Is your php secure?
I have a very little knowledge in PHP but I'm an easy-learner, and since I'm using just a known xapo faucet script and not updated since 2015, I think it is not secure.
Topic: These fucking bots!! (Read 2285 times)
Is your php secure?
AFAIK captchas can stop bots from claiming in faucets. So you need a strong captcha system like solve media . it gives very difficult captcha for the known spaming IPs and proxies
solve media allows typos and still passes the answer. Also, many of the captchas are being solved by humans by use of sites like 2captcha
AFAIK captchas can stop bots from claiming in faucets. So you need a strong captcha system like solve media . it gives very difficult captcha for the known spaming IPs and proxies
-snip-
I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email
addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have
to stop withdrawals to counter this... until the exploit could be stopped.
hes opening 10 vpn accounts at once and claiming all at once with a bot thats howI also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email
addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have
to stop withdrawals to counter this... until the exploit could be stopped.
-snip-
I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email
addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have
to stop withdrawals to counter this... until the exploit could be stopped.
hes opening 10 vpn accounts at once and claiming all at once with a bot thats howI also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email
addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have
to stop withdrawals to counter this... until the exploit could be stopped.
This is the one who's draining mine:
My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!
My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!
Huh !?
But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!
I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email
addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have
to stop withdrawals to counter this... until the exploit could be stopped.
what if... you just put a shortener webscript on your page.
Like adfly or shorte.st.
in this cause you have... a framebreaker, a need to click skip ad button, a adblock check and some cpm income
I have send a mail to adfly and i did get a respond that i am allowed to use it for a faucet. (what did surprise me)
i am thinking of starting a faucet-in-the-box . Not for the money alone, but for advertising my blog to.'
The downside, you can't advertisethe faucet on ptc and TE
Like adfly or shorte.st.
in this cause you have... a framebreaker, a need to click skip ad button, a adblock check and some cpm income
I have send a mail to adfly and i did get a respond that i am allowed to use it for a faucet. (what did surprise me)
i am thinking of starting a faucet-in-the-box . Not for the money alone, but for advertising my blog to.'
The downside, you can't advertisethe faucet on ptc and TE
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
I also have experienced similar incidents to attack bot so I shut down the site because of a loss of my faucet sites. I heard there were some there are some scripts that can prevent your site from attack bot but the price are quite expensive. now i change to create faucet rotator to get back my lost because attacked by bot. 
This is the one who's draining mine:
My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!
My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!
Huh !?
But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!
I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email
addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have
to stop withdrawals to counter this... until the exploit could be stopped.
This is the one who's draining mine:
My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!
My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!
Huh !?
But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot.How can the same email address be allowed to make claims so frequently? This seems like a bug in the scripts you are using
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register
thank youBut for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid.
So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.
I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/
system block users automatically when a user solve wrong captcha 5 times .
this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script .
it works? because captchas on bots are solved by real humans(manually input or by other people wich are pay for do this.. sites like 2captcha etc)
so the probability to solve or not, its the same
I can also trake who is using proxy and if i detect manuly that someone is abusing faucet i block him manuly .
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register
thank youBut for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid.
So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.
I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/
system block users automatically when a user solve wrong captcha 5 times .
this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script .
it works? because captchas on bots are solved by real humans(manually input or by other people wich are pay for do this.. sites like 2captcha etc)
so the probability to solve or not, its the same
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register
thank youBut for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid.
So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.
I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/
system block users automatically when a user solve wrong captcha 5 times .
this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script .
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot.How can the same email address be allowed to make claims so frequently? This seems like a bug in the scripts you are using
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot.did you tried to google how he does that?
if you know how, its more easy to know what to do about
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot. 
This are realy abuser. Some day him will be understand. 
all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.
these can be changed easily
Jump to: