Pages:
Author

Topic: 〖ⓉⓊⓉⓄⓇⒾⒶⓁ〗 Stop Bots + Proxies From Using Your Faucet - page 5. (Read 18801 times)

legendary
Activity: 1512
Merit: 1001
Bitcoin - Resistance is futile
I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth


With SQL Injections, someone could have complete access to your database. Everything your database user can modify, the same privilegies have the attacker. So you can steal your db, bypass passwords, modify (get 1000 USD or 1000 BTC in your database, even if you have just 0 for real), even delete all the database.

Pretty serious stuff.

http://www.unixwiz.net/techtips/sql-injection.html


Please test it as much as you can and tell us the results Wink
sr. member
Activity: 350
Merit: 250
Ranges from Amazon if someone wants to block
https://ipinfo.io/AS14618
sr. member
Activity: 350
Merit: 250
I bought the SafeGuard Pro script but don't know where it is effective, because now have 196 blocks.

4 Proxy/VPN
168 Spammer
24 SQL Injections

I do not understand SQL Injections locks I get details for example Query QsCpn0SFjonXqXb3bFVt22HyCv5OLQdQ05fo8D1Y1LAjt

No idea the truth
newbie
Activity: 54
Merit: 0
Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate Wink, i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets Sad

Best regards,

Mat

That looks interesting, how is this configured? I mean about codecanyon safeguard pro.


Yes, it looks good but i did not install it yet. I'm still in the process of choosing the best method. If i install Safeguard Pro, i'll get back to you with the details and follow up  Smiley It's a php script and it has good reviews and ratings...
legendary
Activity: 1512
Merit: 1001
Bitcoin - Resistance is futile
Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate Wink, i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets Sad

Best regards,

Mat

That looks interesting, how is this configured? I mean about codecanyon safeguard pro.
newbie
Activity: 54
Merit: 0
Hi ! A big thanks to you for sharing this, i just got hacked and they stole about 2000000 satoshi from me.

I have disabled my faucets before i can secure my faucets again. My faucets are all on Cloudflare, would you recommend any
special configs with your script for cloudflare users ?

Also, i have ZB block security script on them but this is not helping to block proxies. However, i think it's blocking TOR users well.

So, using your security techniques in conjonction with Cloudflare and ZB Block ? Do you think it would be a good idea ?
 If yes, any special configs to make to make it work all together ?

I was also thinking of installing this script instead of ZB BLOCK : http://codecanyon.net/item/safeguard-pro-ultimate-php-website-protection/6783181

In final, what do you think would be the idea setup for me and what to avoid ?

Thansk mate Wink, i really appreciate your input or any other suggestions from other users because, if i can't make this work, i will have to close
all my faucets Sad

Best regards,

Mat
legendary
Activity: 2324
Merit: 1267
In Memory of Zepher
bro. a more in-depth explanation will be fine for me. if you do ,it will be appreciated by me thanx.
Sorry about the delay, something like this should work (on a default config). You obviously need the recaptcha keys, which you can find here.
Keep in mind that this will only work if you do not have recaptcha as a main captcha, and that recaptcha isn't the most secure in stopping bots. This code is also untested, so might need slight alterations.

templates/default/index.php - line 11 (in the tag):
Code:


templates/default/index.php - line 175 (below the PHP which decides which captcha to use):
Code:

     



index.php - line 2200 (under the PHP which determines if the main captcha was correct):
Code:
$data['captcha_valid_2'] = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=SECRET_KEY&response=' . $_POST['g-recaptcha-response']))->success;

index.php - line 2249:
Code:
 if (array_key_exists('address', $_POST) &&
           $data['captcha_valid'] &&
           $data['captcha_valid_2'] &&
           $data['enabled'] &&
           $data['eligible']
        ) {

With this it should say the normal error whenever you get the captcha wrong, though probably won't be special. It should work at least though.
legendary
Activity: 1512
Merit: 1001
Bitcoin - Resistance is futile
Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"   Cheesy


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalksearch.org/topic/m.13184663

Good job OP for starting this thread!  Smiley

This can be useful for the site I was developing, thanks all of you people that create and collaborate in this thread.
legendary
Activity: 2646
Merit: 1720
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
Yes. Incorrect formatting of .htaccess rules can easily (and incorrectly) block access to your entire website.

The correct .htaccess rules for blocking proxies can be found in this 'legendary' blog (probably the source);

- https://perishablepress.com/block-tough-proxies/

Also, this message might actually be considered a bit more user friendly;

"Sorry. Proxy access is not allowed. If you are not using a proxy please contact EMAIL with your IP address"   Cheesy


I recommend using the Bad-Behavior script, which actually covers a lot of the rules in the G5 and G6 firewall from the above blog anyway. Most of the rules in BB actually became the Mod Security base. The modified script for BB I posted was 'cobbled' together from reviewing several (now outdated) .htaccess lists and comparing user agents with activity at http://botsvsbrowsers.com/ and https://udger.com/

- https://bitcointalksearch.org/topic/m.13184663

Good job OP for starting this thread!  Smiley
member
Activity: 67
Merit: 10
In Crypto We Trust
PSA!!!

Guys, there's something very important you need to know before you proceed. I had to make the .htaccess file myself bc my website didn't have one, but when i uploaded it i fucking lost access to my website!!! I had to use a VPN to check if the site was still working and it was. Then i fixed it by adding the following code to the top of the file created by this site:


 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]


I'm just saying that bc the site mentioned by OP only makes the code that goes below that one above, so it looks like this:

Order Deny,Allow
Deny from 1.169.204.75
Deny from 103.10.197.50
Deny from 103.236.201.110
Deny from 103.240.91.7...

when it should actually look like this:


 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]

Order Deny,Allow
Deny from 1.169.204.75
Deny from 103.10.197.50
Deny from 103.236.201.110
Deny from 103.240.91.7
Deny from 103.3.61.158...

So in case it happens to you, don't worry, just add the line code to the file and upload it again.

BTW i must thank OP bc only the step 1 already seems to do some work, when i try to acess my faucet via Tor now it says:


"Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."


OP = Nice guy Cool

member
Activity: 67
Merit: 10
In Crypto We Trust
Can any1 confirm if this actually stop people from acessing your faucet using Tor?
legendary
Activity: 2646
Merit: 1720
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
i see  Smiley

is there any way to block all hosting company IPs, is such service out there?
It is very complicated, it would be to search for a pattern in the data base

i could find websites with such databases and also some requests for such service on other forums, proxy or script filtering those IPs would be handy for many people not only faucets  Smiley

Herewith, a list I posted in the faucetbox thread for 'Not an access provider or ISP'

- https://bitcointalksearch.org/topic/m.13125867

Also, a mod. for the Bad-Behavior Anti-SPAM script, which is quite effective if you get a free httpbl_key .

- https://bitcointalksearch.org/topic/m.13122044

hero member
Activity: 784
Merit: 500
Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.
I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.
bro. a more in-depth explanation will be fine for me. if you do ,it will be appreciated by me thanx.
By the way a guy from russia said that he cant use my faucet, im not sure but can it be he is using proxy or sth else and i did anti-bot scrypt right placed?
hero member
Activity: 603
Merit: 500
Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.
I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.

Yes! I was looking for this, I knew someone posted somewhere but couldn't find it. Cheers for posting, I should be ok Smiley
legendary
Activity: 2324
Merit: 1267
In Memory of Zepher
Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.
I went through the basics on where to put the confirmation code here, if you know how to code in PHP it shouldn't be too difficult to add the captcha yourself with this info I don't think. If not I can try and make a more in-depth post about it.
hero member
Activity: 603
Merit: 500
Anyone know how to add 2 captchas? I thought I might as well ad recaptcha on top of funcaptcha as it's so easy to complete and should help.
legendary
Activity: 1582
Merit: 1031
can you show the code how you added the math question in a second frame  Huh

can someone show me the code to open a frame in the same window to put there the math question ?

kind regrads
hero member
Activity: 868
Merit: 500
The better solution is reduce claim timers . Faucet owner put high timers and high rewards but its very risky because users get enough time to multiclaim.

You can't imagine how many lazy faucetors are in this world who don't bother to visit other faucets and makes multiple claims on single faucet.That's why bitcoinker has 15 mins timer.
sr. member
Activity: 395
Merit: 250
i see  Smiley

is there any way to block all hosting company IPs, is such service out there?
It is very complicated, it would be to search for a pattern in the data base

i could find websites with such databases and also some requests for such service on other forums, proxy or script filtering those IPs would be handy for many people not only faucets  Smiley
sr. member
Activity: 350
Merit: 250
i see  Smiley

is there any way to block all hosting company IPs, is such service out there?
It is very complicated, it would be to search for a pattern in the data base
Pages:
Jump to: