FaucetBOX.com Discussion - page 38. | Bitcointalksearch.org

Valzador

hero member

Activity: 1316

Merit: 503

Quote from: Kazuldur on June 03, 2016, 07:21:50 AM

Quote from: Valzador on June 03, 2016, 07:15:28 AM

Quote from: Kazuldur on June 03, 2016, 03:38:04 AM

Quote from: Valzador on June 03, 2016, 03:25:58 AM

Would it be possible to not let admins regenerate backup codes with backup codes lol, and limit it to 2fa only?

Any reason why? Even if we do that it will still be possible to use backup codes to disable/change MFA, which can also trigger generation of backup codes.

Just as another security feature.

Say that somehow someone gets access to a set of backup codes I have.
If they are able to constantly regenerate backup codes, they could quickly but inconspicuously drain my balances until I realize someone has access to my account.

By disabling changes of MFA with use of backup codes, it limits a hacker as to what they could do with my account.

But it's the main purpose of backup codes. They're the only thing that allows you to disable/change your MFA method in case you lose your phone or email access or whatever.

Even with that feature blocked, hacker can use backup codes to get one of your API keys and use that to slowly drain your balances.

EDIT: also to know that someone has access to your account, you can enable Login notifications in your Security settings.

Yea ok, my idea was dumb rofl.

Kazuldur

legendary

Activity: 971

Merit: 1000

Quote from: Valzador on June 03, 2016, 07:15:28 AM

Quote from: Kazuldur on June 03, 2016, 03:38:04 AM

Quote from: Valzador on June 03, 2016, 03:25:58 AM

Would it be possible to not let admins regenerate backup codes with backup codes lol, and limit it to 2fa only?

Any reason why? Even if we do that it will still be possible to use backup codes to disable/change MFA, which can also trigger generation of backup codes.

Just as another security feature.

Say that somehow someone gets access to a set of backup codes I have.
If they are able to constantly regenerate backup codes, they could quickly but inconspicuously drain my balances until I realize someone has access to my account.

By disabling changes of MFA with use of backup codes, it limits a hacker as to what they could do with my account.

But it's the main purpose of backup codes. They're the only thing that allows you to disable/change your MFA method in case you lose your phone or email access or whatever.

Even with that feature blocked, hacker can use backup codes to get one of your API keys and use that to slowly drain your balances.

EDIT: also to know that someone has access to your account, you can enable Login notifications in your Security settings.

Valzador

hero member

Activity: 1316

Merit: 503

Quote from: Kazuldur on June 03, 2016, 03:38:04 AM

Quote from: Valzador on June 03, 2016, 03:25:58 AM

Would it be possible to not let admins regenerate backup codes with backup codes lol, and limit it to 2fa only?

Any reason why? Even if we do that it will still be possible to use backup codes to disable/change MFA, which can also trigger generation of backup codes.

Just as another security feature.

Say that somehow someone gets access to a set of backup codes I have.
If they are able to constantly regenerate backup codes, they could quickly but inconspicuously drain my balances until I realize someone has access to my account.

By disabling changes of MFA with use of backup codes, it limits a hacker as to what they could do with my account.

Kazuldur

legendary

Activity: 971

Merit: 1000

Quote from: strangerdanger101 on June 03, 2016, 06:46:36 AM

Quote from: ragi on June 01, 2016, 01:42:29 AM

Something is wrong with my faucets! It says they hit the safety limits, which they did not. They were not paying to anyone almost all night with exception from 0:00 to 0:25. What is going on lately?

Edit: It seems that its not only mine faucets. All faucets with safety limits does not pay, not evet 1 minute after the 30 min reset

I've been noticing that a lot lately too.

Most faucets just set their safety limits too low. What ragi reported was an one-time error on our side that extended the 30-minut window to 6-hours window that's now fixed.

strangerdanger101

sr. member

Activity: 252

Merit: 250

Quote from: ragi on June 01, 2016, 01:42:29 AM

Something is wrong with my faucets! It says they hit the safety limits, which they did not. They were not paying to anyone almost all night with exception from 0:00 to 0:25. What is going on lately?

Edit: It seems that its not only mine faucets. All faucets with safety limits does not pay, not evet 1 minute after the 30 min reset

I've been noticing that a lot lately too.

Kazuldur

legendary

Activity: 971

Merit: 1000

Quote from: Valzador on June 03, 2016, 03:25:58 AM

Would it be possible to not let admins regenerate backup codes with backup codes lol, and limit it to 2fa only?

Any reason why? Even if we do that it will still be possible to use backup codes to disable/change MFA, which can also trigger generation of backup codes.

Valzador

hero member

Activity: 1316

Merit: 503

Would it be possible to not let admins regenerate backup codes with backup codes lol, and limit it to 2fa only?

Kazuldur

legendary

Activity: 971

Merit: 1000

Quote from: FadeBoLT on June 01, 2016, 05:17:27 AM

Quote from: Kazuldur on June 01, 2016, 05:06:24 AM

Quote from: FadeBoLT on June 01, 2016, 04:46:56 AM

Is faucetbox admins payout stats updating in real time?Because i saw difference in payout stats or graph of hourly payments.

Today graph show more than 200K of payments till now it deducted from my account but if i check my adsense i didn't received so much pageviews even if i calculate payouts in faucetbox admin panel it hardly rech 40K satoshi.

Will you please explain whats going on or is this because of that damn hackers attack?

Increase in payments without increase in pageviews suggests that your faucet is being attacked by bots.

But i can't see any payouts in admin panel only graph show high payments.In past every time if bot attack faucet payout and stats field was same just adsense show less visitors/pageviews.But today there's a lot of diff. in faucetbox stats.

Contact us on support: https://faucetbox.com/support and send a screenshot of graphs and exact timeframe which has the problem.

FadeBoLT

member

Activity: 82

Merit: 10

Quote from: Kazuldur on June 01, 2016, 05:06:24 AM

Quote from: FadeBoLT on June 01, 2016, 04:46:56 AM

Is faucetbox admins payout stats updating in real time?Because i saw difference in payout stats or graph of hourly payments.

Today graph show more than 200K of payments till now it deducted from my account but if i check my adsense i didn't received so much pageviews even if i calculate payouts in faucetbox admin panel it hardly rech 40K satoshi.

Will you please explain whats going on or is this because of that damn hackers attack?

Increase in payments without increase in pageviews suggests that your faucet is being attacked by bots.

But i can't see any payouts in admin panel only graph show high payments.In past every time if bot attack faucet payout and stats field was same just adsense show less visitors/pageviews.But today there's a lot of diff. in faucetbox stats.

Kazuldur

legendary

Activity: 971

Merit: 1000

Quote from: FadeBoLT on June 01, 2016, 04:46:56 AM

Is faucetbox admins payout stats updating in real time?Because i saw difference in payout stats or graph of hourly payments.

Today graph show more than 200K of payments till now it deducted from my account but if i check my adsense i didn't received so much pageviews even if i calculate payouts in faucetbox admin panel it hardly rech 40K satoshi.

Will you please explain whats going on or is this because of that damn hackers attack?

Increase in payments without increase in pageviews suggests that your faucet is being attacked by bots.

ragi

hero member

Activity: 686

Merit: 500

Quote from: Kazuldur on June 01, 2016, 03:42:10 AM

Quote from: ragi on June 01, 2016, 01:42:29 AM

Something is wrong with my faucets! It says they hit the safety limits, which they did not. They were not paying to anyone almost all night with exception from 0:00 to 0:25. What is going on lately?

Edit: It seems that its not only mine faucets. All faucets with safety limits does not pay, not evet 1 minute after the 30 min reset

I'm really sorry, looks like an update gone wrong. I'm working on it.

EDIT: should be fixed now.

Thanks Kaz.

FadeBoLT

member

Activity: 82

Merit: 10

Is faucetbox admins payout stats updating in real time?Because i saw difference in payout stats or graph of hourly payments.

Today graph show more than 200K of payments till now it deducted from my account but if i check my adsense i didn't received so much pageviews even if i calculate payouts in faucetbox admin panel it hardly rech 40K satoshi.

Will you please explain whats going on or is this because of that damn hackers attack?

Kazuldur

legendary

Activity: 971

Merit: 1000

Quote from: ragi on June 01, 2016, 01:42:29 AM

Something is wrong with my faucets! It says they hit the safety limits, which they did not. They were not paying to anyone almost all night with exception from 0:00 to 0:25. What is going on lately?

Edit: It seems that its not only mine faucets. All faucets with safety limits does not pay, not evet 1 minute after the 30 min reset

I'm really sorry, looks like an update gone wrong. I'm working on it.

EDIT: should be fixed now.

Quote from: HPrivakos on June 01, 2016, 02:23:05 AM

Hey, i tried to connect to faucetbox.com to check my balance but my IP is banned? (I don't had problem yesterday)
I have a message from cloudflare saying:

"Error 1005, Access denied.
The owner of this website (faucetbox.com) has banned the autonomous system number (ASN) your IP address."

I don't use proxy/VPN.

PM me your IP address.

HPrivakos

newbie

Activity: 8

Merit: 0

Hey, i tried to connect to faucetbox.com to check my balance but my IP is banned? (I don't had problem yesterday)
I have a message from cloudflare saying:

"Error 1005, Access denied.
The owner of this website (faucetbox.com) has banned the autonomous system number (ASN) your IP address."

I don't use proxy/VPN.

ragi

hero member

Activity: 686

Merit: 500

Something is wrong with my faucets! It says they hit the safety limits, which they did not. They were not paying to anyone almost all night with exception from 0:00 to 0:25. What is going on lately?

Edit: It seems that its not only mine faucets. All faucets with safety limits does not pay, not evet 1 minute after the 30 min reset

sabotag3x

legendary

Activity: 2688

Merit: 2297

Crypto Swap Exchange

Quote from: Kazuldur on May 31, 2016, 04:05:12 PM

Important

There's an ongoing attack on FaucetBOX.com accounts that uses emails and passwords from Nulled leak:

Quote

Nulled: In May 2016, the cracking community forum known as Nulled was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity

It's possible that data from other leaks is used too.

We do what we can to minimize the risk, but the attack comes from many different IP networks (we assume it's a botnet), so if you have the same password on FaucetBOX.com and on other sites, you should change it as soon as possible.
Also: enable MFA!

You can check if your email and password was leaked here: https://haveibeenpwned.com/ .

EDIT:

To clarify, FaucetBOX.com emails and passwords weren't leaked. Emails and passwords from leaks from other sites and services are used to hack into FaucetBOX.com accounts. If you use unique password for your FaucetBOX.com account you're safe.

Breach name?

PTCSuccessBlog

newbie

Activity: 57

Merit: 0

These people are completely sickening.

Their greed is at astounding levels
no different from greedy politicians and banksters.

Kazuldur

legendary

Activity: 971

Merit: 1000

Quote from: Bytecoiner419 on May 31, 2016, 04:50:32 PM

Thanks for the info. I found out my gmail account was pwned so I changed my password.

Make sure you've changed it on all sites and services, not just on FaucetBOX.com

.

Bytecoiner419

hero member

Activity: 638

Merit: 516

I ❤ the bitcoin community

Quote from: Kazuldur on May 31, 2016, 04:05:12 PM

Important

There's an ongoing attack on FaucetBOX.com accounts that uses emails and passwords from Nulled leak:

Quote

Nulled: In May 2016, the cracking community forum known as Nulled was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity

It's possible that data from other leaks is used too.

We do what we can to minimize the risk, but the attack comes from many different IP networks (we assume it's a botnet), so if you have the same password on FaucetBOX.com and on other sites, you should change it as soon as possible.
Also: enable MFA!

You can check if your email and password was leaked here: https://haveibeenpwned.com/ .

EDIT:

To clarify, FaucetBOX.com emails and passwords weren't leaked. Emails and passwords from leaks from other sites and services are used to hack into FaucetBOX.com accounts. If you use unique password for your FaucetBOX.com account you're safe.

Thanks for the info. I found out my gmail account was pwned so I changed my password.

Kazuldur

legendary

Activity: 971

Merit: 1000

Important

There's an ongoing attack on FaucetBOX.com accounts that uses emails and passwords from Nulled leak:

Quote

Nulled: In May 2016, the cracking community forum known as Nulled was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity

It's possible that data from other leaks is used too.

We do what we can to minimize the risk, but the attack comes from many different IP networks (we assume it's a botnet), so if you have the same password on FaucetBOX.com and on other sites, you should change it as soon as possible.
Also: enable MFA!

You can check if your email and password was leaked here: https://haveibeenpwned.com/ .

EDIT:

To clarify, FaucetBOX.com emails and passwords weren't leaked. Emails and passwords from leaks from other sites and services are used to hack into FaucetBOX.com accounts. If you use unique password for your FaucetBOX.com account you're safe.

Topic: FaucetBOX.com Discussion - page 38. (Read 237001 times)