Updated - 'Not an access provider or ISP' list:
https://bitcointalksearch.org/topic/m.131258672nd list for Hosting / Virtual Servers / Dedicated / Cloud / VPS / Colocation etc.,
- Confirmed domains with currently
Unconfirmed Reverse look-up addresses.
Now working on a Reverse look-up list for known VPS / Proxy / Cache providers.
Using the Bad-Behavior Anti-SPAM script (+ httpbl_key) and this list within the FaucetBox.com Script (NastyHosts.com enabled) and not seeing very many bots getting through. Probably less still once cloudflare is re-enabled, after some more testing.
Thank you very much for your help friend, but what is httpbl_key?
i Think it is not permanent solution to bots. Cloudflare Browser checking before accessing website feature is far more better than any of above features. How many VPS and proxy IPs will you block. it is too much hard to block all bots IPs
What I have posted is a multi-pronged solution, which is also fully compatible with cloudflare and the FaucetBOX.com script.
Faucet admins. can use the hostnames lists within the FaucetBOX.com script
and the Bad-Behavior script
and cloudflare, together in combination .
-
https://bitcointalksearch.org/topic/m.13122044As an example for just how effective this is for blocking VPN and proxy providers from a faucet we can look at zenmate.com (a known and popular VPN provider that also has a free browser plug-in). Some of their proxies have a reverse look-up as zenmate.com and they currently operate 4 free locations (with multiple IP ranges) in Hong Kong, Romania, USA and Germany - the Hong Kong location uses pacswitch.com , the Romania location uses voxility.net and the USA and Germany locations use leaseweb.com / leaseweb.net . Thus, by using this list in combination with FaucetBOX.com / NastyHosts.com (provided look-up service) we are already blocking access to the faucet from this VPN / proxy provider (without any IP blocking being necessary). Furthermore, blocking said 'Not an access provider or ISP' ranges also blocks thousands of other VPN and proxy users with accounts on these hosts.
Cloudflare simply does
not block any or all known proxy and VPN accounts having clean traffic and only good User-Agents. They only block traffic known to be 'bad' and/or that which appears to be questionable (i.e. 'bad' User-Agent or originating from a Hijacked IP range or recently participating in a DDoS attack or being part of a botnet etc.) and even then, they are mostly only presenting these bots with captchas, which for advanced bots, being capable of completing captchas are actually often passable !
Using the Bad-Behavior Anti-SPAM (and the mod. script) will also help to block loads of other junk from a faucet website and when used in combination with cloudflare will provide very comprehensive web security, making 'gaming' your faucets that bit more difficult. The Bad-Behavior script actually improves cloudflare security - being a locally hosted, rule based firewall, compatible with the existing cloudflare solution.
Adding a free httpbl_key into Bad-Behavior from projecthoneypot.org will screen and block known 'bad' IP's listed in their database, having been seen across multiple sites and honeypots. The reality being that many Hijacked IP ranges and existing Botnets are capable of making claims from faucets on mass. Moreover, many Tor exit nodes have a current listing with projecthoneypot.org and so this method will effectively block Tor. Again, loads of Tor exit nodes are also hosted in the 'Not an access provider or ISP' list.
Using direct proxy detection / proxy blocking in your .htaccess is also an option as an extra layer of security.
-
https://perishablepress.com/how-to-block-proxy-servers-via-htaccess/ and
https://perishablepress.com/block-tough-proxies/Trying to block by individual IP addresses is largely ineffective and way to time consuming.
