Bitcoin Faucet Protection against Bots


As bitcoin faucet owner you know how annoying bots are. These bots draining your Faucets and they also produce invalid clicks. You lose your money and risk to lose your Google Adsense Account. A Bitcoin Faucet Protection is obligation.

Most of the bots are written in Phantom-JS, Caspar-JS and iMacro. Phantom- and Caspar-JS are an open source navigation scripting. It allows you to manipulate your Faucet website with Javascript and collect the satoshi automatically like a real human. IMacro is embedded in the browser and do the same like Phantom- and Caspar-JS, but not so powerful.

I show you some tips and tricks what you can do against bots.

Bitcoin Faucet Protection

1. Decrease payout and claiming time

All bots have a disadvantage: Bots can’t solve automatically the most common captcha systems like Solvemedia or Recaptcha. They always need a service to solve the captchas for them. Such Captcha Services calls 2captcha or deathbycaptcha and behind these services sitting real human and solve the captchas for little money. At 2captcha you pay around 150-300 satoshi for one solved captcha. For example if we have a payout of 500 satoshi every 30 minutes then get a bot a profit of 200-350 satoshi per claim. Less energy costs and possibly hosting costs it is no longer profitable.

2. Get them Fingerprints

Saving IP-Address was yesterday. Fingerprint.js is a powerful function to get a Unique-ID of the computer and their settings behind the bots. These settings cannot change easily like a IP-Address. All you need is the library and a hidden field to save the unique-ID. Later you should still encrypt the Unique-ID with md5 to prevent manipulation.
Library and an example can you find under

Here an example for a typical bot who switched always the IP-Address, but the fingerprint is the same.


4. Set Honey Pots

Honey pots are special traps to detect bots. They are not visible for the real people behind the computer. That means for your bitcoin faucet, that you insert a new field for the bitcoin address into the form and hide this field.

The simplest way to set a honey pot, but also easy for bots.

Insert a new field in your faucet.

<form method="POST">
<!--Honeypot Start -->
<input type="text" name="honeypot" class="form-control" 
style="position: absolute; position: fixed; left: -99999px; top: -99999px; 
opacity: 0; width: 1px; height: 1px">
<!--Honeypot End-->
<input type="text" name="address" class="form-control" 
value="<?php echo $data["address"]; ?>">

The name “Honeypot” and the commentary should be changed. Real people can’t see this field, but bots will filled this field automatically.

Now check on the server-side, if this field is filled.

if (!empty($_POST["honeypot"])) {
    // insert $_POST["honeypot"] in your blacklist
    header('Location: ' . '');

The premium version of Honey Pots coming soon.

3. Measure time

Poorly coded bots are too fast to be a real human. Take the time when a user enters your faucet and a second time when the user press the claim-button. Subtract the values and everything under 5 second will be a bot.
Try out how fast you are to get a feeling what is possible for a human.

Visit us again in a few days for more Tips and Tricks

Bitcoin Faucet Protection | Increase RPM | Avoid Bots

topic image via