Author

Topic: FaucetBOX.com Discussion - page 116. (Read 237020 times)

newbie
Activity: 11
Merit: 0
October 08, 2015, 07:12:47 PM
I had an attack of ip's from Ukraine guess exploiting a vulnerability on FunCaptcha. FunCaptcha disabling stopped emptying the faucet.

My error_log have this line

[08-Oct-2015 00:12:11 UTC] PHP Notice:  Undefined index: HTTP_USER_AGENT in /libs/funcaptcha.php on line 88

Anyone know anything about this?

Thanks!

Hi Alex48,

How do you know it is a guess exploit? Did you see the attacker getting FunCaptcha wrong more often than right?

You are correct that at default settings, an attacker using a lot of clean IPs (which have no bad record of failing FunCaptcha and are not on the StopForumSpam list) can do a guessing attack which solves FC 1/8th of the time. With massive quantities against a sensitive faucet, that can be significant. You can address this by going to your FunCaptcha dashboard and setting your security to "Always enhanced". This means that the best results a guessing attack can get is 1/512. Or, if you tolerate the guessing attack for a little while, the pool of clean IPs will become tainted and guessing will no longer work well.

As an identity (basically IP, though we are always improving this to extend beyond IP) builds up a poor record of solving FunCaptcha (which random guessing will do), the number of required FunCaptcha challenges increases, making guessing highly impractical. If needed, we can strengthen this further-- just contact us to arrange it. You can see more here:
http://support.funcaptcha.com/customer/en/portal/articles/1760933-what-is-%E2%80%9Csecurity-level%E2%80%9D-in-the-options-
http://support.funcaptcha.com/customer/en/portal/articles/1838700-why-do-i-sometimes-need-to-do-more-or-fewer-game-challenges-

I'm sorry to hear this affected your faucet and with this explanation, I hope you switch back to FunCaptcha. We will keep making it stronger all the time-- and we are literally the only company in the world entirely and actively dedicated to making the best CAPTCHA.

Kind regards,
Matt
COO, FunCaptcha
full member
Activity: 500
Merit: 100
October 08, 2015, 12:20:25 PM
Hey Kazuldur

Could you move the legend saying
[Referral payouts]
[Normal payouts ]
from top-right to bottom-left or top-left?

It is annoying if you try to get better every day ... the latest day is always below the legend.


Also could you also make:
Faucets payouts history: contain 30 rows instead of 15?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
October 08, 2015, 10:11:56 AM
In any case owners of faucets should change captcha to Funcaptcha and AreYouAHuman because reCaptcha was recently a big problem to solve, especially those street signs which must be solved by a few times to get correct captcha Angry
I never had a problem with reCaptcha, however it should probably be changed either way. If you read a few pages back (10-20 now probably) you can see that there was a large problem with captchas like reCaptcha and SolveMedia being botted. Unless this has stopped - which I somewhat doubt - it probably isn't best to use them right now.
newbie
Activity: 2
Merit: 0
October 08, 2015, 08:45:06 AM
Thanks @minifrij

I did change FunCaptcha and left empty the faucet, could only be 30,000 satoshis  Sad

In twelve hours have made 2,500 requests to index.php
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
October 08, 2015, 08:38:29 AM
Quote
As for your captcha problems, changing the captcha on your faucet every once and a while doesn't hurt. Maybe changing it between Funcaptcha and AreYouAHuman, as they are two somewhat bot-proof captchas.

In any case owners of faucets should change captcha to Funcaptcha and AreYouAHuman because reCaptcha was recently a big problem to solve, especially those street signs which must be solved by a few times to get correct captcha Angry
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
October 08, 2015, 06:25:11 AM
My error_log have this line

[08-Oct-2015 00:12:11 UTC] PHP Notice:  Undefined index: HTTP_USER_AGENT in /libs/funcaptcha.php on line 88
This likely means that a user visiting did not leave a USER_AGENT header, most likely meaning it was not a real person visiting your page. If the USER_AGENT header wasn't left, it probably means that they weren't using an actual browser to visit your site, more a piece of code.
Pretty amateur of whoever made it not to leave that header when requesting the page though.

As for your captcha problems, changing the captcha on your faucet every once and a while doesn't hurt. Maybe changing it between Funcaptcha and AreYouAHuman, as they are two somewhat bot-proof captchas.
legendary
Activity: 971
Merit: 1000
October 08, 2015, 04:59:15 AM
I visited my dashboard after some users complained that they didn't receive their funds. Then I got this in the API page:
Error: 401- Disallowed IP
Scrn shot hosted on imgur:
http://imgur.com/9a8m6Tn
I am using faucetfly and since Monday, my users weren't able to claim ("claimed" on faucetfly, no funds transferred to their address in faucetbox)
Any reasons that faucetfly's IP is blocked/broken?
Help pls... I need this up and running ASAP.

You have ACL enabled in your FaucetBOX.com Dashboard in "Security" tab and you didn't add Faucetfly's IP address to the whitelist.
hero member
Activity: 560
Merit: 501
Supermutated Virulent Microbial Strain
October 08, 2015, 04:56:34 AM
I visited my dashboard after some users complained that they didn't receive their funds. Then I got this in the API page:
Error: 401- Disallowed IP
Scrn shot hosted on imgur:
http://imgur.com/9a8m6Tn
I am using faucetfly and since Monday, my users weren't able to claim ("claimed" on faucetfly, no funds transferred to their address in faucetbox)
Any reasons that faucetfly's IP is blocked/broken?
Help pls... I need this up and running ASAP.
newbie
Activity: 2
Merit: 0
October 07, 2015, 10:30:32 PM
I had an attack of ip's from Ukraine guess exploiting a vulnerability on FunCaptcha. FunCaptcha disabling stopped emptying the faucet.

My error_log have this line

[08-Oct-2015 00:12:11 UTC] PHP Notice:  Undefined index: HTTP_USER_AGENT in /libs/funcaptcha.php on line 88

Anyone know anything about this?

Thanks!
legendary
Activity: 971
Merit: 1000
October 07, 2015, 06:15:06 PM
We're seeing an unusually high amount of traffic, but not enough to call it a DDoS. It seems to be enough to cause issues though...
I've implemented some simple countermeasures, it should be a bit better now.
newbie
Activity: 28
Merit: 0
October 07, 2015, 05:29:08 PM
May be there is some DoS or DDos. Today and few recent days several bitcoin banner networks also was under hard Dos/DDos. Some HUGE market players want make influence on micro payment systems, for example faucets and their aggregators like faucetbox.
newbie
Activity: 28
Merit: 0
October 07, 2015, 04:34:07 PM
10000 ATOSHI WAS SENT TO YOU
is this  still sent in circumstances faucetbox offline?

i read this when a website is offline
member
Activity: 79
Merit: 10
FaucetGame.com
October 07, 2015, 04:17:52 PM
Seems better now  Smiley

edit.
nevermind...still not stable.

I am also experiencing issues with FaucetBOX at the moment. Any updates from FaucetBOX?
full member
Activity: 224
Merit: 100
★777Coin.com★ Fun BTC Casino!
October 07, 2015, 04:07:27 PM
Seems better now  Smiley

edit.
nevermind...still not stable.
full member
Activity: 224
Merit: 100
★777Coin.com★ Fun BTC Casino!
October 07, 2015, 03:55:05 PM
Also the website has a lot of issues with loading so they aren't in a normal maintenance. Seems like a problem with servers or a ddos attack.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
October 07, 2015, 03:33:23 PM
Are there someone here logging as admin and using faucetbox normally?

faucetbox is under maintenance?
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
October 07, 2015, 02:39:57 PM
Error connecting to FaucetBOX.com API. Either your hosting provider doesn't support external connections or FaucetBOX.com API is down. Send an email to [email protected] if you need help.

is faucetbox API down?

I guess yes.

I'm having the same error here.

I tryied to claim in my faucet and nothing happens.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
October 07, 2015, 02:32:54 PM
Hi sir can get some tips if how to have huge traffic on my faucet?
legendary
Activity: 1778
Merit: 1026
Free WSPU2 Token or real dollars
October 07, 2015, 02:23:13 PM
Error connecting to FaucetBOX.com API. Either your hosting provider doesn't support external connections or FaucetBOX.com API is down. Send an email to [email protected] if you need help.

is faucetbox API down?
legendary
Activity: 971
Merit: 1000
October 07, 2015, 12:45:18 PM
Cant you just revert back to the old one? This list is even easier to manipulate

Let us judge that Smiley
Jump to: