Pages:
Author

Topic: FaucetBOX.com Discussion - page 72. (Read 237020 times)

hero member
Activity: 603
Merit: 500
January 15, 2016, 06:02:34 AM
Is there a way to get random captcha? for example that funcaptcha are rotating and are you human?
I thought this but then worried perhaps it then wouldn't matter which captcha was completed.
sr. member
Activity: 350
Merit: 250
January 14, 2016, 06:14:20 PM
Is there a way to get random captcha? for example that funcaptcha are rotating and are you human?
member
Activity: 120
Merit: 10
January 14, 2016, 02:19:06 PM
At FaucetBOX.com we're currently focusing on:
1. improving NastyHosts.com using various blocklists and metadata
2. adding features that will help to quickly react to an attack and will prevent losing too much coins.

Good to hear that. Some thing good
hero member
Activity: 1218
Merit: 534
January 14, 2016, 01:45:43 PM
detect networks used by abusers and ban them.

Hail. I totally agree. But it takes time and work. There's no easy solution.
legendary
Activity: 971
Merit: 1000
January 14, 2016, 01:41:32 PM
Just to sum up last few posts about bots/abusers and to show my view on it:

1. adding random things to session won't help much. There's already random name of the address input and bots can handle it, so it won't be a problem for them to also handle something new.
2. calculating the time between visiting the landing page and making a claim won't help, bots will just add some delay (and they can even make it a little bit random, so you won't be able to tell a difference from real person)
3. trying to detect mouse movement etc and sending this info through AJAX won't help, bots can just spoof the request
4. there already is a hidden field AND a hidden checkbox in Faucet in a Box script, but it only helped for a week or so until bots were modified to avoid that field. We could also make names of these hidden fields random, but then bots will be able to just traverse the DOM tree to find the real ones. And if you make a few visible fields and somehow tell the user which one is valid, bots will be able to read it too.
5. any javascript-based "protections" aren't worth anything. That includes most anti-bot links, though I've seen one implementation that also used a backend code and could help (but that isn't significantly different from just another captcha, so again, a short-term solution)

I believe that there's no point anymore in this cat and mouse game. Anything that can be done by a browser and a user sooner or later will be done by bots, it's just a matter of time it takes to code it. And to be honest it's usually asymmetric, where it takes longer to implement the protection than it takes to implement handling of it in a bot.
Also what I believe is that automated bots aren't really a problem. "Captcha rotators", scripts that shows a captcha to user and automatically change proxies are worse, as from my experience are more common.

However there's only one solution, both to automated bots and these nasty rotators: detect networks used by abusers and ban them. Make sure you have protections in place that will prevent your faucets from going dry in case of attack and will allow you to react and stop abusers, at least until they change networks again.

At FaucetBOX.com we're currently focusing on:
1. improving NastyHosts.com using various blocklists and metadata
2. adding features that will help to quickly react to an attack and will prevent losing too much coins.
member
Activity: 120
Merit: 10
January 14, 2016, 12:50:16 PM
The input field for the wallet address already uses a random input field name. It seems to me that adding a checkbox (and thus second random input field name) would not increase the security against bots.

Quote
" value="" size="60">

Kazuldur, what do you think?

Then we need to study those bots and test it himself to know how they find these fields. Also if we can make two such kind of fields with one field to be true


Also the main One common Bot browse the full website with ads but these form fields are filled without visitors to see our faucet ads.
hero member
Activity: 1218
Merit: 534
January 14, 2016, 12:37:36 PM
The input field for the wallet address already uses a random input field name. It seems to me that adding a checkbox (and thus second random input field name) would not increase the security against bots.

Quote
" value="" size="60">

Kazuldur, what do you think?
member
Activity: 120
Merit: 10
January 14, 2016, 12:37:15 PM
bots deals with form not javascript and css so the best way to cheat with bots is to make some hidden input in form with the address field same as of the main faucet. And change the actual Address field to some thing else with changing other variables required in other files

make this hidden field hide in css, and make the input field condition not to be filled. Bots will pretend this field to be actual field and filling it but condition will not make it possible to be successful. By hiding it, loyal users will not see this filed and filling the actual field
hero member
Activity: 1218
Merit: 534
January 14, 2016, 12:35:56 PM

Exactly. Sorry for not seeing it. Good snippet btw Wink

You should also add several checkboxes into your page with other variable names, else they could just check the first checkbox they see and get it right.

True. The use of a variable input name would prevent that.
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
January 14, 2016, 12:33:09 PM
Now that you mention it and I think of it: One could write the timestamp to a session variable when the user visits the landing page and check the seconds between that timestamp and the time the claim is being "processed". There's no way to cheat on that.
I actually suggested that previously with a small example of code to show what I'm talking about. Is this similar to what you mean?

exactly isn't antibot links js? I've not used it but I have my own antibot links which are JS as well as a maths question also JS and yeah they skip right past them. So couldn't you return a checkbox in send() function which must be clicked first to send? Not JS.
Any HTML checkbox could also be automatically selected by just adding 'selected' into the tag. Anything that the user can see (Javascript, HTML etc) and is in plain text is very easy to manipulate if you make it obvious; you shouldn't rely on things like that to stop bots. You should use PHP (or another server side language) verification which the user cannot see or edit to stop bots.

Also, to follow on from what BitBustah said:
A scammer could easily read that "anticheckbox" variable and send it by default. It would be better if you used sessions and create a variable name for the input variable. Then the code would always be different.
You should also add several checkboxes into your page with other variable names, else they could just check the first checkbox they see and get it right.
hero member
Activity: 1218
Merit: 534
January 14, 2016, 12:29:26 PM
So couldn't you return a checkbox in send() function which must be clicked first to send? Not JS.


In your form you could do something like:
Quote


And in the index.php file you could do something like:
Quote
if ($_POST['antibotcheckbox'] == "aintnorobot") {
    $ret = $fb->send($address, $reward);
} else {
    $ret = array(
    "success" => false,
    "message" => "Checkbox failure.",
    "html" => "You have to check the checkbox to prove you are not a bot."
    );
}


A scammer could easily read that "anticheckbox" variable and send it by default. It would be better if you used sessions and create a variable name for the input variable. Then the code would always be different.

Quote


I could check it out for you but I'm really busy atm...
hero member
Activity: 603
Merit: 500
January 14, 2016, 12:17:12 PM
Check in my signature, follow the instructions and within minutes the problem was solved thanks to user LosingAlpha Smiley"


Anything that is javascript can be easily bypassed.


Now that you mention it and I think of it: One could write the timestamp to a session variable when the user visits the landing page and check the seconds between that timestamp and the time the claim is being "processed". There's no way to cheat on that.

exactly isn't antibot links js? I've not used it but I have my own antibot links which are JS as well as a maths question also JS and yeah they skip right past them. So couldn't you return a checkbox in send() function which must be clicked first to send? Not JS.
hero member
Activity: 1218
Merit: 534
January 14, 2016, 12:13:09 PM
Check in my signature, follow the instructions and within minutes the problem was solved thanks to user LosingAlpha Smiley"


Anything that is javascript can be easily bypassed.


Now that you mention it and I think of it: One could write the timestamp to a session variable when the user visits the landing page and check the seconds between that timestamp and the time the claim is being "processed". There's no way to cheat on that.
hero member
Activity: 603
Merit: 500
January 14, 2016, 12:05:34 PM
Is there a tutorial on recording the IPs?

No but you can always go into the MySQL table with phpMyAdmin and read out the IPs.



Also is it possible to add a bit of code to faucetbox.php which requires the user to click a box to send satoshi? Say an 'Are you sure?' box

Yes, but I think you'd better not mess with the send() function.

Why not add/edit the code around the code below? You could easily do some verification before calling:

"$ret = $fb->send($address, $reward);"


Yes I think it would be best to alter send() function. Although I have implemented what you have suggested Holdaaja, I am a bit worried about what is said in this thread https://bitcointalksearch.org/topic/dont-use-a-faucet-with-antibot-1200660 A couple worrying points made

Hi forum,

90% + times those "click if you're human" links can be evaded, just like most timers can be evaded!
Just complete captcha, execute a bit of javascript: document.forms[0].submit()

Bang!
Satoshis earned.

LS.

and 

"There is a solution for this problem, you can totally skip ani-bot links and waits time.There is an addon for Firefox that enables it all.
Check in my signature, follow the instructions and within minutes the problem was solved thanks to user LosingAlpha Smiley"
hero member
Activity: 1218
Merit: 534
January 14, 2016, 10:24:44 AM
Is there a tutorial on recording the IPs?

No but you can always go into the MySQL table with phpMyAdmin and read out the IPs.



Also is it possible to add a bit of code to faucetbox.php which requires the user to click a box to send satoshi? Say an 'Are you sure?' box

Yes, but I think you'd better not mess with the send() function.

Why not add/edit the code around the code below? You could easily do some verification before calling:

"$ret = $fb->send($address, $reward);"

legendary
Activity: 1274
Merit: 1000
January 14, 2016, 09:50:34 AM

Also is it possible to add a bit of code to faucetbox.php which requires the user to click a box to send satoshi? Say an 'Are you sure?' box


This is what I used with my paytoshi faucet.
It disables get reward button until you click the checkbox.
Not sure if this is what you want but should't be too hard to modify it to work with faucetbox.

are you sure?



hero member
Activity: 603
Merit: 500
January 14, 2016, 09:14:00 AM
ok so I suspected a bad bot problem so I started rewarding 1-2 satoshi. I expected people to stop wasting their time only to be rewarded with such a little amount, other than the bots.  So today so far 14/01 I've had 3886 claims!



I suspect there is some javascript you can put into the url to bypass validation? Any help?

Of course you did lookup all the IPs, right?

Could you paste some of the IPs here? Thanks.
Ok I didn't realise my htaccess file wasn't transferred when switching web hosts. This could perhaps have been the problem. No I don't record IP's, but I block IP's reported here. Is there a tutorial on recording the IPs?

Also is it possible to add a bit of code to faucetbox.php which requires the user to click a box to send satoshi? Say an 'Are you sure?' box

say...
Code:
public function send($to, $amount, $referral = "false") {
        $r = $this->__exec("send", array("to" => $to, "amount" => $amount, "referral" => $referral));
Are you sure box?
If (yes){
        if (is_array($r) && array_key_exists("status", $r) && $r["status"] == 200) {
            return array(
                'success' => true,
                'message' => 'Payment sent to you using FaucetBOX.com',
                'html' => '
' . htmlspecialchars($amount) . ' satoshi was sent to you on FaucetBOX.com.
',
                'html_coin' => '
' . htmlspecialchars(rtrim(rtrim(sprintf("%.8f", $amount/100000000), '0'), '.')) . ' '.$this->currency.' was sent to you on FaucetBOX.com.
',
                'balance' => $r["balance"],
                'balance_bitcoin' => $r["balance_bitcoin"],
                'response' => json_encode($r)
            );
        }
full member
Activity: 140
Merit: 100
January 14, 2016, 08:36:32 AM
Quote
It should show the real error now. If all details are correct then probably you also have to add permissions to your database to your user or something like that.

It shows "could not find driver" now when I added that in.
legendary
Activity: 971
Merit: 1000
January 14, 2016, 08:16:50 AM
Both send back the following - Can't connect to database. Check your config.php.

Open index.php file and find this line:
Code:
die("Can't connect to database. Check your config.php.");

it's line 102 in r62. Right above this line add (it's something that will be integrated in r63):

Code:
echo $e->getMessage()."
";

It should show the real error now. If all details are correct then probably you also have to add permissions to your database to your user or something like that.
full member
Activity: 140
Merit: 100
January 14, 2016, 08:11:39 AM
Quote
Are you adding your cPanel name to the beginning of your user and name as described here? It should look like this:

$dbhost = "localhost";
$dbuser = "cPanelName_Nick";
$dbpass = "Password";
$dbname = "cPanelName_DogeFaucet";


First off thanks minifrij for the help!

I've tried setting up the config files both ways, but still am getting the same error.

$dbhost = "localhost";

$dbuser = "bloggjc#_Nick";

$dbpass = "Password";

$dbname = "bloggjc#_Faucet";

and I've tried

$dbhost = " box####.bluehost.com";

$dbuser = "bloggjc#_Nick";

$dbpass = "Password";

$dbname = "bloggjc#_Faucet";

Both send back the following - Can't connect to database. Check your config.php.
Pages:
Jump to: