-
Posts
420 -
Joined
-
Last visited
-
Days Won
3 -
Feedback
100%
Posts posted by Fay
-
-
-
stuff added to my site..
In the process of making a kill switch for the end user. Like if they sign into the site and see that their bot has sat in the same position for 4 pushes, they could assume the bot was stuck. Click the kill button and next time the script goes to update the stats, it sees the "Kill" and logs out.
-
Also you need to buy VIP.
-
Enjoyed the K0's. Reminds me of when I used my ftp pure before I got it banned for 99 cooking and 99 fming >.>
-
Select the script then resize the window. The button will be in the bottom right,
There is a bug with the current release.
-
button does not change based on if you can input or not:
selecting script continue button disappears (resize window to fix)
adding accounts work fine
removing does not update (press save to refresh screen after removal)
-
Resize the window. Bottom right is the button.
-
Password for the RS account or logging into the bot?
Bot = same as forums
RS, go recover it.
- 2
-
unless any private scripter wants to make me a script for 20 dollars at the most for 5 accounts
Against the rules.
-
send me a pm, i do websites , html/css/jquery and current working on bootstrap (im not very pro at bootstrap yet) but in couple month i can bootstrap the page u want and make it full responsive if u wish .
pm me if ur interrested,
My buddy did it for me. Thank you for the offer anyways, welcome to the community.
@mods you can close this thread.
- 1
-
Happened to me on my main. The day of the name changes. I was SOOOO happy to log in and play as my real name. Logged on in lumby basement, opened bank, got 2 numbers into my pin, and boom 2 day ban. Your IP isn't flagged it was just a delayed ban. 2 day bans they do it next time you log in so they get the most time of punshment on you. Perms they just ban you when ever not waiting for you to log in because you will not ever have any hope.
-
Don't mind him he is spamming to 100pc. How are you doing the trial stuff by the way? Like just giving them access to the script through the sdn and then removing their access after about a day?What?
-
96 mage, veng, spellbook swap, ice barrage to rush ags spec. They auto retaliate against you and kill themselves because your low defense.
-
Seeking the profits made from farming was always my biggest hassle. Ran a 5 account bot farm for wow.
-
Or just use Special BBCode
thats not as cool
- 1
-
I didn't know that, pretty solid.
Neither did I lol. I had to ask our Security Engineer just to be sure it was impossible to replay SSL traffic.
Asked by buddy to redo the css, I think it looks nice. The site has been updated.
-
Unless the hackers from the NSA
You should also add a timeout to any request packets sent. It doesn't matter how good your encryption is (could be some alien shit idc) because anyone who intercepts the packet can resend it as many times as they want. It's a major security flaw in a lot of website login forms
Timeout is auto handled by SSL . It tracks back to my last response. It is near impossible to replay it.
-
it's easier for a script kiddie to add "Junk" data if you use a query string with http get
while if you have http post the fields are hidden
there are still ways of adding false data into it but it takes abit more effort than a regular script kiddie would be willing to put effort in
Using wireshark the user does not actually receive the full url they can only see http://prntscr.com/4sq3h7 on the client hello. Even if they get the full url like I provided above they can't submit data without the client secret (passed through request header also hidden). I understand fully with what you are talking about but even a experience hacker would have no luck blowing up his stats. This is because he would have to first decrypt the ssl traffic (RSA 2048bit). Then still be alive by the time that cracking was finished.
Honestly there is no need to change it other than making it looks a little bit prettier for the scripter. I will change it but it isn't a security hole.
- 1
-
just a quick suggestion from an old osbot user
https://fayosbot.app...p=50000&time=69 is not safe you should use http post so it's not in the url
also with your python backend is that passing the data to a sql and if so is this got a timeout to stop overloading your server???
Yep it was more or less for quick testing. Can you explain why it would not be safe though? I mean if I am locking it down anyways it doesn't matter if they can read the data passed to it.
It is actually a Google Datastore. Overloading shouldn't be a problem. If so I can force it to only allow updates every 5 minutes per account.
-
lol srsly 2 months and not 100 posts yet
It is hard for some people to post on topics and what not because they want to be constructive not just toxic. My post count is so low because I generally have full responses unlike some people who spam for 2k+ post count.
-
child porn, 20 years
-
Then how do you accept incoming requests from script writers? You obviously have to configure the key on the the client and then send that in the request. My point is that if I was using your API I could send whatever data I wanted as long as I had your authentication code (which ever script writer would).
My bad for being ambiguous. Every script writer would need to change the key to something that they want the password to be. If they leave it default they will be open to the abuse.
- 2
-
The issue is more so along the lines of someone configuring a valid experience/items gained/time ran/etc. request with bogus data and sending that in.
I understand that and anyone is more than welcome to try but without knowing the client secret they are not getting anywhere.
https://fayosbot.appspot.com/api/request/create?name=Fay&exp=50000&time=69
Edit:
Even if they know the client secret they still have to guess the name of the header being requested because they can't get it from the HTTPS traffic.
!23KeyMaker32!
That is the key, if someone can successfully submit a the above link I'll buy them VIP. Take a screenshot of the return if you do get it and post it here. If it is correct you win.
-
If it is not a fact it is racism.
What type of accents do you guys have?
in Spam/Off Topic
Posted
Central Midland
http://aschmann.net/AmEng/index_collection/AmericanEnglishDialects.png