Pages:
Author

Topic: FaucetBOX.com Discussion - page 76. (Read 237020 times)

full member
Activity: 175
Merit: 100
January 09, 2016, 10:36:36 AM
faucetbox is the intermediary between the users and the faucets owner
Why these problems ?
simply do not pay all this satoshi to scamer
hero member
Activity: 1218
Merit: 534
January 09, 2016, 10:28:06 AM
i have more than 100 online real visitot at the moment. i can not share this ip`s.

If you cant share them there's little I can do for you. If you are convinced that people with blocked IPs are still claiming at your faucet then your script might be corrupt.


Could you share your 'error_log' file? It's on your FTP server.
full member
Activity: 197
Merit: 100
January 09, 2016, 10:20:14 AM
can we maybe make a centralized service similar to nastyhosts where faucet owners submit bad IPs and other faucet owners can query for it?

it will have problems like false positives, but if we weight it out with more respectable/trusted inputs, I think it can work rather well

But it will only check against "flagged" IPs.

I have been thinking about the opposite. Something like a members only faucet. IP and wallet will be checked at sign up and at every claim ever after. It would allow the faucet to "bind" a wallet to the ISP of the user.

yes, but at least the "flagged" IPs coverage will be greater if all faucet owners combine their resources instead of doing it individually.

also, we can do both!

we can have whitelist and blacklist, and faucet owner can then choose to be super strict (only IPs from white list) or be accepting of all IPs except the ones from the blacklist.
full member
Activity: 176
Merit: 100
January 09, 2016, 10:19:55 AM

This seems like a screenshot from a traffic report.

You need to give us IPs from the MySQL database. It's in the "Faucetinabox_IPs" table.
i have more than 100 online real visitot at the moment. i can not share this ip`s.
you can see some ip from this attacker below:
bitcoin addresses:
1JrUwZVAB2xjw7uppDAAg4onCfA5MPcLRW
16yUMgZAUakYQoZsbQRxaFr33WeFUREoKf
1JxRYqpqX9ofG943ryuL6dYxacD47T2LA
15mL8T9PAvea5y3NXiDaQEYkaabeLFhKzw
15EDPGcENqAp7H3FnFwJtBbisEeyjvdzAC
1HfnCkDramdbLdAv7ai9rDMvxKXXka3PcH

IP:
216.189.157.1/32
216.189.157.2/31
216.189.157.4/30
216.189.157.8/29
216.189.157.16/28
216.189.157.32/27
216.189.157.64/26
216.189.157.128/25
216.189.158.0/24
216.189.159.0/25
216.189.159.128/26
216.189.159.192/29
216.189.159.200/32
192.126.170.1/32
192.126.170.2/31
192.126.170.4/30
192.126.170.8/29
192.126.170.16/28
192.126.170.32/27
192.126.170.64/26
192.126.170.128/26
45.33.145.1/32
45.33.145.2/31
45.33.145.4/30
45.33.145.8/29
45.33.145.16/28
45.33.145.32/27
45.33.145.64/26
45.33.145.128/26
45.33.145.192/27
45.33.145.224/28
45.33.145.240/29
45.33.145.248/31
45.33.145.250/32
192.126.100.1/32
192.126.100.2/31
192.126.100.4/30
192.126.100.8/29
192.126.100.16/28
192.126.100.32/27
192.126.100.64/26
192.126.100.128/25
192.126.101.0/24
192.126.102.0/23
192.126.104.0/21
192.126.112.0/20
192.126.128.0/19
192.126.160.0/20
192.126.176.0/22
192.126.180.0/25
192.126.180.128/26
192.126.180.192/29
192.126.146.1/32
192.126.146.2/31
192.126.146.4/30
192.126.146.8/29
192.126.146.16/28
192.126.146.32/27
192.126.146.64/26
192.126.146.128/26
192.126.146.192/29
104.128.233.1/32
104.128.233.2/31
104.128.233.4/30
104.128.233.8/29
104.128.233.16/28
104.128.233.32/27
104.128.233.64/26
104.128.233.128/26
104.128.233.192/29
168.235.67.1/32
168.235.67.2/31
168.235.67.4/30
168.235.67.8/29
168.235.67.16/28
168.235.67.32/27
168.235.67.64/26
168.235.67.128/26
168.235.67.192/27
168.235.67.224/28
168.235.67.240/29
168.235.67.248/31
168.235.67.250/32
192.126.1.104/29
192.126.1.112/28
192.126.1.128/25
192.126.2.0/23
192.126.4.0/22
192.126.8.0/21
192.126.16.0/20
192.126.32.0/19
192.126.64.0/18
192.126.128.0/19
192.126.160.0/20
192.126.176.0/22
192.126.180.0/25
192.126.180.128/26
192.126.180.192/29
192.126.180.200/32
185.72.178.1/32
185.72.178.2/31
185.72.178.4/30
185.72.178.8/29
185.72.178.16/28
185.72.178.32/27
185.72.178.64/26
185.72.178.128/26
185.72.178.192/27
185.72.178.224/30
185.72.178.228/31
185.72.178.230/32
45.43.26.101/32
45.43.26.102/31
45.43.26.104/29
45.43.26.112/28
45.43.26.128/26
45.43.26.192/29
45.43.26.200/32
192.126.135.1/32
192.126.135.2/31
192.126.135.4/30
192.126.135.8/29
192.126.135.16/28
192.126.135.32/27
192.126.135.64/26
192.126.135.128/26
192.126.135.192/29
192.126.135.200/32
192.126.159.1/32
192.126.159.2/31
192.126.159.4/30
192.126.159.8/29
192.126.159.16/28
192.126.159.32/27
192.126.159.64/26
192.126.159.128/26
192.126.159.192/29
192.126.159.200/32
91.238.114.1/32
91.238.114.2/31
91.238.114.4/30
91.238.114.8/29
91.238.114.16/28
91.238.114.32/27
91.238.114.64/26
91.238.114.128/26
91.238.114.192/27
91.238.114.224/28
91.238.114.240/29
91.238.114.248/31
91.238.114.250/32
46.148.31.1/32
46.148.31.2/31
46.148.31.4/30
46.148.31.8/29
46.148.31.16/28
46.148.31.32/27
46.148.31.64/26
46.148.31.128/26
46.148.31.192/27
46.148.31.224/28
46.148.31.240/29
46.148.31.248/31
46.148.31.250/32
46.148.30.1/32
46.148.30.2/31
46.148.30.4/30
46.148.30.8/29
46.148.30.16/28
46.148.30.32/27
46.148.30.64/26
46.148.30.128/26
46.148.30.192/27
46.148.30.224/28
46.148.30.240/29
46.148.30.248/31
46.148.30.250/32
89.36.216.1/32
89.36.216.2/31
89.36.216.4/30
89.36.216.8/29
89.36.216.16/28
89.36.216.32/27
89.36.216.64/26
89.36.216.128/26
89.36.216.192/29
89.36.216.200/32
hero member
Activity: 1218
Merit: 534
January 09, 2016, 10:13:47 AM

This seems like a screenshot from a traffic report.

You need to give us IPs from the MySQL database. It's in the "Faucetinabox_IPs" table.
hero member
Activity: 1218
Merit: 534
January 09, 2016, 10:12:05 AM
can we maybe make a centralized service similar to nastyhosts where faucet owners submit bad IPs and other faucet owners can query for it?

it will have problems like false positives, but if we weight it out with more respectable/trusted inputs, I think it can work rather well

But it will only check against "flagged" IPs.

I have been thinking about the opposite. Something like a members only faucet. IP and wallet will be checked at sign up and at every claim ever after. It would allow the faucet to "bind" a wallet to the ISP of the user.



I found another service like NastyHosts and it is really amazing. I combine it with NastyHosts. I've noticed that NH sometimes passed an obvious VPN while the other service didn't.
full member
Activity: 197
Merit: 100
January 09, 2016, 10:03:22 AM
can we maybe make a centralized service similar to nastyhosts where faucet owners submit bad IPs and other faucet owners can query for it?

it will have problems like false positives, but if we weight it out with more respectable/trusted inputs, I think it can work rather well

edit: let's pull our resources together! Smiley
full member
Activity: 176
Merit: 100
January 09, 2016, 10:02:14 AM
i lose 0.2btc less than 15 hours[ 1.5 btc till now] from bot attacks! altough our balance is full for always.

Can you go into your database and show some of the IPs that were being used to claim?

If you could provice a few IPs we might be able to help preventing the scammers (or bots) as you call them from coming back.
attacker using difference ip`s. i blocked  ip`s via CIDR tool in faucetbox admin panel.but  faucetbox script can not block! i think script dosent work!
i added this code 3 hours ago!
216.189.157.1/32
216.189.157.2/31
216.189.157.4/30
216.189.157.8/29
216.189.157.16/28
216.189.157.32/27
216.189.157.64/26
216.189.157.128/25
216.189.158.0/24
216.189.159.0/25
216.189.159.128/26
216.189.159.192/29
216.189.159.200/32
again this ip claim from my faucet:
.at the screen shot we can see this ip:216.189.157.89
https://i.imgur.com/DbXDGl2.png
also i saw user agents in my cpanel from this address: http://www.qtweb.net/
hero member
Activity: 1218
Merit: 534
January 09, 2016, 09:51:10 AM
i lose 0.2btc less than 15 hours[ 1.5 btc till now] from bot attacks! altough our balance is full for always.

Can you go into your database and show some of the IPs that were being used to claim?

If you could provice a few IPs we might be able to help preventing the scammers (or bots) as you call them from coming back.
hero member
Activity: 1218
Merit: 534
January 09, 2016, 09:49:48 AM
to this I agree completely.

sorry for flames.


Same here. Sorry for flaming.
Just wanted to help others.
hero member
Activity: 1218
Merit: 534
January 09, 2016, 09:48:59 AM
drained faucets, and there's only one solution: checking IP addresses.


full member
Activity: 176
Merit: 100
January 09, 2016, 09:45:37 AM
i lose 0.2btc less than 15 hours[ 1.5 btc till now] from bot attacks! altough our balance is full for always.
full member
Activity: 197
Merit: 100
January 09, 2016, 09:45:29 AM
Guys, it's irrelevant if captchas can by solved automatically or not. Current protections (captcha, timer per IP address) can be bypassed one way or another, it doesn't really matter how. The only thing that changes is whether we can call abusers bots, human-assisted scripts or rotators with built-in proxy switcher. The effect is the same: drained faucets, and there's only one solution: checking IP addresses.

to this I agree completely.

sorry for flames.
legendary
Activity: 971
Merit: 1000
January 09, 2016, 09:43:13 AM
Guys, it's irrelevant if captchas can by solved automatically or not. Current protections (captcha, timer per IP address) can be bypassed one way or another, it doesn't really matter how. The only thing that changes is whether we can call abusers bots, human-assisted scripts or rotators with built-in proxy switcher. The effect is the same: drained faucets, and there's only one solution: checking IP addresses.
hero member
Activity: 1218
Merit: 534
January 09, 2016, 09:41:27 AM
I told you I'm not going to "show" anything to you. my mission here is to warn people, not to make them feel safe in their imaginary castles.


It's so easy to walk away without giving proof.

"Hey everybody, my mission is to warn people about a coming alien invasion tomorrow. I'm not here to make you feel safe. There's no proof. But believe me and my word, it is coming!"


You can use all the fancy words and explanations. Without proof it means nothing.


If I reached one faucet owner with my original post; If I have helped one faucet owner to prevent on ore more scammers of claiming, but goal has been achieved.

BitBustah out.
full member
Activity: 197
Merit: 100
January 09, 2016, 09:36:46 AM
I'm not replying to these messages anymore because it is a total waste of time.

no one is going to post such script because it's making them money.

I can tell you the algorithm, though...

"Type the letters" = OCR
"Find woman/rotate animal" = Computer vision
"Listen to those sounds" = Voice recognition
"reCaptcha neural net" = reCaptcha solving neural net

tech. on the left side of the table is being developed by private companies. tech on right side of the table is developed world-wide, in academic, commercial, open-source, hacker, etc environments.

but feel free to believe whatever you want.



Sure, I'll accept this answer as being true. Now again, show me proof. Show it to me. You can't. Again, sorry.

OCR = Hard to do when the characters are distorted, rotated, blurred, ...
"Find woman/rotate animal" = True. Have you seen the head images? They are NEVER thesame. They are of 3D heads; They always have a different angle of view, size, color, sharpness... They are never thesame. Try printscreening some of them and compare them. Same with the animals. Never thesame. Oh, I forgot mirrored.

"Listen to those sounds" = Not all words are clear. High fail rate in this.

"reCaptcha neural net" = Yeah sure. Services offering to solve them.


Show it to me.




not all words are clear/not all sounds are clear = that is called noise reduction and is the first step in every decent OCR/voice recognition system.

I told you I'm not going to "show" anything to you. my mission here is to warn people, not to make them feel safe in their imaginary castles.

you should read up about how recaptcha works (it's a neural net, trained by our input). if you believe that it's impossible to train another net with the same input, OK, more power to you.
hero member
Activity: 1218
Merit: 534
January 09, 2016, 09:33:20 AM
I'm not replying to these messages anymore because it is a total waste of time.

no one is going to post such script because it's making them money.

I can tell you the algorithm, though...

"Type the letters" = OCR
"Find woman/rotate animal" = Computer vision
"Listen to those sounds" = Voice recognition
"reCaptcha neural net" = reCaptcha solving neural net

tech. on the left side of the table is being developed by private companies. tech on right side of the table is developed world-wide, in academic, commercial, open-source, hacker, etc environments.

but feel free to believe whatever you want.



Sure, I'll accept this answer as being true. Now again, show me proof. Show it to me. You can't. Again, sorry.

OCR = Hard to do when the characters are distorted, rotated, blurred, ...
"Find woman/rotate animal" = True. Have you seen the head images? They are NEVER thesame. They are of 3D heads; They always have a different angle of view, size, color, sharpness... They are never thesame. Try printscreening some of them and compare them. Same with the animals. Never thesame. Oh, I forgot mirrored.

"Listen to those sounds" = Not all words are clear. High fail rate in this.

"reCaptcha neural net" = Yeah sure. Services offering to solve them.


Show it to me.


hero member
Activity: 1218
Merit: 534
January 09, 2016, 09:29:18 AM
EDIT: here's a sample bot that uses these services: http://www.autoclickbots.com/product/coincollector-v3/

A bot that uses a service with input from people isn't a bot anymore. I knew about this one, thanks.

It messes me up that the moderators of such a great forum on such a great topic (bitcoin) allow services like these to be advertised alongside the faucet owners. It's like 2 sides trying to fight eachother.

One side is offering ways to drain faucets. One side is trying to keep out scammers that drain those faucets. So sad.
full member
Activity: 197
Merit: 100
January 09, 2016, 09:27:49 AM
I'm not replying to these messages anymore because it is a total waste of time.

no one is going to post such script because it's making them money.

I can tell you the algorithm, though...

"Type the letters" = OCR
"Find woman/rotate animal" = Computer vision
"Listen to those sounds" = Voice recognition
"reCaptcha neural net" = reCaptcha solving neural net

tech. on the left side of the table is being developed by private companies. tech on right side of the table is developed world-wide, in academic, commercial, open-source, hacker, etc environments.

but feel free to believe whatever you want.

Edit: and if you ask the captcha providers themselves, they'll tell you it's not about drawing a fine line between human/machine. it's about A RATIO of successful testing. the ratio changes in bot's favor as soon as captcha providers stop providing new challenges.
hero member
Activity: 1218
Merit: 534
January 09, 2016, 09:26:57 AM
Although it's harsh and could be written in more polite way, I agree with most of it and I hope it'll change the way this issue is discussed.

Sorry for being harsh and impolite. I'm really not like this in real life. The goal was indeed to change the way this is being discussed. Thank you for seeing this. I hope others see it too.



But there are human powered services like https://2captcha.com/, where an automated script can send a captcha and will receive a solution made by a real human.

Thank you for agreeing with me. Let's hope others will understand this too.
Pages:
Jump to: