[Release] Bot1448 v2.1.0 - UPDATE FIX

2016-10-29 14:44:55

Updated to v0.2!

The highlight of this update is the new stalker option!

1448 wrote:

v0.2 Download
- Fixed the bug where the bot doesn't clear the online list and the chat list when disconnected.
- Fixed the "adminhelp" command not appearing in the "!help" list. (The adminhelp command had already existed, but there was no way you would have never known about it if you were new to bots.)
- You can no longer kick the owner of the bot.
- You can no longer report yourself or the owner of the bot.
- Added a stalking option to the GUI
- Added the !stalk <player> and !unstalk commands

2016-11-05 06:36:18

Released Bot1448 v1.1!
The version where the stalker was released should have been named 1.0, but it was named 0.2 instead. Silly me.
Now, it's corrected in both the changelog and the .zip file for the bot.

1448 wrote:

v1.1 Download
- Fixed bug where stalker options were not being saved.
- Fixed bug where the bot gets cranky when you modify its data files.
- Fixed bug where stalker's godmode keeps flickering on and off when it's stalking the bot's owner.

SirJosh3917 · 2016-11-05 06:56:36

If you put the bot on github I can help you with an auto updater

2016-11-06 06:42:34

ninjasupeatsninja wrote:

If you put the bot on github I can help you with an auto updater

I would, but, call me immature or stupid or whatever, I don't know how GitHub works. I don't know how to create a repository or a pull request or other stuff I don't understand.

MartenM

den3107 · 2016-11-06 17:39:28

If you use Visual Studio:
Think this should do as a tutorial, haven't watched it entirely myself.

You will require a github account and the Visual Studio plugin.

And you're not immature or whatever, only learned how to git when I started college.

capasha · 2016-11-06 17:47:25

1448 wrote:

ninjasupeatsninja wrote:
If you put the bot on github I can help you with an auto updater
I would, but, call me immature or stupid or whatever, I don't know how GitHub works. I don't know how to create a repository or a pull request or other stuff I don't understand.

Uploading your bot on Github means that you should go open source. If you don't want to go open source.
Then make a weebly site with a page and use http://pastebin.com/btPNtaGi. You could also make your own site to read from, or use githubs api to check for new versions.

MartenM

SirJosh3917 · 2016-11-07 18:55:14

capasha wrote:

Uploading your bot on Github means that you should go open source.

True, but if he doesn't want to go open source he can simply just upload the files needed that will be downloaded, overviewed, and then ran through the updater to tell it "if bot.version != updatelog.version then ask user to download updatelog.version if user.saysYes then download from updatelog.location else die"

2016-11-28 15:27:15

v1.6 is released!

After more than 4 hours of non-stop coding, Bot1448 has been updated to version 1.6!

1448 wrote:

Changelog
v1.6 Download
- The UI is now slightly bigger
- Added the Build tab to the UI
- Added the Ignore Snake option
- Added an button to toggle god mode
- Now you can send the code for a world
- Added the fill tool (the !fill <block ID> and !cancel commands)
- Added the !name command

Nebula · 2016-11-28 15:41:39

I like new UI size

1448

capasha · 2016-11-28 19:40:33

Maybe you should check if all blocks is placed with fill tool.

den3107 · 2016-12-05 09:35:18

1448 wrote:

That is because of lag; not my fault.

Isn't a public bot all about being user-friendly?

Koya

Koya · 2016-12-05 11:06:50

1448 wrote:

capasha wrote:
Maybe you should check if all blocks is placed with fill tool.
http://i.imgur.com/Mo9BRLb.png
That is because of lag; not my fault.

You can still check to see if a block that was meant to be placed has been placed and if it hasn't then try again.

lrussell, 1448

capasha · 2016-12-05 13:04:09

1448 wrote:

capasha wrote:
Maybe you should check if all blocks is placed with fill tool.
http://i.imgur.com/Mo9BRLb.png
That is because of lag; not my fault.

It's your bot. Also your fault. If you check that all blocks is placed. Then it shouldn't be any issues.

John · 2016-12-07 14:32:01

capasha wrote:

1448 wrote:
ninjasupeatsninja wrote:
<snip>
<snip>
Uploading your bot on Github means that you should go open source. If you don't want to go open source.
Then make a weebly site with a page and use http://pastebin.com/btPNtaGi. You could also make your own site to read from, or use githubs api to check for new versions.

Why not use Team Foundation Server? With that you can access it from anywhere and collaborate with others. It's even built into Visual Studio. It can also be integrated with Trello. I work on a couple programs with others and have integrated with Trello and it really is amazing.

I'd recommend it to anymore.

Era · 2016-12-07 14:45:54

Just use Bitbucket instead of github

2017-03-31 16:43:52

capasha wrote:

1448 wrote:
capasha wrote:
Maybe you should check if all blocks is placed with fill tool.
http://i.imgur.com/Mo9BRLb.png
That is because of lag; not my fault.
It's your bot. Also your fault. If you check that all blocks is placed. Then it shouldn't be any issues.

Yeah. I guess I should fix it.
So, I'm updating it to:

v1.8!

Changelog
- Silenced the bot a bit (it now PMs some messages)
- The bot can multitask now
- Modified the fill command to make it more user-friendly
- Changed how the command system works (this is more internal than external)
- The bot tells the user to add arguments to commands when they are not present
- The bot should throw less exceptions now
- Modified this forum post a bit
- Fixed a bug where some values aren't rendered
Download

./gravedig

2017-04-18 13:25:18

Bot1448 v2.0.0!

Hooray no more old download links from this update.
This is because I'm not uploading the bot binaries onto Mediafire, and instead, I'm hosting it on a server. So this means that the bot installer always installs the latest version (unless you plan on saving the older versions by downloading another installer in another folder).

Changelog
v2.0.0 Download
- Added an auto-updater. This means that you just have to download this file once, and newer versions are installed automatically! (Hooray, no need to use crappy MediaFire again)
- Added a Custom Snake tool.
- Improved block-placing! Seriously. This time, !fill should work flawlessly.
- Silenced the bot even more! Now all it says publicly (unless you enabled welcome and goodbye messages) is "Gained edit access! " and "Lost edit access! ".
- Added themes! Currently, the only theme is Dark, but I'll post a theme creator soon.

Processor · 2017-04-19 15:36:14

Oh boy, your updater is a security nightmare!

I'm going to sort my points from most likely to least likely but most devastating.

First, your bot automatically checks for updates (by downloading a botversion.dat file). This can not be turned off and it means that you can track the IP address of anyone using your bot.
In addition to that, if I blacklist your file in my firewall, your bot gives me a "Fatal Error" and exits. I believe this feature was added with malicious intent in mind just so people wouldn't bypass your updater/tracker.
Secondly, you have code to make updates mandatory so everyone has to update to be able to use your bot. Again, very suspicious.
It gets worse when you realize that this bot isn't even open source, so there is no way we could verify your updates.
Thirdly, the updater downloads the files from 1448.co.nf which is hosted by a free hosting site (biz.nf), I quick look at their login page made me realize that security is not their top priority.
The files are downloaded over HTTP and can be intercepted (and changed) by a Man in the Middle attack. A hacker could run any code they want on your machine!
The server files are not verified for their integrity in any way (look into signing). If your website is hacked, anyone could upload a virus.exe.

Thus I strongly discourage everyone from downloading or using this bot until the updater security improves.

SirJosh3917

capasha · 2017-04-19 16:02:12

Would be better to only show when there is an update. Let people to change if they want to update or not, and also a way to disable automatic checking for updates.
And like proc said, there is many ways to change the file. I self use Github because their API are awesome.

den3107 · 2017-04-19 16:02:24

Processor wrote:

In addition to that, if I blacklist your file in my firewall, your bot gives me a "Fatal Error" and exits. I believe this feature was added with malicious intent in mind just so people wouldn't bypass your updater/tracker.

I think you're a bit exaggerating here... I think it's just poor error handling.

Processor wrote:

The files are downloaded over HTTP and can be intercepted (and changed) by a Man in the Middle attack. A hacker could run any code they want on your machine!

The chances of a man in the middle is rather slim. And if you DO get one, it's usually your own fault for connecting to an insecure network. If he wouldn't send his malicious software through this application, he'll most likely find another.

Processor wrote:

Thirdly, the updater downloads the files from 1448.co.nf which is hosted by a free hosting site (biz.nf), I quick look at their login page made me realize that security is not their top priority.
The server files are not verified for their integrity in any way (look into signing). If your website is hacked, anyone could upload a virus.exe.

I do agree that the combination of these two is very risky, although I still think you're overly exaggerating for the rest.

Altogether...
Just because of those two points, I too would discourage people from downloading it, so long the auto updater is mandatory (and should show a security warning when people wish to activate it).

kubapolish, N1KF, 1448

Processor · 2017-04-19 20:21:30

Let's see:

den3107 wrote:

I think you're a bit exaggerating here... I think it's just poor error handling.

      
// public void UpdateCheck() { [...]
catch (WebException ex)
{
    this.ImDead("There is no internet connection.");
    this.Close();
}

[...]

public void ImDead(string fatalError)
{
    int num = (int) MessageBox.Show(fatalError, "Bot1448 > Fatal Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}

den3107 wrote:

The chances of a man in the middle is rather slim.

I'm sorted my points from most likely to less likely but most devastating.

den3107 wrote:

And if you DO get one, it's usually your own fault for connecting to an insecure network. If he wouldn't send his malicious software through this application, he'll most likely find another.

What? The network is insecure because 1448 is not using TLS. There is no such thing as a "secure network" on HTTP over the internet (think of all the different ISP computers that could be infected, and no, the burden of security is on the software developer not the end user.)

Also, I'd be very alarmed if someone figured out that ANY software I have on my computer has a similar flaw in their updater. You make it sound like it is the norm for updaters to be this insecure, but this is a very serious issue and it can compromise entire systems.

LukeM

den3107 · 2017-04-19 22:38:33

Processor wrote:

den3107 wrote:
And if you DO get one, it's usually your own fault for connecting to an insecure network. If he wouldn't send his malicious software through this application, he'll most likely find another.
What? The network is insecure because 1448 is not using TLS. There is no such thing as a "secure network" on HTTP over the internet (think of all the different ISP computers that could be infected, and no, the burden of security is on the software developer not the end user.)
Also, I'd be very alarmed if someone figured out that ANY software I have on my computer has a similar flaw in their updater. You make it sound like it is the norm for updaters to be this insecure, but this is a very serious issue and it can compromise entire systems.

Right... Forgot about the fact a man in the middle can also be on your internet route (generally, in my class, only hear about them on the same netwerk (for example with a Pineapple)).

I also wasn't talking about them getting to you through other updaters, but rather other services/websites that might not use the HTTPS protocol yet. For example these forums: while they do appear to have an HTTPS certificate, you're not automatically redirected to the HTTPS version when opening it with HTTP.
Then still... People can put images/gifs on here that are over HTTP like this one that was posted just 5 minutes ago (love you, Doh), exposing you nonetheless.

But I'm getting kinda off-topic (security in general vs security of this specific bot), so I'd suggest either making a new topic about it or continuing this in PM, if you'd feel like it.

Processor

LukeM · 2017-04-19 22:49:50

About these forums not redirecting to HTTPS:
It doesnt matter as much with websites, unless it is something that needs to be secure like a banking site, or a software hosting site, because there isnt much that you can do without the users permission
With software however, you can do almost anything, especially because it just downloads a file and runs it, so even if there was an 'do you want to allow this' popup, you would probably click yes because you are expecting it to need to run something

Processor

2017-04-22 16:44:51

Processor wrote:

First, your bot automatically checks for updates (by downloading a botversion.dat file). This can not be turned off and it means that you can track the IP address of anyone using your bot.

I never thought of logging IP addresses.
And I still wouldn't gain much if I did log it and damage your PC.

Also, because you pointed out that:

Processor wrote:

the updater downloads the files from 1448.co.nf which is hosted by a free hosting site (biz.nf)

that's more proof that I don't have much power. Those guys won't let me upload a .htaccess file, even for a simple reason like creating custom error pages. I don't know why that's relevant here, but I think it gives you an idea of what freedom they give me.

I use the site because it has a convincing domain extension (.co.nf - looks kinda legit), and also because Hostinger got messed up and will let me use only paid plans because I accidentally created an infinite PHP loop, and refreshed the webpage multiple times to see if I fixed it. Plus, other hosting sites have ugly domain extensions. (1448.000webhostapp.com? No thanks.)

Processor wrote:

Secondly, you have code to make updates mandatory so everyone has to update to be able to use your bot. Again, very suspicious.

I'll implement an option to change it next update. Sure.

Processor wrote:

It gets worse when you realize that this bot isn't even open source, so there is no way we could verify your updates.

It is still decompilable. You already have my code right here:

Processor wrote:

// public void UpdateCheck() { [...]
catch (WebException ex)
{
    this.ImDead("There is no internet connection.");
    this.Close();
}

[...]

public void ImDead(string fatalError)
{
    int num = (int) MessageBox.Show(fatalError, "Bot1448 > Fatal Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}

You can't get your hands on that if you didn't decompile the thing.

Processor wrote:

free hosting site (biz.nf), I quick look at their login page made me realize that security is not their top priority.
The files are downloaded over HTTP and can be intercepted (and changed) by a Man in the Middle attack. A hacker could run any code they want on your machine!
The server files are not verified for their integrity in any way (look into signing). If your website is hacked, anyone could upload a virus.exe.

I honestly don't want to have to pay real money to host a stupid bot and a stupid webpage for a laggy online flash game. I know that my stuff is one of the worst. I've had 0 experience in C# outside EE. In fact, I have 0 experience in class-oriented programming outside EE. Except maybe the new class-oriented version of PHP (version 7) and I've not even used it much.

Also, I haven't spent a single <insert currency denomination here> on software online. The Windows 10 I run is from a CD. I won't make an exception for hosting a website.

I know I suck at coding, so please don't tell me that I suck at coding. I'll try to fix it next time (assuming there is even a next time).

kubapolish

Myst · 2017-04-22 17:45:53

1448, your bot got a problem

▼big

Official Everybody Edits Forums

#26 2016-10-29 14:44:55

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

Updated to v0.2!

#27 2016-11-05 06:36:18, last edited by 1448 (2016-11-05 06:37:55)

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#28 2016-11-05 06:56:36

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#29 2016-11-06 06:42:34

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#30 2016-11-06 17:39:28

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#31 2016-11-06 17:47:25

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#32 2016-11-07 18:55:14

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#33 2016-11-28 15:27:15

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

v1.6 is released!

Changelog

#34 2016-11-28 15:41:39

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#35 2016-11-28 19:40:33

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#36 2016-12-05 09:35:18

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#37 2016-12-05 11:06:50

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#38 2016-12-05 13:04:09

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#39 2016-12-07 14:32:01

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#40 2016-12-07 14:45:54

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#41 2017-03-31 16:43:52

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

v1.8!

#42 2017-04-18 13:25:18

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

Bot1448 v2.0.0!

Changelog

#43 2017-04-19 15:36:14, last edited by Processor (2017-04-19 15:39:15)

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#44 2017-04-19 16:02:12

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#45 2017-04-19 16:02:24, last edited by den3107 (2017-04-19 16:02:45)

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#46 2017-04-19 20:21:30, last edited by Processor (2017-04-19 21:00:21)

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#47 2017-04-19 22:38:33

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#48 2017-04-19 22:49:50

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#49 2017-04-22 16:44:51

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

#50 2017-04-22 17:45:53

Re: [Release] Bot1448 v2.1.0 - UPDATE FIX

Board footer