Pages:
Author

Topic: 〖ⓉⓊⓉⓄⓇⒾⒶⓁ〗 Stop Bots + Proxies From Using Your Faucet - page 4. (Read 18881 times)

hero member
Activity: 603
Merit: 500
wow loks like many bots visit your faucet  Angry

Rather me than you guys. I will work on it and if I find a way to stop them I'll update you.
legendary
Activity: 1582
Merit: 1031
wow loks like many bots visit your faucet  Angry
hero member
Activity: 603
Merit: 500
Thanks BrannigansLaw! I will try that later and edit in this post if got it working or not.

Edit: Well, I did not got it working, but I did also remember wrong, thats not too easy to add to any faucet. Did not tried in "Faucet in a BOX".
oh you're not using faucetinabox. hmm it still is probably a directory issue. Just mess around with it until you get it right. If you need to go back a directors its like so ./libs if you need to go back 2, 3 4 times? its. /../libs, or /../../libs etc.

Hey, thanks for extra help. I have already added other antibot to my faucetinabox faucets, but in two other scripts where I would like to get extra protection is bigger problems. Other has captcha in root index, not in themes/index and other has already action in

So, maybe it is easier just to use only faucetinabox, because that is common and most addons and help are for that script. Dont know yet, but that is enough offtopic.

Well the maths question hasn't helped me at all! infact I'm a bit suspicious of it but I'm probably just paranoid. Since installing I've had a big bot problem!
Just today 14/01
3886 claims! at 1-2 satoshi! Who would bother, there is a message that says only rewarding 1-2 satoshi as well.
sr. member
Activity: 288
Merit: 250
Thanks BrannigansLaw! I will try that later and edit in this post if got it working or not.

Edit: Well, I did not got it working, but I did also remember wrong, thats not too easy to add to any faucet. Did not tried in "Faucet in a BOX".
oh you're not using faucetinabox. hmm it still is probably a directory issue. Just mess around with it until you get it right. If you need to go back a directors its like so ./libs if you need to go back 2, 3 4 times? its. /../libs, or /../../libs etc.

Hey, thanks for extra help. I have already added other antibot to my faucetinabox faucets, but in two other scripts where I would like to get extra protection is bigger problems. Other has captcha in root index, not in themes/index and other has already action in
So, maybe it is easier just to use only faucetinabox, because that is common and most addons and help are for that script. Dont know yet, but that is enough offtopic.
hero member
Activity: 603
Merit: 500
Thanks BrannigansLaw! I will try that later and edit in this post if got it working or not.

Edit: Well, I did not got it working, but I did also remember wrong, thats not too easy to add to any faucet. Did not tried in "Faucet in a BOX".
oh you're not using faucetinabox. hmm it still is probably a directory issue. Just mess around with it until you get it right. If you need to go back a directors its like so ./libs if you need to go back 2, 3 4 times? its. /../libs, or /../../libs etc.
sr. member
Activity: 288
Merit: 250
Thanks BrannigansLaw! I will try that later and edit in this post if got it working or not.

Edit: Well, I did not got it working, but I did also remember wrong, thats not too easy to add to any faucet. Did not tried in "Faucet in a BOX".
hero member
Activity: 603
Merit: 500
@AlexAce420
Just playing in my back up website... but the math questions does not load:



I just have done everthing ypu have told us: (include math in the root, adding the lines, etc.)


Got same error when tried this some time ago.

This would be great to get working, because looks like it could be added to any faucet without modifying faucet code.

I had the same problem but managed to fix it. It's a directory issue.
/libs/captcha/securimage_show.php - put that, the original code misses the libs section as shown below.

CAPTCHA Image


[ New Problem ]
sr. member
Activity: 288
Merit: 250
@AlexAce420
Just playing in my back up website... but the math questions does not load:



I just have done everthing ypu have told us: (include math in the root, adding the lines, etc.)


Got same error when tried this some time ago.

This would be great to get working, because looks like it could be added to any faucet without modifying faucet code.
newbie
Activity: 25
Merit: 0
@AlexAce420
Just playing in my back up website... but the math questions does not load:
http://i67.tinypic.com/mh7ziq.png


I just have done everthing ypu have told us: (include math in the root, adding the lines, etc.)
sr. member
Activity: 350
Merit: 250
I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth


With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html


Please test it as much as you can and tell us the results Wink

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.
Finally I do not recommend buying the script, programmer lies in features on separate ISP blocking also blocks fake attacks SQL with Bitcoin addresses and any url.
hero member
Activity: 868
Merit: 500
Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"   Cheesy


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalksearch.org/topic/m.13184663

Good job OP for starting this thread!  Smiley
This is helpful for me but I would like to be more soft for proxy users instead of banning them I'll show them a message that sorry proxy user can't claim free btc .

They will see this message when they solve captcha and hit submit button so this way proxy /Google bots are allowed to visit site but a proxy user trying to claim will get nothing except above message.
sr. member
Activity: 420
Merit: 250
Hi,
The faucetbox script has Security tab where we can add list of IP addresses or IP networks in CIDR notation to ban and List of hostnames to ban. Is it the same as using .htaccess file? Thanks

I think it's probably is the same.
member
Activity: 60
Merit: 10
 Grin Grin Grin

thank for the great info  Grin Grin
member
Activity: 95
Merit: 10
Hi,
The faucetbox script has Security tab where we can add list of IP addresses or IP networks in CIDR notation to ban and List of hostnames to ban. Is it the same as using .htaccess file? Thanks
sr. member
Activity: 350
Merit: 250
I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth


With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html


Please test it as much as you can and tell us the results Wink

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.
OK, but I have no idea concerning the honeypot with 24 hours


https://stackoverflow.com/questions/6181513/setting-up-a-sql-injection-honeypot
Thanks a lot
legendary
Activity: 1512
Merit: 1001
Bitcoin - Resistance is futile
I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth


With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html


Please test it as much as you can and tell us the results Wink

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.
OK, but I have no idea concerning the honeypot with 24 hours


https://stackoverflow.com/questions/6181513/setting-up-a-sql-injection-honeypot
legendary
Activity: 1582
Merit: 1031
can you show the code how you added the math question in a second frame  Huh

can someone show me the code to open a frame in the same window to put there the math question ?

kind regrads

can someone show me the code to open a frame in the same window to put there the math question ?
sr. member
Activity: 350
Merit: 250
I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth


With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html


Please test it as much as you can and tell us the results Wink

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.
OK, but I have no idea concerning the honeypot with 24 hours
legendary
Activity: 1512
Merit: 1001
Bitcoin - Resistance is futile
I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth


With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html


Please test it as much as you can and tell us the results Wink

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.

There are a lot of bots doing nasty stuff all the time, so probably they are real but just bots. No way to know. You should consider to start a 24 h honeypot so you can see for real what is going on, is an interesting exercise.
sr. member
Activity: 350
Merit: 250
I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth


With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html


Please test it as much as you can and tell us the results Wink

OK, by now I have 26 locks according to the plugin but the truth I do not know if they are real or not.
Pages:
Jump to: