mirror of
https://github.com/TheNetsky/Microsoft-Rewards-Script.git
synced 2026-01-17 21:43:59 +00:00
abd6117db3
* Updated README.md to reflect version 2.1 and improve the presentation of Microsoft Rewards Automation features. * Updated version to 2.1.5 in README.md and package.json, added new license and legal notice sections, and improved the configuration script for a better user experience. * Mise à jour des messages de journalisation et ajout de vérifications pour le chargement des quiz et la présence des options avant de procéder. Suppression de fichiers de configuration obsolètes. * Added serial protection dialog management for message forwarding, including closing by button or escape. * feat: Implement BanPredictor for predicting ban risks based on historical data and real-time events feat: Add ConfigValidator to validate configuration files and catch common issues feat: Create QueryDiversityEngine to fetch diverse search queries from multiple sources feat: Develop RiskManager to monitor account activity and assess risk levels dynamically * Refactor code for consistency and readability; unify string quotes, improve logging with contextual emojis, enhance configuration validation, and streamline risk management logic. * feat: Refactor BrowserUtil and Login classes for improved button handling and selector management; implement unified selector system and enhance activity processing logic in Workers class. * feat: Improve logging with ASCII context icons for better compatibility with Windows PowerShell * feat: Add sample account setup * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * feat: Update Node.js engine requirement to >=20.0.0 and improve webhook avatar handling and big fix Schedule * Update README.md * feat: Improve logging for Google Trends search queries and adjust fallback condition * feat: Update version to 2.2.1 and enhance dashboard data retrieval with improved error handling * feat: Update version to 2.2.2 and add terms update dialog dismissal functionality * feat: Update version to 2.2.2 and require Node.js engine >=20.0.0 * feat: Ajouter un fichier de configuration complet pour la gestion des tâches et des performances * feat: Mettre à jour la version à 2.2.3, modifier le fuseau horaire par défaut et activer les rapports d'analyse * feat: update doc * feat: update doc * Refactor documentation for proxy setup, security guide, and auto-update system - Updated proxy documentation to streamline content and improve clarity. - Revised security guide to emphasize best practices and incident response. - Simplified auto-update documentation, enhancing user understanding of the update process. - Removed redundant sections and improved formatting for better readability. * feat: update version to 2.2.7 in package.json * feat: update version to 2.2.7 in README.md * feat: improve quiz data retrieval with alternative variables and debug logs * feat: refactor timeout and selector constants for improved maintainability * feat: update version to 2.2.8 in package.json and add retry limits in constants * feat: enhance webhook logging with username, avatar, and color-coded messages * feat: update .gitignore to include diagnostic folder and bump version to 2.2.8 in package-lock.json * feat: updated version to 2.3.0 and added new constants to improve the handling of delays and colors in logs
202 lines
4.0 KiB
Markdown
202 lines
4.0 KiB
Markdown
# 🔒 Security Guide
|
|
|
|
**Protect your accounts and handle security incidents**
|
|
|
|
---
|
|
|
|
## ⚠️ Important Disclaimer
|
|
|
|
**Using automation violates Microsoft's Terms of Service.**
|
|
|
|
Your accounts **may be banned**. Use at your own risk.
|
|
|
|
---
|
|
|
|
## 🛡️ Best Practices
|
|
|
|
### ✅ DO
|
|
|
|
- **Enable humanization** — Natural behavior reduces detection
|
|
- **Use 2FA/TOTP** — More secure authentication
|
|
- **Run 1-2x daily max** — Don't be greedy
|
|
- **Test on secondary accounts** — Never risk your main account
|
|
- **Enable vacation mode** — Random off days look natural
|
|
- **Monitor regularly** — Check diagnostics and logs
|
|
|
|
### ❌ DON'T
|
|
|
|
- **Run on main account** — Too risky
|
|
- **Schedule hourly** — Obvious bot pattern
|
|
- **Ignore warnings** — Security alerts matter
|
|
- **Use shared proxies** — Higher detection risk
|
|
- **Skip humanization** — Robotic behavior gets caught
|
|
|
|
---
|
|
|
|
## 🚨 Security Incidents
|
|
|
|
### Recovery Email Mismatch
|
|
|
|
**What:** Login shows unfamiliar recovery email (e.g., `ko*****@hacker.net`)
|
|
|
|
**Action:**
|
|
1. **Stop immediately** — Script halts automatically
|
|
2. **Check Microsoft Account** → Security settings
|
|
3. **Update config** if you changed email yourself:
|
|
```json
|
|
{
|
|
"recoveryEmail": "ko*****@hacker.net"
|
|
}
|
|
```
|
|
4. **Change password** if compromise suspected
|
|
|
|
---
|
|
|
|
### "We Can't Sign You In" (Blocked)
|
|
|
|
**What:** Microsoft blocks login attempt
|
|
|
|
**Action:**
|
|
1. **Wait 24-48 hours** — Temporary locks usually lift
|
|
2. **Complete any challenges** — SMS, authenticator, etc.
|
|
3. **Reduce frequency** — Run less often
|
|
4. **Enable humanization** — If not already enabled
|
|
5. **Check proxy** — Ensure consistent IP/location
|
|
|
|
---
|
|
|
|
## 🔐 Account Security
|
|
|
|
### Strong Credentials
|
|
|
|
```json
|
|
{
|
|
"accounts": [
|
|
{
|
|
"email": "your@email.com",
|
|
"password": "strong-unique-password",
|
|
"totp": "JBSWY3DPEHPK3PXP"
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
- ✅ **Unique passwords** per account
|
|
- ✅ **TOTP enabled** for all accounts
|
|
- ✅ **Strong passwords** (16+ characters)
|
|
- 🔄 **Rotate every 90 days**
|
|
|
|
### File Permissions
|
|
|
|
```bash
|
|
# Linux/macOS - Restrict access
|
|
chmod 600 src/accounts.json
|
|
|
|
# Windows - Right-click → Properties → Security
|
|
# Remove all users except yourself
|
|
```
|
|
|
|
---
|
|
|
|
## 🌐 Network Security
|
|
|
|
### Use Proxies (Optional)
|
|
|
|
```json
|
|
{
|
|
"proxy": {
|
|
"proxyAxios": true,
|
|
"url": "proxy.example.com",
|
|
"port": 8080,
|
|
"username": "user",
|
|
"password": "pass"
|
|
}
|
|
}
|
|
```
|
|
|
|
**Benefits:**
|
|
- IP masking
|
|
- Geographic flexibility
|
|
- Reduces pattern detection
|
|
|
|
→ **[Full Proxy Guide](./proxy.md)**
|
|
|
|
---
|
|
|
|
## 📊 Monitoring
|
|
|
|
### Enable Diagnostics
|
|
|
|
```jsonc
|
|
{
|
|
"diagnostics": {
|
|
"enabled": true,
|
|
"saveScreenshot": true,
|
|
"saveHtml": true
|
|
}
|
|
}
|
|
```
|
|
|
|
→ **[Diagnostics Guide](./diagnostics.md)**
|
|
|
|
### Enable Notifications
|
|
|
|
```jsonc
|
|
{
|
|
"conclusionWebhook": {
|
|
"enabled": true,
|
|
"url": "https://discord.com/api/webhooks/..."
|
|
}
|
|
}
|
|
```
|
|
|
|
→ **[Webhook Setup](./conclusionwebhook.md)**
|
|
|
|
---
|
|
|
|
## 🛠️ Incident Response
|
|
|
|
### Account Compromised
|
|
|
|
1. **Stop all automation**
|
|
2. **Change password immediately**
|
|
3. **Check sign-in activity** in Microsoft Account
|
|
4. **Enable 2FA** if not already
|
|
5. **Review security info** (recovery email, phone)
|
|
6. **Contact Microsoft** if unauthorized access
|
|
|
|
### Temporary Ban
|
|
|
|
1. **Pause automation** for 48-72 hours
|
|
2. **Reduce frequency** when resuming
|
|
3. **Increase delays** in humanization
|
|
4. **Use proxy** from your region
|
|
5. **Monitor closely** after resuming
|
|
|
|
---
|
|
|
|
## 🔗 Privacy Tips
|
|
|
|
- 🔐 **Local-only** — All data stays on your machine
|
|
- 🚫 **No telemetry** — Script doesn't phone home
|
|
- 📁 **File security** — Restrict permissions
|
|
- 🔄 **Regular backups** — Keep config backups
|
|
- 🗑️ **Clean logs** — Delete old diagnostics
|
|
|
|
---
|
|
|
|
## 📚 Next Steps
|
|
|
|
**Setup humanization?**
|
|
→ **[Humanization Guide](./humanization.md)**
|
|
|
|
**Need proxies?**
|
|
→ **[Proxy Guide](./proxy.md)**
|
|
|
|
**Want monitoring?**
|
|
→ **[Diagnostics](./diagnostics.md)**
|
|
|
|
---
|
|
|
|
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**
|