[Updated 19/Jul/2016] Faucet Owners Against Scammers and Bots - page 10.

FaucetRank.com

hero member

Activity: 868

Merit: 500

Quote

It _is_ your right to do so, but to me that just sounds unfair. I am a faucet user. I am a user that clicks ads (and brings in money for you). So if I make one little mistake on your captcha I will be blocked? That's just stupid; Anyone can make mistakes... But again, that's your right and choice. I just think it's stupid.

A user will not be blocked for a mistakes user will be blocked if he do several mistakes and I have a hidden method which will help me to known that a user is legit or wrong .

one question -: is fun captcha so hard to solve for a human ? I don't think so funcaptcha is damn easy one and a user will not make several mistakes in a day . if happen so then the user is suspicious and I manually investigate about user.

BitBustah

hero member

Activity: 1218

Merit: 534

A helpful member suggested me to use the anti-bot-links-200.

A warning to other faucet owners; This script can be beaten with bots. Perhaps I'll demonstrate during the weekend.

BitBustah

hero member

Activity: 1218

Merit: 534

I did some further investigation. The IPs used were mostly IPs from dedicated servers.

Some of the IPs:
86.105.55.14 - host14-55-105-86.static.arubacloud.de
89.36.212.17 - host17-212-36-89.static.arubacloud.fr
89.36.216.23 - host23-216-36-89.static.arubacloud.de

There's nothing wrong with these IPs. They are just IPs. Someone who has access to a lot of IPs and ofcourse wallets can drain a faucet easily. It's easy to ban/block domains, but only if you spot the "bad" domains in time.

One of the addresses that used an arubacloud address was this one:
https://faucetbox.com/en/check/1Bh3j1D39XgmRoyLurp9exVe1w2HFXkchk

The attacker attacked a lot of faucets, even those with extra protection. Check the link.

I had over 1300 unique visitors this month yesterday. Today alone I had 1299, which adds up to around +2600. That number seems to correspond with the number of Funcaptchas solved this month. I have no reason to assume that this was an attack that bypassed the Funcaptcha. A script/app/tool was used, but I guess the user still clicked the captchas.

Quote from: FaucetRank.com on December 27, 2015, 07:10:38 AM

They can now days bots are bypassing funcaptcha but it's not funcaptcha fault it's fault of faucet box script .

I have been looking (and testing), and I don't think there's a bot that can bypass Funcaptcha. Show me. Don't say there is, just show me. Show me proof. Anything will do. I will be thankful; So will other faucet owners be.

Quote from: FaucetRank.com on December 27, 2015, 07:10:38 AM

I recently implemented a auto blok feature in my faucet where a user solve wrong captcha will result in auto block .

It _is_ your right to do so, but to me that just sounds unfair. I am a faucet user. I am a user that clicks ads (and brings in money for you). So if I make one little mistake on your captcha I will be blocked? That's just stupid; Anyone can make mistakes... But again, that's your right and choice. I just think it's stupid.

BitLuckyX

newbie

Activity: 12

Merit: 0

Anti-bots links stop bots?

FaucetRank.com

hero member

Activity: 868

Merit: 500

Quote from: BitBustah on December 27, 2015, 04:03:52 AM

Lost over 200.000 satoshis yesterday with a bot attack.

How did they pass the FunCaptcha?! I thought that was impossible?

They can now days bots are bypassing funcaptcha but it's not funcaptcha fault it's fault of faucet box script .

I recently implemented a auto blok feature in my faucet where a user solve wrong captcha will result in auto block .

BitBustah

hero member

Activity: 1218

Merit: 534

Lost over 200.000 satoshis yesterday with a bot attack.

How did they pass the FunCaptcha?! I thought that was impossible?

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: BitLuckyX on December 26, 2015, 10:00:35 AM

IPs suspects:

108.162.216.227
162.158.103.207
141.101.80.93
162.158.103.242
162.158.103.254
141.101.81.91
162.158.103.199
162.158.103.244
141.101.80.100
141.101.80.175
162.158.103.253
141.101.80.101
162.158.103.202
162.158.103.251
162.158.103.208
141.101.81.175
141.101.81.174
141.101.81.93
162.158.103.210
141.101.80.182
141.101.81.180
162.158.103.212
162.158.103.252
162.158.103.201
162.158.103.200
141.101.81.95
141.101.81.173
141.101.81.184
162.158.103.243
141.101.81.178

Greetings, these IPS are of CloudFlare and obviously behind CloudFlare is a server.

BitLuckyX

newbie

Activity: 12

Merit: 0

IPs suspects:

108.162.216.227
162.158.103.207
141.101.80.93
162.158.103.242
162.158.103.254
141.101.81.91
162.158.103.199
162.158.103.244
141.101.80.100
141.101.80.175
162.158.103.253
141.101.80.101
162.158.103.202
162.158.103.251
162.158.103.208
141.101.81.175
141.101.81.174
141.101.81.93
162.158.103.210
141.101.80.182
141.101.81.180
162.158.103.212
162.158.103.252
162.158.103.201
162.158.103.200
141.101.81.95
141.101.81.173
141.101.81.184
162.158.103.243
141.101.81.178

FaucetRank.com

hero member

Activity: 868

Merit: 500

I'll focus on catching bots as well as preventing them.

hoop

legendary

Activity: 1524

Merit: 1001

NOBT - WNOBT your saving bank◕◡◕

It seems that we are caught in a vicious circle.We need to consider in another method.

BitBustah

hero member

Activity: 1218

Merit: 534

BitBlabber is undergoing it's first "attack". I keep getting a lot of incoming requests from IP addresses 103.228.157.*

Just a heads up to other faucet owners.

MyBTT

sr. member

Activity: 378

Merit: 250

Thanks for the open source code.

avelina

member

Activity: 73

Merit: 10

NeedIfFindIt

full member

Activity: 500

Merit: 100

avelina

member

Activity: 73

Merit: 10

Quote

Real AntiBot Links

Download & unpack:
http://bit.makejar.com/labs/anti-bot-links-200/antibotlinks.zip

Code:

Files to add:
/libs/antibotlinks.php


Files to edit:
/index.php
/templates/*theme-name*/index.php


Ok, let's start.

First make a backup of your faucet (everything could go wrong, better safe than sorry).

Then

Copy:
antibotlinks.php

To:
/libs/antibotlinks.php


Now you will need to edit 2 files. I suggest using Notepad++ https://notepad-plus-plus.org/ to edit files but any good editor will do the job.
This is based on FB R60 but should work with newer/older versions.

Open:
/index.php

Find:
        $data['captcha_info'] = $captcha;

add after:
        # AntiBotLinks
        require_once('libs/antibotlinks.php');
        $antibotlinks = new antibotlinks(true);// true if GD is on on the server, false is less secure
        if (array_key_exists('address', $_POST)) {
          if (!$antibotlinks->check()) {
            $antibotlinks->generate(5, true);// number of links once they fail to solve min 3 - max 5, the second param MUST BE true
          }
        } else {
          $antibotlinks->generate(3);// initial number of links min 3 - max 5
        }


Find:
           $data['captcha_valid'] && 

add after:

           # AntiBotLinks
           $antibotlinks->is_valid() &&
           

Open:
/templates/*theme-name*/index.php

Find:


Add before:
# AntiBotLinks START
?>

# AntiBotLinks END
?>


Find:
                            if(!$data["captcha_valid"]): ?>
                            Invalid captcha code!

                            endif; ?>


Add after (the input field must be between  and 
):

# AntiBotLinks START
?>
                            
                            if(!$antibotlinks->is_valid()): ?>
                            Invalid AntiBot verification!

                            endif; ?>
# AntiBotLinks END
?>


Somewhere between  and 
 add (you need to do it 5 times, this is where the links will appear):

# AntiBotLinks START
?>
                        echo $antibotlinks->show_link(); ?>
# AntiBotLinks END
?> 

And finally remove the default CLAIM button :)

This doesn't display "Please click on the Anti-Bot links in the following order" on the page. but the anti bot links does.

NeedIfFindIt

full member

Activity: 500

Merit: 100

Quote from: grosminer on December 04, 2015, 12:31:20 PM

Can someone explain this:

Jokertimes faucet prizes are:
2500 satoshi (0.11%)
1000 satoshi (1.07%)
750 satoshi (2.15%)
500 satoshi (96.67%)

And Ref % is 40%

How come this address can get 1000 sats as referral every time?!

Jokertimes is using microfaucet. To save server resources microfaucet is accumulating the ref rewards until they become at least 1000.

Assuming that 96% of the claims are 500 sat then we have:
500-sat claim = 200 sat ref
+
500-sat claim = 200 sat ref
+
500-sat claim = 200 sat ref
+
500-sat claim = 200 sat ref
+
500-sat claim = 200 sat ref
ref = 1000 ... time for ref payout

grosminer

hero member

Activity: 718

Merit: 500

Can someone explain this:

Jokertimes faucet prizes are:
2500 satoshi (0.11%)
1000 satoshi (1.07%)
750 satoshi (2.15%)
500 satoshi (96.67%)

And Ref % is 40%

How come this address can get 1000 sats as referral every time?!

nawaraj

full member

Activity: 168

Merit: 100

Quote from: NeedIfFindIt on November 17, 2015, 01:51:48 PM

Quote from: nawaraj on November 17, 2015, 12:08:50 PM

Quote from: NeedIfFindIt on November 17, 2015, 11:42:16 AM

Quote from: LosingAlpha on November 09, 2015, 02:15:28 PM

Those antibot links are a puzzle made to be difficult for machines to solve, but easy for humans.

In other words, they're a captcha, except they're more annoying because the user has to hunt around all over page. So why not just use a second captcha?

Wrong!

Second captcha means extra 50 satoshi per claim for the bot user/creator.

The bot creators can't build single-snapshot captcha solving service based on IQ puzzles.

And the links are annoying if they are too many and spread all over the website.

The instructions say 3-5 links. Using Less or More will weaken the protection.

Don't forget to create your own puzzles. That way there will be no "universal solution" to take down all the faucets.

Also there is version 201 Wink

I see in the new version, no thing is changes as compare to old version.

The difference is in the antibotlinks.php file (better compatibility, better randomness).

If difference is in the antibotlinks.php file then I can replace this with new file only.

NeedIfFindIt

full member

Activity: 500

Merit: 100

Quote from: nawaraj on November 17, 2015, 12:08:50 PM

Quote from: NeedIfFindIt on November 17, 2015, 11:42:16 AM

Quote from: LosingAlpha on November 09, 2015, 02:15:28 PM

Those antibot links are a puzzle made to be difficult for machines to solve, but easy for humans.

In other words, they're a captcha, except they're more annoying because the user has to hunt around all over page. So why not just use a second captcha?

Wrong!

Second captcha means extra 50 satoshi per claim for the bot user/creator.

The bot creators can't build single-snapshot captcha solving service based on IQ puzzles.

And the links are annoying if they are too many and spread all over the website.

The instructions say 3-5 links. Using Less or More will weaken the protection.

Don't forget to create your own puzzles. That way there will be no "universal solution" to take down all the faucets.

Also there is version 201 Wink

I see in the new version, no thing is changes as compare to old version.

The difference is in the antibotlinks.php file (better compatibility, better randomness).

misterbit

sr. member

Activity: 350

Merit: 250

It left a new version?

Topic: [Updated 19/Jul/2016] Faucet Owners Against Scammers and Bots - page 10. (Read 36685 times)