LightZirconite/Microsoft-Rewards-Script
1
0
Fork 0
mirror of https://github.com/TheNetsky/Microsoft-Rewards-Script.git synced 2026-01-11 19:06:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3c1778a7e5dd412c53d1dae8d1aa42ea280ff24f
Microsoft-Rewards-Script/docs/security.md
Light abd6117db3 V2.3.0 Optimization (#380) 
* Updated README.md to reflect version 2.1 and improve the presentation of Microsoft Rewards Automation features.

* Updated version to 2.1.5 in README.md and package.json, added new license and legal notice sections, and improved the configuration script for a better user experience.

* Mise à jour des messages de journalisation et ajout de vérifications pour le chargement des quiz et la présence des options avant de procéder. Suppression de fichiers de configuration obsolètes.

* Added serial protection dialog management for message forwarding, including closing by button or escape.

* feat: Implement BanPredictor for predicting ban risks based on historical data and real-time events

feat: Add ConfigValidator to validate configuration files and catch common issues

feat: Create QueryDiversityEngine to fetch diverse search queries from multiple sources

feat: Develop RiskManager to monitor account activity and assess risk levels dynamically

* Refactor code for consistency and readability; unify string quotes, improve logging with contextual emojis, enhance configuration validation, and streamline risk management logic.

* feat: Refactor BrowserUtil and Login classes for improved button handling and selector management; implement unified selector system and enhance activity processing logic in Workers class.

* feat: Improve logging with ASCII context icons for better compatibility with Windows PowerShell

* feat: Add sample account setup

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* feat: Update Node.js engine requirement to >=20.0.0 and improve webhook avatar handling and big fix Schedule

* Update README.md

* feat: Improve logging for Google Trends search queries and adjust fallback condition

* feat: Update version to 2.2.1 and enhance dashboard data retrieval with improved error handling

* feat: Update version to 2.2.2 and add terms update dialog dismissal functionality

* feat: Update version to 2.2.2 and require Node.js engine >=20.0.0

* feat: Ajouter un fichier de configuration complet pour la gestion des tâches et des performances

* feat: Mettre à jour la version à 2.2.3, modifier le fuseau horaire par défaut et activer les rapports d'analyse

* feat: update doc

* feat: update doc

* Refactor documentation for proxy setup, security guide, and auto-update system

- Updated proxy documentation to streamline content and improve clarity.
- Revised security guide to emphasize best practices and incident response.
- Simplified auto-update documentation, enhancing user understanding of the update process.
- Removed redundant sections and improved formatting for better readability.

* feat: update version to 2.2.7 in package.json

* feat: update version to 2.2.7 in README.md

* feat: improve quiz data retrieval with alternative variables and debug logs

* feat: refactor timeout and selector constants for improved maintainability

* feat: update version to 2.2.8 in package.json and add retry limits in constants

* feat: enhance webhook logging with username, avatar, and color-coded messages

* feat: update .gitignore to include diagnostic folder and bump version to 2.2.8 in package-lock.json

* feat: updated version to 2.3.0 and added new constants to improve the handling of delays and colors in logs
2025-10-16 17:59:53 +02:00

4.0 KiB
Raw Blame History

🔒 Security Guide

Protect your accounts and handle security incidents

⚠️ Important Disclaimer

Using automation violates Microsoft's Terms of Service.

Your accounts may be banned. Use at your own risk.

🛡️ Best Practices

DO

  • Enable humanization — Natural behavior reduces detection
  • Use 2FA/TOTP — More secure authentication
  • Run 1-2x daily max — Don't be greedy
  • Test on secondary accounts — Never risk your main account
  • Enable vacation mode — Random off days look natural
  • Monitor regularly — Check diagnostics and logs

DON'T

  • Run on main account — Too risky
  • Schedule hourly — Obvious bot pattern
  • Ignore warnings — Security alerts matter
  • Use shared proxies — Higher detection risk
  • Skip humanization — Robotic behavior gets caught

🚨 Security Incidents

Recovery Email Mismatch

What: Login shows unfamiliar recovery email (e.g., ko*****@hacker.net)

Action:

  1. Stop immediately — Script halts automatically
  2. Check Microsoft Account → Security settings
  3. Update config if you changed email yourself: 
    {
  "recoveryEmail": "ko*****@hacker.net"
}
  4. Change password if compromise suspected

"We Can't Sign You In" (Blocked)

What: Microsoft blocks login attempt

Action:

  1. Wait 24-48 hours — Temporary locks usually lift
  2. Complete any challenges — SMS, authenticator, etc.
  3. Reduce frequency — Run less often
  4. Enable humanization — If not already enabled
  5. Check proxy — Ensure consistent IP/location

🔐 Account Security

Strong Credentials

{
  "accounts": [
    {
      "email": "your@email.com",
      "password": "strong-unique-password",
      "totp": "JBSWY3DPEHPK3PXP"
    }
  ]
}
  • Unique passwords per account
  • TOTP enabled for all accounts
  • Strong passwords (16+ characters)
  • 🔄 Rotate every 90 days

File Permissions

# Linux/macOS - Restrict access
chmod 600 src/accounts.json

# Windows - Right-click → Properties → Security
# Remove all users except yourself

🌐 Network Security

Use Proxies (Optional)

{
  "proxy": {
    "proxyAxios": true,
    "url": "proxy.example.com",
    "port": 8080,
    "username": "user",
    "password": "pass"
  }
}

Benefits:

  • IP masking
  • Geographic flexibility
  • Reduces pattern detection

Full Proxy Guide

📊 Monitoring

Enable Diagnostics

{
  "diagnostics": {
    "enabled": true,
    "saveScreenshot": true,
    "saveHtml": true
  }
}

Diagnostics Guide

Enable Notifications

{
  "conclusionWebhook": {
    "enabled": true,
    "url": "https://discord.com/api/webhooks/..."
  }
}

Webhook Setup

🛠️ Incident Response

Account Compromised

  1. Stop all automation
  2. Change password immediately
  3. Check sign-in activity in Microsoft Account
  4. Enable 2FA if not already
  5. Review security info (recovery email, phone)
  6. Contact Microsoft if unauthorized access

Temporary Ban

  1. Pause automation for 48-72 hours
  2. Reduce frequency when resuming
  3. Increase delays in humanization
  4. Use proxy from your region
  5. Monitor closely after resuming

🔗 Privacy Tips

  • 🔐 Local-only — All data stays on your machine
  • 🚫 No telemetry — Script doesn't phone home
  • 📁 File security — Restrict permissions
  • 🔄 Regular backups — Keep config backups
  • 🗑️ Clean logs — Delete old diagnostics

📚 Next Steps

Setup humanization?
Humanization Guide

Need proxies?
Proxy Guide

Want monitoring?
Diagnostics

← Back to Hub | Config Guide