UBotBuddy 331 Posted October 10, 2010 Report Share Posted October 10, 2010 After contemplating the Unified Field Theory and How to Control the World with My UBots I have come to a Paradigm Shift which I need to change. In other words, I woke up this morning with an idea and Yes, I probably do watch too much of the Big Bang Theory. We all know Andy has a GREAT security app but sometimes it does not make sense to use it when you are developing a demo for a client. Here is what I did. I created a sub-domain off of my site. gls.buddyshearer.com As soon as my demo bot executes it loads up this quickie of a site and scan it. IF it passes my hidden text test then the user moves on. If it fails then I will have the option to build in how the user may register to get a working copy or I could give them an ugly page telling them the Bot is now dead. I then execute the Stop Script node. It's not perfect but I at least control this for my Demos. 1 Quote Link to post Share on other sites
Praney Behl 314 Posted October 10, 2010 Report Share Posted October 10, 2010 Hmm mate I like to include the protection script into my demo bots too.. makes them more secure and then also you can shut them down when you want.. It is really helpful while dealing with time wasters though. Praney Quote Link to post Share on other sites
Frank 177 Posted October 11, 2010 Report Share Posted October 11, 2010 Ah, I love quick and simple ways to solve a problem! Well done Buddy! Frank Confusious says that sign of a real programmer is not the complexity of the program to complete a simple task, but the simplicity of a program to complete a complex task Quote Link to post Share on other sites
MiriamMB 63 Posted October 11, 2010 Report Share Posted October 11, 2010 Ah, I love quick and simple ways to solve a problem! Well done Buddy! Frank Confusious says that sign of a real programmer is not the complexity of the program to complete a simple task, but the simplicity of a program to complete a complex task Great idea BotBuddy! LOVE that quote! Quote Link to post Share on other sites
Tum 0 Posted November 22, 2010 Report Share Posted November 22, 2010 Hi, When you mean sub domain , do you mean sub routine ? So in the demo bot, the first thing the bot does is try to activate an icluded sub routine, which is located in your webspace online ? If this is true, how to you get the bot to include an online sub routine ? Or am i totally getting this wrong ? Quote Link to post Share on other sites
UBotBuddy 331 Posted November 22, 2010 Author Report Share Posted November 22, 2010 No, I mean subdomain. If you look at my link gls.buddyshearer.com then the "gls" part of that url is the subdomain. Quote Link to post Share on other sites
Tum 0 Posted November 22, 2010 Report Share Posted November 22, 2010 No, I mean subdomain. If you look at my link gls.buddyshearer.com then the "gls" part of that url is the subdomain. O so what you have then is a .txt file located on your sub domain, and then as the bot executes, the first thing is does is try to load the .txt file from your sub domain, which has a code in it !Then in the bot, it has a check to see if the code loaded is correct ? So all we need to do, is insert a load txt at the beginning of the bot, which is directed to a file on the internet ? Quote Link to post Share on other sites
Praney Behl 314 Posted November 22, 2010 Report Share Posted November 22, 2010 Another easy way of doing it could be have a txt file on your server, make the bot to download that file to the documents folder or something, the file has some text and read the file into a variable and run an if command to check if the variable has the text or stop script. As the download file works in the background no url will appear on the browser so the user will not know if its downloading something. Praney Quote Link to post Share on other sites
Tum 0 Posted November 22, 2010 Report Share Posted November 22, 2010 Actually thinking about it, couldn't this method be used as a total security method for selling the bots to. Each bot is coded with a unique code for the buyer ! Then all you need to do is keep updating the verification.txt file on your webspace. And as long as the sold bots code is located within the txt file the bot works. If they ask for a refund, just delete the code from the verfication.txt file that is for there particular bot ! I've just tried a quick simple script, and this works fine. I uploaded a verify.txt file with 15 codes in. Then the script, loads this txt to a list, and checks the codes. If the code isnt in the file, it says Fail and stops the bot ! Quote Link to post Share on other sites
Praney Behl 314 Posted November 22, 2010 Report Share Posted November 22, 2010 To make it easier, one of the power member's on the forum "Net66", has created a great system just for doing that. I suggest you have a look at it. The link to the post that describes more is as follows: http://ubotstudio.com/forum/index.php?/topic/5280-new-protection-system-with-time-limited-trials-and-auto-update-options/ Andy is a great guy, and his system works flawlessly, also he provides great support. Cheers! Praney Quote Link to post Share on other sites
UBotBuddy 331 Posted November 23, 2010 Author Report Share Posted November 23, 2010 Don't look at mine as a way to protect bots. I do a lot of demos so I wanted a simple way to kill a bot after a while so no one can abuse things with my demo bot. There are certainly better ways and I must say that Net66 is quite good. I use it for production bots. Quote Link to post Share on other sites
Tum 0 Posted November 23, 2010 Report Share Posted November 23, 2010 Ye i know you say its only for demo's but how would someone get around the bot, loading a file from your webspace, checking to see if the code to run is actually listed in the file, and if its not listed then the bot just ends script ! It seems a free solution to protecting your bots, and the scripting is not much at all ! Quote Link to post Share on other sites
UBotBuddy 331 Posted November 23, 2010 Author Report Share Posted November 23, 2010 Here is a snap shot of how I used it. http://screencast.com/t/8hhhbyVQP It could be changed in such a way that if that page does not exist then the bot automatically Stops the script. Quote Link to post Share on other sites
Tum 0 Posted November 23, 2010 Report Share Posted November 23, 2010 Here is the quick sub routine i created to use a slightly different method to yours ! I cannot see how someone could really stop this though, if its coded into the bot ! All you do then is create a .txt file (ie VERIFY-CODES.txt) and upload into your webspace. Then enter this sub-routine into your main bot ! At the start of the bot run the security sub first, entering the 2 variables. Codefile = the address online of your file your uploaded. (ie http://MYDOMAIN.com/VERIFY-CODES.txt)Clientcode = the code for the bot that a client has paid for. (ie maybe use the reciept number or something to keep track of codes easily) Now the last thing you do, is make sure that the Clientcode is in the VERIFY-CODES.txt file Now, if the client decides they want a refund, just delete their code from the VERIFIY-CODES.txt, and the bot will not work, and produce a Verification FAILED note. Obviously with this method, every bot is compiled with the clients code in it, but thats easy to do. PS... If you used this method for demo bots, maybe use a democode as the actually code, then remove that from the list when you want the demo to stop !Security.ubot Quote Link to post Share on other sites
UBotBuddy 331 Posted November 23, 2010 Author Report Share Posted November 23, 2010 Great! Check this out. http://screencast.com/t/uO7bReijxbf5 There is a file on my webserver called SwitchData.txt and there is one word in that file "ACTIVE". The code in that image loads that file into the variable execution and if it matches then it's good if not then the bot would just Stop. The cool thing with this is that all you have to do is mis-spell the word "ACTIVE" in that text file to anything and that would cause the bot to die. Certainly there are MANY ways to skin a cat here. Quote Link to post Share on other sites
Net66 54 Posted November 24, 2010 Report Share Posted November 24, 2010 For bots you are only supplying to one or two clients this is a great idea. Andy Quote Link to post Share on other sites
UBotBuddy 331 Posted November 24, 2010 Author Report Share Posted November 24, 2010 Exactly, that's why I initially set this up. TO keep it clean and simple. SO far not a single person that I have given a demo has complained since I turned off their access after a week or so. For a complete solution Andy's is the best that I have seen and used. Quote Link to post Share on other sites
UBotBuddy 331 Posted November 24, 2010 Author Report Share Posted November 24, 2010 I woke up this morning and thought of another Demo Kill Switch. http://screencast.com/t/g3UYlNHo4Aom This uses a Date. If you notice from my example I grab just the date and filter out the "/". he file that I am comparing to has the date formatted in the same way. Once the condition register False the bot stops the Script. Note: If you use this make sure that your dates are formatted correctly as in single numeric Months and Days. If UBot had the capability to use dates & times like computers use internally then this could be more robust. Just remember to strip out the slashes because your comparisons will always return False. Quote Link to post Share on other sites
lowno 2 Posted November 30, 2010 Report Share Posted November 30, 2010 So just thinking out loud, can't wireshark and modifying the hosts file completely circumvent this? Not that the majority of our bot customers would even know how to do that. Quote Link to post Share on other sites
UBotBuddy 331 Posted November 30, 2010 Author Report Share Posted November 30, 2010 Yes, there six dozen or halh a dozen ways to skin a cat. lol Consider this one way. Quote Link to post Share on other sites
Sulliman 0 Posted May 29, 2011 Report Share Posted May 29, 2011 Hi AllI have a working bot that uses AES encryption to either register, release or request a trial from the server.The server side scripts are in php and can easily be adapted to work with a mysql database.The demo I built issues a temporary key to the ubot software. The ubot encrypts server responses and saves them locally (encrypted again with a 16 character key derived from the users MAC address). If anyone is interested - PM me Quote Link to post Share on other sites
UBotDev 276 Posted May 30, 2011 Report Share Posted May 30, 2011 This can be easilly hacked, while user just needs to redirect your site to 127.0.0.1 within host file and create index file on local server. So when the bot is run, it navigates to local page, which still include hidden text.Maybe works to protect from noobs, but not from geeks and hackers. After contemplating the Unified Field Theory and How to Control the World with My UBots I have come to a Paradigm Shift which I need to change. In other words, I woke up this morning with an idea and Yes, I probably do watch too much of the Big Bang Theory. We all know Andy has a GREAT security app but sometimes it does not make sense to use it when you are developing a demo for a client. Here is what I did. I created a sub-domain off of my site. gls.buddyshearer.com As soon as my demo bot executes it loads up this quickie of a site and scan it. IF it passes my hidden text test then the user moves on. If it fails then I will have the option to build in how the user may register to get a working copy or I could give them an ugly page telling them the Bot is now dead. I then execute the Stop Script node. It's not perfect but I at least control this for my Demos. Quote Link to post Share on other sites
UBotBuddy 331 Posted May 30, 2011 Author Report Share Posted May 30, 2011 This was meant as a learning technique not a full-fledged protection system. Quote Link to post Share on other sites
UBotDev 276 Posted May 30, 2011 Report Share Posted May 30, 2011 This was meant as a learning technique not a full-fledged protection system. But still, client will be able to use demo after it "expires". Its same with time, since user can change computer time and date and also edit txt files generated by ubot. :/ I would also like to have my boots prtected, but this just isnt the way. Still, nice to hear you are willing to learn. Quote Link to post Share on other sites
LoWrIdErTJ - BotGuru 904 Posted May 30, 2011 Report Share Posted May 30, 2011 But still, client will be able to use demo after it "expires". Its same with time, since user can change computer time and date and also edit txt files generated by ubot. :/ I would also like to have my boots prtected, but this just isnt the way. Still, nice to hear you are willing to learn. Knowing what the underground world does, and how they do it is the first step. Then things care placed in to help prevent this sort of thing. have a look at http://ubotstudio.com/forum/index.php?/topic/6690-securing-your-compiled-bots-need-everyones-feedback/page__view__findpost__p__34793 TJ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.