Author

Topic: Is my faucet under a bot attack? (Read 304 times)

newbie
Activity: 10
Merit: 0
October 01, 2017, 01:49:32 AM
#14
Reopened Faucet to see if the problem continues

xnd
sr. member
Activity: 297
Merit: 250
@DEVRAWL
October 01, 2017, 01:41:19 AM
#13


{"ip":"45.35.114.213","asn":40676,"isp":"AS40676","countryCode":"US","countryName":"United States","hostname":"45.35.114.213","block":1}


Yea, he is
newbie
Activity: 10
Merit: 0
October 01, 2017, 01:39:44 AM
#12
Thanks! But CoinBox scrip also have IPHub too, I also tried claiming using VPN/Proxy and its failed. I don't think the guys who's behind this its using VPN/Proxy.
xnd
sr. member
Activity: 297
Merit: 250
@DEVRAWL
October 01, 2017, 01:29:06 AM
#11
You won't be having any issues if you would have been using IPHUB.

{"ip":"45.35.114.213","asn":40676,"isp":"AS40676","countryCode":"US","countryName":"United States","hostname":"45.35.114.213","block":1}

There are A LOT of bot attacks from VPNS using different IPS and coin addresses.

Basically, when you look at the logs, you see one claim per IP per coin address and you wouldn't know that was a bot or not.

The only thing they have in common is that they are coming from VPN providers.

This is where IPHUB comes into place, it blocks anything listed as VPN/Proxy (99,99% of bot attacks).

Not sure if this will work but you could try adding this code to your index.php right under
Code:
if (!empty($_POST)) {
$whitelist = array('17.17.0.37', '54.87.138.13');
if (!in_array($_SERVER['REMOTE_ADDR'], $whitelist)) {
$ip = $_SERVER['REMOTE_ADDR'];
$name = $user['address'];
            $time = date("d-m-Y h:i:sa ");
            $handle = fopen("blockedips.txt","a");
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_URL, 'http://v2.api.iphub.info/ip/'.$ip);
            curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Key: YOUR-IPHUB-API'));
            $result = curl_exec($ch);
            curl_close($ch);
 
            $obj = json_decode($result, true);
            if($obj['block'] == '1'){
                    fwrite($handle, "". $time . " : " . $ip . " : FB-BTC : " . $name . "\n");
                    fclose($handle);
                    header("Location: http://address.com/blocked.php");
                    die();
            }
}
}

Just edit the YOUR-IPHUB-API key with your own (u need to create an account to get an api key- it's free)

Also, you can create a custom blocked.php page where visitor blocked is notified that he has been blocked due to vpn use

Good luck! Smiley
full member
Activity: 154
Merit: 100
October 01, 2017, 01:05:32 AM
#10
Bot still attacking, although the API its disabled.
Look: https://imgur.com/a/9Zwzg

Remove that script...
newbie
Activity: 10
Merit: 0
October 01, 2017, 12:52:25 AM
#9
Bot still attacking, although the API its disabled.
Look: https://imgur.com/a/9Zwzg
full member
Activity: 154
Merit: 100
October 01, 2017, 12:49:43 AM
#8
there is no problem with both script, this bot is claimming many faucet, just check it's faucethub stat.

If the attacker can make the bot works, the problem is from the script...is logic
hero member
Activity: 1540
Merit: 508
October 01, 2017, 12:41:40 AM
#7
there is no problem with both script, this bot is claimming many faucet, just check it's faucethub stat.
full member
Activity: 154
Merit: 100
October 01, 2017, 12:27:37 AM
#6
I see that you have a timer, did you have it when you was attacked? Did you check traffic? Maybe they were real users. Login in cpanel and check logs
I do have a timer when my faucet was under attack but they cant be real users (maybe) because they're all claimed at the same time.
Coinmedia.co shows that my website have a total visit of ~3000 and 28 clicks in 5 days.
Am I be able to post btc address that has been claiming at my faucet here?

I dont know if its ok, maybe the script that you are using have a bug and the attacker know that...
The first script I was using its Alpha Script then I switched to CoinBox script which has IpHub integrated that helps me block VPN/proxy. I dont think its the script's fault.

Cloudflare can get rid of vpn proxy..
 You dont need those features... So, did you check the logs, there are different ips but sending to the same address? If its this, your vpn/proxy protection does not work. If not, the attacker somehow pass the timer, but there remain the captcha, recaptcha is hard to pass, even if use of 2captcha service it wont worth. The last thing i can say is that your script was broken...
newbie
Activity: 10
Merit: 0
October 01, 2017, 12:19:51 AM
#5
I see that you have a timer, did you have it when you was attacked? Did you check traffic? Maybe they were real users. Login in cpanel and check logs
I do have a timer when my faucet was under attack but they cant be real users (maybe) because they're all claimed at the same time.
Coinmedia.co shows that my website have a total visit of ~3000 and 28 clicks in 5 days.
Am I be able to post btc address that has been claiming at my faucet here?

I dont know if its ok, maybe the script that you are using have a bug and the attacker know that...
The first script I was using its Alpha Script then I switched to CoinBox script which has IpHub integrated that helps me block VPN/proxy. I dont think its the script's fault.
full member
Activity: 154
Merit: 100
October 01, 2017, 12:18:05 AM
#4
I see that you have a timer, did you have it when you was attacked? Did you check traffic? Maybe they were real users. Login in cpanel and check logs
I do have a timer when my faucet was under attack but they cant be real users (maybe) because they're all claimed at the same time.
Coinmedia.co shows that my website have a total visit of ~3000 and 28 clicks in 5 days.
Am I be able to post btc address that has been claiming at my faucet here?

I dont know if its ok, maybe the script that you are using have a bug and the attacker know that...
newbie
Activity: 10
Merit: 0
October 01, 2017, 12:07:38 AM
#3
I see that you have a timer, did you have it when you was attacked? Did you check traffic? Maybe they were real users. Login in cpanel and check logs
I do have a timer when my faucet was under attack but they cant be real users (maybe) because they're all claimed at the same time.
Coinmedia.co shows that my website have a total visit of ~3000 and 28 clicks in 5 days.
Am I be able to post btc address that has been claiming at my faucet here?
full member
Activity: 154
Merit: 100
September 30, 2017, 11:57:04 PM
#2
I see that you have a timer, did you have it when you was attacked? Did you check traffic? Maybe they was real users. Login in cpanel and check logs
newbie
Activity: 10
Merit: 0
September 30, 2017, 11:42:30 PM
#1
Hi,
Recently my faucet satoshis was draining very fast because of someone who has been claiming 24/7 they claimed at the same time or after each one 1 minutes.
alphafaucet.cf
Some screenshots
https://imgur.com/a/FGdK4
Jump to: