Fay

Select the script then resize the window. The button will be in the bottom right, There is a bug with the current release.

button does not change based on if you can input or not: http://prntscr.com/4t4aom selecting script continue button disappears (resize window to fix) http://prntscr.com/4t4b3z adding accounts work fine removing does not update (press save to refresh screen after removal)

Password for the RS account or logging into the bot? Bot = same as forums RS, go recover it.

Against the rules.

My buddy did it for me. Thank you for the offer anyways, welcome to the community. @mods you can close this thread.

Happened to me on my main. The day of the name changes. I was SOOOO happy to log in and play as my real name. Logged on in lumby basement, opened bank, got 2 numbers into my pin, and boom 2 day ban. Your IP isn't flagged it was just a delayed ban. 2 day bans they do it next time you log in so they get the most time of punshment on you. Perms they just ban you when ever not waiting for you to log in because you will not ever have any hope.

Don't mind him he is spamming to 100pc. How are you doing the trial stuff by the way? Like just giving them access to the script through the sdn and then removing their access after about a day?

96 mage, veng, spellbook swap, ice barrage to rush ags spec. They auto retaliate against you and kill themselves because your low defense.

Seeking the profits made from farming was always my biggest hassle. Ran a 5 account bot farm for wow.

Neither did I lol. I had to ask our Security Engineer just to be sure it was impossible to replay SSL traffic. Asked by buddy to redo the css, I think it looks nice. The site has been updated.

Timeout is auto handled by SSL . It tracks back to my last response. It is near impossible to replay it.

Using wireshark the user does not actually receive the full url they can only see http://prntscr.com/4sq3h7 on the client hello. Even if they get the full url like I provided above they can't submit data without the client secret (passed through request header also hidden). I understand fully with what you are talking about but even a experience hacker would have no luck blowing up his stats. This is because he would have to first decrypt the ssl traffic (RSA 2048bit). Then still be alive by the time that cracking was finished. Honestly there is no need to change it other than making it looks a little bit prettier for the scripter. I will change it but it isn't a security hole.

Yep it was more or less for quick testing. Can you explain why it would not be safe though? I mean if I am locking it down anyways it doesn't matter if they can read the data passed to it. It is actually a Google Datastore. Overloading shouldn't be a problem. If so I can force it to only allow updates every 5 minutes per account.

It is hard for some people to post on topics and what not because they want to be constructive not just toxic. My post count is so low because I generally have full responses unlike some people who spam for 2k+ post count.

child porn, 20 years

My bad for being ambiguous. Every script writer would need to change the key to something that they want the password to be. If they leave it default they will be open to the abuse.

I understand that and anyone is more than welcome to try but without knowing the client secret they are not getting anywhere. https://fayosbot.appspot.com/api/request/create?name=Fay&exp=50000&time=69 Edit: Even if they know the client secret they still have to guess the name of the header being requested because they can't get it from the HTTPS traffic. !23KeyMaker32! That is the key, if someone can successfully submit a the above link I'll buy them VIP. Take a screenshot of the return if you do get it and post it here. If it is correct you win.

If it is not a fact it is racism.

Pretty much the way I built it was it would be passed along to the server from the client. Because the clients traffic to the server will be https, reading the key is something that can't be done easily. Then we have replay attacks, someone capturing the https traffic and resending it, while this is possible in a limited time frame, I can easily build a process that would render it useless. All in all, everything is vulnerable, it just takes trial and error to fix it from the ground up. Neat . If you have any ideas or data I could use that you would like to be built in I would love it. If you have a skype shoot me a message. Also this won't run on your base site unless it is a python webserver. I am building this for Google App Engine sites, free hosting and very scale-able.

Would someone mind making a better css for this page? https://fayosbot.appspot.com/main.html The main page will be a highscores type deal. Every other page from there on I can handler from the base. I just SUCK at design, and need a pro to do it . Thread can be found here: http://osbot.org/forum/topic/60999-release-fay-hiscores-server

Can we get a picture of this?

Drop trade >.>

https://fayosbot.appspot.com/ Support? I'll probably help people get started but that will be about it. How to integrate into your script you may ask? See the bottom of this post. So you may be thinking "Oh this is just a static page." You are wrong. The java client (script) will pass the current statistics to the server via the api. The server side python code takes this data and adds the new exp gains to the persons record. If it is going to be an open release how will I protect against people just spamming fake exp gains? Read the last line of the tutorial. Things to do: Hiscores Updating users Adding users through GUI Client script for adding data Return from server to client (totaling) On demand script stoping Make pages look prettier User admin Signatures On demand script break Botstuck checker Profiled antiban I'll take recommendations by the way. So if you want something on the things to do list leave a comment. DOWNLOAD Tutorial How to make this function with your script!

TwC? 5m

Have you tried the same?