[Updated 19/Jul/2016] Faucet Owners Against Scammers and Bots - page 12.

minifrij

legendary

Activity: 2352

Merit: 1267

In Memory of Zepher

Quote from: rkandrades on November 07, 2015, 10:49:26 AM

Of courser there are some differences:

1. In htcaccess you will put the IPs manually. Is a little more hard to automate a script to write into htaccess (and this will cause more load). Then you cant make a real-time grow of your blacklist using the htaccess manually.

2. Into your database you can save more information like day and time of the incoming bad IP, how many time this IP attacked you, etc. You could do statistics.

3. Querying your database, you are mre flexible to put your check code where you want. If you just want to check an IP when it completes a claim action, for example. With htaccess you can not do this.

That's true, though I was more referring to the difference on the load on the server.

jjavmk

newbie

Activity: 18

Merit: 0

We want to share this small contribution, because in the database does not leave us in some cases to save more than 1900 wallet bot log in address_ban_list I made a change to be enabled to save more than 100 thousand wallet bot.

I explain:

Enter the phpmyadmin then seek Faucetinabox_Setting structure table, the value field give change instead of TEXT and placed MEDIUMTEXT

Then the index of the root seek the line of code

$default_data_query = <<create table if not exists Faucetinabox_Settings (
   `name` varchar(64) not null,
   `value` text not null,
   primary key(`name`)
);

Change the text by being so MEDIUMTEXT, being so

$default_data_query = <<create table if not exists Faucetinabox_Settings (
   `name` varchar(64) not null,
   `value` mediumtext not null,
   primary key(`name`)
);

Now if they can save many wallet bot to be blocked

rkandrades

sr. member

Activity: 392

Merit: 251

Bitcoin Faucet & Blog

Quote from: minifrij on November 07, 2015, 09:29:36 AM

Quote from: misterbit on November 07, 2015, 09:12:57 AM

OK, well I wanted to keep the ips in the database to remove load

AFAIK it wouldn't make much of a difference if you had the IPs in a database to be called or in your .htaccess file.
The only difference I could imagine increasing load is it if were reading and writing from a txt document constantly. Neither of these options does that, so you should be fine.

Of courser there are some differences:

1. In htcaccess you will put the IPs manually. Is a little more hard to automate a script to write into htaccess (and this will cause more load). Then you cant make a real-time grow of your blacklist using the htaccess manually.

2. Into your database you can save more information like day and time of the incoming bad IP, how many time this IP attacked you, etc. You could do statistics.

3. Querying your database, you are mre flexible to put your check code where you want. If you just want to check an IP when it completes a claim action, for example. With htaccess you can not do this.

minifrij

legendary

Activity: 2352

Merit: 1267

In Memory of Zepher

Quote from: misterbit on November 07, 2015, 09:12:57 AM

OK, well I wanted to keep the ips in the database to remove load

AFAIK it wouldn't make much of a difference if you had the IPs in a database to be called or in your .htaccess file.
The only difference I could imagine increasing load is it if were reading and writing from a txt document constantly. Neither of these options does that, so you should be fine.

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: minifrij on November 07, 2015, 08:32:15 AM

Quote from: misterbit on November 06, 2015, 09:42:39 PM

OK thanks, the question is that I have several ips to block then with the require_once php occupy less space.

It wouldn't use any less or any more space. You have to store the IPs in a file to use either method, same as saving them in SQL, therefore they will still take up space.

Quote from: misterbit on November 06, 2015, 09:42:39 PM

Another strange thing I see, is that it is blocking me automatically the Tor ips without having the Nastyhost activated panel, does it have something to do with having the code there?

You have the Tor file script discussed on the FaucetBox thread, correct? That will be blocking any Tor nodes on the list. It doesn't matter if you have NastyHosts enabled or not.

Quote from: misterbit on November 07, 2015, 04:24:31 AM

How could save the ips in MySQL?

You could just have a table with lots of IPs inside with separate IDs, then call a SQL query to try and find the ID of a certain IP. If the ID comes back as true (there is an id) then block the user. This would probably be a lot more difficult than just putting them in the .htaccess file though, with no benefit.

Quote from: misterbit on November 07, 2015, 07:50:38 AM

Sorry friends, the fight is lost or even imagine the amount of visits from VPS, VPN Proxy etc etc etc is amazing!

If you're not using a service like NastyHosts which checks hostnames and such, there will be a lot of VPS and VPN visits. To find those and block those effectively, the best way is to have a service which checks hostnames. NastyHosts is probably the easiest one to use.

OK, well I wanted to keep the ips in the database to remove load

minifrij

legendary

Activity: 2352

Merit: 1267

In Memory of Zepher

Quote from: misterbit on November 06, 2015, 09:42:39 PM

OK thanks, the question is that I have several ips to block then with the require_once php occupy less space.

It wouldn't use any less or any more space. You have to store the IPs in a file to use either method, same as saving them in SQL, therefore they will still take up space.

Quote from: misterbit on November 06, 2015, 09:42:39 PM

Another strange thing I see, is that it is blocking me automatically the Tor ips without having the Nastyhost activated panel, does it have something to do with having the code there?

You have the Tor file script discussed on the FaucetBox thread, correct? That will be blocking any Tor nodes on the list. It doesn't matter if you have NastyHosts enabled or not.

Quote from: misterbit on November 07, 2015, 04:24:31 AM

How could save the ips in MySQL?

You could just have a table with lots of IPs inside with separate IDs, then call a SQL query to try and find the ID of a certain IP. If the ID comes back as true (there is an id) then block the user. This would probably be a lot more difficult than just putting them in the .htaccess file though, with no benefit.

Quote from: misterbit on November 07, 2015, 07:50:38 AM

Sorry friends, the fight is lost or even imagine the amount of visits from VPS, VPN Proxy etc etc etc is amazing!

If you're not using a service like NastyHosts which checks hostnames and such, there will be a lot of VPS and VPN visits. To find those and block those effectively, the best way is to have a service which checks hostnames. NastyHosts is probably the easiest one to use.

misterbit

sr. member

Activity: 350

Merit: 250

Sorry friends, the fight is lost or even imagine the amount of visits from VPS, VPN Proxy etc etc etc is amazing!

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: Aratrok on November 07, 2015, 06:07:03 AM

Quote from: misterbit on November 07, 2015, 06:02:55 AM

Quote from: Aratrok on November 07, 2015, 06:01:11 AM

Quote from: misterbit on November 07, 2015, 05:53:24 AM

Quote from: Aratrok on November 07, 2015, 05:48:02 AM

Guys, question?

These wallet address are a bot?

/?r=14eQrybngRY3zeT6VbGtaKP84yykogTEWo   (none)   (direct)   9   81,82%

/?r=1PNWS5VicE1GhaMRQzVGEEM89SJV3JMpHh   (none)   (direct)   16 84,21%

/?r=15fQkDcRrL7eETx7Jqp7Kc4CzFBCL5aPuG   (none)   (direct)   14   82,35%

See my comment above friend, was an attack last night, those addresses/referrals came from Amazon.

Oh fuck, I have 207 users in my website, they are draining all the faucet. This is too sudden.

How we can block this plague?

Put this in the .htaccess if they are from Amazon

Code:

RewriteBase /
# block amazon cloud
RewriteCond %{HTTP_REFERER} ^http://(([^.]+\.)+)?amazonaws\.com [NC,OR]
RewriteCond %{REMOTE_HOST} ^.*\.amazonaws\.com$ [NC,OR]
# block remote hosts starting with mail or smtp
RewriteCond %{REMOTE_HOST} ^mail(.*)\. [NC,OR]
RewriteCond %{REMOTE_HOST} ^smtp(.*)\. [NC]
RewriteRule ^(.*)$ - [F]

Thanks dude. Not whether it was good or bad, many visits from United States I think they are bots. In 10 minutes they will have consumed more than 700k Satoshi Sad

Secure Amazon, look at other code that I put in case.

Aratrok

newbie

Activity: 42

Merit: 0

Quote from: misterbit on November 07, 2015, 06:02:55 AM

Quote from: Aratrok on November 07, 2015, 06:01:11 AM

Quote from: misterbit on November 07, 2015, 05:53:24 AM

Quote from: Aratrok on November 07, 2015, 05:48:02 AM

Guys, question?

These wallet address are a bot?

/?r=14eQrybngRY3zeT6VbGtaKP84yykogTEWo   (none)   (direct)   9   81,82%

/?r=1PNWS5VicE1GhaMRQzVGEEM89SJV3JMpHh   (none)   (direct)   16 84,21%

/?r=15fQkDcRrL7eETx7Jqp7Kc4CzFBCL5aPuG   (none)   (direct)   14   82,35%

See my comment above friend, was an attack last night, those addresses/referrals came from Amazon.

Oh fuck, I have 207 users in my website, they are draining all the faucet. This is too sudden.

How we can block this plague?

Put this in the .htaccess if they are from Amazon

Code:

RewriteBase /
# block amazon cloud
RewriteCond %{HTTP_REFERER} ^http://(([^.]+\.)+)?amazonaws\.com [NC,OR]
RewriteCond %{REMOTE_HOST} ^.*\.amazonaws\.com$ [NC,OR]
# block remote hosts starting with mail or smtp
RewriteCond %{REMOTE_HOST} ^mail(.*)\. [NC,OR]
RewriteCond %{REMOTE_HOST} ^smtp(.*)\. [NC]
RewriteRule ^(.*)$ - [F]

Thanks dude. Not whether it was good or bad, many visits from United States I think they are bots. In 10 minutes they will have consumed more than 700k Satoshi Sad

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: Aratrok on November 07, 2015, 06:01:11 AM

Quote from: misterbit on November 07, 2015, 05:53:24 AM

Quote from: Aratrok on November 07, 2015, 05:48:02 AM

Guys, question?

These wallet address are a bot?

/?r=14eQrybngRY3zeT6VbGtaKP84yykogTEWo   (none)   (direct)   9   81,82%

/?r=1PNWS5VicE1GhaMRQzVGEEM89SJV3JMpHh   (none)   (direct)   16 84,21%

/?r=15fQkDcRrL7eETx7Jqp7Kc4CzFBCL5aPuG   (none)   (direct)   14   82,35%

See my comment above friend, was an attack last night, those addresses/referrals came from Amazon.

Oh fuck, I have 207 users in my website, they are draining all the faucet. This is too sudden.

How we can block this plague?

Put this in the .htaccess if they are from Amazon

Code:

RewriteBase /
# block amazon cloud
RewriteCond %{HTTP_REFERER} ^http://(([^.]+\.)+)?amazonaws\.com [NC,OR]
RewriteCond %{REMOTE_HOST} ^.*\.amazonaws\.com$ [NC,OR]
# block remote hosts starting with mail or smtp
RewriteCond %{REMOTE_HOST} ^mail(.*)\. [NC,OR]
RewriteCond %{REMOTE_HOST} ^smtp(.*)\. [NC]
RewriteRule ^(.*)$ - [F]

Code:

     
Order Allow,Deny
Deny from *.amazonaws.com   
Deny from amazonaws.com
Allow from all

Aratrok

newbie

Activity: 42

Merit: 0

Quote from: misterbit on November 07, 2015, 05:53:24 AM

Quote from: Aratrok on November 07, 2015, 05:48:02 AM

Guys, question?

These wallet address are a bot?

/?r=14eQrybngRY3zeT6VbGtaKP84yykogTEWo   (none)   (direct)   9   81,82%

/?r=1PNWS5VicE1GhaMRQzVGEEM89SJV3JMpHh   (none)   (direct)   16 84,21%

/?r=15fQkDcRrL7eETx7Jqp7Kc4CzFBCL5aPuG   (none)   (direct)   14   82,35%

See my comment above friend, was an attack last night, those addresses/referrals came from Amazon.

Oh fuck, I have 207 users in my website, they are draining all the faucet. This is too sudden.

How we can block this plague?

-----------

EDIT: Well not if it is really good or bad.

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: Aratrok on November 07, 2015, 05:48:02 AM

Guys, question?

These wallet address are a bot?

/?r=14eQrybngRY3zeT6VbGtaKP84yykogTEWo   (none)   (direct)   9   81,82%

/?r=1PNWS5VicE1GhaMRQzVGEEM89SJV3JMpHh   (none)   (direct)   16 84,21%

/?r=15fQkDcRrL7eETx7Jqp7Kc4CzFBCL5aPuG   (none)   (direct)   14   82,35%

See my comment above friend, was an attack last night, those addresses/referrals came from Amazon.

Aratrok

newbie

Activity: 42

Merit: 0

Guys, question?

These wallet address are a bot?

/?r=14eQrybngRY3zeT6VbGtaKP84yykogTEWo   (none)   (direct)   9   81,82%

/?r=1PNWS5VicE1GhaMRQzVGEEM89SJV3JMpHh   (none)   (direct)   16 84,21%

/?r=15fQkDcRrL7eETx7Jqp7Kc4CzFBCL5aPuG   (none)   (direct)   14   82,35%

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: minifrij on November 06, 2015, 08:53:23 PM

Quote from: misterbit on November 06, 2015, 08:46:04 PM

No, it is not to change but to put anti proxy below that line

Code:

public function send($to, $amount, $referral = "false") {

if ($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_FORWARDED'] || $_SERVER['HTTP_FORWARDED_FOR'] || $_SERVER['HTTP_CLIENT_IP'] || $_SERVER['HTTP_VIA'] || @fsockopen( $_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1 ) || @fsockopen( $_SERVER['REMOTE_ADDR'], 8080, $errstr, $errno, 1 ))
{
   die('Blocked Proxy');
}

That's fine in that case, might even be better if you use several pages with the faucetbox lib.

How could save the ips in MySQL?

misterbit

sr. member

Activity: 350

Merit: 250

I'm getting hundreds of visits from bit.makejar.com seems suspicious never had so many visits at the same time, these are the suspects concerned also.

Code:

15fQkDcRrL7eETx7Jqp7Kc4CzFBCL5aPuG
1Ko83eVMWsps2SQu5m4K5ADWAnB6A8rCjs
145X4Wmucj8FMZ2bBNiirnEbH6UhkZ2YkJ
14eQrybngRY3zeT6VbGtaKP84yykogTEWo
1PNWS5VicE1GhaMRQzVGEEM89SJV3JMpHh
1Cv9nhUAyEYFYaZSK58JXV8Mnnzjwf4zDd

Edit: Many ips are from United States Amazon server, I think that I am overcoming, Glory to God!

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: minifrij on November 06, 2015, 09:34:34 PM

Quote from: misterbit on November 06, 2015, 08:56:50 PM

Is it better as well? and if instead of putting the code the Insert with a require_once?

It's only better if you're using the faucetbox lib file for certain pages on your server, which you probably aren't. Even then it's only slightly more efficient.

Also, you won't have to insert with a require_once, as the lib file is added to the faucet script by default to call the API. If you have added the code to the lib file you won't have to do anything else.

OK thanks, the question is that I have several ips to block then with the require_once php occupy less space.
Another strange thing I see, is that it is blocking me automatically the Tor ips without having the Nastyhost activated panel, does it have something to do with having the code there?

minifrij

legendary

Activity: 2352

Merit: 1267

In Memory of Zepher

Quote from: misterbit on November 06, 2015, 08:56:50 PM

Is it better as well? and if instead of putting the code the Insert with a require_once?

It's only better if you're using the faucetbox lib file for certain pages on your server, which you probably aren't. Even then it's only slightly more efficient.

Also, you won't have to insert with a require_once, as the lib file is added to the faucet script by default to call the API. If you have added the code to the lib file you won't have to do anything else.

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: minifrij on November 06, 2015, 08:53:23 PM

Quote from: misterbit on November 06, 2015, 08:46:04 PM

No, it is not to change but to put anti proxy below that line

Code:

public function send($to, $amount, $referral = "false") {

if ($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_FORWARDED'] || $_SERVER['HTTP_FORWARDED_FOR'] || $_SERVER['HTTP_CLIENT_IP'] || $_SERVER['HTTP_VIA'] || @fsockopen( $_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1 ) || @fsockopen( $_SERVER['REMOTE_ADDR'], 8080, $errstr, $errno, 1 ))
{
   die('Blocked Proxy');
}

That's fine in that case, might even be better if you use several pages with the faucetbox lib.

Is it better as well? and if instead of putting the code the Insert with a require_once?

minifrij

legendary

Activity: 2352

Merit: 1267

In Memory of Zepher

Quote from: misterbit on November 06, 2015, 08:46:04 PM

No, it is not to change but to put anti proxy below that line

Code:

public function send($to, $amount, $referral = "false") {

if ($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_FORWARDED'] || $_SERVER['HTTP_FORWARDED_FOR'] || $_SERVER['HTTP_CLIENT_IP'] || $_SERVER['HTTP_VIA'] || @fsockopen( $_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1 ) || @fsockopen( $_SERVER['REMOTE_ADDR'], 8080, $errstr, $errno, 1 ))
{
   die('Blocked Proxy');
}

That's fine in that case, might even be better if you use several pages with the faucetbox lib.

misterbit

sr. member

Activity: 350

Merit: 250

Quote from: minifrij on November 06, 2015, 08:41:20 PM

Quote from: misterbit on November 06, 2015, 08:35:26 PM

And low /libs/faucetbox.php

Code:

    public function send($to, $amount, $referral = "false") {

Would it not equal?

You don't need to change the faucetbox lib. What do you want to change it for?

No, it is not to change but to put anti proxy below that line

Code:

public function send($to, $amount, $referral = "false") {

if ($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_FORWARDED'] || $_SERVER['HTTP_FORWARDED_FOR'] || $_SERVER['HTTP_CLIENT_IP'] || $_SERVER['HTTP_VIA'] || @fsockopen( $_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1 ) || @fsockopen( $_SERVER['REMOTE_ADDR'], 8080, $errstr, $errno, 1 ))
{
   die('Blocked Proxy');
}

Topic: [Updated 19/Jul/2016] Faucet Owners Against Scammers and Bots - page 12. (Read 36679 times)