by Indian andhra » Fri Aug 20, 2021 1:18 am
by Indian andhra » Fri Sep 03, 2021 9:42 am
by Islands Of Ventro » Tue Sep 07, 2021 4:43 am
by Indian andhra » Thu Sep 23, 2021 3:12 am
by Twertis » Thu Sep 23, 2021 1:18 pm
by Indian andhra » Fri Sep 24, 2021 2:29 am
Twertis wrote:You clearly have no idea how to code.
Getting the daily dumps is trivial (use requests and xmltodict). And you were ratelimited because the API rate limits based on IPs, not useragents. You can't limit your requests based on different users, because all requests are made by the server hosting the bot.
So, where are you getting your code from? Would you even understand the code you take? Why should we trust this bot?
This is constructive criticism. I recommend you use the copious resources available online to get up to snuff. There are free YouTube videos, books, and online courses. As well as pretty well-made reference manuals for Python and all major libraries. You could, if you wish, watch every (or at least most) Coursera class for free by simply auditing the class (you won't receive a certificate is all)— there's lots and lots of great coding stuff there.
by North American Imperial State » Fri Sep 24, 2021 2:42 am
by Indian andhra » Fri Sep 24, 2021 4:44 am
North American Imperial State wrote:Doesn't Nationstates already have an API that sends TGs out automatically?
Yes, they do, its how your spammed with all those TGs from those random Ros off regions you probably have never heard off or look at (No offence recruiters), also, it can't recruit on the RMB, because a lot of regions don't have the tag "Recruiter Friendly", which bans all recruiting on there RMB, so unless that bot can detect that tag (Which i will test, right now on one of my alt regions that i don't give two shits about, its just a N-day puppet storage) if it even works, will report back later
by Indian andhra » Sat Sep 25, 2021 4:26 am
by Indian andhra » Tue Sep 28, 2021 4:16 am
by Zizou » Wed Sep 29, 2021 12:17 am
Parxland wrote:It might somehow give me STDs through the computer screen with how often you hop between different groups of people.
by Indian andhra » Wed Sep 29, 2021 4:31 am
Zizou wrote:For anybody who may be considering using this tool for regional recruitment, I would highly advise staying away from it for the time being. In addition to the concerns Twertis mentioned earlier, the project as a whole is of dubious quality, and may present some security concerns at moment (there was a token leak earlier which may or may not have been remedied). If you're looking for a regional recruitment tool, there are plenty of reputable alternatives here.
by Indian andhra » Wed Sep 29, 2021 4:49 am
come to server talk to me directly https://discord.gg/K3js9cctIndian andhra wrote:North American Imperial State wrote:Doesn't Nationstates already have an API that sends TGs out automatically?
Yes, they do, its how your spammed with all those TGs from those random Ros off regions you probably have never heard off or look at (No offence recruiters), also, it can't recruit on the RMB, because a lot of regions don't have the tag "Recruiter Friendly", which bans all recruiting on there RMB, so unless that bot can detect that tag (Which i will test, right now on one of my alt regions that i don't give two shits about, its just a N-day puppet storage) if it even works, will report back later
I cannot understand what you are saying come to support server and talk to me directly if I cannot answer come here and complain
by Indian andhra » Wed Sep 29, 2021 4:53 am
by United Calanworie » Fri Oct 01, 2021 1:46 am
by Flanderlion » Fri Oct 01, 2021 2:20 am
United Calanworie wrote:For anybody wondering what "minor security problems" are, they include such wonderful things as storing your nation password in plaintext. Also client keys.
For more details, check out my writeup here. I've also provided the code for anyone curious/willing to risk their sanity enough to check it out. It's certainly something.
If you want to just look at the code, it's here, on my GitHub.
by Wormfodder Delivery » Fri Oct 01, 2021 2:23 am
United Calanworie wrote:For anybody wondering what "minor security problems" are, they include such wonderful things as storing your nation password in plaintext. Also client keys.
For more details, check out my writeup here. I've also provided the code for anyone curious/willing to risk their sanity enough to check it out. It's certainly something.
If you want to just look at the code, it's here, on my GitHub.
It is now safe to keep playing.
by Indian andhra » Fri Oct 01, 2021 2:43 am
I agree to all these and ready to face action from now I don't want to do anything wrong it is in development I am not perfect in codingWormfodder Delivery wrote:United Calanworie wrote:For anybody wondering what "minor security problems" are, they include such wonderful things as storing your nation password in plaintext. Also client keys.
For more details, check out my writeup here. I've also provided the code for anyone curious/willing to risk their sanity enough to check it out. It's certainly something.
If you want to just look at the code, it's here, on my GitHub.
Yeah, kinda expected that the bot was like that. Thanks for the information.
by Indian andhra » Fri Oct 01, 2021 3:55 am
by Omnicontrol » Fri Oct 01, 2021 7:56 am
United Calanworie wrote:It only is "absent" in F7 because nobody previews their posts because they're trying to move at the speed of mach fuck to not get ninjd.
Reventus Koth wrote:you're right guys my bad the next time i write a treaty i'll make sure to leave the possibility of raiding the other signatory on the table
Mlakhavia wrote:TCB arent fascists, we are simply the People
the People have a Stick
We use it to Whack piddly rightist frontiers
United Calanworie wrote:Us mods don't do shit.
[violet] wrote:lol
United Calanworie wrote:what in tarnation
by Twertis » Fri Oct 01, 2021 12:25 pm
United Calanworie wrote:For anybody wondering what "minor security problems" are, they include such wonderful things as storing your nation password in plaintext. Also client keys.
For more details, check out my writeup here. I've also provided the code for anyone curious/willing to risk their sanity enough to check it out. It's certainly something.
If you want to just look at the code, it's here, on my GitHub.
Uh, it’s also got silent failure conditions, and is confusing in the fact that it’s now using ElementTree despite using lxml and BeautifulSoup earlier. No clue why the switch.
You’ve also used f-strings wrong, so the User-Agent is now just “nation,” instead of the actual nation that the user starts the command with.
and it doesn’t even save the nation, it just saves the string “nation.”
When Balasai gave me the code, he also gave me the password to his nation. Don’t ask me why. He saved it in a .json file in the bot folder, and then just… uploaded the .zip to our DMs. Again, cavalier attitude towards security overall. Don’t trust this bot.
if str(ctx.author.id) in list(data):
with open("generalaccess.json", "r") as file:
data = json.load(file)
data.append(guildid)
with open("generalaccess.json", "w") as file:
json.dump(data, file)
await ctx.channel.send("gave access to guild")
by United Calanworie » Fri Oct 01, 2021 3:23 pm
Twertis wrote:United Calanworie wrote:For anybody wondering what "minor security problems" are, they include such wonderful things as storing your nation password in plaintext. Also client keys.
For more details, check out my writeup here. I've also provided the code for anyone curious/willing to risk their sanity enough to check it out. It's certainly something.
If you want to just look at the code, it's here, on my GitHub.
My suspicions were right. I really appreciate your documentation of the security issues. It could help future devs to see what NS users expect in terms of security.
Twertis wrote:And these are by no means minor issues. A token leak? Plaintext passwords?
Why would you even consider passwords? At worst, you should store X-Pins and simply tell players not to log in if they want to use the bot for that nation.
Twertis wrote:And in Python you can rate limit by doing a sleep(.6) or checking a variable / attribute for when the last request was (for greater speed)— it's very easy. (edit: don't use sleep() for aync functions)
Twertis wrote:A useragent defines who's accessing the site— a browser will provide its version, for example. In the case of an API, you need to give at least some way to quickly contact you, like an email. And make the useragent consistent. Something like this: "Release Discord Bot; link to thread: [link]; email: [email]".
Twertis wrote:Uh, it’s also got silent failure conditions, and is confusing in the fact that it’s now using ElementTree despite using lxml and BeautifulSoup earlier. No clue why the switch.
Clear evidence that the "author" of this bot copied that code from somewhere else, and apparently without attribution. I definitely don't see why you'd need anything more than lxml to parse API requests.
Twertis wrote:You’ve also used f-strings wrong, so the User-Agent is now just “nation,” instead of the actual nation that the user starts the command with.and it doesn’t even save the nation, it just saves the string “nation.”
Probably a lack of understanding of variables.
Twertis wrote:When Balasai gave me the code, he also gave me the password to his nation. Don’t ask me why. He saved it in a .json file in the bot folder, and then just… uploaded the .zip to our DMs. Again, cavalier attitude towards security overall. Don’t trust this bot.
Lol.
Edit:
lol what is this:
- Code: Select all
if str(ctx.author.id) in list(data):
with open("generalaccess.json", "r") as file:
data = json.load(file)
data.append(guildid)
with open("generalaccess.json", "w") as file:
json.dump(data, file)
await ctx.channel.send("gave access to guild")
by United Calanworie » Fri Oct 01, 2021 3:26 pm
Flanderlion wrote:United Calanworie wrote:For anybody wondering what "minor security problems" are, they include such wonderful things as storing your nation password in plaintext. Also client keys.
For more details, check out my writeup here. I've also provided the code for anyone curious/willing to risk their sanity enough to check it out. It's certainly something.
If you want to just look at the code, it's here, on my GitHub.
I just want to say, I appreciated the write-up.
Wormfodder Delivery wrote:United Calanworie wrote:For anybody wondering what "minor security problems" are, they include such wonderful things as storing your nation password in plaintext. Also client keys.
For more details, check out my writeup here. I've also provided the code for anyone curious/willing to risk their sanity enough to check it out. It's certainly something.
If you want to just look at the code, it's here, on my GitHub.
Yeah, kinda expected that the bot was like that. Thanks for the information.
Advertisement
Users browsing this forum: Vive Salem
Advertisement