Pages:
Author

Topic: [Updated 19/Jul/2016] Faucet Owners Against Scammers and Bots - page 10. (Read 36692 times)

hero member
Activity: 868
Merit: 500
Quote
It _is_ your right to do so, but to me that just sounds unfair. I am a faucet user. I am a user that clicks ads (and brings in money for you). So if I make one little mistake on your captcha I will be blocked? That's just stupid; Anyone can make mistakes... But again, that's your right and choice. I just think it's stupid.

A user will not be blocked for a mistakes user will be blocked if he do several mistakes and I have a hidden method which will help me to known that a user is legit or wrong .

one question -: is fun captcha so hard to solve for a human ? I don't think so funcaptcha is damn easy one and a user will not make several mistakes in a day . if happen so then the user is suspicious and I manually investigate about user.
hero member
Activity: 1218
Merit: 534
A helpful member suggested me to use the anti-bot-links-200.

A warning to other faucet owners; This script can be beaten with bots. Perhaps I'll demonstrate during the weekend.
hero member
Activity: 1218
Merit: 534
I did some further investigation. The IPs used were mostly IPs from dedicated servers.

Some of the IPs:
86.105.55.14 - host14-55-105-86.static.arubacloud.de
89.36.212.17 - host17-212-36-89.static.arubacloud.fr
89.36.216.23 - host23-216-36-89.static.arubacloud.de


There's nothing wrong with these IPs. They are just IPs. Someone who has access to a lot of IPs and ofcourse wallets can drain a faucet easily. It's easy to ban/block domains, but only if you spot the "bad" domains in time.


One of the addresses that used an arubacloud address was this one:
https://faucetbox.com/en/check/1Bh3j1D39XgmRoyLurp9exVe1w2HFXkchk

The attacker attacked a lot of faucets, even those with extra protection. Check the link.

I had over 1300 unique visitors this month yesterday. Today alone I had 1299, which adds up to around +2600. That number seems to correspond with the number of Funcaptchas solved this month. I have no reason to assume that this was an attack that bypassed the Funcaptcha. A script/app/tool was used, but I guess the user still clicked the captchas.


They can now days bots are bypassing funcaptcha but it's not funcaptcha fault it's fault of faucet box script .

I have been looking (and testing), and I don't think there's a bot that can bypass Funcaptcha. Show me. Don't say there is, just show me. Show me proof. Anything will do. I will be thankful; So will other faucet owners be.


I recently implemented a auto blok feature in my faucet where a user solve wrong captcha will result in auto block .

It _is_ your right to do so, but to me that just sounds unfair. I am a faucet user. I am a user that clicks ads (and brings in money for you). So if I make one little mistake on your captcha I will be blocked? That's just stupid; Anyone can make mistakes... But again, that's your right and choice. I just think it's stupid.

newbie
Activity: 12
Merit: 0
Anti-bots links stop bots?
hero member
Activity: 868
Merit: 500
Lost over 200.000 satoshis yesterday with a bot attack.

How did they pass the FunCaptcha?! I thought that was impossible?


They can now days bots are bypassing funcaptcha but it's not funcaptcha fault it's fault of faucet box script .

I recently implemented a auto blok feature in my faucet where a user solve wrong captcha will result in auto block .
hero member
Activity: 1218
Merit: 534
Lost over 200.000 satoshis yesterday with a bot attack.

How did they pass the FunCaptcha?! I thought that was impossible?
sr. member
Activity: 350
Merit: 250
IPs suspects:

108.162.216.227
162.158.103.207
141.101.80.93
162.158.103.242
162.158.103.254
141.101.81.91
162.158.103.199
162.158.103.244
141.101.80.100
141.101.80.175
162.158.103.253
141.101.80.101
162.158.103.202
162.158.103.251
162.158.103.208
141.101.81.175
141.101.81.174
141.101.81.93
162.158.103.210
141.101.80.182
141.101.81.180
162.158.103.212
162.158.103.252
162.158.103.201
162.158.103.200
141.101.81.95
141.101.81.173
141.101.81.184
162.158.103.243
141.101.81.178

Greetings, these IPS are of CloudFlare and obviously behind CloudFlare is a server.
newbie
Activity: 12
Merit: 0
IPs suspects:

108.162.216.227
162.158.103.207
141.101.80.93
162.158.103.242
162.158.103.254
141.101.81.91
162.158.103.199
162.158.103.244
141.101.80.100
141.101.80.175
162.158.103.253
141.101.80.101
162.158.103.202
162.158.103.251
162.158.103.208
141.101.81.175
141.101.81.174
141.101.81.93
162.158.103.210
141.101.80.182
141.101.81.180
162.158.103.212
162.158.103.252
162.158.103.201
162.158.103.200
141.101.81.95
141.101.81.173
141.101.81.184
162.158.103.243
141.101.81.178
hero member
Activity: 868
Merit: 500
I'll focus on catching bots as well as preventing them.
legendary
Activity: 1524
Merit: 1001
NOBT - WNOBT your saving bank◕◡◕
It seems that we are caught in a vicious circle.We need to consider in another method.
hero member
Activity: 1218
Merit: 534
BitBlabber is undergoing it's first "attack". I keep getting a lot of incoming requests from IP addresses 103.228.157.*


Just a heads up to other faucet owners.
sr. member
Activity: 378
Merit: 250
Thanks for the open source code.
member
Activity: 73
Merit: 10
full member
Activity: 500
Merit: 100
member
Activity: 73
Merit: 10
Quote
Real AntiBot Links

Download & unpack:
http://bit.makejar.com/labs/anti-bot-links-200/antibotlinks.zip


Code:
Files to add:
/libs/antibotlinks.php


Files to edit:
/index.php
/templates/*theme-name*/index.php


Ok, let's start.

First make a backup of your faucet (everything could go wrong, better safe than sorry).

Then

Copy:
antibotlinks.php

To:
/libs/antibotlinks.php


Now you will need to edit 2 files. I suggest using Notepad++ https://notepad-plus-plus.org/ to edit files but any good editor will do the job.
This is based on FB R60 but should work with newer/older versions.

Open:
/index.php

Find:
        $data['captcha_info'] = $captcha;

add after:
        # AntiBotLinks
        require_once('libs/antibotlinks.php');
        $antibotlinks = new antibotlinks(true);// true if GD is on on the server, false is less secure
        if (array_key_exists('address', $_POST)) {
          if (!$antibotlinks->check()) {
            $antibotlinks->generate(5, true);// number of links once they fail to solve min 3 - max 5, the second param MUST BE true
          }
        } else {
          $antibotlinks->generate(3);// initial number of links min 3 - max 5
        }


Find:
           $data['captcha_valid'] &&

add after:

           # AntiBotLinks
           $antibotlinks->is_valid() &&
          

Open:
/templates/*theme-name*/index.php

Find:


Add before:
# AntiBotLinks START
?>


# AntiBotLinks END
?>



Find:
                            if(!$data["captcha_valid"]): ?>
                            

Invalid captcha code!


                            endif; ?>


Add after (the input field must be between
and
):

# AntiBotLinks START
?>

                            
                            if(!$antibotlinks->is_valid()): ?>
                            

Invalid AntiBot verification!


                            endif; ?>
# AntiBotLinks END
?>



Somewhere between
and
add (you need to do it 5 times, this is where the links will appear):

# AntiBotLinks START
?>

                        echo $antibotlinks->show_link(); ?>
# AntiBotLinks END
?>


And finally remove the default CLAIM button :)


This doesn't display "Please click on the Anti-Bot links in the following order" on the page. but the anti bot links does.
full member
Activity: 500
Merit: 100
Can someone explain this:



Jokertimes faucet prizes are:
2500 satoshi (0.11%)
1000 satoshi (1.07%)
750 satoshi (2.15%)
500 satoshi (96.67%)

And Ref % is 40%

How come this address can get 1000 sats as referral every time?!


Jokertimes is using microfaucet. To save server resources microfaucet is accumulating the ref rewards until they become at least 1000.

Assuming that 96% of the claims are 500 sat then we have:
500-sat claim = 200 sat ref
+
500-sat claim = 200 sat ref
+
500-sat claim = 200 sat ref
+
500-sat claim = 200 sat ref
+
500-sat claim = 200 sat ref
ref = 1000 ... time for ref payout
hero member
Activity: 718
Merit: 500
Can someone explain this:



Jokertimes faucet prizes are:
2500 satoshi (0.11%)
1000 satoshi (1.07%)
750 satoshi (2.15%)
500 satoshi (96.67%)

And Ref % is 40%

How come this address can get 1000 sats as referral every time?!
full member
Activity: 168
Merit: 100
Those antibot links are a puzzle made to be difficult for machines to solve, but easy for humans.

In other words, they're a captcha, except they're more annoying because the user has to hunt around all over page. So why not just use a second captcha?

Wrong!

Second captcha means extra 50 satoshi per claim for the bot user/creator.

The bot creators can't build single-snapshot captcha solving service based on IQ puzzles.

And the links are annoying if they are too many and spread all over the website.

The instructions say 3-5 links. Using Less or More will weaken the protection.

Don't forget to create your own puzzles. That way there will be no "universal solution" to take down all the faucets.

Also there is version 201 Wink
I see in the new version, no thing is changes as compare to old version.

The difference is in the antibotlinks.php file (better compatibility, better randomness).
If difference is in the antibotlinks.php file then I can replace this with new file only.
full member
Activity: 500
Merit: 100
Those antibot links are a puzzle made to be difficult for machines to solve, but easy for humans.

In other words, they're a captcha, except they're more annoying because the user has to hunt around all over page. So why not just use a second captcha?

Wrong!

Second captcha means extra 50 satoshi per claim for the bot user/creator.

The bot creators can't build single-snapshot captcha solving service based on IQ puzzles.

And the links are annoying if they are too many and spread all over the website.

The instructions say 3-5 links. Using Less or More will weaken the protection.

Don't forget to create your own puzzles. That way there will be no "universal solution" to take down all the faucets.

Also there is version 201 Wink
I see in the new version, no thing is changes as compare to old version.

The difference is in the antibotlinks.php file (better compatibility, better randomness).
sr. member
Activity: 350
Merit: 250
It left a new version?
Pages:
Jump to: