Pages:
Author

Topic: These fucking bots!! (Read 2359 times)

hero member
Activity: 546
Merit: 500
June 23, 2016, 09:53:39 PM
#54
Is your php secure?
I have a very little knowledge in PHP but I'm an easy-learner, and since I'm using just a known xapo faucet script and not updated since 2015, I think it is not secure.
full member
Activity: 261
Merit: 102
June 23, 2016, 09:09:50 PM
#53
Is your php secure?
sr. member
Activity: 265
Merit: 250
June 23, 2016, 09:07:30 PM
#52
AFAIK captchas can stop bots from claiming in faucets. So you need a strong captcha system like solve media . it gives very difficult captcha for the known spaming IPs and proxies

solve media allows typos and still passes the answer. Also, many of the captchas are being solved by humans by use of sites like 2captcha
sr. member
Activity: 434
Merit: 250
Young but I'm not that bold
June 23, 2016, 08:35:01 PM
#51
AFAIK captchas can stop bots from claiming in faucets. So you need a strong captcha system like solve media . it gives very difficult captcha for the known spaming IPs and proxies
hero member
Activity: 504
Merit: 501
June 23, 2016, 08:27:52 PM
#50
-snip-

I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email

addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have

to stop withdrawals to counter this... until the exploit could be stopped.  Roll Eyes
hes opening 10 vpn accounts at once and claiming all at once with a bot  thats how
Tha VPN trick is known, but how he can claim more than the maximum amount configured on my faucet is my big question. My faucet's maximum reward is 700 that day, but he can get 1,000 to 10,000. I have 3 theories 1) SQL injection, 2) Xapo API hole or vulnerabilities, 3) the faucet script has vulnerabilities.
if its the faucet scrip admin he would have got it all and he might have an old cache from you on his browser
hero member
Activity: 546
Merit: 500
June 23, 2016, 07:26:20 PM
#49
-snip-

I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email

addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have

to stop withdrawals to counter this... until the exploit could be stopped.  Roll Eyes
hes opening 10 vpn accounts at once and claiming all at once with a bot  thats how
Tha VPN trick is known, but how he can claim more than the maximum amount configured on my faucet is my big question. My faucet's maximum reward is 700 that day, but he can get 1,000 to 10,000. I have 3 theories 1) SQL injection, 2) Xapo API hole or vulnerabilities, 3) the faucet script has vulnerabilities.
hero member
Activity: 504
Merit: 501
June 23, 2016, 04:14:24 PM
#48
This is the one who's draining mine:





My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!  Angry


Huh !?

But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!


I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email

addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have

to stop withdrawals to counter this... until the exploit could be stopped.  Roll Eyes
hes opening 10 vpn accounts at once and claiming all at once with a bot  thats how
newbie
Activity: 8
Merit: 0
June 23, 2016, 03:20:18 PM
#47
what if... you just put a shortener webscript on your page.
Like adfly or shorte.st.
in this cause you have... a framebreaker, a need to click skip ad button, a adblock check and some cpm income


I have send a mail to adfly and i did get a respond that i am allowed to use it for a faucet. (what did surprise me)
i am thinking of starting a faucet-in-the-box . Not for the money alone, but for advertising my blog to.'

The downside, you can't advertisethe faucet on ptc and TE
hero member
Activity: 560
Merit: 500
June 23, 2016, 01:12:06 PM
#46
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...
I also have experienced similar incidents to attack bot so I shut down the site because of a loss of my faucet sites. I heard there were some there are some scripts that can prevent your site from attack bot but the price are quite expensive. now i change to create faucet rotator to get back my lost because attacked by bot.
legendary
Activity: 1904
Merit: 1074
June 23, 2016, 12:56:28 PM
#45
This is the one who's draining mine:





My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!  Angry


Huh !?

But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!


I also want to ask the same question... The same user will not be able to claim every second, if the payout schedule is set to 30 minutes. A bot has to generate several accounts with different email

addresses to be able to do that. Some of these guys hide behind VPN's / Proxies ... so it's difficult to pin point the region this is coming from. If a couple of these bots hits a smaller faucet, it will have

to stop withdrawals to counter this... until the exploit could be stopped.  Roll Eyes
hero member
Activity: 1162
Merit: 500
CryptoTalk.Org - Get Paid for every Post!
June 23, 2016, 11:39:43 AM
#44
This is the one who's draining mine:





My faucet reward is 100 to 600 only in 30 minutes, but that sucker can get 1,000 to 10,000 satoshis in my funds. In less than a minute!  Angry


Huh !?

But how ? How does he just claim that many times and then claim more then it is set to ? 100k from you in 10 minutes wow !!
hero member
Activity: 504
Merit: 501
June 23, 2016, 05:34:11 AM
#43
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot.

How can the same email address be allowed to make claims so frequently? This seems like a bug in the scripts you are using
because there  is no log in
hero member
Activity: 868
Merit: 500
June 23, 2016, 04:56:02 AM
#42
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...

Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register Smiley thank you
IMO, implementing a registration system is no problem if the payment method of the faucet is via FaucetBox or Direct to wallet address.
But for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid.
So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.

I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/
system block users automatically when a user solve wrong captcha 5 times .

this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script .




it works? because captchas on bots are solved by real humans(manually input or by other people wich are pay for do this.. sites like 2captcha etc)
so the probability to solve or not, its the same
Real human solve captcha but when they make few mistakethey'll get banned for forever .

I can also trake who is using proxy and if i detect manuly that someone is abusing faucet i block him manuly .
legendary
Activity: 2688
Merit: 2297
June 23, 2016, 12:15:30 AM
#41
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...

Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register Smiley thank you
IMO, implementing a registration system is no problem if the payment method of the faucet is via FaucetBox or Direct to wallet address.
But for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid.
So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.

I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/
system block users automatically when a user solve wrong captcha 5 times .

this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script .




it works? because captchas on bots are solved by real humans(manually input or by other people wich are pay for do this.. sites like 2captcha etc)
so the probability to solve or not, its the same
hero member
Activity: 868
Merit: 500
June 22, 2016, 09:58:57 PM
#40
Im fed up with bots and thinking of just dropping my faucet...They dont get away with much because i keep a close eye on it but not sure what to do...

Maybe you need ip tracker for your faucet, because many bot just use proxy to break our faucet. Or you can add register system with email confirmation for register Smiley thank you
IMO, implementing a registration system is no problem if the payment method of the faucet is via FaucetBox or Direct to wallet address.
But for direct to Xapo faucets like mine, the user have to use the e-mail they used to register in Xapo, which means the e-mail is already valid.
So, for the direct to Xapo faucets, all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.

I have email blocking feature on my faucet visit http://afreebitco.in/xapo-faucet/
system block users automatically when a user solve wrong captcha 5 times .

this feature help me to detecte bot users . because without solving google recsptcha users can't claim reward but if someone trying to do that he'll get autoban by script .


sr. member
Activity: 265
Merit: 250
June 22, 2016, 09:11:12 PM
#39
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot.

How can the same email address be allowed to make claims so frequently? This seems like a bug in the scripts you are using
legendary
Activity: 2688
Merit: 2297
June 22, 2016, 08:00:46 PM
#38
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot.

did you tried to google how he does that?
if you know how, its more easy to know what to do about
hero member
Activity: 546
Merit: 500
June 22, 2016, 07:04:14 PM
#37
Blocking country IP isn't best solution for prevent Bots attack.
Problem is, the one who attacked me and stole my bits didn't used bot.
full member
Activity: 536
Merit: 100
June 22, 2016, 11:48:50 AM
#36
This are realy abuser. Some day him will be understand.  Grin

sr. member
Activity: 265
Merit: 250
June 22, 2016, 11:43:36 AM
#35
all we need is just a Proxy blocker or IP blocking system or better, an e-mail address blocking system.

these can be changed easily
Pages:
Jump to: