sk8tavou 0 Posted February 25, 2012 Report Share Posted February 25, 2012 I had an idea today and i want to share it here and listen what other members thinks! Lets say i want to create and sell a bot but i want only my customer to use it only from his computer!Im requesting from him to give me his IP adress username and password!So when the programm starts it navigates to a site that shows the ip and scrape it and doing a comparison with the ip i gave the programm to run! If they are the same then the programm navigates to my website and find username and password in two different pages and doing comparison with the username and password he entered in the text boxes!If they are the same the programm runs ! If not it does nothing! What do you think? Im missing something on the whole idea? Quote Link to post Share on other sites
Anonym 53 Posted February 25, 2012 Report Share Posted February 25, 2012 Most ppl don't have fix IP-address so it won't work, I am afraid. Quote Link to post Share on other sites
wakins4u 12 Posted February 25, 2012 Report Share Posted February 25, 2012 Most ppl don't have fix IP-address so it won't work, I am afraid. Yes, like anonym said, most people use dynamic IP addresses [meaning it changes frequently]. However, one of the unique things about cpu's is their hardware [or MAC] addresses, and if you asked a customer to supply that to you they'll be looking for another service other than yours - FAST ! No average internet fella wants extra headache of finding MAC addresses in this microwave day and age. W. Quote Link to post Share on other sites
George 1 Posted February 25, 2012 Report Share Posted February 25, 2012 An easier way to do what you're saying (especially if they're going to have to load your website) would be to assign the user a unique license key and password. Then... when the user launches the bot it goes to your website and they log in with their password where you log their IP. If you see the account logging in from multiple IPs on multiple ISPs flag or disable the account. If the login is normal the software scrapes their license key from their "logged in" page and let's the bot continue. Since the software is effectively useless without an account you've protected your bot Quote Link to post Share on other sites
sk8tavou 0 Posted February 26, 2012 Author Report Share Posted February 26, 2012 Thanks a lot everyone for your answers!I know that on dynamic Ips the thing that changes is the last 3 digits!Am i right or not?IS there any way to scrape an ip address but have it check if the first three parts are the same?like 111.111.1.* something like that? George your idea is good but if they have dynamic ip i will see a lof of changes in the ip! For now im asking them to pay with paypal and i make a license with their paypal email (so i think they will not share it easily) and i always write on every programm something like "this is a bot created for "name" by "my email" and its not for reselling"so if i find it somewhere i know what license to disable Quote Link to post Share on other sites
Anonym 53 Posted February 26, 2012 Report Share Posted February 26, 2012 Ok, let's get a little bit deeper. I assume that you don't want to get the CPUID by calling some low level function in Windows. Another way would be to do a c:\windows\system32\cmd.exe ipconfig /all > my-temp-file.txt Then read my-temp-file.txt and get the MAC address using some regexp. The problem with this is to determine which of your network adapters is the one that you are connected to the internet. If I take my own PC as an example I have 9 network adapters of which at least 5 are not real network adapters, but some virtual adapters. That still leaves 4 network adapters to choose from. Hmmm... I am sure it's possible to solve, but it requires some time to analyse this stuff to find out. besides, another thing about that solution is that it would probably prevent your user/customer to use a VPN service like HideMyAss, because that virtual service itself probably has a MAC address of its own. Sometimes your user/customer wants to use HMA and another time they don't, meaning, they will have several different MAC addresses.Mmmm... maybe it's "easier" with the CPUID afterall. Quote Link to post Share on other sites
Ataya 2 Posted February 27, 2012 Report Share Posted February 27, 2012 Did you check protect66? It's a licensing system for ubot that is pretty good at doing the job, here's a link to it on the forum:http://ubotstudio.com/forum/index.php?/topic/3872-protect-your-compiled-bots-with-protect66/ Also TJ is doing a protection system that should be cheaper than protect66 but it's not released yet, here's the link: http://ubotstudio.com/forum/index.php?/topic/6690-securing-your-compiled-bots-need-everyones-feedback/ If money is not a big issue I think it will be easier if you buy a licensing system instead of making one yourself because it will probably be more secure. Quote Link to post Share on other sites
sk8tavou 0 Posted February 27, 2012 Author Report Share Posted February 27, 2012 Thanks a lot everyone for your answers yes i talked to TJ on skype and told me about his system Im waiting to see more Quote Link to post Share on other sites
nuc63 27 Posted February 28, 2012 Report Share Posted February 28, 2012 Do a check version on your bot make it goto a page and scrape version or name or something and if its there run bot if not stop. Quote Link to post Share on other sites
nuc63 27 Posted February 28, 2012 Report Share Posted February 28, 2012 Each time you give out a script compile it and give a unique variable to each user and check on start. Make them visit a page(or even login to something) and search for something you can track them visiting page and remove access easy. script navigate("http://www.ubotstudio.com/resources.aspx", "Wait")if($search page("A little learning is a dangerous thing.")) { then { load html("Start script") } else { stop script }} 1 Quote Link to post Share on other sites
webpro 31 Posted July 16, 2012 Report Share Posted July 16, 2012 Ok i'm trying to understand this. We put this code where in VIEW (i got the pro version) So the buyer will go to page when he loads the bot ?and then he needs to do what ? Also i thought about having an online password protection script on my site (i send people there first, when they load the bot) they must enter their username/password that i created manually, if it's valid the bot continues to load. Of course with max ip settings per username/pass. Does Paypal already have this in place so it can be automatized ? Or anyone else in fact ? Like good ol' Ibill had last century ago wen i used to run paysites (yes those one) remember Xpics ? hehehehehe Now i just need to find out how you do this. A bit like you said but understand it LOL Quote Link to post Share on other sites
ubotusold 28 Posted July 16, 2012 Report Share Posted July 16, 2012 On an Apache SSL server create a website that has: A registration page A login page A reconsideration page Keep client side information in Windows registry: registeredState licensekey SecretParaphrase (encrypted) When your bot runs, check a Windows registry variable (registeredState): If value is yes, take them to the login page (https://www.bot.com/mybot/login) If the account has been flagged, take them to the reconsideration page (https://www.bot.com/mybot/reconsideration) In the reconsideration page, have them revalidate themselves: username password licensekey secretParaphrase If no or does not exist, take them to the register page (https//www.bot.com/mybot/register) If successfully registered, change registered state to yes and store internal licensekey and paraphrase to registry During registration and reconsideration, user must supply a secret paraphrase in event account is locked out On the server is a Mysql databaseHave two tables: User userId username password email street city state zipcode telephone registeredVisit (datetime,ip,authenticated) visit1 (datetime,ip,authenticated) visit2 (datetime,ip,authenticated) visit3 (datetime,ip,authenticated) visit4 (datetime,ip,authenticated) visit5 (datetime,ip,authenticated) . . visitN (datetime,ip,authenticated) Product userId productId productname version licensekey isValid secretParaphrase (encrypted) Keep association of users to products in event you sell lots of different bots On server side: Keep track of the last N visits the user logged in with. If there is disparity in IP between the visits, lock the account and inform bot owner via email (say more than 30% are different) If there is a history of failed authentications, lock the account and inform bot owner via email (say more than 30% failed) User is directed to the reconsideration page where they have to reauthenticate themselves Make sure to tell bot owner to turn off proxies and any vpn before registering and logging in 4 Quote Link to post Share on other sites
shockobon 0 Posted August 30, 2012 Report Share Posted August 30, 2012 On an Apache SSL server create a website that has: A registration page A login page A reconsideration page Keep client side information in Windows registry: registeredState licensekey SecretParaphrase (encrypted) When your bot runs, check a Windows registry variable (registeredState): If value is yes, take them to the login page (https://www.bot.com/mybot/login) If the account has been flagged, take them to the reconsideration page (https://www.bot.com/...reconsideration) In the reconsideration page, have them revalidate themselves: username password licensekey secretParaphrase If no or does not exist, take them to the register page (https//www.bot.com/mybot/register) If successfully registered, change registered state to yes and store internal licensekey and paraphrase to registry During registration and reconsideration, user must supply a secret paraphrase in event account is locked out On the server is a Mysql databaseHave two tables: User userId username password email street city state zipcode telephone registeredVisit (datetime,ip,authenticated) visit1 (datetime,ip,authenticated) visit2 (datetime,ip,authenticated) visit3 (datetime,ip,authenticated) visit4 (datetime,ip,authenticated) visit5 (datetime,ip,authenticated) . . visitN (datetime,ip,authenticated) Product userId productId productname version licensekey isValid secretParaphrase (encrypted) Keep association of users to products in event you sell lots of different bots On server side: Keep track of the last N visits the user logged in with. If there is disparity in IP between the visits, lock the account and inform bot owner via email (say more than 30% are different) If there is a history of failed authentications, lock the account and inform bot owner via email (say more than 30% failed) User is directed to the reconsideration page where they have to reauthenticate themselves Make sure to tell bot owner to turn off proxies and any vpn before registering and logging in Do you sell it done? Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.