-LeBot- Official Thread

lrussell · Before February 2015

LeBot, the next generation in bots.
Website: http://lebot-ee.tk/

-----------------------------------------------------------------------------------------------------------------------------
LeBot, the next generation Everybody Edits bot, open for everyone, but with security in mind.

Features:
World list
World info
Level functions
Keys
Built in chat
User privileges (admins, etc.)
Snake
Dig
Shift
Level templates
World backup tool
EE, Kong, and Facebook support
(more to come)

How it works
LeBot isn't your regular bot, instead of connecting directly to EE, there is a "middle man", that handles all the connections. What does this mean for you? It means no DLLs, less lag (especially if you have a slow connection), and bug fixes without a new release, plus features otherwise not feasible, such as text messages or bot-to-bot communication. And for people who are tired of bots getting out of control, guess what the killswitch is? Simply kill the servers, the bots will be rendered completely useless, the entire core would have to be re-written, including server features like shift! Thanks to this system, I can also track and monitor each bot's location and kill each one by themselves, if abuse occurs.

FAQ
Q: What about my account information?
A: Your account information is sent to the server, but only to login and connect to the level you requested. No one else can see your information. If you don't trust it, you don't have to, use at your own judgement, feel free to use an alt.

Well, that about wraps it up. Beta testing will be around soon, because most of those features still have yet to be coded. So in the first release, don't expect all of them.

I plan on opening up an official website with a forum, where people can report bugs and make suggestions.
I will be doing weekly updates on Friday/Saturday, so any changes to EE can follow along right with the bot.
If anyone is interested in coding we me, I would be glad to take on an apprentice.

Hopefully I have managed to reach the norm of bots, making functions and security work in harmony.

~lrussell

Last edited by lrussell (Dec 13 2012 10:17:43 pm)

Kaslai · Before February 2015

I sincerely hope that you're not doing something insane like sending user information as plaintext... Look in to SharpSSH or some other library that supports mature encryption schemes. Otherwise, all the power to you. I was considering doing something like this, but even on the small scale it brought my rinky-dink little server to a crawl with 20 people using it simultaneously. That's the price you pay for using .NET on Linux =p

ugotpwned · Before February 2015

I think the best part of this would be that is a lag-proof bot, for people like me, I don't have the best internet and with no dll there would be less confusion overall. I like the whole idea of the "middle-man". If I could ever get the chance to code with you that would be a blast. Pair-programming brings up good memories from C++ classes :>

With good feedback comes the negatives, you probably would need to add some more unique feutures (besides this "middle-man") to keep interest in the community.

Last edited by UgotPwned (Dec 5 2012 12:15:37 am)

lrussell · Before February 2015

Aslai wrote:

I sincerely hope that you're not doing something insane like sending user information as plaintext... Look in to SharpSSH or some other library that supports mature encryption schemes. Otherwise, all the power to you. I was considering doing something like this, but even on the small scale it brought my rinky-dink little server to a crawl with 20 people using it simultaneously. That's the price you pay for using .NET on Linux =p

I currently have 4 servers of my own to spread the load across. 1 Windows (Windows Server 2008 R2 Enterprise), and 3 Linux (Debian Wheezy w/ Mono). They perform rather well, my Windows system has a 1gigabit connection. I'm trying to add a load management system. As for encryption, I need to improve it a little bit. While it isn't broadcasted to the other users, it's sent as base64 to the server (just for an "encryption" test).

UgotPwned wrote:

I think the best part of this would be that is a lag-proof bot, for people like me, I don't have the best internet and with no dll there would be less confusion overall. I like the whole idea of the "middle-man". If I could ever get the chance to code with you that would be a blast. Pair-programming brings up good memories from C++ classes :>
With good feedback comes the negatives, you probably would need to add some more unique feutures (besides this "middle-man") to keep interest in the community.

That's why I said I'm going to be opening up a community, accepting suggestions and doing weekly updates.
I already have some more ideas that are flying through my head. Thanks!

XxAtillaxX · Before February 2015

It's a good start for a project, too bad EEData died, the friends-list was pretty sweet.

Processor · Before February 2015

Aslai wrote:

I sincerely hope that you're not doing something insane like sending user information as plaintext...

PlayerIO library itself sends them as plaintext so whats the problem?

Kaslai · Before February 2015

Processor wrote:

Aslai wrote:
I sincerely hope that you're not doing something insane like sending user information as plaintext...
PlayerIO library itself sends them as plaintext so whats the problem?

Really? I was under the impression that it used RSA or something. It would be incredibly stupid for them to do something like that in such a widespread library... Jeeze.

Processor · Before February 2015

Aslai wrote:

Processor wrote:
Aslai wrote:
I sincerely hope that you're not doing something insane like sending user information as plaintext...
PlayerIO library itself sends them as plaintext so whats the problem?
Really? I was under the impression that it used RSA or something. It would be incredibly stupid for them to do something like that in such a widespread library... Jeeze.

Yeah, I got really scared when I saw it when rewriting the login part of the library. It sends it in plaintext with a http POST request

Ontopic: I love the middleman idea, but I'd wish you would let us developers use it for own bots. As Aslai mentioned, it would be really cool to run bots in linux without using the slow mono... I'm pretty sure it uses sockets but what if we could write bots in javascript? No more being scared of viruses

But well, I don't see how this can be faster than a usual PlayerIO client...

lrussell · Before February 2015

Processor wrote:

Aslai wrote:
Processor wrote:
PlayerIO library itself sends them as plaintext so whats the problem?
Really? I was under the impression that it used RSA or something. It would be incredibly stupid for them to do something like that in such a widespread library... Jeeze.
Yeah, I got really scared when I saw it when rewriting the login part of the library. It sends it in plaintext with a http POST request
Ontopic: I love the middleman idea, but I'd wish you would let us developers use it for own bots. As Aslai mentioned, it would be really cool to run bots in linux without using the slow mono... I'm pretty sure it uses sockets but what if we could write bots in javascript? No more being scared of viruses
But well, I don't see how this can be faster than a usual PlayerIO client...

Well, in that case I see no need to go any further with encryption. It is a socket server, written in C#. It actually will be running in mono on 5/6 of the servers. And it's faster for people with slow connections, because intergrated features like shift will be send with a one liner like "send("shift", level_data_here);" which the server would handle. The master server has a 1gigabit connection. I actually was thinking about making a public bot API for any language that supports sockets. In fact, my original plan was to make the client in Java instead of C#. And frankly, mono isn't that slow.
1gigabit speed proof:

Kaslai · Before February 2015

lrussell wrote:

And frankly, mono isn't that slow.[/url]

It is when you're running it on a 1GHz single core Linux box with 512 MB RAM hehehe

Anyways, it would be nice for you to provide a lower level TCP based interface. That would make for some interesting developments.

lrussell · Before February 2015

Aslai wrote:

lrussell wrote:
And frankly, mono isn't that slow.[/url]
It is when you're running it on a 1GHz single core Linux box with 512 MB RAM hehehe
Anyways, it would be nice for you to provide a lower level TCP based interface. That would make for some interesting developments.

Actually, PHP supports sockets. I could make a web based bot, remember EEData? That's one of em.
We're still trying to get the service for EEData restored.

Terence22205 · Before February 2015

I must have this.

Can't wait for release. ;-;

Jabatheblob1 · Before February 2015

Terence22205 wrote:

I must have this.
Can't wait for release. ;-;

but i thought you quit :'(

Awesomenessgood · Before February 2015

Make it for facebook too!

lrussell · Before February 2015

awesomenessgood wrote:

Make it for facebook too!

It does have facebook support, you just need to know how to get your auth token. I will create a tutorial later.

timothyji · Before February 2015

You Can Make A Forum On "punbb-hosting.com"

and I CAN'T WAIT FOR IT TO RELEASE XD

lrussell · Before February 2015

Timothyji wrote:

You Can Make A Forum On "punbb-hosting.com"
and I CAN'T WAIT FOR IT TO RELEASE XD

Actually to receive the bot you need to create an account on the website, and through the web interface you enter information, like your account info. When you open the bot you enter your login info for the website, and the bot will allow access. Also, I plan on hosting the forum on my own servers, using MyBB.

shaunsred · Before February 2015

I can't wait for its release. Looks promising.

lrussell · Before February 2015

Website: http://lebot-ee.tk/

I got the site up guys, but I changed the way the information is handled. You manage your account info in the web interface, so when you register you must enter your account info. I've made sure the information is inaccessible to everything but the internal scripts, but if you're still in doubt, use an alt.

The bot isn't complete yet, and hasn't been modified to handle the new system, but should be released soon. Feel free to sign up on the forum, it was Atilla who wanted that theme, so if your eyes burn out, blame him.

I have no intention to collect accounts, because my account has everything except for Big Spender and Diamond, I even have Ultimate Fan. Once again, if you're in doubt, use an alt.

XxAtillaxX · Before February 2015

lrussell wrote:

it was Atilla who wanted that theme, so if your eyes burn out, blame him.

No. I did not want that theme and it does kill my retinas. Don't put your fail theme choices on me. XD

Last edited by ?tilla (Dec 14 2012 12:14:22 am)

lrussell · Before February 2015

Okay guys, I made a "test" login page, it just tells you if the information is correct or not. So far so good, I also wrote a modify account script so you can update your password and info (not implemented into the UI yet).

XxAtillaxX · Before February 2015

lrussell wrote:

Okay guys, I made a "test" login page, it just tells you if the information is correct or not. So far so good, I also wrote a modify account script so you can update your password and info (not implemented into the UI yet).

I suggest you do some MD5 hashing on the passwords and also a salt.

lrussell · Before February 2015

?tilla wrote:

lrussell wrote:
Okay guys, I made a "test" login page, it just tells you if the information is correct or not. So far so good, I also wrote a modify account script so you can update your password and info (not implemented into the UI yet).
I suggest you do some MD5 hashing on the passwords and also a salt.

There is really no point as I have to be able to de-hash it, meaning just another file of keys. All the accounts are secure enough, inaccessible to anything but the PHP scripts. Processor tried to hack it, but got no where. And all you managed to do was get some Unicode into the account's username.

I will be finishing up the backend tomorrow, coding the UI and making the bot connect. I might have a very minimal release of the bot by Monday, with only basic functions.

Stay tuned!

XxAtillaxX · Before February 2015

lrussell wrote:

?tilla wrote:
lrussell wrote:
Okay guys, I made a "test" login page, it just tells you if the information is correct or not. So far so good, I also wrote a modify account script so you can update your password and info (not implemented into the UI yet).
I suggest you do some MD5 hashing on the passwords and also a salt.
There is really no point as I have to be able to de-hash it, meaning just another file of keys. All the accounts are secure enough, inaccessible to anything but the PHP scripts. Processor tried to hack it, but got no where. And all you managed to do was get some Unicode into the account's username.
I will be finishing up the backend tomorrow, coding the UI and making the bot connect. I might have a very minimal release of the bot by Monday, with only basic functions.
Stay tuned!

Coming from someone with a password length of only 7 (quite obvious) digits, I still see a problem.
Regardless, nothing is fully secure -- you should try as much as you can to secure it, however.

If people are trusting you with confidential information, it is your responsibility to make sure it stays that way.

Last edited by ?tilla (Dec 14 2012 11:06:13 pm)

lrussell · Before February 2015

I am, and it will. The only way the information could be accessed is if the information you inputted for the site log in is validated. And at that, it uses the means of username for connecting, which most people are unaware on how to do. So that there is both a security mechanism and a useful feature. The system is still rough but the data is secure. I've spent most of my time making sure there are no security holes. I will add some encryption though, just to be sure. I'm going to re-write the scripts in the mean time, I'm deleting all the accounts already registered until the system is finalized, and closing registration. To all the users that already signed up, the information has not been tampered with.

Official Everybody Edits Forums

#1 Before February 2015

-LeBot- Official Thread

#2 Before February 2015

Re: -LeBot- Official Thread

#3 Before February 2015

Re: -LeBot- Official Thread

#4 Before February 2015

Re: -LeBot- Official Thread

#5 Before February 2015

Re: -LeBot- Official Thread

#6 Before February 2015

Re: -LeBot- Official Thread

#7 Before February 2015

Re: -LeBot- Official Thread

#8 Before February 2015

Re: -LeBot- Official Thread

#9 Before February 2015

Re: -LeBot- Official Thread

#10 Before February 2015

Re: -LeBot- Official Thread

#11 Before February 2015

Re: -LeBot- Official Thread

#12 Before February 2015

Re: -LeBot- Official Thread

#13 Before February 2015

Re: -LeBot- Official Thread

#14 Before February 2015

Re: -LeBot- Official Thread

#15 Before February 2015

Re: -LeBot- Official Thread

#16 Before February 2015

Re: -LeBot- Official Thread

#17 Before February 2015

Re: -LeBot- Official Thread

#18 Before February 2015

Re: -LeBot- Official Thread

#19 Before February 2015

Re: -LeBot- Official Thread

#20 Before February 2015

Re: -LeBot- Official Thread

#21 Before February 2015

Re: -LeBot- Official Thread

#22 Before February 2015

Re: -LeBot- Official Thread

#23 Before February 2015

Re: -LeBot- Official Thread

#24 Before February 2015

Re: -LeBot- Official Thread

#25 Before February 2015

Re: -LeBot- Official Thread

Board footer