Shutting Down Demo Bots Remotely

[UBotBuddy 331]

After contemplating the Unified Field Theory and How to Control the World with My UBots I have come to a Paradigm Shift which I need to change.

 

In other words, I woke up this morning with an idea and Yes, I probably do watch too much of the Big Bang Theory.

 

We all know Andy has a GREAT security app but sometimes it does not make sense to use it when you are developing a demo for a client.

 

Here is what I did.

 

I created a sub-domain off of my site.

 

gls.buddyshearer.com

 

As soon as my demo bot executes it loads up this quickie of a site and scan it. IF it passes my hidden text test then the user moves on.

 

If it fails then I will have the option to build in how the user may register to get a working copy or I could give them an ugly page telling them the Bot is now dead.

 

I then execute the Stop Script node.

 

It's not perfect but I at least control this for my Demos.

[Praney Behl 314]

Hmm mate I like to include the protection script into my demo bots too.. makes them more secure and then also you can shut them down when you want.. It is really helpful while dealing with time wasters though.

 

Praney

[Frank 177]

Ah, I love quick and simple ways to solve a problem! Well done Buddy!

 

Frank

 

Confusious says that sign of a real programmer is not the complexity of the program to complete a simple task, but the simplicity of a program to complete a complex task

[MiriamMB 63]

Ah, I love quick and simple ways to solve a problem! Well done Buddy!

 

Frank

 

Confusious says that sign of a real programmer is not the complexity of the program to complete a simple task, but the simplicity of a program to complete a complex task

 

Great idea BotBuddy!

 

LOVE that quote!

[Tum 0]

Hi,

 

When you mean sub domain , do you mean sub routine ?

 

So in the demo bot, the first thing the bot does is try to activate an icluded sub routine, which is located in your webspace online ?

 

If this is true, how to you get the bot to include an online sub routine ?

 

Or am i totally getting this wrong ?

[UBotBuddy 331]

No, I mean subdomain. If you look at my link gls.buddyshearer.com then the "gls" part of that url is the subdomain.

[Tum 0]

No, I mean subdomain. If you look at my link gls.buddyshearer.com then the "gls" part of that url is the subdomain.

 

 

O so what you have then is a .txt file located on your sub domain, and then as the bot executes, the first thing is does is try to load the .txt file from your sub domain, which has a code in it !

Then in the bot, it has a check to see if the code loaded is correct ?

 

So all we need to do, is insert a load txt at the beginning of the bot, which is directed to a file on the internet ?

[Praney Behl 314]

Another easy way of doing it could be have a txt file on your server, make the bot to download that file to the documents folder or something, the file has some text and read the file into a variable and run an if command to check if the variable has the text or stop script.

 

As the download file works in the background no url will appear on the browser so the user will not know if its downloading something.

 

Praney

[Tum 0]

Actually thinking about it, couldn't this method be used as a total security method for selling the bots to.

 

Each bot is coded with a unique code for the buyer !

 

Then all you need to do is keep updating the verification.txt file on your webspace. And as long as the sold bots code is located within the txt file the bot works. If they ask for a refund, just delete the code from the verfication.txt file that is for there particular bot !

 

I've just tried a quick simple script, and this works fine.

 

I uploaded a verify.txt file with 15 codes in.

 

Then the script, loads this txt to a list, and checks the codes. If the code isnt in the file, it says Fail and stops the bot !

[Praney Behl 314]

To make it easier, one of the power member's on the forum "Net66", has created a great system just for doing that. I suggest you have a look at it.

 

The link to the post that describes more is as follows:

 

http://ubotstudio.com/forum/index.php?/topic/5280-new-protection-system-with-time-limited-trials-and-auto-update-options/

 

Andy is a great guy, and his system works flawlessly, also he provides great support.

 

Cheers!

 

Praney

[UBotBuddy 331]

Don't look at mine as a way to protect bots. I do a lot of demos so I wanted a simple way to kill a bot after a while so no one can abuse things with my demo bot. There are certainly better ways and I must say that Net66 is quite good. I use it for production bots.

[Tum 0]

Ye i know you say its only for demo's but how would someone get around the bot, loading a file from your webspace, checking to see if the code to run is actually listed in the file, and if its not listed then the bot just ends script !

 

It seems a free solution to protecting your bots, and the scripting is not much at all !

[UBotBuddy 331]

Here is a snap shot of how I used it.

 

http://screencast.com/t/8hhhbyVQP

 

It could be changed in such a way that if that page does not exist then the bot automatically Stops the script.

[Tum 0]

Here is the quick sub routine i created to use a slightly different method to yours !

 

I cannot see how someone could really stop this though, if its coded into the bot !

 

All you do then is create a .txt file (ie VERIFY-CODES.txt) and upload into your webspace.

 

Then enter this sub-routine into your main bot !

 

At the start of the bot run the security sub first, entering the 2 variables.

 

Codefile = the address online of your file your uploaded. (ie http://MYDOMAIN.com/VERIFY-CODES.txt)

Clientcode = the code for the bot that a client has paid for. (ie maybe use the reciept number or something to keep track of codes easily)

 

Now the last thing you do, is make sure that the Clientcode is in the VERIFY-CODES.txt file

 

Now, if the client decides they want a refund, just delete their code from the VERIFIY-CODES.txt, and the bot will not work, and produce a Verification FAILED note.

 

Obviously with this method, every bot is compiled with the clients code in it, but thats easy to do.

 

PS... If you used this method for demo bots, maybe use a democode as the actually code, then remove that from the list when you want the demo to stop !

Security.ubot

[UBotBuddy 331]

Great!

 

Check this out. http://screencast.com/t/uO7bReijxbf5

 

There is a file on my webserver called SwitchData.txt and there is one word in that file "ACTIVE".

 

The code in that image loads that file into the variable execution and if it matches then it's good if not then the bot would just Stop.

 

The cool thing with this is that all you have to do is mis-spell the word "ACTIVE" in that text file to anything and that would cause the bot to die.

 

Certainly there are MANY ways to skin a cat here.

[Net66 54]

For bots you are only supplying to one or two clients this is a great idea.

 

Andy

[UBotBuddy 331]

Exactly, that's why I initially set this up. TO keep it clean and simple. SO far not a single person that I have given a demo has complained since I turned off their access after a week or so.

 

For a complete solution Andy's is the best that I have seen and used.

[UBotBuddy 331]

I woke up this morning and thought of another Demo Kill Switch.

 

http://screencast.com/t/g3UYlNHo4Aom

 

This uses a Date. If you notice from my example I grab just the date and filter out the "/". he file that I am comparing to has the date formatted in the same way.

 

Once the condition register False the bot stops the Script.

 

Note: If you use this make sure that your dates are formatted correctly as in single numeric Months and Days.

 

If UBot had the capability to use dates & times like computers use internally then this could be more robust. Just remember to strip out the slashes because your comparisons will always return False.

[lowno 2]

So just thinking out loud, can't wireshark and modifying the hosts file completely circumvent this?

 

Not that the majority of our bot customers would even know how to do that.

[UBotBuddy 331]

Yes, there six dozen or halh a dozen ways to skin a cat. lol Consider this one way.

[Sulliman 0]

Hi All

I have a working bot that uses AES encryption to either register, release or request a trial from the server.

The server side scripts are in php and can easily be adapted to work with a mysql database.

The demo I built issues a temporary key to the ubot software. The ubot encrypts server responses and saves them locally (encrypted again with a 16 character key derived from the users MAC address).

 

If anyone is interested - PM me

[UBotDev 276]

This can be easilly hacked, while user just needs to redirect your site to 127.0.0.1 within host file and create index file on local server. So when the bot is run, it navigates to local page, which still include hidden text.

Maybe works to protect from noobs, but not from geeks and hackers.

 

After contemplating the Unified Field Theory and How to Control the World with My UBots I have come to a Paradigm Shift which I need to change.

 

In other words, I woke up this morning with an idea and Yes, I probably do watch too much of the Big Bang Theory.

 

We all know Andy has a GREAT security app but sometimes it does not make sense to use it when you are developing a demo for a client.

 

Here is what I did.

 

I created a sub-domain off of my site.

 

gls.buddyshearer.com

 

As soon as my demo bot executes it loads up this quickie of a site and scan it. IF it passes my hidden text test then the user moves on.

 

If it fails then I will have the option to build in how the user may register to get a working copy or I could give them an ugly page telling them the Bot is now dead.

 

I then execute the Stop Script node.

 

It's not perfect but I at least control this for my Demos.

[UBotBuddy 331]

This was meant as a learning technique not a full-fledged protection system.

[UBotDev 276]

This was meant as a learning technique not a full-fledged protection system.

 

But still, client will be able to use demo after it "expires". Its same with time, since user can change computer time and date and also edit txt files generated by ubot. :/ I would also like to have my boots prtected, but this just isnt the way.

 

Still, nice to hear you are willing to learn.

[LoWrIdErTJ - BotGuru 904]

But still, client will be able to use demo after it "expires". Its same with time, since user can change computer time and date and also edit txt files generated by ubot. :/ I would also like to have my boots prtected, but this just isnt the way.

 

Still, nice to hear you are willing to learn.

 

 

Knowing what the underground world does, and how they do it is the first step. Then things care placed in to help prevent this sort of thing.

 

have a look at

http://ubotstudio.com/forum/index.php?/topic/6690-securing-your-compiled-bots-need-everyones-feedback/page__view__findpost__p__34793

 

 

TJ