 12:18:45 PM
Hi guys do you have any anti script? I need anti proxy anti vpn and anti bot.. for my faucet can you share few script guys?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
November 02, 2015, 12:17:09 PM
That is the bad thing, apparently Nastyhost can block legitimate ips.
Is there no way to use the Tor ip only?
I expect that it is a very low chance of doing so. You can use the Tor test without NastyHosts by not turning it on, as the Tor checker runs separately. I wouldn't advise it though, as your faucet would be less secure.
sr. member
Activity: 350
Merit: 250
November 02, 2015, 12:12:53 PM
Yes, that I know it, but from the Faucetina panel must enable Nastyhost so both are running?
Yeah, you should definitely have NastyHosts on in the FaucetInABox admin panel. Apologies, I seem to have misunderstood you.
That is the bad thing, apparently Nastyhost can block legitimate ips.
Is there no way to use the Tor ip only?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
November 02, 2015, 12:11:11 PM
I am talking about this code:

Code:
if(strpos('abcdefghijklmnopqrstuvwxyz', 'hello') !== false){
     //executable code
}

It isn't returning true as you suggested. Th code inside the if does't execute.
In that case, I may have made a mistake and mixed it up with another function. My apologies.

E: Yes, I am incorrect about strpos. My greatest apologies.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
November 02, 2015, 12:05:43 PM
Well...

I just created a php file with you example above and installed it into my host.

A did run the php file and it doesn't execute the code inside the if.

Are you sure that your example returns true?
Almost none of my codes posted here are tested and are just from the top of my head. They should be used as a guideline if nothing else.

Which part of the If are you talking about? The one in the foreach loop? Could you do a var_dump of the IP given by the explode+str_replace method and some of the TOR ips the foreach loop returns?

I am talking about this code:

Code:
if(strpos('abcdefghijklmnopqrstuvwxyz', 'hello') !== false){
     //executable code
}

It isn't returning true as you suggested. Th code inside the if does't execute.

However now I'm logging the recently banned IPs from my site. Then I will check if some false positive is occurring because of the strpos().
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
November 02, 2015, 12:01:57 PM
Yes, that I know it, but from the Faucetina panel must enable Nastyhost so both are running?
Yeah, you should definitely have NastyHosts on in the FaucetInABox admin panel. Apologies, I seem to have misunderstood you.
sr. member
Activity: 350
Merit: 250
November 02, 2015, 11:59:11 AM
OK thanks, seems that the code was changed when I put it here.
Then I activate Nastyhost to run the torlist?
The Tor list and NastyHosts are two seperate services. The Tor list stops Tor only stops Tor, whereas NastyHosts stops malicious hostnames and other things.
Yes, that I know it, but from the Faucetina panel must enable Nastyhost so both are running?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
November 02, 2015, 11:57:50 AM
Well...

I just created a php file with you example above and installed it into my host.

A did run the php file and it doesn't execute the code inside the if.

Are you sure that your example returns true?
Almost none of my codes posted here are tested and are just from the top of my head. They should be used as a guideline if nothing else.

Which part of the If are you talking about? The one in the foreach loop? Could you do a var_dump of the IP given by the explode+str_replace method and some of the TOR ips the foreach loop returns?
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
November 02, 2015, 11:49:07 AM
I'm using the strpos because I'm printing more than just the IP per line. I use a tag to identify what layer of my agorithm blocked the IP.

It is something like this: LAYER1 - BLOECKED_IP\n

Then.. strpos is working well for me in this format.
I can understand what you mean, and if it works well for you then there is little point to change it. However, I was just pointing out that strpos can return incorrect strings under certain circumstances. If you're not too worried about a fairly small amount of real users not being able to access your site there is no need to change your code.

If you really wanted to change it though, you could probably just use explode and str_replace to get the IP alone. Something like this:
Code:
$explodedStr = explode(' ', 'LAYER1 - BLOECKED_IP\n');
$finalIP = str_replace("\n", '', $explodedStr);
Obviously it will probably need some tinkering as in my experience these sorts of things never tend to work first time, though you could probably hack around it if you needed to.

Well...

I just created a php file with you example above and installed it into my host.

A did run the php file and it doesn't execute the code inside the if.

Are you sure that your example returns true?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
November 02, 2015, 10:58:02 AM
I'm using the strpos because I'm printing more than just the IP per line. I use a tag to identify what layer of my agorithm blocked the IP.

It is something like this: LAYER1 - BLOECKED_IP\n

Then.. strpos is working well for me in this format.
I can understand what you mean, and if it works well for you then there is little point to change it. However, I was just pointing out that strpos can return incorrect strings under certain circumstances. If you're not too worried about a fairly small amount of real users not being able to access your site there is no need to change your code.

If you really wanted to change it though, you could probably just use explode and str_replace to get the IP alone. Something like this:
Code:
$explodedStr = explode(' ', 'LAYER1 - BLOECKED_IP\n');
$finalIP = str_replace("\n", '', $explodedStr);
Obviously it will probably need some tinkering as in my experience these sorts of things never tend to work first time, though you could probably hack around it if you needed to.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
November 02, 2015, 10:53:57 AM
Friend... you can do this way:

Code:
snip
This seems like a much better way to do it in fact. Though, there are a few modifications I would like to make.
Firstly, the Server IP doesn't have to be inputted manually, and it maybe a pain if the server's IP is dynamic. You can probably just use $_SERVER['SERVER_ADDR']; as a replacement.

Secondly, AFAIK strpos is a really bad way to detect other IPs as it could return false positives. For example, if this is executed:
Code:
if(strpos('abcdefghijklmnopqrstuvwxyz', 'hello') !== false){
     //executable code
}
It will run the code inside as the characters in the string 'hello' are within the alphabet, regardless of the order. A better way to go about searching the list would be to turn it into an array and use a foreach loop. You can probably go about doing this by using code similar to this:
Code:
foreach(explode("\n", $torList) as $torIP){
     if($torIP == $ip){
          banned();
     }
}
This code splits the list by every new line and cycles through it, trying to match every IP in the list with the current user's IP. If it finds a match, it bans the user.

Thank you for these improvments.

I'm using the strpos because I'm printing more than just the IP per line. I use a tag to identify what layer of my agorithm blocked the IP.

It is something like this: LAYER1 - BLOECKED_IP\n

Then.. strpos is working well for me in this format.
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
November 02, 2015, 10:49:33 AM
Friend... you can do this way:

Code:
snip
This seems like a much better way to do it in fact. Though, there are a few modifications I would like to make.
Firstly, the Server IP doesn't have to be inputted manually, and it maybe a pain if the server's IP is dynamic. You can probably just use $_SERVER['SERVER_ADDR']; as a replacement.

Secondly, AFAIK strpos is a really bad way to detect other IPs as it could return false positives. For example, if this is executed:
Code:
if(strpos('abcdefghijklmnopqrstuvwxyz', 'hello') !== false){
     //executable code
}
It will run the code inside as the characters in the string 'hello' are within the alphabet, regardless of the order. A better way to go about searching the list would be to turn it into an array and use a foreach loop. You can probably go about doing this by using code similar to this:
Code:
foreach(explode("\n", $torList) as $torIP){
     if($torIP == $ip){
          banned();
     }
}
This code splits the list by every new line and cycles through it, trying to match every IP in the list with the current user's IP. If it finds a match, it bans the user.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
November 02, 2015, 10:48:51 AM
I friend, if I put the torlist.txt in the index should activate the Nastyhost?
foreach (file('torlist.txt') as $torIP) {
If (getIP () == trim ($torIP)) {
banned();
}
}
Greetings thank you.
The Tor list and NastyHosts both achieve different purposes. You should have both.
Also. I fixed your code. You only need the opening brace '{' on lines 1 and 2, not both braces.
OK thanks, seems that the code was changed when I put it here.
Then I activate Nastyhost to run the torlist?

Friend... you can do this way:

Code:
// Put your site IP bellow ( you can ping wour URL to get the IP)
$myIp = '111.111.111.111'

//Get the visitor IP
$ip=$_SERVER['REMOTE_ADDR'];

//get the list of nodes that can achiveve your site
$torList = file_get_contents("https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$myIp&port=80");

//remove your IP address from the list. It is listed in the fle header.
$torList = str_replace((string)$myIp,"",$torList);

//check if the visitor IP is in the TOR list
if ((strpos((string)$torList, (string)$ip)) !== false)
{
banned();
}
Does that really work? I am on mobile and cannot test it right now.

Yes. I am using this.

At really this is a little part of my security algorithm. I have a 6 layers barrier to block th access of scammers to my faucet.

This is one os these layers.

Of course it works fine.
hero member
Activity: 686
Merit: 500
November 02, 2015, 10:32:06 AM
I friend, if I put the torlist.txt in the index should activate the Nastyhost?
foreach (file('torlist.txt') as $torIP) {
If (getIP () == trim ($torIP)) {
banned();
}
}
Greetings thank you.
The Tor list and NastyHosts both achieve different purposes. You should have both.
Also. I fixed your code. You only need the opening brace '{' on lines 1 and 2, not both braces.
OK thanks, seems that the code was changed when I put it here.
Then I activate Nastyhost to run the torlist?

Friend... you can do this way:

Code:
// Put your site IP bellow ( you can ping wour URL to get the IP)
$myIp = '111.111.111.111'

//Get the visitor IP
$ip=$_SERVER['REMOTE_ADDR'];

//get the list of nodes that can achiveve your site
$torList = file_get_contents("https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$myIp&port=80");

//remove your IP address from the list. It is listed in the fle header.
$torList = str_replace((string)$myIp,"",$torList);

//check if the visitor IP is in the TOR list
if ((strpos((string)$torList, (string)$ip)) !== false)
{
banned();
}
Does that really work? I am on mobile and cannot test it right now.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
November 02, 2015, 10:05:29 AM
I friend, if I put the torlist.txt in the index should activate the Nastyhost?
foreach (file('torlist.txt') as $torIP) {
If (getIP () == trim ($torIP)) {
banned();
}
}
Greetings thank you.
The Tor list and NastyHosts both achieve different purposes. You should have both.
Also. I fixed your code. You only need the opening brace '{' on lines 1 and 2, not both braces.
OK thanks, seems that the code was changed when I put it here.
Then I activate Nastyhost to run the torlist?

Friend... you can do this way:

Code:
// Put your site IP bellow (you can ping your URL to get the IP)
$mySiteIp = '111.111.111.111'

//Get the visitor IP
$ip=$_SERVER['REMOTE_ADDR'];

//get the list of nodes that can achieve your site
$torList = file_get_contents("https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$mySiteIp&port=80");

//remove your IP address from the list. It is listed in the file header.
$torList = str_replace((string)$mySiteIp,"",$torList);

//check if the visitor IP is in the TOR list
if ((strpos((string)$torList, (string)$ip)) !== false)
{
banned();
}
Jump to: