This IP (188.166.12.134) is the site bit.makejar.com. Right here in bitcointalk I discovered that ip are bots. If you search you will find this topic. I blocked the IP 188.166.12.134 and bots disappeared. I tested for two days and had no problems with bots.
To be sure I unlocked the ip 188.166.12.134 for 12 hours. In 12 hours the bots came back and I lost 0,43BTC. Blocked again. Today is locked and the problems have decreased dramatically.
Take the test and draw your own conclusions. I'm just trying to help.
Topic: FaucetBOX.com Discussion - page 45. (Read 237001 times)
Tips to stop the bots (do it for 02 days before criticizing)
01 - block bit.makejar.com (and their wallets)
02 - block ifaucet.net (and their wallets)
03 - block 188.166.12.134
Note that 90% of bots are gone and only become real people.
01 - block bit.makejar.com (and their wallets)
02 - block ifaucet.net (and their wallets)
03 - block 188.166.12.134
Note that 90% of bots are gone and only become real people.
Why do you think that traffic from ifaucet.net and bit.makejar.com are bots?
Tips to stop the bots (do it for 02 days before criticizing)
01 - block bit.makejar.com (and their wallets)
02 - block ifaucet.net (and their wallets)
03 - block 188.166.12.134
Note that 90% of bots are gone and only become real people.
01 - block bit.makejar.com (and their wallets)
02 - block ifaucet.net (and their wallets)
03 - block 188.166.12.134
Note that 90% of bots are gone and only become real people.
We're seeing a sudden spike of traffic. I'm not sure whether it's an attack or not, but expect small disruptions. I'm working on minimizing the issues.
Okey,thanks.
Hello eveyryone, I would like to know if the faucetbox api handles negative amounts in case I need to process a charge back against a member that is cheating.
Thanks
Thanks
Chargin back is not possible. If you sent coins to the users it's too late, you can't revert that.
Hello eveyryone, I would like to know if the faucetbox api handles negative amounts in case I need to process a charge back against a member that is cheating.
Thanks
Thanks
English is not my native language, so I think I was misunderstood Smiley. When I said "Everything is basically security by obscurity", I referred just to bot protections. Do you disagree with that too? I would love to see a protection that's not easily bypassed and isn't just another CAPTCHA.
[...snip...]
Well, we should probably change that license. Our only concern is preventing reselling the script. I'll see if we can do that in next release.
[...snip...]
Well, we should probably change that license. Our only concern is preventing reselling the script. I'll see if we can do that in next release.
Sorry about the misunderstanding. I was generalising it too much and I do agree with you that bot protection is probably impossible (hence my bike analogy in one of my posts). If people think it's worth the effort then they will try, even with closed source.
About the license, I totally understand. It's always tricky and these days you have to be high grade layer to understand all licensing issues. Maybe this helps a little:
- https://opensource.org/licenses
- https://creativecommons.org
My understanding is that the last one is formally not open source but I like the simplicity of it.
Everything is basically security by obscurity
Tbh, I don't believe in that. There are many open-source projects that are more secure because it's open. Bitcoin itself is open and the concept itself makes it secure.
English is not my native language, so I think I was misunderstood
. When I said "Everything is basically security by obscurity", I referred just to bot protections. Do you disagree with that too? I would love to see a protection that's not easily bypassed and isn't just another CAPTCHA.BTW, I absolutely agree with you and most here that its gonna be incredible hard, or even impossible, to make a faucet script that is protected against bots and scammers. That's is also my dilemma (and mentioned by others) if this should be open or not.
As I said, I believe that the best bet is just to make a custom script that won't be used by tens of faucets. No one (I hope) will bother to write a bot for a script that's used just by a couple of sites.
Going open source will help you with "hard" security vulnerabilities like SQL Injection or logic errors. But can also make your script popular and popularity is something that I think is a danger here.
PS: FIB is not open-source AFAIK. We are just able to read the source code and mod it although the last is formally not even allowed.
Well, we should probably change that license. Our only concern is preventing reselling the script. I'll see if we can do that in next release.
Everything is basically security by obscurity
Tbh, I don't believe in that. There are many open-source projects that are more secure because it's open. Bitcoin itself is open and the concept itself makes it secure.
BTW, I absolutely agree with you and most here that its gonna be incredible hard, or even impossible, to make a faucet script that is protected against bots and scammers. That's is also my dilemma (and mentioned by others) if this should be open or not.
But here is an analogy I would like to make. If people want to steal your bike, they probably will be able to do so, even if you put multiple locks on it. Does it mean I should park my bike without a lock? Of course not. Or worse, should I not own a bike at all? With cryptography it's the same not. It's not so much if a person or an organisation is able to crack a code, it's a matter of how much effort, energy, cost, etc. And obviously the level of current technology.
Anyway, I'm rambling.... sorry for that :-)
Cheers
PS: FIB is not open-source AFAIK. We are just able to read the source code and mod it although the last is formally not even allowed.
The thing is there's no real bot protection that I'm aware of. Everything is basically security by obscurity, which only works as long as it's custom and only used by a few faucets, because people making bots don't have enough motivation to investigate and bypass given protection.
So open-sourcing your script won't be a problem directly, but if many other people start using it too, then it may hit you.
So open-sourcing your script won't be a problem directly, but if many other people start using it too, then it may hit you.
I think, in general, that some faucet owners are "blabbing" too much about their anti-bot measurements here on the forum. It's almost like saying (almost asking) "come try to scam me now".
I have considered selling my mods/custom scripts but I don't do it for 2 reasons:
- As soon as I sell a few copies, the scripts will be resold online for less money so I won't earn what I deserve
- Scammers will get their hands on the script: Eventually no faucet will benefit from it.
I have considered selling my mods/custom scripts but I don't do it for 2 reasons:
- As soon as I sell a few copies, the scripts will be resold online for less money so I won't earn what I deserve
- Scammers will get their hands on the script: Eventually no faucet will benefit from it.
yep bots are bad.
I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.
I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.
Or one could code/develop his own script or one could heavily modify the faucetinabox script.
I'm actually considering that using the FIB api which seems to be pretty straight forward and simple. I'm also wondering about a custom script which includes some kind of signup mechanism but I think that would stop honest user from coming due to the extra "work" for a few satoshis. Although you probably have to up the rewards a little.
Here is the thing, if I make it open-source, would you have the same problems again? I'm convinced open-source, in the long run, makes software more secure due to the amount of "eyes" going over the source code. On the other hand, which might be an issue here with FIB, real smart scammers/bot-coders have access to the code as well.
As said before, I'm pretty new here so I'm sure it was already discussed. Of course, I don't mind to put in efforts by reviewing FIBs source code and and share my thoughts.
Cheers guys and galls
yep bots are bad.
I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.
I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.
Or one could code/develop his own script or one could heavily modify the faucetinabox script.
yep bots are bad.
I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.
I think faucetbox faucets mite be something that will die off soon because of bots and not being able to make profit I think we are going to see more signup and register faucets is the best way to avoid and catch bots out before they take you money.
I'm just wondering, do faucet owners "babysit" their faucets? Is it a constant watch and fight against bots/scammers?
Yes. It takes hours and hours each day.
I'm just wondering, do faucet owners "babysit" their faucets? Is it a constant watch and fight against bots/scammers? I probably know the answer seeing so much 'double your btc' and the likes.
From what I can see and hear from other faucet owners, yes. Since you have had a possible bot visit your faucet, they may come back with another address/ip. You will have to consistently look out for this to stop your faucet being botted.Try to be sure that you distinguish legitimate members from bots however. Install Google Analytics and see what site refers users to your faucet. It may give an idea on whether it's a bot or just an advertising campaign/rotator.
https://faucetbox.com/en/check/17FDih3Ezwx1cTDMEhpfshd4JBaGghoCmS#
Please try reversing that transaction.
It was sent out ~9 hours ago. Guy found a bug in a game of mine and was able to withdraw 1.1 BTC.
Those are all his addresses:
https://faucetbox.com/en/check/1DsNkCLQLUtkjhJeyQcG2dECRQEDdTDwT2
https://faucetbox.com/en/check/17FDih3Ezwx1cTDMEhpfshd4JBaGghoCmS
https://faucetbox.com/en/check/1GHhrXRWiaEFZwAw2knZVwNrhuEoVD6mwG
Please try reversing that transaction.
It was sent out ~9 hours ago. Guy found a bug in a game of mine and was able to withdraw 1.1 BTC.
Those are all his addresses:
https://faucetbox.com/en/check/1DsNkCLQLUtkjhJeyQcG2dECRQEDdTDwT2
https://faucetbox.com/en/check/17FDih3Ezwx1cTDMEhpfshd4JBaGghoCmS
https://faucetbox.com/en/check/1GHhrXRWiaEFZwAw2knZVwNrhuEoVD6mwG
Finally figured it out but I sure hope the script will be changed to include this in the future.
For a few days I noticed a high amount of payouts on my faucet from a specific ref address. Currently there are 700+ addresses related to this ref address. Each address has an auto payout of 0.5 bitcoin (via address checker). Obviously, I did ban the ref address but this only rejects ref payouts to that address. I did some private modding on the script so all sessions that include that ref address are no longer paying out. That is all that are processed with the /?r=ADDRESS url or even the addresses for which the ref address was registered.
I'm pretty new to the whole faucet concept and the FIB script. Not sure if the developer is reading this, if so, please include the above checks (optionally or not) in your next script version. If you know that a ref address is used by a scammer/bot then most likely addresses that are using the ref address are also from a scammer/bot.
Hope it all makes sense. If not then feel free to ask of course.
For a few days I noticed a high amount of payouts on my faucet from a specific ref address. Currently there are 700+ addresses related to this ref address. Each address has an auto payout of 0.5 bitcoin (via address checker). Obviously, I did ban the ref address but this only rejects ref payouts to that address. I did some private modding on the script so all sessions that include that ref address are no longer paying out. That is all that are processed with the /?r=ADDRESS url or even the addresses for which the ref address was registered.
I'm pretty new to the whole faucet concept and the FIB script. Not sure if the developer is reading this, if so, please include the above checks (optionally or not) in your next script version. If you know that a ref address is used by a scammer/bot then most likely addresses that are using the ref address are also from a scammer/bot.
Hope it all makes sense. If not then feel free to ask of course.
700 is a lot, but where to draw the line?
Some faucets are listed on popular rotators/faucet lists. Where to draw the line between suspicious and real?
I have over 800 referrals in some faucets and I earned them all the honest way.
Please make sure that person has gained the referrals using bad methods before you ban them.
Notice to all faucetbox users:
Address: 1D5wA2gcxXxdmbqpksAoanGheKXP5H9t5F
e-mail: [email protected]
Guy's a hacker. He's been attempting to hack my site with different methods. Patched everything so far. Free pentester lol
Make sure you blacklist that address + mail.
Not that it'll do much, since he can make a new mail + address, but yeah.
Address: 1D5wA2gcxXxdmbqpksAoanGheKXP5H9t5F
e-mail: [email protected]
Guy's a hacker. He's been attempting to hack my site with different methods. Patched everything so far. Free pentester lol
Make sure you blacklist that address + mail.
Not that it'll do much, since he can make a new mail + address, but yeah.
Jump to: