Pages:
Author

Topic: XAPO Script - Hacked - page 2. (Read 6092 times)

full member
Activity: 238
Merit: 100
August 05, 2016, 07:30:18 AM

What was your faucet and I will see if it is possible for me to access and duplicate what you are saying?

https://faucet.today
legendary
Activity: 1059
Merit: 1020
August 05, 2016, 07:16:19 AM
The solution of blocking all proxies is still not a good solution at all. It blocks almost all proxies. With an advanced proxy is it possible to bypass the proxy detection.
member
Activity: 132
Merit: 10
August 05, 2016, 07:08:49 AM

Let me see if one of Xapo sites like you say where I can actually use the F5 and reclaim without a Captcha. BRB on that this one.

I have 2 Xapo Wallet sites open ( MoonBitco.in and Whalebitco.in ) and one none Xapo site open ( Claim BTC ) will run the F5 command in 2 minutes.

Ok I run the F5 command on all 3 sites and they give me the same results ( Incorrect Captcha )

Are we dealing with a weakess in the F5 Command for @Gifted's script. As I thought we had solved this previously and it was addressed by @Gifted.

I am old and sea-nile and I tend to forget what i just said so I maybe wrong.

I have this only testet at my faucet .. maybe i am the only with this phenomen ?

What was your faucet and I will see if it is possible for me to access and duplicate what you are saying?
full member
Activity: 238
Merit: 100
August 05, 2016, 06:43:16 AM

Let me see if one of Xapo sites like you say where I can actually use the F5 and reclaim without a Captcha. BRB on that this one.

I have 2 Xapo Wallet sites open ( MoonBitco.in and Whalebitco.in ) and one none Xapo site open ( Claim BTC ) will run the F5 command in 2 minutes.

Ok I run the F5 command on all 3 sites and they give me the same results ( Incorrect Captcha )

Are we dealing with a weakess in the F5 Command for @Gifted's script. As I thought we had solved this previously and it was addressed by @Gifted.

I am old and sea-nile and I tend to forget what i just said so I maybe wrong.

I have this only testet at my faucet .. maybe i am the only with this phenomen ?
member
Activity: 132
Merit: 10
August 05, 2016, 06:22:59 AM
Its me again .. there are still one thing what i don't like ... i will try to explain as good as i can in english ...

Example:

Your Xapo Faucet has a Cooldown (Timer) of 15minutes until next claim is allowed.

OK here we go - a Visitor enter your Faucet solve the Captcha and Claim .. he stays on your really cool Site .. and after 15 minutes he can press F5 (Refresh) in browser .. a small window pops-up
and ask if you want to send the Formular again (dont know how it is called in english - see screenshot in German)


If you answer with Yes .. the Browserwindows reloads/refreshs .. and you have automaticly claimed - without enter the Captcha again...

Now if a Black-hat have found a way how to disable the timer (ok we dont allow rightclicks and so on now ) he has only press F5 press Enter all time long .. and is happy ..

I am not a hero in Webdesign nor php .. but maybe a solution is to set the cookielifetime to 5mins ? or has it something to do with the session ? .. any ideas ?

Let me see if one of Xapo sites like you say where I can actually use the F5 and reclaim without a Captcha. BRB on that this one.

I have 2 Xapo Wallet sites open ( MoonBitco.in and Whalebitco.in ) and one none Xapo site open ( Claim BTC ) will run the F5 command in 2 minutes.

Ok I run the F5 command on all 3 sites and they give me the same results ( Incorrect Captcha )

Are we dealing with a weakess in the F5 Command for @Gifted's script. As I thought we had solved this previously and it was addressed by @Gifted.

I am old and sea-nile and I tend to forget what i just said so I maybe wrong.
full member
Activity: 238
Merit: 100
August 05, 2016, 06:08:08 AM

Blocking Browsers is not the answer to your problem.

yes i am with you .. i just asked because i would like to know if there is a comfortabler way as baning a specific user-agent in htaccess ...
full member
Activity: 238
Merit: 100
August 05, 2016, 06:01:21 AM
Its me again .. there are still one thing what i don't like ... i will try to explain as good as i can in english ...

Example:

Your Xapo Faucet has a Cooldown (Timer) of 15minutes until next claim is allowed.

OK here we go - a Visitor enter your Faucet solve the Captcha and Claim .. he stays on your really cool Site .. and after 15 minutes he can press F5 (Refresh) in browser .. a small window pops-up
and ask if you want to send the Formular again (dont know how it is called in english - see screenshot in German)


If you answer with Yes .. the Browserwindows reloads/refreshs .. and you have automaticly claimed - without enter the Captcha again...

Now if a Black-hat have found a way how to disable the timer (ok we dont allow rightclicks and so on now ) he has only press F5 press Enter all time long .. and is happy ..

I am not a hero in Webdesign nor php .. but maybe a solution is to set the cookielifetime to 5mins ? or has it something to do with the session ? .. any ideas ?
member
Activity: 132
Merit: 10
August 05, 2016, 05:37:35 AM


Yeap, I got a lot of bot attack comming from Firefox, so I blocked it, sorry..

80%+ firefox access was bots.. don't know if it was the extensions(sql injection, proxys) or the bot use this plataform

Yeap, I tried to find something to block extensions.. however I think it can't be done..
You can easily find proxy/sql injection extensions on firefox.. and chrome too, however I don't blocked chrome(yet hahah)
I was thinking about make a custom browser wich users can visit faucets.. you know? without extensions, with a good faucet list/rotator.. well, I don't have knowledge to do this(and the other question is the ads clicks, maybe it can get a lower click rate)

Can you tell me/us please how you block a browser .. thanx in advance

Blocking Browsers is not the answer to your problem. All that shows is how many users that visit your site use that particular browser. I would think we are needing to look deeper into the way the browser is used once on your site. Cross reference Blacklist IP's against visitors and incorporate a lockout of those IP's. Anyone trying to use a BOT is going to try and use a fresh list of accepted Proxy's to access your site.

Say me for example I use my mobile phone as a hot spot or wifi hot spot. I am using the IP 205.197.242.169 and i ran a cross reference to Blacklist IP's. When I did that I tested my IP against a new tool called WebRTC and found that it was leaking my actual IP address. For more information on how these Thieves are stealing personal information read this post>  http://whatismyipaddress.com/webrtc-test

And upon reading this article or post one may be able to use the WebRTC to find the actual IP behind the attacks and single them out. WebRTC is available for Chrome, FireFox, Opera and many more as it is the new and bestest thing going.

Happy Defending !!!! 
full member
Activity: 238
Merit: 100
August 05, 2016, 05:04:42 AM


Yeap, I got a lot of bot attack comming from Firefox, so I blocked it, sorry..

80%+ firefox access was bots.. don't know if it was the extensions(sql injection, proxys) or the bot use this plataform

Yeap, I tried to find something to block extensions.. however I think it can't be done..
You can easily find proxy/sql injection extensions on firefox.. and chrome too, however I don't blocked chrome(yet hahah)
I was thinking about make a custom browser wich users can visit faucets.. you know? without extensions, with a good faucet list/rotator.. well, I don't have knowledge to do this(and the other question is the ads clicks, maybe it can get a lower click rate)

Can you tell me/us please how you block a browser .. thanx in advance
full member
Activity: 238
Merit: 100
August 05, 2016, 04:55:19 AM
k - i opened my faucet again https://faucet.today .. if something goes wrong i will send you the bill gifted  Cheesy
legendary
Activity: 2688
Merit: 2297
August 05, 2016, 04:07:50 AM
-snip-

Like a glove! (I think).. My IP is blacklisted on a lot of services so I can't test at all.. and I can't renew lol
Thank you alfaboy!
I think it's working http://www.bitcoinamerica.com.br/faucet
anyone give me a feedback please
No problemo  Wink

Anyway, your website says "Browser not supported". I'm using Firefox. Have you also block the Chrome?
If this is about the plug-ins/add-ons, then we should think of other way to block just the plug-in/add-ons and not the browser.


now this mesage comes and i cant acces -.- `?
iam using firefox ??


Code:
Browser not supported!

Yeap, I got a lot of bot attack comming from Firefox, so I blocked it, sorry..

80%+ firefox access was bots.. don't know if it was the extensions(sql injection, proxys) or the bot use this plataform

Yeap, I tried to find something to block extensions.. however I think it can't be done..
You can easily find proxy/sql injection extensions on firefox.. and chrome too, however I don't blocked chrome(yet hahah)
I was thinking about make a custom browser wich users can visit faucets.. you know? without extensions, with a good faucet list/rotator.. well, I don't have knowledge to do this(and the other question is the ads clicks, maybe it can get a lower click rate)
hero member
Activity: 546
Merit: 500
August 05, 2016, 03:54:05 AM
-snip-

Like a glove! (I think).. My IP is blacklisted on a lot of services so I can't test at all.. and I can't renew lol
Thank you alfaboy!
I think it's working http://www.bitcoinamerica.com.br/faucet
anyone give me a feedback please
No problemo  Wink

Anyway, your website says "Browser not supported". I'm using Firefox. Have you also block the Chrome?
If this is about the plug-ins/add-ons, then we should think of other way to block just the plug-in/add-ons and not the browser.
hero member
Activity: 546
Merit: 500
August 04, 2016, 09:24:49 PM
IMHO, we should totally blockout bad ISP and do not show anything to the users with bad ISPs since it is giving bad traffic to the network ads.
hero member
Activity: 504
Merit: 501
August 04, 2016, 08:35:07 PM
I have same thing but i still let them go to page just not claim.


Security Patch V1.2 :



Got to index.php in the main root and find this:

Code:
$response = @file('http://verify.solvemedia.com/papi/verify?privatekey=' . $settings['solvemedia_verification_key'] . '&challenge=' . rawurlencode($captchaChallange) . '&response=' . rawurlencode($captchaResponse) . '&remoteip=' . $ip);

  if (!isset($response[0]) || trim($response[0]) === 'false'){
    $view['main']['result_html'] = '

Wrong captcha!

';
    $message                     = "Wrong captcha";
  }
  
$q = $sql->prepare("select * from users where LOWER(username) = LOWER(?) or ip = ? order by claimed_at desc");
  $q->execute(array($username,$ip));
  $row = $q->fetch();

Put this code right underneath the one you find above:

Code:
//We do not allow proxy here

 if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
{
  $view['main']['result_html'] = '

Bots not allowed !! If you are not a bot and not on a proxy, i still cant help you !

';
    $message                     = "Proxy";
    goto error;
  }
  //end proxie check

This will stop proxies if they try to claim and throw a message as you can see in the picture



legendary
Activity: 2688
Merit: 2297
August 04, 2016, 08:03:45 PM
I'm testing your scripts here Gifted http://www.bitcoinamerica.com.br/faucet
less the adblock one(got some bug here)
Thanks for all!
says im on  a proxie and im not

Yeap, other user tell me the same thing, I'm trying to fix it..
With this code I'm blocking everyone  Huh Huh Huh
Code:
 
IF(ISSET($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){
        DIE("Proxy servers not allowed.");
}
 
$proxy_headers = ARRAY(  
     'HTTP_VIA',  
     'HTTP_X_FORWARDED_FOR',  
     'HTTP_FORWARDED_FOR',  
     'HTTP_X_FORWARDED',  
     'HTTP_FORWARDED',  
     'HTTP_CLIENT_IP',  
     'HTTP_FORWARDED_FOR_IP',  
     'VIA',  
     'X_FORWARDED_FOR',  
     'FORWARDED_FOR',  
     'X_FORWARDED',  
     'FORWARDED',  
     'CLIENT_IP',  
     'FORWARDED_FOR_IP',  
     'HTTP_PROXY_CONNECTION'  
        );
FOREACH($proxy_headers AS $x){
     IF (ISSET($_SERVER[$x])) DIE("You are using a proxy.");
        EXIT;
}
 
?>

and with other script, any proxy can enter on the faucet..  Huh Huh well.. I go to sleep and try again tomorrow

I'll try to help.

That proxy header from that code, try to put that in in your .htaccess file, then instead of that PHP code, try this and put it above in your template public_html/yourfaucet/style/template/index.php:

Like this:
Code:
if( @fsockopen$_SERVER['REMOTE_ADDR'], 80$errstr$errno) )
{
echo 
"It appears that you are using a PROXY, please BE FAIR! ";
   exit;
}
?>




Then test it in boomproxy, then after accessing your site in boomproxy click the clear cookies link and see if proxy blocking is successful. It should result like this:



Hope that helps even a little.


Like a glove! (I think).. My IP is blacklisted on a lot of services so I can't test at all.. and I can't renew lol
Thank you alfaboy!
I think it's working http://www.bitcoinamerica.com.br/faucet
anyone give me a feedback please
hero member
Activity: 546
Merit: 500
August 04, 2016, 07:39:44 PM
I'm testing your scripts here Gifted http://www.bitcoinamerica.com.br/faucet
less the adblock one(got some bug here)
Thanks for all!
says im on  a proxie and im not

Yeap, other user tell me the same thing, I'm trying to fix it..
With this code I'm blocking everyone  Huh Huh Huh
Code:
 
IF(ISSET($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){
        DIE("Proxy servers not allowed.");
}
 
$proxy_headers = ARRAY(  
     'HTTP_VIA',  
     'HTTP_X_FORWARDED_FOR',  
     'HTTP_FORWARDED_FOR',  
     'HTTP_X_FORWARDED',  
     'HTTP_FORWARDED',  
     'HTTP_CLIENT_IP',  
     'HTTP_FORWARDED_FOR_IP',  
     'VIA',  
     'X_FORWARDED_FOR',  
     'FORWARDED_FOR',  
     'X_FORWARDED',  
     'FORWARDED',  
     'CLIENT_IP',  
     'FORWARDED_FOR_IP',  
     'HTTP_PROXY_CONNECTION'  
        );
FOREACH($proxy_headers AS $x){
     IF (ISSET($_SERVER[$x])) DIE("You are using a proxy.");
        EXIT;
}
 
?>

and with other script, any proxy can enter on the faucet..  Huh Huh well.. I go to sleep and try again tomorrow

I'll try to help.

That proxy header from that code, try to put that in in your .htaccess file, then instead of that PHP code, try this and put it above in your template public_html/yourfaucet/style/template/index.php:

Like this:
Code:
if( @fsockopen$_SERVER['REMOTE_ADDR'], 80$errstr$errno) )
{
echo 
"It appears that you are using a PROXY, please BE FAIR! ";
   exit;
}
?>




Then test it in boomproxy, then after accessing your site in boomproxy click the clear cookies link and see if proxy blocking is successful. It should result like this:



Hope that helps even a little.
hero member
Activity: 504
Merit: 501
August 04, 2016, 06:03:09 PM
@Gifted,

I do apologize for pushing so hard. And I apologize for my impatience, as I understand your position and wanting to help others protect their sites and incomes from this script. I can not only be an idiot but also a pushy idiot.

My Apologies.....

ardodd
no, it was a good idea ...so dont worry
member
Activity: 132
Merit: 10
August 04, 2016, 05:57:19 PM
@Gifted,

I do apologize for pushing so hard. And I apologize for my impatience, as I understand your position and wanting to help others protect their sites and incomes from this script. I can not only be an idiot but also a pushy idiot.

My Apologies.....

ardodd
hero member
Activity: 504
Merit: 501
August 04, 2016, 05:08:00 PM
The patch is in php server side they cant have access and this needs to be fixed right away . i can see your point but a lot of people downloaded my script and they need to know now. i started a security patch thread already

Yes sir you are 100% correct about them needing to know right now to close these backdoors. Do you have a problem with hosting a private membership section for those that do use your code for their website. One that would allow them access to a secure site where only they can have access to your details.

Most people may not worry about where or how they got the script to use on a faucet. Like I can a S2Membership plugin on wordpress that only allows members if I approve them. And it is hard to get into it since i verify that they are who they say they are. And yours could be adapted to verifying that they use your script and it come from you if they wish to get details from the updates.

More like a private support for your script since you modified and made it secure now.
Im just giving immediate patches at the moment the rest of the updates will be in the download when im finished
member
Activity: 132
Merit: 10
August 04, 2016, 04:36:12 PM
The patch is in php server side they cant have access and this needs to be fixed right away . i can see your point but a lot of people downloaded my script and they need to know now. i started a security patch thread already

Yes sir you are 100% correct about them needing to know right now to close these backdoors. Do you have a problem with hosting a private membership section for those that do use your code for their website. One that would allow them access to a secure site where only they can have access to your details.

Most people may not worry about where or how they got the script to use on a faucet. Like I can a S2Membership plugin on wordpress that only allows members if I approve them. And it is hard to get into it since i verify that they are who they say they are. And yours could be adapted to verifying that they use your script and it come from you if they wish to get details from the updates.

More like a private support for your script since you modified and made it secure now.
Pages:
Jump to: