Pages:
Author

Topic: [Updated 19/Jul/2016] Faucet Owners Against Scammers and Bots - page 18. (Read 36679 times)

sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Bot:

1FnVQL6wobhTCdwY9LkwY765bkF8QaLgoa

How do you know this? Please, tell us how did you identify this address as a bot.
newbie
Activity: 45
Merit: 0
Bot:

1FnVQL6wobhTCdwY9LkwY765bkF8QaLgoa
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Good work man! However as mentioned above you people, must be carefull when you ban BTC address and its referrals. I have collect this addresses from rotator/lists:

1JSoW6FXrrhjMFLyfwC3PL9tJBhMwyLuRB --- faucetsfree.com
1LB8EJsDQZQt5X2EPHvKgHw1F66xLUUCj1 --- btcfaucetlist.net
1PioCZa8nzmzH6eXDtDG7xLsFANuAHQkrB --- freebitcoinhome.com
1Po9cWPPqfykFG1Zdrba7bkEcnkbq98BVD --- bit.makejar.com
15gZFZMaz1MtEKm9Z1HGroTtuU8Sr9oi3z --- zonebitcoin.com
1vn6x8oFQwuHvVdCKkkWv8BPCe7WmNyZ5  --- rotator . impaktoweb . com
17A3sR66WEH86wjYJv2ns4nTv1BmGBRm6G --- bitcoinsblue.com
1KAZ3b7EbWxwkXm28AEG17zRzY7ZKM9yHP --- smellikecoins
12xAgyn7bjEfjaK2rGtWJfrakDAXLHLDQN --- bitcoin-gator.com/?p=rotator
1PhRCPKyM5CCiNC8yP5krGG1UNsjk2iQgz --- coinator.net
17A3sR66WEH86wjYJv2ns4nTv1BmGBRm6G --- bitcoinsblue.com

if you have them banned, you should remove cause they are legit.

Keep it good work Smiley

These addresses are not in the blacklist. However I will add a note in the first topic claiming attention for these legit addresses.

Than you.
newbie
Activity: 17
Merit: 0
Good work man! However as mentioned above you people, must be carefull when you ban BTC address and its referrals. I have collect this addresses from rotator/lists:

1JSoW6FXrrhjMFLyfwC3PL9tJBhMwyLuRB --- faucetsfree.com
1LB8EJsDQZQt5X2EPHvKgHw1F66xLUUCj1 --- btcfaucetlist.net
1PioCZa8nzmzH6eXDtDG7xLsFANuAHQkrB --- freebitcoinhome.com
1Po9cWPPqfykFG1Zdrba7bkEcnkbq98BVD --- bit.makejar.com
15gZFZMaz1MtEKm9Z1HGroTtuU8Sr9oi3z --- zonebitcoin.com
1vn6x8oFQwuHvVdCKkkWv8BPCe7WmNyZ5  --- rotator . impaktoweb . com
17A3sR66WEH86wjYJv2ns4nTv1BmGBRm6G --- bitcoinsblue.com
1KAZ3b7EbWxwkXm28AEG17zRzY7ZKM9yHP --- smellikecoins
12xAgyn7bjEfjaK2rGtWJfrakDAXLHLDQN --- bitcoin-gator.com/?p=rotator
1PhRCPKyM5CCiNC8yP5krGG1UNsjk2iQgz --- coinator.net
17A3sR66WEH86wjYJv2ns4nTv1BmGBRm6G --- bitcoinsblue.com

if you have them banned, you should remove cause they are legit.

Keep it good work Smiley
hero member
Activity: 504
Merit: 501
You guys need to be very careful with the referrals you are banning. Lots of users send traffic from their iFaucet referral link (similar to how LandofBitcoin used to work) so many users have 50-100 referrals just from their iFaucet referrals.

You aren't going to ban bots by simply looking at the addresses, you need to find patterns in claims, patterns in referral trees and also you need to make sure that your sites feature good enough anti-bot security (honeypot forms, etc)

I actively promote faucets - as do many other users. You have no idea who is a user who has spent 0.02 on advertising for those referees and a botter.

I'm not convinced that the OP, or indeed several of the other admins here are actually finding bots. Some of you saying you've lost 0.01 in a day - that's not really proof of botting. I lost 0.2 when I got botted.

1. How do you guys know you're not banning active referrers/advertisers?
2. How do you guys know you're not banning iFaucet users with a large number of referrals?

These are important issues.

I have 1000+ iFaucet referrals as well as individually on larger faucets. I pay good money for these and would hate to be banned by an overzealous admin simply because he suspects I'm a bot.
i have been banned from many faucets saying im on a proxy and im not  and i own a list page as well
hero member
Activity: 868
Merit: 500
You guys need to be very careful with the referrals you are banning. Lots of users send traffic from their iFaucet referral link (similar to how LandofBitcoin used to work) so many users have 50-100 referrals just from their iFaucet referrals.

You aren't going to ban bots by simply looking at the addresses, you need to find patterns in claims, patterns in referral trees and also you need to make sure that your sites feature good enough anti-bot security (honeypot forms, etc)

I actively promote faucets - as do many other users. You have no idea who is a user who has spent 0.02 on advertising for those referees and a botter.

I'm not convinced that the OP, or indeed several of the other admins here are actually finding bots. Some of you saying you've lost 0.01 in a day - that's not really proof of botting. I lost 0.2 when I got botted.

1. How do you guys know you're not banning active referrers/advertisers?
2. How do you guys know you're not banning iFaucet users with a large number of referrals?

These are important issues.

I have 1000+ iFaucet referrals as well as individually on larger faucets. I pay good money for these and would hate to be banned by an overzealous admin simply because he suspects I'm a bot.

Detecting a legit user is not so hard OP blindly blocking keys because he doubt they're bots.

In my opinion bots should not be more then 5-10 % of your traffic.

I use state counter which shows me referral traffic so I can identify real and bot more accuracy.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
You guys need to be very careful with the referrals you are banning. Lots of users send traffic from their iFaucet referral link (similar to how LandofBitcoin used to work) so many users have 50-100 referrals just from their iFaucet referrals.

You aren't going to ban bots by simply looking at the addresses, you need to find patterns in claims, patterns in referral trees and also you need to make sure that your sites feature good enough anti-bot security (honeypot forms, etc)

FWIW, banning addresses won't make a damn bit of difference in the long run. They're too damn easy to generate.

I actively promote faucets - as do many other users. You have no idea who is a user who has spent 0.02 on advertising for those referees and a botter.

Without which, many faucets simply wouldn't exist, and I think people forget that in their haste.

1. How do you guys know you're not banning active referrers/advertisers?
2. How do you guys know you're not banning iFaucet users with a large number of referrals?

These are important issues.

Indeed.

In order for someone to really make a profit ripping off a faucet, they have to have a large number of machines to carry out attacks. Hence, why a lot of attacking hosts are on IP addresses registered to hosting / VPS providers.

Fortunately, the bots that grace my faucet aren't too sophisticated. But when you get a 1000% increase in sessions coming primarily from various hosting providers, all using the same referral address, I'd say that's a pretty good indication that you're dealing with a bot, and not someone trying to advertise on your behalf. Wink

Precisely! You seem to have a good feel for the bots you are receiving.

Botters are either of the following:

1. Members of a large botting network that funds itself using referral incomes
2. Individuals with large amounts of captcha-solves in an Rucaptcha account and a proxy list
3. Individuals who make individual bots and then release them to a small number of referrals, typically on small forums such as TheBot.net etc

The single largest attack I had came from the first type, a large network with over 1000 active users running custom designed bots. Little to no technical expertise required, just some rubles and a Bitcoin address. Profit is around 100% on some faucets and can be more.

Unless your faucet is supremely popular I doubt you'll find many attacks from individuals - your faucet would need to be exceptional in some way; high referral commission, high reward, etc.

Do not go banning addresses randomly without being 100% sure. As important as this list of 'bad' addresses is we also need a certified list of good addresses in order to make sure legitimate traffic sources aren't penalized.

I fully agree with you all. Then I won't add suggested addresses anymore.

But I will keep the address wich I did pick up. I'm very carefull in analyzing scammer's addresses.

Anyways we could keep this topic bringging new defense techniques and advices.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Howdy Y'all,

Since y'all are interested in the bitcoin addresses of bots, here are three who tried to drain my faucet not long ago:
Code:
1LwLykjvdtwNUWVF9SMdK1eCh5LwYSobqB
1CXRDtZBctuysUsSkhpasDxhCmWeyVXrYe
16iJyf6zW1U1Lq6xVHVS6gzp6Y1HPWUv5n

Fortunately for my users they didn't get very far, thanks to the countermeasures I have in place.

I noticed y'all have this one in your list also, but AFAICT it corresponds to ifaucet.net's rotator, and is definitely not a bot.
Code:
1K2vpdMxkFpCG9sJzUpPCkQr9uBdUdkudk

Enjoy!

The 1K2vpdMxkFpCG9sJzUpPCkQr9uBdUdkudk address was removed from the list. A note was added also asking to unblock this address.

Thank you.
sr. member
Activity: 714
Merit: 250
Defend Bitcoin and its PoW: bitcoincleanup.com
You guys need to be very careful with the referrals you are banning. Lots of users send traffic from their iFaucet referral link (similar to how LandofBitcoin used to work) so many users have 50-100 referrals just from their iFaucet referrals.

You aren't going to ban bots by simply looking at the addresses, you need to find patterns in claims, patterns in referral trees and also you need to make sure that your sites feature good enough anti-bot security (honeypot forms, etc)

FWIW, banning addresses won't make a damn bit of difference in the long run. They're too damn easy to generate.

I actively promote faucets - as do many other users. You have no idea who is a user who has spent 0.02 on advertising for those referees and a botter.

Without which, many faucets simply wouldn't exist, and I think people forget that in their haste.

1. How do you guys know you're not banning active referrers/advertisers?
2. How do you guys know you're not banning iFaucet users with a large number of referrals?

These are important issues.

Indeed.

In order for someone to really make a profit ripping off a faucet, they have to have a large number of machines to carry out attacks. Hence, why a lot of attacking hosts are on IP addresses registered to hosting / VPS providers.

Fortunately, the bots that grace my faucet aren't too sophisticated. But when you get a 1000% increase in sessions coming primarily from various hosting providers, all using the same referral address, I'd say that's a pretty good indication that you're dealing with a bot, and not someone trying to advertise on your behalf. Wink

Precisely! You seem to have a good feel for the bots you are receiving.

Botters are either of the following:

1. Members of a large botting network that funds itself using referral incomes
2. Individuals with large amounts of captcha-solves in an Rucaptcha account and a proxy list
3. Individuals who make individual bots and then release them to a small number of referrals, typically on small forums such as TheBot.net etc

The single largest attack I had came from the first type, a large network with over 1000 active users running custom designed bots. Little to no technical expertise required, just some rubles and a Bitcoin address. Profit is around 100% on some faucets and can be more.

Unless your faucet is supremely popular I doubt you'll find many attacks from individuals - your faucet would need to be exceptional in some way; high referral commission, high reward, etc.

Do not go banning addresses randomly without being 100% sure. As important as this list of 'bad' addresses is we also need a certified list of good addresses in order to make sure legitimate traffic sources aren't penalized.
tth
newbie
Activity: 2
Merit: 0
You guys need to be very careful with the referrals you are banning. Lots of users send traffic from their iFaucet referral link (similar to how LandofBitcoin used to work) so many users have 50-100 referrals just from their iFaucet referrals.

You aren't going to ban bots by simply looking at the addresses, you need to find patterns in claims, patterns in referral trees and also you need to make sure that your sites feature good enough anti-bot security (honeypot forms, etc)

FWIW, banning addresses won't make a damn bit of difference in the long run. They're too damn easy to generate.

I actively promote faucets - as do many other users. You have no idea who is a user who has spent 0.02 on advertising for those referees and a botter.

Without which, many faucets simply wouldn't exist, and I think people forget that in their haste.

1. How do you guys know you're not banning active referrers/advertisers?
2. How do you guys know you're not banning iFaucet users with a large number of referrals?

These are important issues.

Indeed.

In order for someone to really make a profit ripping off a faucet, they have to have a large number of machines to carry out attacks. Hence, why a lot of attacking hosts are on IP addresses registered to hosting / VPS providers.

Fortunately, the bots that grace my faucet aren't too sophisticated. But when you get a 1000% increase in sessions coming primarily from various hosting providers, all using the same referral address, I'd say that's a pretty good indication that you're dealing with a bot, and not someone trying to advertise on your behalf. Wink
sr. member
Activity: 714
Merit: 250
Defend Bitcoin and its PoW: bitcoincleanup.com
I suggest you guys update your script or add some sort of email verification for users. I have reduced my botting almost completely since I implemented this change - in fact, I predict that most large faucets will need to implement such features if they are to survive.

The Faucetbox script as standard suits small-medium faucets, anyone offering more than 500 satoshi per hour is at risk.

You need to surgically remove bots and not delete large referral trees.
legendary
Activity: 3444
Merit: 3469
Crypto Swap Exchange
You guys need to be very careful with the referrals you are banning. Lots of users send traffic from their iFaucet referral link (similar to how LandofBitcoin used to work) so many users have 50-100 referrals just from their iFaucet referrals.

You aren't going to ban bots by simply looking at the addresses, you need to find patterns in claims, patterns in referral trees and also you need to make sure that your sites feature good enough anti-bot security (honeypot forms, etc)

I actively promote faucets - as do many other users. You have no idea who is a user who has spent 0.02 on advertising for those referees and a botter.

I'm not convinced that the OP, or indeed several of the other admins here are actually finding bots. Some of you saying you've lost 0.01 in a day - that's not really proof of botting. I lost 0.2 when I got botted.

1. How do you guys know you're not banning active referrers/advertisers?
2. How do you guys know you're not banning iFaucet users with a large number of referrals?

These are important issues.

I have 1000+ iFaucet referrals as well as individually on larger faucets. I pay good money for these and would hate to be banned by an overzealous admin simply because he suspects I'm a bot.

yes, is very complicated. but not exactly luck when looking at your faucet balance disappear, and click on ads not move  Shocked
i mean that is time for change faucetbox script with another one
sr. member
Activity: 714
Merit: 250
Defend Bitcoin and its PoW: bitcoincleanup.com
You guys need to be very careful with the referrals you are banning. Lots of users send traffic from their iFaucet referral link (similar to how LandofBitcoin used to work) so many users have 50-100 referrals just from their iFaucet referrals.

You aren't going to ban bots by simply looking at the addresses, you need to find patterns in claims, patterns in referral trees and also you need to make sure that your sites feature good enough anti-bot security (honeypot forms, etc)

I actively promote faucets - as do many other users. You have no idea who is a user who has spent 0.02 on advertising for those referees and a botter.

I'm not convinced that the OP, or indeed several of the other admins here are actually finding bots. Some of you saying you've lost 0.01 in a day - that's not really proof of botting. I lost 0.2 when I got botted.

1. How do you guys know you're not banning active referrers/advertisers?
2. How do you guys know you're not banning iFaucet users with a large number of referrals?

These are important issues.

I have 1000+ iFaucet referrals as well as individually on larger faucets. I pay good money for these and would hate to be banned by an overzealous admin simply because he suspects I'm a bot.
tth
newbie
Activity: 2
Merit: 0
Howdy Y'all,

Since y'all are interested in the bitcoin addresses of bots, here are three who tried to drain my faucet not long ago:
Code:
1LwLykjvdtwNUWVF9SMdK1eCh5LwYSobqB
1CXRDtZBctuysUsSkhpasDxhCmWeyVXrYe
16iJyf6zW1U1Lq6xVHVS6gzp6Y1HPWUv5n

Fortunately for my users they didn't get very far, thanks to the countermeasures I have in place.

I noticed y'all have this one in your list also, but AFAICT it corresponds to ifaucet.net's rotator, and is definitely not a bot.
Code:
1K2vpdMxkFpCG9sJzUpPCkQr9uBdUdkudk

Enjoy!
full member
Activity: 189
Merit: 100
Quote
I've copied and edited:
Code:
$banOnProability=0.99;

to

Code:
$banOnProability=0.99999;

It would be a good idea to do a find and replace on that variable name to fix the typo everywhere it's used.
sr. member
Activity: 350
Merit: 250

Code:
// ABC

and

Code:
/*
ABC
*/

means commented out (non-active).

I've made non active the:
Code:
//if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
//die("It would apprear you're using a proxy, so please, contact us: [email protected]!");
because it is plainly wrong.

I've copied and edited:
Code:
$banOnProability=0.99;

to

Code:
$banOnProability=0.99999;

But also left the original (for comparison).

Also added commented-out (inactive) example how to "whitelist" someone.

Friend thank you for your help, is there any way to do it without getIPIntel?
that to my it has stopped me working, does not block any proxy?
sr. member
Activity: 455
Merit: 250
EarnBitcoins.INFO
o..k..
Am I the only one who doesn't understand a word that's being written here?
full member
Activity: 500
Merit: 100
Code:
// ABC

and

Code:
/*
ABC
*/

means commented out (non-active).

I've made non active the:
Code:
//if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
//die("It would apprear you're using a proxy, so please, contact us: [email protected]!");
because it is plainly wrong.

I've copied and edited:
Code:
$banOnProability=0.99;

to

Code:
$banOnProability=0.99999;

But also left the original (for comparison).

Also added commented-out (inactive) example how to "whitelist" someone.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
newbie
Activity: 42
Merit: 0
Greetings.

I just add the code and see how it goes.

One question, I have to erase this // $ banOnProability = 0.99;

And leave alone this? $ banOnProability = 0.99999;

Code:
//if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
//die("It would apprear you're using a proxy, so please, contact us: [email protected]!");

function checkProxy($ip){
/*
                /// Uncomment to allow bit.makejar.com autochecker
if ($ip=='188.166.12.134') {
                  return false;
                }
                //
*/
$contactEmail="[email protected]";
$timeout=3
// $banOnProability=0.99;
                
$banOnProability=0.99999;// <---------------------------------------------------

$ch curl_init();
curl_setopt($chCURLOPT_RETURNTRANSFER1);
 
curl_setopt($chCURLOPT_TIMEOUT$timeout);
curl_setopt($chCURLOPT_URL"http[Suspicious link removed]c($ch);

curl_close(
$ch);


if (
$response > $banOnProability) {
return true;
} else {
if (
$response < 0 || strcmp($response, "") == 0 ) {
//The server returned an error, you might want to do something
//like write to a log file or email yourself
//This could be true due to an invalid input or you've exceeded
//the number of allowed queries. Figure out why this is happening
//because you aren't protected by the system anymore
//Leaving this section blank is dangerous because you assume
//that you're still protected, which is incorrect
//and you might think GetIPIntel isn't accurate anymore
//which is also incorrect.
//failure to implement error handling is bad for the both of us
}
return false;
}
}
$ip=$_SERVER['REMOTE_ADDR'];
if (checkProxy(
$ip)) {
echo "
It would apprear you're using a proxy, so please, contact us: [email protected]";
}
?>
Pages:
Jump to: