Welcome login | signup
Language en es fr
OccupyForum

Forum Post: Demystifying bots, a few ideas to hamper them, and why you should not listen to a cook

Posted 11 years ago on May 18, 2012, 11:34 a.m. EST by GailSummers (-6)
This content is user submitted and not an official statement

Hi, my name is Thrasymaque

Some users here already know me since I used to use this site extensively. Many here consider me a troll because I attacked conspiracy theorists with bots. I consider myself a friend and supporter of OWS. The thing is, I criticized the movement to help it. I really believed, and still believe, that we can only change the world for the better through logic and science and that all pseudosciences must be eliminated (especially 911 truthers). Unfortunately, conspiracy theorists seem to have infiltrated the movement.

After a few months of hiatus, I took a look at the site a few days ago and noticed some users were under a bot attack. Since I know how to make bots and have used some on this site before, I'd like to help people understand how they work and how they could be stopped, or, at least, hampered.

About Bots

First, one must understand how bots work. It's very simple. Each time you do something on this site like login, send a message, etc... a request is sent to the OWS server. What a bot does is that is automates this request instead of forcing you to do it manually. For example, I can run a script that will login a user, post a message, down vote a user, and logout all in one go. This can be done very fast and there is no need to babysit the bot. Essentially, anything you can do manually can be done automatically by a bot. Plus, a bot can do things that can't be done so easily manually.

Correcting a Cook

Now, before I explain how a down voting bot might work, I want to correct a false statement a cook as been making on this site. He has said many times that if a user has -10 karma points it cannot be a bot because a bot would cause the user to have -100 or something of the sort. This is false, ludicrous, and shows why cooks are not programmers.

  1. A bot does whatever you program it to do (if it's possible). If you want to make a bot that takes out 1 point, and not 100, it is entirely possible.
  2. A good down voting bot will go unnoticed as much as possible since it does not want to get caught. Why down vote to -100 and give yourself away when you can down vote to -6 or -10 and still have the comments collapse.
  3. As I will explain shortly, it takes much longer to down vote to -100 then it does to -10.

How Down Voting Bot Works

Making a bot to down vote a specific user is easy.

First, you send a scout bot. Every 10 minutes or so, you send a bot which looks at all the Recent Comments and grabs the comment numbers of the user you are targeting. You then store these numbers in a database or flat file.

Then, you login a bot, and have him down vote all the comment numbers in the database unless they have already reached -10 or whatever limit you want to set. Remember, bots have the same limitations has humans. They down votes are also limited, so if you keep down voting a comment below -10 you might run out of down votes and will not be able to down vote a fresh comment. Also, AND THIS IS WHAT THE COOK DOES NOT UNDERSTAND, is that a bot can only down vote 1 times just like a normal user. So, you need to logout and login another username to keep down voting. If you want to down vote someone to -100 for example, you need 100 usernames.

Ways To Hamper Bots

i said a bot can do anything you can do manually. I lied, automating the passing of Captcha challenges is hard! So, I had to manually create my users before they could become a bot. This leads us to the first way of limiting bots:

  1. Login Captcha Like I said, if I wanted to down vote a user to -10, I had to login a user, down vote, logout, then repeat with 9 other users. Now, if there is a Captcha on login it means I can no longer login automatically. This would slow down a bot attack enormously! An attacker using this scheme would have to babysit is bot, and could not do like I was doing (I would have a script running my bots every 10 minutes while I was out drinking beer with my friends).

  2. Real Ban Admins shadow ban the users they don't like. The idea of a shadow ban is that a user is banned without knowing it. He can see his posts, but no one else can. It doesn't really work because if you are shadow banned and make a new comment the thread doesn't go at the top of the pile which means you know right away you've been shadow ban and so proceed to create a new user. More importantly, a user which is shadow banned CAN STILL DOWN VOTE, SEND MESSAGES, etc... LIke I said earlier, you need many users if you want to down vote to low scores and do such things as send message bombs. Jart shadow banned Thrasymaque months ago, but I can still use this character with a bot to down vote or send messages. If the admins banned a user completely, it means an attacker would constantly need to create new users by hand.

I wrote this really quickly, sorry about that. I hope it can be useful. BTW - I have not attacked the site since last time around which was months back. I don't have my bots anymore, so don't ask for the code. I destroyed them so as not to be tempted to use them any longer. I have no idea who was attacking the site as of late.

0 Comments

0 Comments


Read the Rules