〖ⓉⓊⓉⓄⓇⒾⒶⓁ〗 Stop Bots + Proxies From Using Your Faucet - page 5.

pinger

legendary

Activity: 1512

Merit: 1001

Bitcoin - Resistance is futile

Quote from: misterbit on December 23, 2015, 12:43:49 PM

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html

Please test it as much as you can and tell us the results Wink

misterbit

sr. member

Activity: 350

Merit: 250

Ranges from Amazon if someone wants to block
https://ipinfo.io/AS14618

misterbit

sr. member

Activity: 350

Merit: 250

I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth

matt007

newbie

Activity: 54

Merit: 0

Quote from: pinger on December 19, 2015, 06:58:44 PM

Quote from: matt007 on December 19, 2015, 06:06:01 PM

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate Wink

, i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets Sad

Best regards,

Mat

That looks interesting, how is this configured? I mean about codecanyon safeguard pro.

Yes, it looks good but i did not install it yet. I'm still in the process of choosing the best method. If i install Safeguard Pro, i'll get back to you with the details and follow up

It's a php script and it has good reviews and ratings...

pinger

legendary

Activity: 1512

Merit: 1001

Bitcoin - Resistance is futile

Quote from: matt007 on December 19, 2015, 06:06:01 PM

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate Wink

, i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets Sad

Best regards,

Mat

That looks interesting, how is this configured? I mean about codecanyon safeguard pro.

matt007

newbie

Activity: 54

Merit: 0

Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate Wink

, i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets Sad

Best regards,

Mat

minifrij

legendary

Activity: 2324

Merit: 1267

In Memory of Zepher

Quote from: thinkinger on December 07, 2015, 04:23:35 PM

bro. a more in-depth explanation will be fine for me. if you do ,it will be appreciated by me thanx.

Sorry about the delay, something like this should work (on a default config). You obviously need the recaptcha keys, which you can find here.
Keep in mind that this will only work if you do not have recaptcha as a main captcha, and that recaptcha isn't the most secure in stopping bots. This code is also untested, so might need slight alterations.

templates/default/index.php - line 11 (in the tag):

Code:

templates/default/index.php - line 175 (below the PHP which decides which captcha to use):

Code:

index.php - line 2200 (under the PHP which determines if the main captcha was correct):

Code:

$data['captcha_valid_2'] = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=SECRET_KEY&response=' . $_POST['g-recaptcha-response']))->success;

index.php - line 2249:

Code:

 if (array_key_exists('address', $_POST) &&
           $data['captcha_valid'] &&
           $data['captcha_valid_2'] &&
           $data['enabled'] &&
           $data['eligible']
        ) {

With this it should say the normal error whenever you get the captcha wrong, though probably won't be special. It should work at least though.

pinger

legendary

Activity: 1512

Merit: 1001

Bitcoin - Resistance is futile

Quote from: BitcoinFX on December 08, 2015, 01:40:48 PM

Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address" Cheesy

I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalksearch.org/topic/m.13184663

Good job OP for starting this thread!

This can be useful for the site I was developing, thanks all of you people that create and collaborate in this thread.

BitcoinFX

legendary

Activity: 2646

Merit: 1720

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address" Cheesy

I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalksearch.org/topic/m.13184663

Good job OP for starting this thread!

Klarck

member

Activity: 67

Merit: 10

In Crypto We Trust

PSA!!!

Guys, there's something very important you need to know before you proceed. I had to make the .htaccess file myself bc my website didn't have one, but when i uploaded it i fucking lost access to my website!!! I had to use a VPN to check if the site was still working and it was. Then i fixed it by adding the following code to the top of the file created by this site:

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule .* - [F]

I'm just saying that bc the site mentioned by OP only makes the code that goes below that one above, so it looks like this:

Order Deny,Allow
Deny from 1.169.204.75
Deny from 103.10.197.50
Deny from 103.236.201.110
Deny from 103.240.91.7...

when it should actually look like this:

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule .* - [F]

Order Deny,Allow
Deny from 1.169.204.75
Deny from 103.10.197.50
Deny from 103.236.201.110
Deny from 103.240.91.7
Deny from 103.3.61.158...

So in case it happens to you, don't worry, just add the line code to the file and upload it again.

BTW i must thank OP bc only the step 1 already seems to do some work, when i try to acess my faucet via Tor now it says:

"Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."

OP = Nice guy Cool

Klarck

member

Activity: 67

Merit: 10

In Crypto We Trust

Can any1 confirm if this actually stop people from acessing your faucet using Tor?

BitcoinFX

legendary

Activity: 2646

Merit: 1720

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: FBCTorg on November 30, 2015, 11:09:24 PM

Quote from: misterbit on November 30, 2015, 10:01:34 PM

Quote from: FBCTorg on November 30, 2015, 09:58:27 PM

i see

is there any way to block all hosting company IPs, is such service out there?

It is very complicated, it would be to search for a pattern in the data base

i could find websites with such databases and also some requests for such service on other forums, proxy or script filtering those IPs would be handy for many people not only faucets

Herewith, a list I posted in the faucetbox thread for 'Not an access provider or ISP'

- https://bitcointalksearch.org/topic/m.13125867

Also, a mod. for the Bad-Behavior Anti-SPAM script, which is quite effective if you get a free httpbl_key .

- https://bitcointalksearch.org/topic/m.13122044

thinkinger

hero member

Activity: 784

Merit: 500

Quote from: minifrij on December 07, 2015, 04:03:46 PM

Quote from: BrannigansLaw on December 07, 2015, 03:58:12 PM

Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.

I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.

bro. a more in-depth explanation will be fine for me. if you do ,it will be appreciated by me thanx.
By the way a guy from russia said that he cant use my faucet, im not sure but can it be he is using proxy or sth else and i did anti-bot scrypt right placed?

BrannigansLaw

hero member

Activity: 603

Merit: 500

Quote from: minifrij on December 07, 2015, 04:03:46 PM

Quote from: BrannigansLaw on December 07, 2015, 03:58:12 PM

Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.

I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.

Yes! I was looking for this, I knew someone posted somewhere but couldn't find it. Cheers for posting, I should be ok

minifrij

legendary

Activity: 2324

Merit: 1267

In Memory of Zepher

Quote from: BrannigansLaw on December 07, 2015, 03:58:12 PM

Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.

I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.

BrannigansLaw

hero member

Activity: 603

Merit: 500

Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.

felicita

legendary

Activity: 1582

Merit: 1031

Quote from: felicita on November 26, 2015, 10:50:31 AM

can you show the code how you added the math question in a second frame Huh

can someone show me the code to open a frame in the same window to put there the math question ?

kind regrads

FaucetRank.com

hero member

Activity: 868

Merit: 500

The better solution is reduce claim timers . Faucet owner put high timers and high rewards but its very risky because users get enough time to multiclaim.

You can't imagine how many lazy faucetors are in this world who don't bother to visit other faucets and makes multiple claims on single faucet.That's why bitcoinker has 15 mins timer.

FBCTorg

sr. member

Activity: 395

Merit: 250

Quote from: misterbit on November 30, 2015, 10:01:34 PM

Quote from: FBCTorg on November 30, 2015, 09:58:27 PM

i see

is there any way to block all hosting company IPs, is such service out there?

It is very complicated, it would be to search for a pattern in the data base

i could find websites with such databases and also some requests for such service on other forums, proxy or script filtering those IPs would be handy for many people not only faucets

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: FBCTorg on November 30, 2015, 09:58:27 PM

i see

is there any way to block all hosting company IPs, is such service out there?

It is very complicated, it would be to search for a pattern in the data base

Topic: 〖ⓉⓊⓉⓄⓇⒾⒶⓁ〗 Stop Bots + Proxies From Using Your Faucet - page 5. (Read 18802 times)