Pages:
Author

Topic: [Updated 19/Jul/2016] Faucet Owners Against Scammers and Bots - page 27. (Read 36693 times)

sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Guys...

I'm thinking how could I redirect the Faucetbox blocked IPs, Domains and BC Address to an other URL.

I guess I shoul change some function into the index.php file. But I didn't found the exactily point to do this change.

Today, When a banned visitor try to claim, the faucet just reload/refresh the page. I think that redirecting I could do something smarter.

Could you help me?
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
snip
What do you suggest them? Forget the proxy serves and keep walking?
No, but trying to stop them by checking for HTTP headers and blocking BTC addresses is useless, as it does very little to stop those with any experience.

Using code similar to this, which LosingAlpha posted could help significantly, though using strpos may not be the best as it can sometimes return false positives with similar hosts.
Code:
$remoteHostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if(strpos($remoteHostname, 'amazonaws') !== false)die("No AWS, later jabroni!");
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Following two more scam address:

1mf8XF6cM777vkGm47KVMsSRgkmaApt9f
1BgQKKqWLXHjUXq8k8858pr9UjLcdzMUMi

i think that is better option to update your first post, not than to add in single separate post.
anyway thanks for sharing your info with us

Yes. I will do this.

This will kill 99% of proxy servers...put this in your htaccess file

snip
No, it won't. Anyone that is running a proxy server should know how to fake HTTP headers on requests, the things that this code is checking for. It will perhaps block about 1% of proxy owners that have no idea what they're doing.

Dont block AWS if you are using funcapthca because thats what they use
As said blocking AWS would have no problems with using FunCaptcha or anything else running on an AWS web server. By blocking AWS you would be (I hope) checking the incoming information of a visitor then checking if the IP resolves to an AWS address, then blocking if necessary. While using FunCaptcha, it never actually visits your site. The FunCaptcha code runs in the back end and communicates with your website, therefore not being affected by any AWS blocks.

Also, I would just like to point out, trying to stop bots by blocking BTC addresses is futile; an attacker can just create a new Bitcoin address automatically and use that one in the case of the previous being blocked. It is likely more of an inconvenience to you blocking them than to the attacker.

What do you suggest them? Forget the proxy serves and keep walking?


legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
This will kill 99% of proxy servers...put this in your htaccess file

snip
No, it won't. Anyone that is running a proxy server should know how to fake HTTP headers on requests, the things that this code is checking for. It will perhaps block about 1% of proxy owners that have no idea what they're doing.

Dont block AWS if you are using funcapthca because thats what they use
As said blocking AWS would have no problems with using FunCaptcha or anything else running on an AWS web server. By blocking AWS you would be (I hope) checking the incoming information of a visitor then checking if the IP resolves to an AWS address, then blocking if necessary. While using FunCaptcha, it never actually visits your site. The FunCaptcha code runs in the back end and communicates with your website, therefore not being affected by any AWS blocks.

Also, I would just like to point out, trying to stop bots by blocking BTC addresses is futile; an attacker can just create a new Bitcoin address automatically and use that one in the case of the previous being blocked. It is likely more of an inconvenience to you blocking them than to the attacker.

legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
Following two more scam address:

1mf8XF6cM777vkGm47KVMsSRgkmaApt9f
1BgQKKqWLXHjUXq8k8858pr9UjLcdzMUMi

i think that is better option to update your first post, not than to add in single separate post.
anyway thanks for sharing your info with us
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Dont block AWS if you are using funcapthca because thats what they use
Funcaptcha's not opening up your site to work, your script just needs to talk out to it.

You can just target it by name (and add conditionals for whatever other networks are causing problems)
Code:
$remoteHostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if(strpos($remoteHostname, 'amazonaws') !== false)die("No AWS, later jabroni!");

You'll also want to sort out nearby IPs, on faucetbox after $sql has been set up you can do something like this - I'm just matching IPs in the database to the visitor's IP minus the last digit here so it's not very sophisticated, but a lot of people with access to IP ranges are willing to chance their arm. You may get the odd false positive here and there, but it'll cut down on the abuse:

Code:
$partialIP = substr($_SERVER['REMOTE_ADDR'], 0, strlen($_SERVER['REMOTE_ADDR'])-1);
$matchedIPs = $sql->query("SELECT COUNT(*) FROM `Faucetinabox_IPs` WHERE `ip` LIKE '".$partialIP."%'")->fetch();
if($matchedIPs[0]>1)die("You look shady, sorry bro.");

Quote from: rkandrades
Guys... How are you blocking Proxy Servers?

I tried to block by PHP codes and htaccess. No success.
It's impossible without a list of their IP addresses so I just didn't bother. Rewrite rules or checking headers in PHP won't get you very far because you're relying on the proxy telling you it's a proxy, you can't rely on that.

But if I try to block a huge list of known proxy servers by IP in the htaccess? Won't it work?

I think this is a good alternative way.
full member
Activity: 189
Merit: 100
Dont block AWS if you are using funcapthca because thats what they use
Funcaptcha's not opening up your site to work, your script just needs to talk out to it.

You can just target it by name (and add conditionals for whatever other networks are causing problems)
Code:
$remoteHostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if(strpos($remoteHostname, 'amazonaws') !== false)die("No AWS, later jabroni!");

You'll also want to sort out nearby IPs, on faucetbox after $sql has been set up you can do something like this - I'm just matching IPs in the database to the visitor's IP minus the last digit here so it's not very sophisticated, but a lot of people with access to IP ranges are willing to chance their arm. You may get the odd false positive here and there, but it'll cut down on the abuse:

Code:
$partialIP = substr($_SERVER['REMOTE_ADDR'], 0, strlen($_SERVER['REMOTE_ADDR'])-1);
$matchedIPs = $sql->query("SELECT COUNT(*) FROM `Faucetinabox_IPs` WHERE `ip` LIKE '".$partialIP."%'")->fetch();
if($matchedIPs[0]>1)die("You look shady, sorry bro.");

Quote from: rkandrades
Guys... How are you blocking Proxy Servers?

I tried to block by PHP codes and htaccess. No success.
It's impossible without a list of their IP addresses so I just didn't bother. Rewrite rules or checking headers in PHP won't get you very far because you're relying on the proxy telling you it's a proxy, you can't rely on that.
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Guys... I'm paying a lot of referrals for these two address:

17dzhZ3JG5jfKMd45BowS1Pr1cH9FW8zzK
1CMam3ZHtFysv3jvLfzrDraXy4dNGDKQJv

How could I identify if they are bots/scammers or legit?
 I doubt they are bots.  Bots dont waste there time with refs...someone probably has your faucet on a list of there

But none of their referrals really share my faucet. They o tricks...

In addintion to, they dont are shown as referrals on my Google Analytics. THey are shown as direct access. They sent me a lot of user and I cant se from where through the Analytics tool.

Doesn't seem weird for you?

take a look on their very huge super monster fucker referrals gains in FaucetBox.
hero member
Activity: 504
Merit: 501
Guys... I'm paying a lot of referrals for these two address:

17dzhZ3JG5jfKMd45BowS1Pr1cH9FW8zzK
1CMam3ZHtFysv3jvLfzrDraXy4dNGDKQJv

How could I identify if they are bots/scammers or legit?
  I doubt they are bots.  Bots dont waste there time with refs...someone probably has your faucet on a list of there
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Guys... I'm paying a lot of referrals for these two address:

17dzhZ3JG5jfKMd45BowS1Pr1cH9FW8zzK
1CMam3ZHtFysv3jvLfzrDraXy4dNGDKQJv

How could I identify if they are bots/scammers or legit?
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Following two more scam address:

1mf8XF6cM777vkGm47KVMsSRgkmaApt9f
1BgQKKqWLXHjUXq8k8858pr9UjLcdzMUMi
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
My wallet id is blocked on Bitconker as is others, see for ref https://bitcointalksearch.org/topic/m.12218506
I do not know about bots nor do I scam any faucet, I use another wallet now on there and all is ok, but if I cannot use my old wallet as its still blocked.

I did send the owner email but he just ignored it, the only faucet Admin ever to not answer why.

I did have issues with other faucets once upon a time, as some of them had never heard of my browser (Maxthon) Once I got in touch with them, it all got resolved.

So I guess if I never, I would still be banned from those websites.

Can you be really sure that all those addys are bots and scammers? 100%

No. I'm not sure. But I'm getting good results acting this way.

I think some of them are just reseting their modem to get a new IP.

They are using different bitcoin address too...

Do you use some technique or tool to block TOR users?
If you're not protected against that kind of thing already, you'll be paying hundreds of thousands, possibly millions out to guys coming in from hosting providers. Amazon AWS is a common one they use.

But yeah to a lesser extent you'll be getting hit by people with access to IP ranges too. I can post code snippets to sort that stuff out when I'm on a PC in a few hours, but I'd also suggest you use google analytics or something similar to get visibility of the networks which are causing you problems.

TOR is blocked for my faucet now. I will keep the TOR IPs blacklist updated every week. This is the best I can do for now... :T

This will kill 99% of proxy servers...put this in your htaccess file

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]


source:  https://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/

Thank you. But I am already using this code.

The problem is that I tested my site with the 3 first proxies retrieved by Google and all of them accessed normally my faucet.

Are you having this problem too?
hero member
Activity: 504
Merit: 501
This will kill 99% of proxy servers...put this in your htaccess file

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]


source:  https://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/
sr. member
Activity: 392
Merit: 251
Bitcoin Faucet & Blog
Guys... How are you blocking Proxy Servers?

I tried to block by PHP codes and htaccess. No success. Sad
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I think the address is not using anymore or the owner is generating new wallet address...
hero member
Activity: 504
Merit: 501
Maybe if our faucet could get the computer name as well if its possible
hero member
Activity: 504
Merit: 501
Faucets use btc address and ip's to make sure people are not scamming....what else can we use for this problem??
hero member
Activity: 504
Merit: 501
I think some of them are just reseting their modem to get a new IP.

They are using different bitcoin address too...

Do you use some technique or tool to block TOR users?
If you're not protected against that kind of thing already, you'll be paying hundreds of thousands, possibly millions out to guys coming in from hosting providers. Amazon AWS is a common one they use.

But yeah to a lesser extent you'll be getting hit by people with access to IP ranges too. I can post code snippets to sort that stuff out when I'm on a PC in a few hours, but I'd also suggest you use google analytics or something similar to get visibility of the networks which are causing you problems.
Dont block AWS if you are using funcapthca because thats what they use
legendary
Activity: 1134
Merit: 1000
Soon, I have to go away.
My wallet id is blocked on Bitconker as is others, see for ref https://bitcointalksearch.org/topic/m.12218506
I do not know about bots nor do I scam any faucet, I use another wallet now on there and all is ok, but if I cannot use my old wallet as its still blocked.

I did send the owner email but he just ignored it, the only faucet Admin ever to not answer why.

I did have issues with other faucets once upon a time, as some of them had never heard of my browser (Maxthon) Once I got in touch with them, it all got resolved.

So I guess if I never, I would still be banned from those websites.

Can you be really sure that all those addys are bots and scammers? 100%
full member
Activity: 189
Merit: 100
I think some of them are just reseting their modem to get a new IP.

They are using different bitcoin address too...

Do you use some technique or tool to block TOR users?
If you're not protected against that kind of thing already, you'll be paying hundreds of thousands, possibly millions out to guys coming in from hosting providers. Amazon AWS is a common one they use.

But yeah to a lesser extent you'll be getting hit by people with access to IP ranges too. I can post code snippets to sort that stuff out when I'm on a PC in a few hours, but I'd also suggest you use google analytics or something similar to get visibility of the networks which are causing you problems.
Pages:
Jump to: