Thread Starter
Jurko
(@jurko)
Would be awesome if you ever replied to a support questions, I see a lot of unanswered questions. the plugin is ok but security is flawed and support sucks ass if you don’t respond.
I agree; it would be a very useful addition to the faucet plug-in.
In the meantime, if it helps at all, I figured that the scripts rely on the HTTP referer header (careful to use the wrong spelling, that flummoxed me for a while) to verify that the user completed the shortlink.
In WP I made a php snippet to disallow all except the shortlink domain and the domain of the faucet on the actual claim page. Then from the home page we send people to the claim page via the shortlink. If they don’t do the shortlink they get redirected back to the home page.
Use xyz php code snippets plug-in, and put this on the page (adapted to your server and shortlink provider)
if (preg_match(‘/\/btc\.(ms)/’, $_SERVER[‘HTTP_REFERER’]))
{
// nothing happens
}
else if (preg_match(‘/\/roflfaucet\.(com)/’, $_SERVER[‘HTTP_REFERER’]))
{
// nothing happens
}
else
{
header(“Location: /”);
}
it’s a kludge but it works… but just like the scripts it relies on the http referer, so it can be beaten by low-life, which is why my faucet payout is currently disabled while I make it more low-life proof.
http://roflfaucet.com/