Author

Topic: Security patch for Xapo faucet script (Read 342 times)

hero member
Activity: 504
Merit: 501
August 06, 2016, 12:27:24 AM
#6
reserved
hero member
Activity: 504
Merit: 501
August 06, 2016, 12:27:08 AM
#5
reserved
hero member
Activity: 504
Merit: 501
August 06, 2016, 12:26:59 AM
#4
reserved
hero member
Activity: 504
Merit: 501
August 04, 2016, 04:58:12 PM
#3
 Security Patch v1.3


Put this .htaccess in root : http://bitcoinfaucetrelay.com/wp-content/uploads/2016/08/htaccess.zip




This blocks Russia,TOR and most VPN then redirects to another page of your choice when detected
, also speeds up your site.
hero member
Activity: 504
Merit: 501
August 04, 2016, 04:44:05 PM
#2
Security Patch V1.2 :



Got to index.php in the main root and find this:

Code:
$response = @file('http://verify.solvemedia.com/papi/verify?privatekey=' . $settings['solvemedia_verification_key'] . '&challenge=' . rawurlencode($captchaChallange) . '&response=' . rawurlencode($captchaResponse) . '&remoteip=' . $ip);

  if (!isset($response[0]) || trim($response[0]) === 'false'){
    $view['main']['result_html'] = '

Wrong captcha!

';
    $message                     = "Wrong captcha";
  }
 
$q = $sql->prepare("select * from users where LOWER(username) = LOWER(?) or ip = ? order by claimed_at desc");
  $q->execute(array($username,$ip));
  $row = $q->fetch();

Put this code right underneath the one you find above:

Code:
//We do not allow proxy here

 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
{
  $view['main']['result_html'] = '

Bots not allowed !! If you are not a bot and not on a proxy, i still cant help you !

';
    $message                     = "Proxy";
    goto error;
  }
  //end proxie check

This will stop proxies and throw a message as you can see in the picture


hero member
Activity: 504
Merit: 501
August 04, 2016, 04:20:39 PM
#1
Ok guys, there is another hack that can be fixed by replacing this code in your index.php file not the one in style.


 Patch V1.1


find this code
Code:
if($response->success){
      $view['main']['result_html'] = '

Congratulations you have won '.$amount.' Satoshis !!!

';
      $url = get_main_url()."?r=".$username;
      $view['main']['ref_link'] = '

Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'

';

and replace with this


Code:
if($response->success){
   header('Refresh: 30;url=change to your faucets url');
 $view['main']['result_html'] = '

Congratulations you have won '.$amount.' Satoshis !!!

';
      $url = get_main_url()."?r=".$username;
      $view['main']['ref_link'] = '

Share your referal link and earn a '.$settings["referral_percentage"].'% lifetime bonus. Your referal link is '.$url.'

';

This redirects back to your page after 30 seconds so that the captcha resets so that a imacro program cannot be programmed to just refresh and get credit every hour when they are sleeping. i would suggest do this immediately!  Make sure you put your faucet address where is says change to your faucet url.
Jump to: