Topic: FaucetBOX.com Discussion - page 76. (Read 237001 times)

faucetbox is the intermediary between the users and the faucets owner
Why these problems ?
simply do not pay all this satoshi to scamer

If you cant share them there's little I can do for you. If you are convinced that people with blocked IPs are still claiming at your faucet then your script might be corrupt.


Could you share your 'error_log' file? It's on your FTP server.

yes, but at least the "flagged" IPs coverage will be greater if all faucet owners combine their resources instead of doing it individually.

also, we can do both!

we can have whitelist and blacklist, and faucet owner can then choose to be super strict (only IPs from white list) or be accepting of all IPs except the ones from the blacklist.

i have more than 100 online real visitot at the moment. i can not share this ip`s.
you can see some ip from this attacker below:
bitcoin addresses:
1JrUwZVAB2xjw7uppDAAg4onCfA5MPcLRW
16yUMgZAUakYQoZsbQRxaFr33WeFUREoKf
1JxRYqpqX9ofG943ryuL6dYxacD47T2LA
15mL8T9PAvea5y3NXiDaQEYkaabeLFhKzw
15EDPGcENqAp7H3FnFwJtBbisEeyjvdzAC
1HfnCkDramdbLdAv7ai9rDMvxKXXka3PcH

IP:
216.189.157.1/32
216.189.157.2/31
216.189.157.4/30
216.189.157.8/29
216.189.157.16/28
216.189.157.32/27
216.189.157.64/26
216.189.157.128/25
216.189.158.0/24
216.189.159.0/25
216.189.159.128/26
216.189.159.192/29
216.189.159.200/32
192.126.170.1/32
192.126.170.2/31
192.126.170.4/30
192.126.170.8/29
192.126.170.16/28
192.126.170.32/27
192.126.170.64/26
192.126.170.128/26
45.33.145.1/32
45.33.145.2/31
45.33.145.4/30
45.33.145.8/29
45.33.145.16/28
45.33.145.32/27
45.33.145.64/26
45.33.145.128/26
45.33.145.192/27
45.33.145.224/28
45.33.145.240/29
45.33.145.248/31
45.33.145.250/32
192.126.100.1/32
192.126.100.2/31
192.126.100.4/30
192.126.100.8/29
192.126.100.16/28
192.126.100.32/27
192.126.100.64/26
192.126.100.128/25
192.126.101.0/24
192.126.102.0/23
192.126.104.0/21
192.126.112.0/20
192.126.128.0/19
192.126.160.0/20
192.126.176.0/22
192.126.180.0/25
192.126.180.128/26
192.126.180.192/29
192.126.146.1/32
192.126.146.2/31
192.126.146.4/30
192.126.146.8/29
192.126.146.16/28
192.126.146.32/27
192.126.146.64/26
192.126.146.128/26
192.126.146.192/29
104.128.233.1/32
104.128.233.2/31
104.128.233.4/30
104.128.233.8/29
104.128.233.16/28
104.128.233.32/27
104.128.233.64/26
104.128.233.128/26
104.128.233.192/29
168.235.67.1/32
168.235.67.2/31
168.235.67.4/30
168.235.67.8/29
168.235.67.16/28
168.235.67.32/27
168.235.67.64/26
168.235.67.128/26
168.235.67.192/27
168.235.67.224/28
168.235.67.240/29
168.235.67.248/31
168.235.67.250/32
192.126.1.104/29
192.126.1.112/28
192.126.1.128/25
192.126.2.0/23
192.126.4.0/22
192.126.8.0/21
192.126.16.0/20
192.126.32.0/19
192.126.64.0/18
192.126.128.0/19
192.126.160.0/20
192.126.176.0/22
192.126.180.0/25
192.126.180.128/26
192.126.180.192/29
192.126.180.200/32
185.72.178.1/32
185.72.178.2/31
185.72.178.4/30
185.72.178.8/29
185.72.178.16/28
185.72.178.32/27
185.72.178.64/26
185.72.178.128/26
185.72.178.192/27
185.72.178.224/30
185.72.178.228/31
185.72.178.230/32
45.43.26.101/32
45.43.26.102/31
45.43.26.104/29
45.43.26.112/28
45.43.26.128/26
45.43.26.192/29
45.43.26.200/32
192.126.135.1/32
192.126.135.2/31
192.126.135.4/30
192.126.135.8/29
192.126.135.16/28
192.126.135.32/27
192.126.135.64/26
192.126.135.128/26
192.126.135.192/29
192.126.135.200/32
192.126.159.1/32
192.126.159.2/31
192.126.159.4/30
192.126.159.8/29
192.126.159.16/28
192.126.159.32/27
192.126.159.64/26
192.126.159.128/26
192.126.159.192/29
192.126.159.200/32
91.238.114.1/32
91.238.114.2/31
91.238.114.4/30
91.238.114.8/29
91.238.114.16/28
91.238.114.32/27
91.238.114.64/26
91.238.114.128/26
91.238.114.192/27
91.238.114.224/28
91.238.114.240/29
91.238.114.248/31
91.238.114.250/32
46.148.31.1/32
46.148.31.2/31
46.148.31.4/30
46.148.31.8/29
46.148.31.16/28
46.148.31.32/27
46.148.31.64/26
46.148.31.128/26
46.148.31.192/27
46.148.31.224/28
46.148.31.240/29
46.148.31.248/31
46.148.31.250/32
46.148.30.1/32
46.148.30.2/31
46.148.30.4/30
46.148.30.8/29
46.148.30.16/28
46.148.30.32/27
46.148.30.64/26
46.148.30.128/26
46.148.30.192/27
46.148.30.224/28
46.148.30.240/29
46.148.30.248/31
46.148.30.250/32
89.36.216.1/32
89.36.216.2/31
89.36.216.4/30
89.36.216.8/29
89.36.216.16/28
89.36.216.32/27
89.36.216.64/26
89.36.216.128/26
89.36.216.192/29
89.36.216.200/32

This seems like a screenshot from a traffic report.

You need to give us IPs from the MySQL database. It's in the "Faucetinabox_IPs" table.

But it will only check against "flagged" IPs.

I have been thinking about the opposite. Something like a members only faucet. IP and wallet will be checked at sign up and at every claim ever after. It would allow the faucet to "bind" a wallet to the ISP of the user.



I found another service like NastyHosts and it is really amazing. I combine it with NastyHosts. I've noticed that NH sometimes passed an obvious VPN while the other service didn't.

can we maybe make a centralized service similar to nastyhosts where faucet owners submit bad IPs and other faucet owners can query for it?

it will have problems like false positives, but if we weight it out with more respectable/trusted inputs, I think it can work rather well

edit: let's pull our resources together!

attacker using difference ip`s. i blocked  ip`s via CIDR tool in faucetbox admin panel.but  faucetbox script can not block! i think script dosent work!
i added this code 3 hours ago!
216.189.157.1/32
216.189.157.2/31
216.189.157.4/30
216.189.157.8/29
216.189.157.16/28
216.189.157.32/27
216.189.157.64/26
216.189.157.128/25
216.189.158.0/24
216.189.159.0/25
216.189.159.128/26
216.189.159.192/29
216.189.159.200/32
again this ip claim from my faucet:
.at the screen shot we can see this ip:216.189.157.89
https://i.imgur.com/DbXDGl2.png
also i saw user agents in my cpanel from this address: http://www.qtweb.net/

Can you go into your database and show some of the IPs that were being used to claim?

If you could provice a few IPs we might be able to help preventing the scammers (or bots) as you call them from coming back.

Same here. Sorry for flaming.
Just wanted to help others.

i lose 0.2btc less than 15 hours[ 1.5 btc till now] from bot attacks! altough our balance is full for always.

to this I agree completely.

sorry for flames.

Guys, it's irrelevant if captchas can by solved automatically or not. Current protections (captcha, timer per IP address) can be bypassed one way or another, it doesn't really matter how. The only thing that changes is whether we can call abusers bots, human-assisted scripts or rotators with built-in proxy switcher. The effect is the same: drained faucets, and there's only one solution: checking IP addresses.

It's so easy to walk away without giving proof.

"Hey everybody, my mission is to warn people about a coming alien invasion tomorrow. I'm not here to make you feel safe. There's no proof. But believe me and my word, it is coming!"


You can use all the fancy words and explanations. Without proof it means nothing.


If I reached one faucet owner with my original post; If I have helped one faucet owner to prevent on ore more scammers of claiming, but goal has been achieved.

BitBustah out.

not all words are clear/not all sounds are clear = that is called noise reduction and is the first step in every decent OCR/voice recognition system.

I told you I'm not going to "show" anything to you. my mission here is to warn people, not to make them feel safe in their imaginary castles.

you should read up about how recaptcha works (it's a neural net, trained by our input). if you believe that it's impossible to train another net with the same input, OK, more power to you.

Sure, I'll accept this answer as being true. Now again, show me proof. Show it to me. You can't. Again, sorry.

OCR = Hard to do when the characters are distorted, rotated, blurred, ...
"Find woman/rotate animal" = True. Have you seen the head images? They are NEVER thesame. They are of 3D heads; They always have a different angle of view, size, color, sharpness... They are never thesame. Try printscreening some of them and compare them. Same with the animals. Never thesame. Oh, I forgot mirrored.

"Listen to those sounds" = Not all words are clear. High fail rate in this.

"reCaptcha neural net" = Yeah sure. Services offering to solve them.


Show it to me.

A bot that uses a service with input from people isn't a bot anymore. I knew about this one, thanks.

It messes me up that the moderators of such a great forum on such a great topic (bitcoin) allow services like these to be advertised alongside the faucet owners. It's like 2 sides trying to fight eachother.

One side is offering ways to drain faucets. One side is trying to keep out scammers that drain those faucets. So sad.

no one is going to post such script because it's making them money.

I can tell you the algorithm, though...

"Type the letters" = OCR
"Find woman/rotate animal" = Computer vision
"Listen to those sounds" = Voice recognition
"reCaptcha neural net" = reCaptcha solving neural net

tech. on the left side of the table is being developed by private companies. tech on right side of the table is developed world-wide, in academic, commercial, open-source, hacker, etc environments.

but feel free to believe whatever you want.

Edit: and if you ask the captcha providers themselves, they'll tell you it's not about drawing a fine line between human/machine. it's about A RATIO of successful testing. the ratio changes in bot's favor as soon as captcha providers stop providing new challenges.

Sorry for being harsh and impolite. I'm really not like this in real life. The goal was indeed to change the way this is being discussed. Thank you for seeing this. I hope others see it too.




Thank you for agreeing with me. Let's hope others will understand this too.