Topic: FaucetBOX.com Discussion - page 77. (Read 237001 times)

First, let me thank you for your post. Although it's harsh and could be written in more polite way, I agree with most of it and I hope it'll change the way this issue is discussed.

Now about captcha. Yes, automated scripts can't solve captchas on their own. But there are human powered services like https://2captcha.com/, where an automated script can send a captcha and will receive a solution made by a real human. Last time I checked it was about 170 satoshi per one solve.

EDIT: here's a sample bot that uses these services: http://www.autoclickbots.com/product/coincollector-v3/ .

I'll put my money where my mouth is. Show me a script or application that can bypass Recaptcha. Your cred is on the line here. Show me.

You cant. Sorry.


Edited: Anything will do. I (and I guess everyone on this forum) will be easily satisfied. A script, bot, ... anything will do.

Edited again: It's easy to say there is without proof. Hey, did you see that major UFO over the United States yesterday? I can't prove it, but it was really there. Believe me.


I'm not replying to these messages anymore because it is a total waste of time.

no, it's very simple to bypass most captchas using little to moderate programming skill. sorry.

Two last things:

I do not see one good use for using CloudFlare. What is this "bot protection"? Do you guys understand it?

CloudFlare will stop "bots" and DDOS attacks. It will stop requests from IPs and related IPs, but only when there are too many requests coming from them within a short period of time.

There's no proof that VPN users will be blocked.






A few days ago I had 240+ VPN users on my faucet. I watched many wallets using the FaucetBOX check thinghy. A LOT of major faucets were being drained. It's not only the small faucets that are being hit.

I need to unwatch this topic because I'm getting fed up with some of the nonsense I'm reading here. I believe in democracy and I respect everyones opinion. But I also believe that I can call it nonsense.


---

WHAT YOU CAN DO AS A FAUCET OWNER

As a faucet owner you need to monitor the IPs that were used to claim, every day. This _will_ take time.
Anti-bot links, MULTIPLE captchas, asking for email addresses... It doesn't matter.


You. Need. To. Check. IP. Addresses. You can not do that using the FaucetBOX script; You need to enter the MySQL database and overview the IPs manually. Or create a simple script like I did.


Once you have those IPs, you need to do some checks: To which company belong these IPs?
If they belong to an ISP, it's OK. If they belong to a webhosting company, cloud service company, VPN company, ... It's not OK.


You need to find out which IPs belong to that company and block them ALL using the IP to CIDR option. You can use the RIPE, ARIN, ... databases to find out which IP ranges belong to which companies. RIPE, ARIN etc are the "companies" that run the internet. They have ALL the information you need. No need to pay other companies like MaxMind. You can do that yourself.


Just blocking the hostname(s) is NOT ENOUGH. The hostname is being fetched from the NastyHosts service. If NastyHosts is offline -some websites go offline sometimes- the host blocking measurement is not working. I tested it myself. That's why you need to block hostnames AND IP addresses.


After you have done that, you will need to block the wallets that were used by these scammers. Again, you will need to go into your MySQL database or use a script. If VPN users have to create new wallets over and over they will earn less and need to set a lower withdrawal amount on FaucetBOX. They will also need to pay more fees. That's why ALL faucet owners should do their own "detection" instead of relying on other faucet owners to provide scamming wallets, IPs and hostnames. Running a decent faucet is HARD work.



ABOUT VPNs, PROXIES AND BOTS

I've read here that some people still allow VPN users because their ad income will go down. Personally I think that's a retarded reason.

VPN users and proxy users have thesame goal: Hide their actual IP address. They do this just to steal YOUR money. VPN users steal 2 times: Once from the faucet owner, once from the advertisers that are using the faucet.

Ad services (like fi Bee-Ads and others) DO profit from VPN traffic: The ads will get more views, sometimes even more "clicks" and the advertisers budget will dry up faster.
Which all results into: The ad service itself will make more money from its advertisers. That's the world we live in. I think that's totally unfair to advertisers.


The whole "bots"-discussion is getting out of hand and totally ridiculous. This is the last time that I'm saying it: A bot is an automated script or application AND IT CAN NOT bypass the captchas, wether it is FunCaptcha, Recaptcha, ... If you are reading this and you are not agreeing; Again and again: SHOW ME PROOF. I have years and years of experience in programming. It can not be done. Show me proof, I'm begging you, please. I will pay you for it.

I keep spotting and reading about new faucet owners with less or no programming knowledge who believe that "bots" are bypassing their captchas etc. Come on people, you really believe this?

Bots can't do it. It's simple. The answer is on this forum. The "bots" are actual people solving the captchas.The services section of this forum is full of captcha solving offers. The "official" explanation is that these captchas are being entered for testing purposes. Come one people, how stupid are you if you believe this? Just imaging: Google is paying in BTC to test their captchas? If you believe this, you shouldn't be allowed to handle money.

I've read somewhere: "People can not change their IPs within seconds. It must be bots."
Again, ridiculous. A VPN user can change IPs within a second. New IP, new wallet and you're good to go. Using a script or application to claim within seconds DOES NOT MAKE YOU A BOT. A bot is an automated script or application that works WITHOUT user input.



ABOUT FAUCETBOX

Don't you guys just blame FaucetBOX; They are just a "micro wallet" which is temporarily accumulating the satoshi. I have never had one problem with them. All this sh*t about API keys getting stolen is bullsh*t. If your API key was stolen and you think FaucetBOX is behind it than you need to show some proof. Perhaps your site/server is insecure and your key got stolen there?

Read point one. You are responsable for your faucets security.

- Keep an OFFLINE file with all your passwords.
- NEVER use thesame password twice.
- Create LONG and DIFFICULT PASSWORDS.



FINALLY

Running a faucet isn't just putting a script up and watch the money come in. It takes work, work, work... And still I'm not breaking even.

You need to look into yourself and find out if you are a faucet owner for the money or for the fun.

My goal is to earn 1 BTC this year. I'm not willing to scam ANYONE to get it. I still need to sleep at night.

My 2 cents.

Geoblocking doesn't help, there's no specific correlation between countries and bots.
Nastyhosts isn't perfect, but it's free.
All bots need is just an access to your site, just like a regular user.


To get around captchas they use services like this: http://www.deathbycaptcha.com/user/login. In short, there's a real human sitting on the other end doing nothing but solving captchas for money.

To be honest it's not really FaucetBOX.com responsibility to protect faucets from bots. FaucetBOX.com is a payment cache, not a bot protection service. However we do what we can (Nastyhosts, honeypots, settings that limit the impact of bots etc.) and it's almost the only thing we're focusing on right now.

Now to what you can do more is:
1. use CloudFlare with high security settings. I heard that helps a lot. And for CloudFlare bot protection is actually one of core functions.
2. use safety limits in FaucetBOX.com Dashboard. While they won't stop the bots, they'll at least stop them from stealing all your coins in 2 minutes...
3. use a proper fraud detection service like https://www.maxmind.com/en/minfraud-services . Now that's possibly impossible given how expensive they are, but that shows how hard this issue actually is. You can also contact the guy behind http://getipintel.net/ for the cost of using it for a faucet (the free 15 reqs per minute / 500 reqs per day won't be enough usually)

I now limited the toatal payout to 276 satoshi per 30 minutes, but still they manage to get around, I see still more than that disappear in less than 2 minutes, how is that possible? Even changes on Faucetbox itself don't seem to havy any influence on these bots. They get around the timer by changing IP's but how do they get around the (Fun)captcha?.

And still I think Faucetbox should focus more on security of faucets (it's too easy to compromise). Otherwise I can just as well throw my money down the sewer,

If they have your api key they could just empty your faucet with 1 claim.

Since yesterday my bitcoin faucet (see my profile for link) is been compromised again.
Even after putting the geo-blocking back in and manually add IP's to deny in .htaccess they start stealing again as soon as I release the faucet to public.

The first time they stole I forgot to enable Nastyhosts, I didn't forget this the second time (created new faucet ith new API-key).
My faucet lasted 4 days without suspicious activity this time.
What do those bots need to be able to steal so many coins? Do they get hold of the API-key or something (how come they can still steal after a 403 applies to them?) I can only think of them stealing the API-key, because they don't need access to my website then.
Are there any more security measures I can take than I alrady took (config.php secured and geo-blocking in .htaccess, Tor/VPN/proxy via nastyhosts)?

It looks like Nastyhosts is not working properly and I am getting a bit sick of people who can't play the game honestly.

That's not an error from the script, looks like someone just tried to visit /xmlrpc.php on your faucet. There are exploits for this file, so I guess just a random crawler. Not related to 500 error and nothing to worry about.


You're using new template files (~r60 I guess) with and old index.php file (~r50?). You didn't update properly.
Also these Notices wouldn't cause 500 error. There must be some other error.


A few days.

@Kazuldur

Good day!

I have added my faucet on "Promo", it's been like 15-17 hours since then.

When do you guys add faucets on your rotator?

(www.FaucetGame.com)

5 minutes claims, 50% ref bonus

I'm late but i tried to update tonight and i get the same error in browser (error 500) and in my logs i get:

[Fri Jan 08 21:03:23.471528 2016] [lsapi:error] [pid 33086:tid 140190131648256] [client 37.59.232.247:40563] mod_lsapi: [host captchas.rocks] Could not stat script filename (/home/captc174/public_html/xmlrpc.php): errno 2

PHP ver is: 5.4.45

+ more logs:
 PHP Notice:  Undefined index: address_input_name in /home/captc174/public_html/templates/default/index.php on line 155
 PHP Notice:  Undefined index: captcha_info in /home/captc174/public_html/templates/default/index.php on line 162
 PHP Notice:  Undefined index: disable_admin_panel in /home/captc174/public_html/templates/default/index.php on line 199
 PHP Notice:  Undefined index: button_timer in /home/captc174/public_html/templates/default/index.php on line 207
 PHP Notice:  Undefined index: block_adblock in /home/captc174/public_html/templates/default/index.php on line 21

Some times it might have been taking longer but I have never missed a payment from FaucetBOX. I don't really understand why people are complaining.. Never had one problem with FaucetBOX...? :s

Caching the payments and withdrawing them in batches, and not on demand, is what makes faucets possible at all. Otherwise fees for the Bitcoin network are too high. The threshold would need to be about 0.01 BTC instead of just 13k satoshi in such case.
What's your address? I'll check what's wrong.

I can check my stats all i like in faucetbox, problem is some of my wallet addresses in faucetbox are ov
erdue in paying out.
why can't we manually withdraw if we got over our payout treshold? clearly the automated withdrawal stinks, as it doesn't work most of the time.

asap remove ads and report AdSense for bad clicks this will save your AdSense.

Yeah I just found out this is what I got banned for.

Some one is clicking on my Adsense and some other ads so much. Is any one noticed any such activity on there Website Ads.
I might be banned from adsense soon

You are awesome man, thanks a lot!

Log in and click promo from Your faucets list.