Topic: XAPO Script - Hacked - page 3. (Read 6073 times)

The patch is in php server side they cant have access and this needs to be fixed right away . i can see your point but a lot of people downloaded my script and they need to know now. i started a security patch thread already

@Gifted would it not be better if we wait til you have made a full new version with all the changes in it. As if we keep changing the code to what comes next seems alot of extra work on you also. Call them v1.1 and use the new v1.2 so we know it is the updated version.

Example: Yesterdays security updates
v1.1

Todays security update
v1.2

And every update could have ( v ) attached to it. Would it not seem better if you made the change and then just updated the name of the change. In the description you can tell or explain what is updated.

How much you want to bet that hackers read these post and see the code change and are already looking for counter measures to it. Personally I would think posting code that fixes a security measure should not be posted and kept inside your files so no one seems it. The only way they can get the fix is by downloading the newest Version in a update.

Just my thoughts   

Ok guys, there is another hack that can be fixed by replacing this code in your index.php file not the one in style.


find this code
and replace with this



This redirects back to your page after 30 seconds so that the captcha resets so that a imacro program cannot be programmed to just refresh and get credit every hour when they are sleeping. i would suggest do this immediately!  Make sure you put your faucet address where is says change to your faucet url.

great, would love to see what you add

ok gifted, in holidays i try to improve admin panel, in specific way ip banning admin panel page

@Gifted have you considered trying out the Sandboxie Software. And asking if it can be incorporated into the script?

http://www.sandboxie.com/

I am just asking cause on one of my Wordpress sites I setup Woocommerce and conected it to Paypal Gateway. And I had to set it up using Sandboxie Software to make it Secure.

Where would he allow proxy servers at now that he has disabled them completey.

Thanks for bringing up the imacros thing...i just found another security problem but i dont want to share here untill its fixed

@viralalert: its working for your page

When I go there it just tells me that I am using a Proxy. And nothing else. But I am looking into the source page for it right now and this is what I am seeing on it under properties.

body
aLink:""
accessKey:""
attributes:NamedNodeMap
background:""
baseURI:"http://www.bitcoinamerica.com.br/faucet/"
bgColor:""
childElementCount:0
childNodes:NodeList[1]
children:HTMLCollection[0]
classList:DOMTokenList[0]
className:""
clientHeight:775
clientLeft:0
clientTop:0
clientWidth:1042
contentEditable:"inherit"
dataset:DOMStringMap
dir:""
draggable:false
firstChild:text
firstElementChild:null
hidden:false
id:""
innerHTML:"You are using a proxy!"
innerText:"You are using a proxy!"
isConnected:true
isContentEditable:false
lang:""
lastChild:text
lastElementChild:null
link:""
localName:"body"
namespaceURI:"http://www.w3.org/1999/xhtml"
nextElementSibling:null
nextSibling:null
nodeName:"BODY"
nodeType:1
nodeValue:null
offsetHeight:759
offsetLeft:0
offsetParent:null
offsetTop:0
offsetWidth:1026
onabort:null
onbeforecopy:null
onbeforecut:null
onbeforepaste:null
onbeforeunload:null
onblur:null
oncancel:null
oncanplay:null
oncanplaythrough:null
onchange:null
onclick:null
onclose:null
oncontextmenu:null
oncopy:null
oncuechange:null
oncut:null
ondblclick:null
ondrag:null
ondragend:null
ondragenter:null
ondragleave:null
ondragover:null
ondragstart:null
ondrop:null
ondurationchange:null
onemptied:null
onended:null
onerror:null
onfocus:null
onhashchange:null
oninput:null
oninvalid:null
onkeydown:null
onkeypress:null
onkeyup:null
onlanguagechange:null
onload:null
onloadeddata:null
onloadedmetadata:null
onloadstart:null
onmessage:null
onmousedown:null
onmouseenter:null
onmouseleave:null
onmousemove:null
onmouseout:null
onmouseover:null
onmouseup:null
onmousewheel:null
onoffline:null
ononline:null
onpagehide:null
onpageshow:null
onpaste:null
onpause:null
onplay:null
onplaying:null
onpopstate:null
onprogress:null
onratechange:null
onrejectionhandled:null
onreset:null
onresize:null
onscroll:null
onsearch:null
onseeked:null
onseeking:null
onselect:null
onselectstart:null
onshow:null
onstalled:null
onstorage:null
onsubmit:null
onsuspend:null
ontimeupdate:null
ontoggle:null
onunhandledrejection:null
onunload:null
onvolumechange:null
onwaiting:null
onwebkitfullscreenchange:null
onwebkitfullscreenerror:null
onwheel:null
outerHTML:"You are using a proxy!"
outerText:"You are using a proxy!"
ownerDocument:document
parentElement:html
parentNode:html
prefix:null
previousElementSibling:head
previousSibling:head
scrollHeight:775
scrollLeft:0
scrollTop:0
scrollWidth:1042
shadowRoot:null
spellcheck:true
style:CSSStyleDeclaration
tabIndex:-1
tagName:"BODY"
text:""
textContent:"You are using a proxy!"
title:""
translate:true
vLink:""
webkitdropzone:""
__proto__:HTMLBodyElement

yes, this is very possible to use you can read more about it here. its very usefull gambling but could maybe be used in faucets http://www.howtogeek.com/113789/how-to-automate-repetitive-web-browser-tasks-with-imacros/

Yeap, other user tell me the same thing, I'm trying to fix it..
With this code I'm blocking everyone  

and with other script, any proxy can enter on the faucet..   well.. I go to sleep and try again tomorrow

Check my faucet as well and let me know what you think about. http://viral-alert.com/xapo

says im on  a proxie and im not

I'm testing your scripts here Gifted http://www.bitcoinamerica.com.br/faucet
less the adblock one(got some bug here)
Thanks for all!

@Gifted,

I know I don't contribute much to this topic other than stirring things up.

I was looking at some backend app's that can actually steal the information and download it into CSV files and they can program their Bot to work. I am wondering if you have looked into ( iMacros ) for Chrome and Firefox as I just got them to see if they can in anyway effect your Script. Not sure how to use them but adding them and the Free Proxy List from Chrome it may be possible for them to find backdoors.

Again I am new to this and am trying to fully understand the script so i can use it.

iMacros for Chrome #1:


Free Proxy List for Chrome:


iMacros for Firefox #1:


iMacros for Firefox #2:

Sure take a look https://github.com/destinybogan/Faucet-Builder/archive/master.zip

I think it needs some kind of better admin for banning ip's and seeing whos been claiming, also better security for multi claiming with proxies vpn etc. maybe a timer for button to get better bounce rate

Feel free to give it a shot  

improve your script, for work im a real frontenders fullstack.. im working with javascript but i also know php

LOL, so this extension in chrome kills my code https://chrome.google.com/webstore/detail/enable-right-click/hhojmcideegachlhfgfdhailpfhgknjm/related


So i need a different approach   

make sure you allow ctr+v so they can paste the address  (i have modified it here below) list of commands to disable http://anti-code.com/devtools-cheatsheet/

Here is the modified code :