〖ⓉⓊⓉⓄⓇⒾⒶⓁ〗 Stop Bots + Proxies From Using Your Faucet

pkhuba082

newbie

Activity: 39

Merit: 0

Hi,

Thanks for your support and help

Can anyone help me how to implement this code in Wordpress site?

Thanks

Butord

member

Activity: 95

Merit: 10

Quote from: FaucetRank.com on September 18, 2016, 12:21:27 PM

Quote from: Butord on September 18, 2016, 06:56:01 AM

Is there a method to block certain btc address if I'm not using faucetbox script? Yjahnks

Which script are you using 1st tell me. If you' are using xapo than I can help you easily. It's very easy to block email add or btc address.
…………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹……………

I'm using paytoshi script. Actually I've already have the code. Yje only problem is where to add it

FaucetRank.com

hero member

Activity: 868

Merit: 500

Quote from: Butord on September 18, 2016, 06:56:01 AM

Is there a method to block certain btc address if I'm not using faucetbox script? Yjahnks

Which script are you using 1st tell me. If you' are using xapo than I can help you easily. It's very easy to block email add or btc address.
…………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹………………………₹₹₹……………

Butord

member

Activity: 95

Merit: 10

Is there a method to block certain btc address if I'm not using faucetbox script? Yjahnks

alw1tt

newbie

Activity: 4

Merit: 0

There is always a fix... Wink

Open your Template index.php

Replace:

Code:

echo $data["reflink"]; ?>

with:

Code:

echo str_replace("math.php","",$data["reflink"]); ?>

That's it! Cool

Gifted

hero member

Activity: 504

Merit: 501

use a

and closing

alfaboy23

hero member

Activity: 546

Merit: 500

Quote from: alw1tt on July 20, 2016, 12:00:56 AM

...

And there is a Problem!
After using this math script, the referral link become:
-- http://yoursite.com/faucet/math.php?r=1XX9xXXZ3XTXXX5kTXxXKCvxkiXNXxdGXN
Instead of:
-- http://yoursite.com/faucet/?r=1XX9xXXZ3XTXXX5kTXxXKCvxkiXNXxdGXN

How to fix it?

I've asked that a long time ago

Quote from: alfaboy23 on May 14, 2016, 11:13:56 PM

I use the math captcha but there is a slight problem,
The referral becomes http://xfaucet.digi-eye.xyz/math.php/?r=address instead of the original http://xfaucet.digi-eye.xyz/?r=address

Notice the math.php appended on the original ref link? Is there a way to fix that?

But, still no answer, it seems that there is no fix for this.

alw1tt

newbie

Activity: 4

Merit: 0

Quote from: AlexAce420 on October 17, 2015, 10:01:53 AM

http://i51.photobucket.com/albums/f353/Ace_Of_Fades/Untitled-1_zpsnfwjriuq.png

Everything in this tutorial is being used on my faucet. Check it out HERE to see it in action!

Step Four

In step four we will be adding a simple math question displayed as an image as a second captcha. Faucet users cannot claim their satoshi until the math question is solved.

Download PHP captcha HERE extract it and add the "captcha" folder to your root directory. If you don't trust that download you can find the original HERE, it will require some configuring though.

Now open your template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) paste the following code at the very top line above :

Code:

(); ?>

Paste the following code where you would like the equation to appear

Code:




[ New Problem ]

Now you need to create a PHP document. I use a program called Notepad++, however any text editor will work. Create a new document, then paste in the following code:

Code:


include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
  // the code was incorrect
  // you should handle the error so that the form processor doesn't continue

  // or you can use the following code if there is no validation or you do not know how
  echo "I'm sorry but you have to answer the math question correctly!.";
  echo "Please go back and use a caculator.";
  exit;
}

?>

Keep the document open. Open your faucet index page, it will most likely be index.php in your ROOTDIRECTORY. (Not the template index.php) Now press CTRL+A and select everything and copy it. Go back to the document you were just making and paste it on the very bottom, underneath the ?> Now save the file as what ever you want, I called mine math.php.

Go back to your faucet template file (ROOTDIRECTORY/faucet/templates/YOURTEMPLATE/index.php) search for the following:

About the Step 4... Why don't you just use:

Code:

include_once $_SERVER['DOCUMENT_ROOT'] . '/faucet/index.php';

Instead of select everything, copy it, go back to the document you were just making and paste it on the very bottom?

And there is a Problem!
After using this math script, the referral link become:
-- http://yoursite.com/faucet/math.php?r=1XX9xXXZ3XTXXX5kTXxXKCvxkiXNXxdGXN
Instead of:
-- http://yoursite.com/faucet/?r=1XX9xXXZ3XTXXX5kTXxXKCvxkiXNXxdGXN

How to fix it?

kaytokeyos

sr. member

Activity: 339

Merit: 250

Quote

include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue

// or you can use the following code if there is no validation or you do not know how
echo "I'm sorry but you have to answer the math question correctly!.

";
echo "Please go back and use a caculator.";
exit;
}

?>

how about i change this script
echo "Please go back and use a caculator.";
to this
echo "Please go back and use a caculator.";

its ok?

if i use script above i got eror but if i change the link its work

minifrij

legendary

Activity: 2352

Merit: 1268

In Memory of Zepher

Quote from: Swagtoshi on June 23, 2016, 10:18:39 AM

I was wondering what gifted's index.php script did.

The new index.php script added this code at lines 1575 - 1614:

Code:

//We do not allow proxy here		
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))		
	die("It would apprear you're using a proxy, so please, go fuck yourself!");		
			
function checkProxy($ip){		
	$contactEmail="[email protected]";		
	$timeout=3; 		
	$banOnProability=0.99;		
					
	$ch = curl_init();		
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);		
	curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);		
	curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");		
	$response=curl_exec($ch);					
	curl_close($ch);		
									
	if ($response > $banOnProability) {		
		return true;		
	} else {		
		if ($response < 0 || strcmp($response, "") == 0 ) {		
			//There's a lot of comment here that I removed, look it up on the index.php file if you're interested in what it says		
		}		
		return false;		
	}		
}		

$ip=$_SERVER['REMOTE_ADDR'];		
if (checkProxy($ip)) {		
	echo "It would apprear you're using a proxy, so please, go fuck yourself! ";		
}
?>

Basically, here is what it does:

Code:

if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))		
	die("It would apprear you're using a proxy, so please, go fuck yourself!");

If port 80 is open on the user's computer, then display the message in the die("") and kill the rest of the script. I've explained previously why doing this can cause a lot of false positives, you can read it here:

Quote from: minifrij on June 02, 2016, 08:13:08 AM

Quote from: Gifted on May 30, 2016, 07:18:44 PM

...

This would likely work somewhat, however would throw some false-positives for anyone with Port 80 on their network open (E.G running a web server, using a public WiFi network and other things all may have Port 80 open), not to mention this port can simply be remapped if needed meaning attackers can bypass this anyway. You can even check if it is open on your network here, if it is this script will block you.
...
OpenVPN automatically uses Port 80, however this can be remapped to a different Port as the page describes allowing it to pass. My AWS VPS currently has Port 80 closed, meaning this script would let me pass using it.

It would probably work for some bots, however it is not completely foolproof and may stop real users accessing your faucet.

Code:

function checkProxy($ip){		
	$contactEmail="[email protected]";		
	$timeout=3; 		
	$banOnProability=0.99;

Create a function which will be called later and create three variables inside of it. These variables are:

Some random e-mail address, not too sure what that is for (as it is not used anywhere else in the script).
The amount of seconds for PHP to try to access the URL. If the URL can't be found in this amount of seconds (3) then the connection will die.
If the URL returns higher than this number, then the user is banned - This should be explained more in the next few chunks of code. (It should also be spelled probability)

Code:

$ch = curl_init();		
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);		
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);		
curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");		
$response=curl_exec($ch);					
curl_close($ch);

This basically gets the content from the page http://check.getipintel.net/check.php?ip=USERSIP with the timeout set previously. GetIPIntel is a service that scores IP addresses on how 'bad' they are (E.G if they are a proxy or bot). However, this API is only free for a certain amount of requests per day (500 / 15 per minute), so if your faucet gets a lot of unique users this could do very little for you.

Code:

if ($response > $banOnProability) {		
	return true;		
} else {		
	if ($response < 0 || strcmp($response, "") == 0 ) {		
		//snip		
	}		
	return false;		
}

This code checks if the return from GetIPIntel is greater than the variable banOnProability. If it is, then the function returns true and marks the user to be blocked. Otherwise, the function returns false and lets them pass.
The if ($response < 0 || strcmp($response, "") == 0 ) { is used to find if the response was empty and if the server is having any problems, though the code doesn't do anything in this so it is somewhat useless (unless you want to edit it yourself).

Code:

$ip=$_SERVER['REMOTE_ADDR'];		
if (checkProxy($ip)) {		
	echo "It would apprear you're using a proxy, so please, go fuck yourself! 
";		
}

Finally, this piece of code gets the user's IP, checks it against GetIPIntel and if the function returns true, it says the exact same is if port 80 were open.
This is a more reliable method of detecting bots and other attackers than seeing if a port is open, however (unless you're winning to pay) it is only functional for 500 users per day.

There are no other changes to the original code as far as I can see, feel free to check it yourself using a difference checking tool. It should also be noted that this script only works with FaucetInABox version r63, as r64 changes the code in index.php significantly I believe.

vodaljepa

hero member

Activity: 658

Merit: 500

Quote from: Swagtoshi on June 23, 2016, 10:18:39 AM

I was wondering what gifted's index.php script did.

Probably steals your coins

Swagtoshi

full member

Activity: 261

Merit: 102

I was wondering what gifted's index.php script did.

minifrij

legendary

Activity: 2352

Merit: 1268

In Memory of Zepher

Quote from: Swagtoshi on June 22, 2016, 04:14:30 PM

What does that script do exactly?

Which script do you mean? The first one in the thread?

Quote from: Swagtoshi on June 22, 2016, 04:44:17 PM

How do bot get past the captchas exactly?

They use an API which sends the captcha's image to a server (for a small fee) where another person then solves it for a reward.

Swagtoshi

full member

Activity: 261

Merit: 102

How do bot get past the captchas exactly?

Swagtoshi

full member

Activity: 261

Merit: 102

What does that script do exactly?

Gifted

hero member

Activity: 504

Merit: 501

Quote from: Gifted on June 16, 2016, 06:54:02 PM

Quote from: wetrust on June 16, 2016, 06:18:33 PM

Quote from: Gifted on June 16, 2016, 06:10:28 PM

best thing to do is use Step Four

yes i did that step and step 2 also both work great
but it would be great if all proxy users can access main page but not get reward
i think this better for CPM ads ?

Try this !! Just replace the index.php with this on in the main root http://bitcoinfaucetrelay.com/wp-content/uploads/2016/06/faucetbox-fix.zip

bump for security update i made for faucetbox bots attacking

Gifted

hero member

Activity: 504

Merit: 501

Quote from: wetrust on June 16, 2016, 06:18:33 PM

Quote from: Gifted on June 16, 2016, 06:10:28 PM

best thing to do is use Step Four

yes i did that step and step 2 also both work great
but it would be great if all proxy users can access main page but not get reward
i think this better for CPM ads ?

Try this !! Just replace the index.php with this on in the main root http://bitcoinfaucetrelay.com/wp-content/uploads/2016/06/faucetbox-fix.zip

Gifted

hero member

Activity: 504

Merit: 501

so yes i have figured out how to do that for you using an xapo faucet... i will check it with faucetbox
Alfaboy you might want to use this

Code:

//Checks that the username is not empty
  if (!isset($_POST['username'])||$_POST['username']=="") {
    $view['main']['result_html'] = 'Missing email address!
';
    $message                     = "Missing email address";
    goto error;
  }

  $username = $_POST['username'];
   //Checks if the user has written something in the captcha box

  $captchaChallange = $_POST['adcopy_challenge'];
  $captchaResponse  = $_POST['adcopy_response'];

  if (empty($captchaChallange) || empty($captchaResponse)) {

    $view['main']['result_html'] = 'Missing captcha, try again!
';
    $message                     = "Missing captcha";
    goto error;
  }


  $response = @file('http://verify.solvemedia.com/papi/verify?privatekey=' . $settings['solvemedia_verification_key'] . '&challenge=' . rawurlencode($captchaChallange) . '&response=' . rawurlencode($captchaResponse) . '&remoteip=' . $ip);

  if (!isset($response[0]) || trim($response[0]) === 'false'){
    $view['main']['result_html'] = 'Wrong captcha!
';
    $message                     = "Wrong captcha";
  }
//We do not allow proxy here
 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("It would apprear you're using a proxy, so please, go fuck yourself!");

function checkProxy($ip){
		$contactEmail="EMAIL";
		$timeout=3; 
		$banOnProability=0.99;
		
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
		curl_setopt($ch, CURLOPT_URL, "http://check.getipintel.net/check.php?ip=$ip");
		$response=curl_exec($ch);
		
		curl_close($ch);
		
		
		if ($response > $banOnProability) {
				return true;
		} else {
			if ($response < 0 || strcmp($response, "") == 0 ) {
				//The server returned an error, you might want to do something
				//like write to a log file or email yourself
				//This could be true due to an invalid input or you've exceeded
				//the number of allowed queries. Figure out why this is happening
				//because you aren't protected by the system anymore
				//Leaving this section blank is dangerous because you assume
				//that you're still protected, which is incorrect
				//and you might think GetIPIntel isn't accurate anymore
				//which is also incorrect.
				//failure to implement error handling is bad for the both of us
			}
				return false;
		}
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy($ip)) {
	echo "It would apprear you're using a proxy, so please, go fuck yourself! 
";
}
  //timer check

Gifted

hero member

Activity: 504

Merit: 501

Quote from: wetrust on June 16, 2016, 06:18:33 PM

Quote from: Gifted on June 16, 2016, 06:10:28 PM

best thing to do is use Step Four

yes i did that step and step 2 also both work great
but it would be great if all proxy users can access main page but not get reward
i think this better for CPM ads ?

i will look into this and get back to you using better code then the one i posted

wetrust

newbie

Activity: 2

Merit: 0

Quote from: Gifted on June 16, 2016, 06:10:28 PM

best thing to do is use Step Four

yes i did that step and step 2 also both work great
but it would be great if all proxy users can access main page but not get reward
i think this better for CPM ads ?

Topic: 〖ⓉⓊⓉⓄⓇⒾⒶⓁ〗 Stop Bots + Proxies From Using Your Faucet (Read 18881 times)