86 replies to this topic

[Dlcruz129]

tiin57, on 14 November 2012 - 12:08 PM, said:

dlcruz129, on 13 November 2012 - 11:05 AM, said:

...now I'm a professional scripter!...

Not quite. You have a ways to go, young Padawan.

I know, I'm making fun of the ranking system here. I still make some of the BIGGEST, STOOPIDEST, mistakes.

[Jasonfran]

Human, on 15 November 2012 - 10:35 AM, said:

Jasonfran, on 15 November 2012 - 08:56 AM, said:

Feel free to create your own, you can send requests to my website as well if you want. It was really just a test and to prove it can be done. And technically I am still a noob /> lol. Feel free to do what you want.

Also there isn't really any security problems. Everything is kept secure server side. You can't view other peoples emails and you would be stupid to remove client side hashing as it is safer than encrypting it server side as it gets sent hashed and not in plain text

People can setup a program in C or other languages that use proxies to constantly spam the database, which will fill up the database and/or crash the site. There is a reason I am good at finding exploits...

What about just blocking the amount of requests per second. So if the person requests 5 times in under a second then it will block the IP, if its a proxy IP then it will block that.

[Sammich Lord]

Jasonfran, on 15 November 2012 - 08:17 PM, said:

Human, on 15 November 2012 - 10:35 AM, said:

Jasonfran, on 15 November 2012 - 08:56 AM, said:

Feel free to create your own, you can send requests to my website as well if you want. It was really just a test and to prove it can be done. And technically I am still a noob /> lol. Feel free to do what you want.

Also there isn't really any security problems. Everything is kept secure server side. You can't view other peoples emails and you would be stupid to remove client side hashing as it is safer than encrypting it server side as it gets sent hashed and not in plain text

People can setup a program in C or other languages that use proxies to constantly spam the database, which will fill up the database and/or crash the site. There is a reason I am good at finding exploits...

What about just blocking the amount of requests per second. So if the person requests 5 times in under a second then it will block the IP, if its a proxy IP then it will block that.

Well first off, I can make it only request 4 times a second(4 accounts per second) I can also have it use a list of over a thousand proxies and have about 10 processes of this running at once. So, there is no way to avoid this.

[Jasonfran]

Human, on 15 November 2012 - 09:04 PM, said:

Jasonfran, on 15 November 2012 - 08:17 PM, said:

Human, on 15 November 2012 - 10:35 AM, said:

Jasonfran, on 15 November 2012 - 08:56 AM, said:

Feel free to create your own, you can send requests to my website as well if you want. It was really just a test and to prove it can be done. And technically I am still a noob /> lol. Feel free to do what you want.

Also there isn't really any security problems. Everything is kept secure server side. You can't view other peoples emails and you would be stupid to remove client side hashing as it is safer than encrypting it server side as it gets sent hashed and not in plain text

People can setup a program in C or other languages that use proxies to constantly spam the database, which will fill up the database and/or crash the site. There is a reason I am good at finding exploits...

What about just blocking the amount of requests per second. So if the person requests 5 times in under a second then it will block the IP, if its a proxy IP then it will block that.

Well every server with a mysql database will have the same problem then if there is no way to stop it.
Well first off, I can make it only request 4 times a second(4 accounts per second) I can also have it use a list of over a thousand proxies and have about 10 processes of this running at once. So, there is no way to avoid this.

[rhyleymaster]

Hey, Why not host 2 servers? One as a secondary incase the first server cannot be reached?

[Jasonfran]

rhyleymaster, on 16 November 2012 - 10:14 AM, said:

Hey, Why not host 2 servers? One as a secondary incase the first server cannot be reached?

I
I could

[rhyleymaster]

Jasonfran, on 16 November 2012 - 10:43 AM, said:

rhyleymaster, on 16 November 2012 - 10:14 AM, said:

Hey, Why not host 2 servers? One as a secondary incase the first server cannot be reached?

I
I could

The only problem I see is that you would need to have them synchronized.

[Sammich Lord]

rhyleymaster, on 16 November 2012 - 08:40 PM, said:

Jasonfran, on 16 November 2012 - 10:43 AM, said:

rhyleymaster, on 16 November 2012 - 10:14 AM, said:

Hey, Why not host 2 servers? One as a secondary incase the first server cannot be reached?

I
I could

The only problem I see is that you would need to have them synchronized.

Or people will still constantly spam both servers, so you would still waste twice as much money for both servers.

[Jasonfran]

Human, on 16 November 2012 - 09:11 PM, said:

rhyleymaster, on 16 November 2012 - 08:40 PM, said:

Jasonfran, on 16 November 2012 - 10:43 AM, said:

rhyleymaster, on 16 November 2012 - 10:14 AM, said:

Hey, Why not host 2 servers? One as a secondary incase the first server cannot be reached?

I
I could

The only problem I see is that you would need to have them synchronized.

Or people will still constantly spam both servers, so you would still waste twice as much money for both servers.

I have spent no money on any servers. I can have as many as I desire

[Sammich Lord]

Jasonfran, on 17 November 2012 - 06:15 AM, said:

Human, on 16 November 2012 - 09:11 PM, said:

rhyleymaster, on 16 November 2012 - 08:40 PM, said:

Jasonfran, on 16 November 2012 - 10:43 AM, said:

rhyleymaster, on 16 November 2012 - 10:14 AM, said:

Hey, Why not host 2 servers? One as a secondary incase the first server cannot be reached?

I
I could

The only problem I see is that you would need to have them synchronized.

Or people will still constantly spam both servers, so you would still waste twice as much money for both servers.

I have spent no money on any servers. I can have as many as I desire

You would be wasting the time having to code something to sync them since people could just spam all of them. Our, people could just fill up the databases by constantly requesting a new file creation while using a ton of proxies.

[rhyleymaster]

Human, on 17 November 2012 - 07:52 AM, said:

Jasonfran, on 17 November 2012 - 06:15 AM, said:

Human, on 16 November 2012 - 09:11 PM, said:

rhyleymaster, on 16 November 2012 - 08:40 PM, said:

Jasonfran, on 16 November 2012 - 10:43 AM, said:

rhyleymaster, on 16 November 2012 - 10:14 AM, said:

Hey, Why not host 2 servers? One as a secondary incase the first server cannot be reached?

I
I could

The only problem I see is that you would need to have them synchronized.

Or people will still constantly spam both servers, so you would still waste twice as much money for both servers.

I have spent no money on any servers. I can have as many as I desire

You would be wasting the time having to code something to sync them since people could just spam all of them. Our, people could just fill up the databases by constantly requesting a new file creation while using a ton of proxies.

That is actually very true. Why not add a line of code that denies access if you are using a Proxy?

[TheVarmari]

Help please

[GravityScore]

To solve issues with the need for the StringUtils API, I thought you might like a single-function SHA1 function. I wrote this a while ago as I needed it in a project, but your free to use it in this project if you want. I compiled it from bits and pieces in the StringUtil API by Thomas Farr. Remember to retain the credit to him that is at the top of the code.

Code can be found here.

[Jasonfran]

GravityScore, on 18 November 2012 - 08:53 PM, said:

To solve issues with the need for the StringUtils API, I thought you might like a single-function SHA1 function. I wrote this a while ago as I needed it in a project, but your free to use it in this project if you want. I compiled it from bits and pieces in the StringUtil API by Thomas Farr. Remember to retain the credit to him that is at the top of the code.

Code can be found here.

Nice. I'll implement that next time I am on my PC

[AndreWalia]

This is awesome! mind if I use it in my OS?? I will put you in credits,Special thanks, and about!
http://bit.ly/XqukFn

please note that for it to work with my OS I will have to tweak the script VERY LITTLE. i just made it work on my OS (but i didn't release that version of the OS) and i only edited 4 lines!
you're the only person i need permission from because the API license says i don't need to ask :3

[AndreWalia]

i think you should add the ability to be able to add a description to your account and see other users descriptions by typing in their name.

[GravityScore]

Jasonfran, on 19 November 2012 - 06:18 AM, said:

GravityScore, on 18 November 2012 - 08:53 PM, said:

To solve issues with the need for the StringUtils API, I thought you might like a single-function SHA1 function. I wrote this a while ago as I needed it in a project, but your free to use it in this project if you want. I compiled it from bits and pieces in the StringUtil API by Thomas Farr. Remember to retain the credit to him that is at the top of the code.

Code can be found here.

Nice. I'll implement that next time I am on my PC

I'll do it for you />

ID: kPDsWse9

[PixelToast]

a user named bp001 joined my server today, he made a program spamming your site with this line:

http.request("http://computercraftemail.tk/Send.php","message=RE:+your+mom+"..b.."username=1337Hax0r&password=PixelToast was here&loginname=1337Hax0r")

b is set by a weird function that makes a random set of characters
i banned him after i figured out he was doing this

[computercraftprogrammer]

LOL love how it has PHP documents on the Notepad++, Do you program with php? I do, my website is customly programmed by me. (NOT THE FORUM!)

[computercraftprogrammer]

Also, i dont advise allowing people to send emails from your server, most website servers have limited email sending, and people may use this for evil, and spam it.