Welcome to the Free Talk Live bulletin board system!
This board is closed to new users and new posts.  Thank you to all our great mods and users over the years.  Details here.
185859 Posts in 9829 Topics by 1371 Members
Latest Member: cjt26
Home Help
+  The Free Talk Live BBS
|-+  Free Talk Live
| |-+  The Polling Pit
| | |-+  The Trial Of Earthwormzim and his Bot of many bitchslaps

Poll

If found guilty, what should be his fate?

Ostrasization by his peers, on a voluntary basis
- 3 (14.3%)
Bitchslapped into oblivion, beyond any point ever seen
- 3 (14.3%)
Both
- 3 (14.3%)
None
- 2 (9.5%)
Both plus assfucked with a thrashing barracuda
- 10 (47.6%)

Total Members Voted: 7


Pages: 1 ... 8 9 [10] 11 12   Go Down

Author Topic: The Trial Of Earthwormzim and his Bot of many bitchslaps  (Read 28129 times)

0 Members and 1 Guest are viewing this topic.

Lindsey

  • Rock Star
  • Global Moderator
  • *****
  • Offline Offline
  • Posts: 30370
  • I like Mars.
    • View Profile
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #135 on: January 28, 2007, 02:24:34 PM »

Oh rapture.  Now you have given us the tools to do such nonsense.   :lol:
Logged
Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we.
         -George W. Bush

Bill Brasky

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #136 on: January 28, 2007, 03:09:49 PM »

Heh.  I admit that I've spent about half an hour total trying to develop something of this sort.  All that I have currently is a shortcut to the BBS at this URL:
http://bbs.freetalklive.com/index.php?action=modifykarma;sa=smite;uid=1548
which I refresh about as often as I ping digg.  Still of questionable repute, but at least it limits my vendettas to one person, and I didn't need to create any fake accounts nor attempt to dish out more negative karma than is allotted to me.  I've thought about setting up some RSS feed monitor to circumvent the whole thing, but that's not nearly as fun.

While I've mostly forgotten about it, the karma of the one person at the top of my list has dropped gradually despite his sporadic presence in recent weeks.  It would be kind of fun to waste a bit of time attempting to automate it, but the work required was slightly more extensive than I cared to do.

Hint:  You can't use crontab and wget/lynx/mozilla because it requires login cookies.  If you wanted to do it right, however, this would probably be the best place to start.  I imagine if you use some script language like python and build your headers, sending a Request object through urllib.urlopen() might work.

Oh, yeah.  The boy is definitely guilty.  5 months community service.  And he owes us all ice cream.  Mmmmm.  Ice cream.

It's not difficult to make a bot. All you need is a browser that supports frames, and the meta refresh. Here ya go:

Quote
<html>
<head>
<meta http-equiv="refresh" content="3700">
</head>
<frameset rows="0px,*">
  <frame src="about:blank">
  <frame src="http://bbs.freetalklive.com/index.php?action=modifykarma;sa=smite;uid=XYZ">
</frameset>
</html>

Save that as an HTML page on your local computer.  Change XYZ to be the UID (number, not username) of the person you want to smite, the resave the file. Open Firefox (does not work in Internet Explorer, I think).  Log into your FTL BBS account with Firefox.  Then open the page you saved on your computer with Firefox.  Leave it sit in the background, and as long as that page is open, every hour+100 seconds it will refresh that page, which will call the FTL BBS page that smites someone.  Just don't close the window, leave it open, and it will run.  You can still browse FTL BBS while this is running, it doesn't effect any other windows including other Firefox ones.

This can also easily be changed to boost someone's Karma from a dummy account.  So I'm not saying Zim or Bill are using a bot, but that either one could be.

Full disclosure: I have never used this script, in fact, I just wrote it here on the spot.  For proof of concept only (that it's entirely possible, ney, easy to make a smiting script).  Do not eat.  Do not take while driving.  With liberty and justice for all.  Amen.

If I knew how to write script, you fuckers would know it.  I've asked plenty of techie questions around here, configuring windows and that shit.  Just the fact I'm running windows speaks volumes about my skill. 

Just sayin'. 

----------------------------------------------

Yeah, nice pic, 'eh Baker?  I'm glad someone with an artistic streak could see what I felt was well done.  Its intimate like a photo, but theres a fantasy perfection about it.  Good work by that guy. 
Logged

Evil Muppet

  • Offline Offline
  • Posts: 5487
    • View Profile
Logged
Now you see that evil will always triumph, because good is dumb.

Bill Brasky

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #138 on: January 28, 2007, 03:30:16 PM »

Okay.  I'm actually gonna look into that 'cause it'll be helpful at work.  I've been pushing those tools to send me for training, but they're only interested in sending the old timers who dont know how to re-boot. 

The stuff I've briefly looked into, and what I'm actually interested in is getting off windows.  Never really got farther than technobabble that assumes you have a complete understanding.  I want the introductory stuff.  So, it looks like a big pain in the ass and [ X ] goes the window. 
Logged

gandhi2

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #139 on: January 28, 2007, 04:29:13 PM »

Quote
Save that as an HTML page on your local computer.  Change XYZ to be the UID (number, not username) of the person you want to smite, the resave the file. Open Firefox (does not work in Internet Explorer, I think).  Log into your FTL BBS account with Firefox.  Then open the page you saved on your computer with Firefox.  Leave it sit in the background, and as long as that page is open, every hour+100 seconds it will refresh that page, which will call the FTL BBS page that smites someone.  Just don't close the window, leave it open, and it will run.  You can still browse FTL BBS while this is running, it doesn't effect any other windows including other Firefox ones.

This can also easily be changed to boost someone's Karma from a dummy account.  So I'm not saying Zim or Bill are using a bot, but that either one could be.

Full disclosure: I have never used this script, in fact, I just wrote it here on the spot.  For proof of concept only (that it's entirely possible, ney, easy to make a smiting script).  Do not eat.  Do not take while driving.  With liberty and justice for all.  Amen.
That's cheating.  You can't make another account, it's against the rules.  The Rules of Fair Play.

Plus, it's not as cool.  It's the cheap way to do it.  Doesn't even require faking request headers to mimic the session cookies.  I want to make one that has a friends list, a bitch list and runs on the command line.  I would be non-platform dependent and non-browser dependent.  You wouldn't even need to be in Firefox to run it.  I want one that runs in my sleep, as Brasky says.  And it will be released under the G-DBAD-PL(General Don't Be a Dick Public License).  For all to use/abuse.  Even the score for some others who are aping accounts or using bots to lower karma of cool peeps.
Logged

Johnny_

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #140 on: January 28, 2007, 04:49:07 PM »

Heh.  I admit that I've spent about half an hour total trying to develop something of this sort.  All that I have currently is a shortcut to the BBS at this URL:
http://bbs.freetalklive.com/index.php?action=modifykarma;sa=smite;uid=1548
which I refresh about as often as I ping digg.  Still of questionable repute, but at least it limits my vendettas to one person, and I didn't need to create any fake accounts nor attempt to dish out more negative karma than is allotted to me.  I've thought about setting up some RSS feed monitor to circumvent the whole thing, but that's not nearly as fun.

While I've mostly forgotten about it, the karma of the one person at the top of my list has dropped gradually despite his sporadic presence in recent weeks.  It would be kind of fun to waste a bit of time attempting to automate it, but the work required was slightly more extensive than I cared to do.

Hint:  You can't use crontab and wget/lynx/mozilla because it requires login cookies.  If you wanted to do it right, however, this would probably be the best place to start.  I imagine if you use some script language like python and build your headers, sending a Request object through urllib.urlopen() might work.

Oh, yeah.  The boy is definitely guilty.  5 months community service.  And he owes us all ice cream.  Mmmmm.  Ice cream.

It's not difficult to make a bot. All you need is a browser that supports frames, and the meta refresh. Here ya go:

Quote
<html>
<head>
<meta http-equiv="refresh" content="3700">
</head>
<frameset rows="0px,*">
  <frame src="about:blank">
  <frame src="http://bbs.freetalklive.com/index.php?action=modifykarma;sa=smite;uid=XYZ">
</frameset>
</html>

Save that as an HTML page on your local computer.  Change XYZ to be the UID (number, not username) of the person you want to smite, the resave the file. Open Firefox (does not work in Internet Explorer, I think).  Log into your FTL BBS account with Firefox.  Then open the page you saved on your computer with Firefox.  Leave it sit in the background, and as long as that page is open, every hour+100 seconds it will refresh that page, which will call the FTL BBS page that smites someone.  Just don't close the window, leave it open, and it will run.  You can still browse FTL BBS while this is running, it doesn't effect any other windows including other Firefox ones.

This can also easily be changed to boost someone's Karma from a dummy account.  So I'm not saying Zim or Bill are using a bot, but that either one could be.

Full disclosure: I have never used this script, in fact, I just wrote it here on the spot.  For proof of concept only (that it's entirely possible, ney, easy to make a smiting script).  Do not eat.  Do not take while driving.  With liberty and justice for all.  Amen.

If I knew how to write script, you fuckers would know it.  I've asked plenty of techie questions around here, configuring windows and that shit.  Just the fact I'm running windows speaks volumes about my skill. 

Just sayin'. 

Wasn't trying to knock anyone.  I was just saying that it doesn't take a hacker or any kind of hacks to make a browser refresh a certain page (in this case, the bitchslapping page) ever hour or so.  So I was just pointing out that anyone who knows basic HTML can make a "bot" type thing that bitchslaps every hour.  If what you're saying about Zim is true, this type of thing is more plausable than someone spending hours straight clicking on the smite button on the hour.

Re: gandhi2

Of course it's cheating.  I never said people "should" do it. 

If you want something that works from the command line, you'll need software that can handle cookies or as you said, mimic them.  After that, it's just calling the smite URL with whatever UID you want, timed to once per hour.  FWIW, it's not that useful to do it to more than one or two people, because you can only smite once per hour. 

Hint: wget supports cookies via the "--load-cookies" directive.  Since I'm bored, maybe I'll get to work on that now.  You don't even have to do anything special, you can use the cookies that your current browser is using.  Or if you want a really cross platform thing, you can create a cookie for wget to use by just looking at the cookie FTLBBS sets and passing it with the "--header" directive.

//edit

Done.  One liner:

Quote
wget --load-cookies "full/path/to/cookies/file/for/your/browser.txt" "http://bbs.freetalklive.com/index.php?action=modifykarma;sa=applaud/smite;uid=XYZ"

Important notes:
1) Your cookies file must be in a wget-recognizable format.  If you use Firefox, it is.  Not sure about others.
2) The URL MUST be in quotes.  Otherwise the ";" thingies fuck everything up, your shell thinks it's the end of the command when in reality it's part of the URL. So quote it, or at least escape the ; characters with a slash.
3) XYZ must be changed to a UID, likewise, "applaud/smite" must be changed to one or the other.

Set it up as a cron job.  If you want, you can manually set the cookies via --header.  To do this, look at your cookies and set the proper CFTOKEN and CFID and FTLBBS variables.  As I'm not familiar with the SMF software running this board, I'm not sure which of those values means what.  I'm guessing the FTLBBS is some sort of unique hash, possibly based on your password.  The others I'm not sure.  CFID might be an internal ID used for each user, or possibly each session.  If you can figure that stuff out, you can avoid having to use your browser's cookie file, although I'm sure that those values are unique for each user,
« Last Edit: January 28, 2007, 05:08:55 PM by Johnny_ »
Logged

Bill Brasky

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #141 on: January 28, 2007, 05:05:55 PM »


Wasn't trying to knock anyone. 

I know you weren't.  None taken. 

Mainly just pointing out that I'd be a pretty big hypocrite to start a discussion of this nature if I was doing it myself.  Which is pretty damn funny when you note the rebuttal of The Accused is "No, you are." 

The whole point of having it a button is to place your mouse on it and click.  If the BBS was designed to be used like that, they would have an option for you to tick a box next to someone elses name and click "activate bot".  The tools  you have here are commonly understood to be the things you have access to.  Mods and sysops have tools unavailable to you for a reason.  Would you also condone hacking your way into the mods toolbox?  Viewing PM's and ISP#'s ?  Removing lines from other members posts?  Banning a user entirely?   
Logged

mbd

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #142 on: January 28, 2007, 05:12:28 PM »

Okay.  I'm actually gonna look into that 'cause it'll be helpful at work.  I've been pushing those tools to send me for training, but they're only interested in sending the old timers who dont know how to re-boot. 

The stuff I've briefly looked into, and what I'm actually interested in is getting off windows.  Never really got farther than technobabble that assumes you have a complete understanding.  I want the introductory stuff.  So, it looks like a big pain in the ass and [ X ] goes the window. 

Yes. It is. Which is why I still use Windows, even though I know a lot more about UNIX than I do about Windows. Windows is superior as a consumer operating system. Why all the hatred for it? Programmers are a dime a dozen these days. If someone wanted to, they could back-engineer the shit out of it and sell something just outside the patent limits for $25 bucks. Linux is free and it still doesn't have market share even in the corporate world, where there are professionals to take care of your desktop or laptop when it goes haywire. OSX, on the other hand, has a lot of potential. It has something for both the technically inclined and people who don't give a shit as long as they can use it. But to those people, it's not much different than windows. Perhaps making it available on cheaper x86 systems will make it more popular.

Sorry I don't want to start another OS war, but I get tired of people bashing Windows, while at the same time arguing that nothing else is as good???
Logged

gandhi2

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #143 on: January 28, 2007, 05:13:16 PM »

Quote
If you want something that works from the command line, you'll need software that can handle cookies or as you said, mimic them.  After that, it's just calling the smite URL with whatever UID you want, timed to once per hour.  FWIW, it's not that useful to do it to more than one or two people, because you can only smite once per hour.

Hint: wget supports cookies via the "--load-cookies" directive.  Since I'm bored, maybe I'll get to work on that now.  You don't even have to do anything special, you can use the cookies that your current browser is using.  Or if you want a really cross platform thing, you can create a cookie for wget to use by just looking at the cookie FTLBBS sets and passing it with the "--header" directive.
I think you can smite more than once per hour, just not to the same person.

wget can support cookies, but IIRC, the issue is that you'd have to not only store the login cookie, but the session id cookie as well.  There are two cookies when logged in, one is for login, the other is to maintain the session so that you can stay logged in.  There is also a redirect, from your login page to the karma modify php page, so when you try to do a karma modify, it appears that you are attempting to modify your own karma, which gives an error.  I'll have to give it another test.

Must be an unpopular subject.  Either people are upset by the discussion, or somebody is employing it against me! ;)
Logged

gandhi2

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #144 on: January 28, 2007, 05:14:49 PM »

Quote
Done.  One liner:

Quote
wget --load-cookies "full/path/to/cookies/file/for/your/browser.txt" "http://bbs.freetalklive.com/index.php?action=modifykarma;sa=applaud/smite;uid=XYZ"

Important notes:
1) Your cookies file must be in a wget-recognizable format.  If you use Firefox, it is.  Not sure about others.
2) The URL MUST be in quotes.  Otherwise the ";" thingies fuck everything up, your shell thinks it's the end of the command when in reality it's part of the URL. So quote it, or at least escape the ; characters with a slash.
3) XYZ must be changed to a UID, likewise, "applaud/smite" must be changed to one or the other.

Set it up as a cron job.  If you want, you can manually set the cookies via --header.  To do this, look at your cookies and set the proper CFTOKEN and CFID and FTLBBS variables.  As I'm not familiar with the SMF software running this board, I'm not sure which of those values means what.  I'm guessing the FTLBBS is some sort of unique hash, possibly based on your password.  The others I'm not sure.  CFID might be an internal ID used for each user, or possibly each session.  If you can figure that stuff out, you can avoid having to use your browser's cookie file, although I'm sure that those values are unique for each user,
Nope, not quite so easy.  Check the page you just downloaded...it's an error which states you can't modify your own karma.
Logged

Johnny_

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #145 on: January 28, 2007, 05:20:42 PM »


Wasn't trying to knock anyone. 

I know you weren't.  None taken. 

Mainly just pointing out that I'd be a pretty big hypocrite to start a discussion of this nature if I was doing it myself.  Which is pretty damn funny when you note the rebuttal of The Accused is "No, you are." 

The whole point of having it a button is to place your mouse on it and click.  If the BBS was designed to be used like that, they would have an option for you to tick a box next to someone elses name and click "activate bot".  The tools  you have here are commonly understood to be the things you have access to.  Mods and sysops have tools unavailable to you for a reason.  Would you also condone hacking your way into the mods toolbox?  Viewing PM's and ISP#'s ?  Removing lines from other members posts?  Banning a user entirely?   

Whoh whoh whoh.  None of this stuff is hacking.  I'm not breaking into anything, or reverse engineering something, or anything of that nature.  In fact, nothing these scripts do is against the rules of the system, they all use the system calls (in this case, a URL) provided by the forum software.

My philosophy with computer systems is that if the host is not doing something to prevent this kind of thing, it's their issue.  Otherwise, the system admins are leaving it up to blind faith that no one will abuse it.

Whether or not I post how to make such a bot doesn't change that the flaw is there.  The admins have to attack the problem at the source: the faulty karma system.  Until then, there will always be people who will exploit it.  The only difference between before and now is that before, only a certain number of people knew of the flaw.  Now everyone does.

I mean, would you rather that only I and a few others knew how to mess up karma?  If so, I'll gladly delete it all and have people pay me to boost karma  :twisted:  But seriously though, whether or not 10 or 1000 people know of this flaw doesn't change that the flaw is there and needs to be corrected.  My suggestions are requiring a referring url to be correct (this wouldn't block all of them), or not letting someone change a single person's karma more than one point in 24 hours (so you could, in theory, change 24 people's karma per day, but not one person 24 times). 

Plus, I didn't post how to parse a list of UIDs and really make a bot to do this, which would take a lot more time to figure out the right regex.
Logged

Bill Brasky

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #146 on: January 28, 2007, 05:21:45 PM »

Okay.  I'm actually gonna look into that 'cause it'll be helpful at work.  I've been pushing those tools to send me for training, but they're only interested in sending the old timers who dont know how to re-boot. 

The stuff I've briefly looked into, and what I'm actually interested in is getting off windows.  Never really got farther than technobabble that assumes you have a complete understanding.  I want the introductory stuff.  So, it looks like a big pain in the ass and [ X ] goes the window. 

Yes. It is. Which is why I still use Windows, even though I know a lot more about UNIX than I do about Windows. Windows is superior as a consumer operating system. Why all the hatred for it? Programmers are a dime a dozen these days. If someone wanted to, they could back-engineer the shit out of it and sell something just outside the patent limits for $25 bucks. Linux is free and it still doesn't have market share even in the corporate world, where there are professionals to take care of your desktop or laptop when it goes haywire. OSX, on the other hand, has a lot of potential. It has something for both the technically inclined and people who don't give a shit as long as they can use it. But to those people, it's not much different than windows. Perhaps making it available on cheaper x86 systems will make it more popular.

Sorry I don't want to start another OS war, but I get tired of people bashing Windows, while at the same time arguing that nothing else is as good???

I'm just interested in trying it.  I want to see what all the hoopla is about.  For my needs, windows is fine.  Every (most) consumer program works in it, plug and play for every product mass marketed like printers and cameras.  I dont HATE windows, I'd just like to have a machine that runs on a different platform and see how it interfaces with my browsing habits.  As I've previously stated, I'm not bouncing lasers off the moon or doing greenscreen work for George Lucas, so its really only curiosity, not need. 
Logged

Johnny_

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #147 on: January 28, 2007, 05:23:22 PM »

Quote
Done.  One liner:

Quote
wget --load-cookies "full/path/to/cookies/file/for/your/browser.txt" "http://bbs.freetalklive.com/index.php?action=modifykarma;sa=applaud/smite;uid=XYZ"

Important notes:
1) Your cookies file must be in a wget-recognizable format.  If you use Firefox, it is.  Not sure about others.
2) The URL MUST be in quotes.  Otherwise the ";" thingies fuck everything up, your shell thinks it's the end of the command when in reality it's part of the URL. So quote it, or at least escape the ; characters with a slash.
3) XYZ must be changed to a UID, likewise, "applaud/smite" must be changed to one or the other.

Set it up as a cron job.  If you want, you can manually set the cookies via --header.  To do this, look at your cookies and set the proper CFTOKEN and CFID and FTLBBS variables.  As I'm not familiar with the SMF software running this board, I'm not sure which of those values means what.  I'm guessing the FTLBBS is some sort of unique hash, possibly based on your password.  The others I'm not sure.  CFID might be an internal ID used for each user, or possibly each session.  If you can figure that stuff out, you can avoid having to use your browser's cookie file, although I'm sure that those values are unique for each user,
Nope, not quite so easy.  Check the page you just downloaded...it's an error which states you can't modify your own karma.

Dude, I already tested it before I posted.  I used it to boost your karma by 1.  Let me double check though, it's possible it was a fluke.

You have to have the URL in a quote.  It won't work otherwise.  I had that same error while testing it because I didn't use quotes and it chopped off everything past "modifykarma;" because of that ";"  You *MUST* quote it or use the "\" character to disallow your shell from interpreting the ";" as the end of the command.
« Last Edit: January 28, 2007, 05:28:31 PM by Johnny_ »
Logged

mbd

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #148 on: January 28, 2007, 05:24:22 PM »

I'm just interested in trying it.  I want to see what all the hoopla is about.  For my needs, windows is fine.  Every (most) consumer program works in it, plug and play for every product mass marketed like printers and cameras.  I dont HATE windows, I'd just like to have a machine that runs on a different platform and see how it interfaces with my browsing habits.  As I've previously stated, I'm not bouncing lasers off the moon or doing greenscreen work for George Lucas, so its really only curiosity, not need. 

You can buy computers with Linux already installed. Just the first site I found.

http://system76.com/index.php?cPath=2&gclid=CJKEiJWThIoCFSUySAodyXLPMg

And I don't need to mention OSX (you know, from Apple).
Logged

Johnny_

  • Guest
Re: The Trial Of Earthwormzim and his Bot of many bitchslaps
« Reply #149 on: January 28, 2007, 05:26:15 PM »

Quote
If you want something that works from the command line, you'll need software that can handle cookies or as you said, mimic them.  After that, it's just calling the smite URL with whatever UID you want, timed to once per hour.  FWIW, it's not that useful to do it to more than one or two people, because you can only smite once per hour.

Hint: wget supports cookies via the "--load-cookies" directive.  Since I'm bored, maybe I'll get to work on that now.  You don't even have to do anything special, you can use the cookies that your current browser is using.  Or if you want a really cross platform thing, you can create a cookie for wget to use by just looking at the cookie FTLBBS sets and passing it with the "--header" directive.
I think you can smite more than once per hour, just not to the same person.

wget can support cookies, but IIRC, the issue is that you'd have to not only store the login cookie, but the session id cookie as well.  There are two cookies when logged in, one is for login, the other is to maintain the session so that you can stay logged in.  There is also a redirect, from your login page to the karma modify php page, so when you try to do a karma modify, it appears that you are attempting to modify your own karma, which gives an error.  I'll have to give it another test.

Must be an unpopular subject.  Either people are upset by the discussion, or somebody is employing it against me! ;)

Can you?  Well I believe you, I just don't use the Karma system much at all so I'm not really familiar with all it's limitations. 
Logged
Pages: 1 ... 8 9 [10] 11 12   Go Up
+  The Free Talk Live BBS
|-+  Free Talk Live
| |-+  The Polling Pit
| | |-+  The Trial Of Earthwormzim and his Bot of many bitchslaps

// ]]>

Page created in 0.028 seconds with 36 queries.