Yeah so I got this message on aim today, figured id go ahead and share the conversation. Didnt really see an area fitting for this other than here so I posted it. If its in the wrong place move it please.
I had scanned the bot a long time ago so I knew it was backdoored from the start.
Quotenesucks2 (12:38:54 PM): http://geno.bot.nu/ -- Genocide 1.2c (comes with 400 working sc keys!)
Not Skeptical (12:39:04 PM): uses BNLS?
nesucks2 (12:39:08 PM): yup
Not Skeptical (12:39:13 PM): you're a dumbass
nesucks2 (12:41:28 PM): http://geno.bot.nu/ -- Genocide 1.2c (comes with 400 working sc keys!)
nesucks2 (12:41:31 PM): did u dl it yet?
Not Skeptical (12:42:11 PM): no, and im not going to, and anyone that does is a dumbass
nesucks2 (12:42:18 PM): y not
Not Skeptical (12:42:27 PM): #1, it uses BNLS
Not Skeptical (12:43:00 PM): and id rather not massload on someones server whos making an effort to help the battle.net community
nesucks2 (12:43:11 PM): ROFL
nesucks2 (12:43:14 PM): who gives a shit
nesucks2 (12:43:32 PM): u just send a couple thousand packets
nesucks2 (12:43:33 PM): to bnls
Not Skeptical (12:43:43 PM): ....
Not Skeptical (12:44:16 PM): let me tell you how cool you are
Not Skeptical (12:44:19 PM): not very
nesucks2 (12:44:32 PM): 400 working sc keys
nesucks2 (12:44:40 PM): the bot comes with 400 working sc keys....
Not Skeptical (12:44:51 PM): i dont want to join your botnet
Not Skeptical (12:44:53 PM): no thanks
Not Skeptical (12:45:02 PM): you're an idiot
Not Skeptical (12:45:15 PM): and because of your awesome source ripping abilities
Not Skeptical (12:45:37 PM): you're just pushing the idea skywing could have to make BNLS private
nesucks2 (12:46:00 PM): ROFL
nesucks2 (12:46:02 PM): no im not
Not Skeptical (12:46:06 PM): how are you not
Not Skeptical (12:46:23 PM): he'lll just take it down
nesucks2 (12:46:24 PM): LOL
nesucks2 (12:46:31 PM): did u see the 1k+ load last nite?
nesucks2 (12:46:34 PM): :-)
nesucks2 (12:46:42 PM): he needs to shut the fuck up
Not Skeptical (12:46:46 PM): LOL
Not Skeptical (12:46:52 PM): skywing needs to shutup
Not Skeptical (12:47:01 PM): he did all that programming so you could load 1k+
nesucks2 (12:47:06 PM): good
Not Skeptical (12:47:12 PM): and you're dissing on him
Not Skeptical (12:47:15 PM): you're cool man
nesucks2 (12:47:16 PM): i dont give a shit
Not Skeptical (12:48:30 PM): i just find it funny how you condone ruining a free service when you yourself are using it
nesucks2 (12:48:38 PM): no
nesucks2 (12:48:52 PM): i neither condone or condemn it since the free service is an entity
Not Skeptical (12:49:10 PM): apparently you do condone it since you're doing it
nesucks2 (12:49:24 PM): i dont forgive a thing
nesucks2 (12:49:27 PM): i just use it
nesucks2 (12:49:33 PM): just like i use a chair
Not Skeptical (12:49:55 PM): ok so you hit your kids to make them be good
Not Skeptical (12:50:04 PM): but beating them everyday for fun is also neccisary
nesucks2 (12:50:05 PM): lol
Not Skeptical (12:50:09 PM): ?
nesucks2 (12:50:15 PM): thats different
Not Skeptical (12:50:20 PM): thats what you're doing
Not Skeptical (12:50:21 PM): exactly
nesucks2 (12:50:21 PM): becuse they aren't just things
nesucks2 (12:50:22 PM): no
nesucks2 (12:50:28 PM): the thing doesn't have life
nesucks2 (12:50:36 PM): and doesn't react
Not Skeptical (12:50:54 PM): its someones creation, someones creation in which they can take down at any time due to abuse
nesucks2 (12:51:00 PM): so
Not Skeptical (12:51:05 PM): and what are you doing
Not Skeptical (12:51:07 PM): abusing it
nesucks2 (12:51:08 PM): i dont care
Not Skeptical (12:51:09 PM): therefore
nesucks2 (12:51:17 PM): its intrepeted as abuse
Not Skeptical (12:51:18 PM): you condone beating your kids everyday for fun
nesucks2 (12:51:22 PM): I intrepete as using it
Not Skeptical (12:51:30 PM): using it
nesucks2 (12:51:34 PM): intrepet*
Not Skeptical (12:51:34 PM): lol
nesucks2 (12:51:42 PM): damnspelling -.-
Not Skeptical (12:51:53 PM): l2uthless chat uses it, because it does specifically what its suppose to
nesucks2 (12:52:07 PM): rofl
nesucks2 (12:52:11 PM): fuck chatbots
nesucks2 (12:52:14 PM): spambots are good
nesucks2 (12:52:17 PM): i got
nesucks2 (12:52:19 PM): 200 loaded on east
nesucks2 (12:52:21 PM): now loading CR
Not Skeptical (12:52:24 PM): wow
Not Skeptical (12:52:27 PM): you're leet skeet huh?
Not Skeptical (12:52:44 PM): it wont last long, with people like you around
nesucks2 (12:52:46 PM): shit i loaded on war3
nesucks2 (12:52:49 PM): to risky
nesucks2 (12:53:10 PM): if bnls is down
nesucks2 (12:53:15 PM): ill just create local hashing
Not Skeptical (12:53:19 PM): LOL
Not Skeptical (12:53:19 PM): LOL
Not Skeptical (12:53:54 PM): if you can then fucking do it and dont abuse someone elses shit whom is making an effort to help a community in which he takes very little part in
nesucks2 (12:54:06 PM): naw
nesucks2 (12:54:11 PM): i'lll rather use bnls
Not Skeptical (12:54:20 PM): because you can't do local hashing
nesucks2 (12:54:25 PM): yes i can
nesucks2 (12:54:31 PM): its damn easy
Not Skeptical (12:54:39 PM): PMAC doesnt work anymore idiot
nesucks2 (12:54:45 PM): IX86
nesucks2 (12:54:49 PM): hashing
Not Skeptical (12:54:58 PM): sure, if its "damn" easy
Not Skeptical (12:55:11 PM): then do it you lieing sack of shit
nesucks2 (12:55:16 PM): rofl
nesucks2 (12:55:19 PM): naw
Not Skeptical (12:55:22 PM): and quit relying on someone elses work
nesucks2 (12:55:29 PM): im not relying on someone elses work
Not Skeptical (12:55:35 PM): how are you not?
nesucks2 (12:55:43 PM): because
nesucks2 (12:55:47 PM): genocide is made from me
Not Skeptical (12:55:56 PM): and it uses BNLS
Not Skeptical (12:55:58 PM): which is made by..
nesucks2 (12:56:01 PM): no
nesucks2 (12:56:10 PM): bnls
nesucks2 (12:56:24 PM): it sends eletric signals to bnls
nesucks2 (12:56:29 PM): and bnls uses itself
nesucks2 (12:56:32 PM): and sends them back
Not Skeptical (12:56:51 PM): using what from BNLS?
nesucks2 (12:56:57 PM): umm
nesucks2 (12:57:02 PM): your using the tcp/ip protocal
nesucks2 (12:57:07 PM): stop using someone elses work!
nesucks2 (12:57:11 PM): ur using windows
nesucks2 (12:57:17 PM): stop using someone elses work!
Not Skeptical (12:57:21 PM): lol
nesucks2 (12:57:21 PM): go make ur own os
Not Skeptical (12:57:23 PM): im not abusing it
Not Skeptical (12:57:27 PM): im using it as i should
nesucks2 (12:57:29 PM): what is abuse then?
Not Skeptical (12:57:42 PM): wow
Not Skeptical (12:57:54 PM): you're amazing
nesucks2 (12:58:09 PM): what you think is abuse is your opinion
nesucks2 (12:58:38 PM): v
nesucks2 (12:58:39 PM): http://geno.bot.nu/ -- Genocide 1.2c (comes with 400 working sc keys!)
Not Skeptical (12:58:46 PM): using something or someone in a method in which they're not suppose to be used
nesucks2 (12:58:57 PM): yeah
nesucks2 (12:58:59 PM): so
nesucks2 (12:59:01 PM): using bots on bnet
nesucks2 (12:59:06 PM): bots aren't supposed go on bnet
Not Skeptical (12:59:08 PM): ...
nesucks2 (12:59:10 PM): so ur abusing bnet
nesucks2 (12:59:20 PM): yet thats ok, since you believe that its not abuse
Not Skeptical (12:59:23 PM): obviously
nesucks2 (12:59:36 PM): your opinion thinks loading bots on bnet isn't abuse
Not Skeptical (12:59:43 PM): i think it is abuse
nesucks2 (1:00:08 PM): so what?
Not Skeptical (1:00:26 PM): according to the TOS of bnet loading bots is abuse
Not Skeptical (1:00:27 PM): but
Not Skeptical (1:00:40 PM): we break that anyways, who doesnt, the point is
nesucks2 (1:00:51 PM): what are the consequences that would occur since you believe its abuse?
Not Skeptical (1:01:04 PM): you're absuing something ran by someone like you and me whom is making an effort to help the battle.net community
nesucks2 (1:01:15 PM): i dont give a fuck
Not Skeptical (1:01:21 PM): point proven
Not Skeptical (1:01:29 PM): so stop trying to justify you're childish antics
nesucks2 (1:01:37 PM): no
Not Skeptical (1:01:52 PM): because their is no justification for what you're doing
nesucks2 (1:02:19 PM): yes there is
Not Skeptical (1:02:21 PM): you're taking someones time and effort to help people im sure he could care less about and throwing it in his face
nesucks2 (1:02:25 PM): its more my personal entertainment
nesucks2 (1:02:32 PM): good
nesucks2 (1:02:53 PM): i should be sending mass cdkey checks to bnls
nesucks2 (1:03:11 PM): fake cdkeys of course
Not Skeptical (1:03:20 PM): might as well
Not Skeptical (1:04:29 PM): so you find personal entertainment in ruining peoples chatting abilities on bnet just to see 200 accounts logged on to a network that 99% of the american population knows nothing of
Not Skeptical (1:04:49 PM): sounds like you got alot of time
nesucks2 (1:04:53 PM): no
nesucks2 (1:04:57 PM): 300 accounts logged on
Not Skeptical (1:05:14 PM): ok 300, answer the question
nesucks2 (1:05:23 PM): sure its entertainment
Not Skeptical (1:05:45 PM): im gonna go ahead n post this on vl forums now
nesucks2 (1:05:50 PM): bitch
nesucks2 (1:05:53 PM): haahaaaaaa
nesucks2 (1:06:26 PM): u think i give a shit?
Not Skeptical (1:06:27 PM): bitch, im just doing whats right for the community and for all the people that would download your shit bot to join your botnet
nesucks2 (1:06:36 PM): http://geno.bot.nu/ -- Genocide 1.2c (comes with 400 working sc keys!)
nesucks2 (1:06:38 PM): dl it now
Not Skeptical (1:06:48 PM): like i said
Not Skeptical (1:06:54 PM): id rather not join your botnet
nesucks2 (1:06:55 PM): ur noob if ur not a warrer
Not Skeptical (1:07:05 PM): lol..
Not Skeptical (1:07:40 PM): i dont care about people warring, if thats your thing thats your thing..but don't trojan people, and don't use other people's shit to do it
nesucks2 (1:07:49 PM): ROfl
nesucks2 (1:08:00 PM): to scared to trojan people?
nesucks2 (1:08:02 PM): noob
nesucks2 (1:08:12 PM): to scared to use other people's shit?
nesucks2 (1:08:15 PM): scared noob
Not Skeptical (1:08:25 PM): how am i scared to use other peoples shit
Not Skeptical (1:08:29 PM): i use windows
Not Skeptical (1:08:31 PM): remember
nesucks2 (1:08:31 PM): how u think i got 350 working war3 keys ;-)
Yeah, pretty rediculous huh..
I heard Skywing was already adding stuff to block massloaders like this in the next revision
by god i hope so, I hope its out fast. This isnt the only mass loader out their either that uses BNLS.
Quote from: UserLoser on January 11, 2007, 12:24 PM
I heard Skywing was already adding stuff to block massloaders like this in the next revision
Couldn't he just block an IP that has over 8+ open connections to battle.net?
Block as in, don't allow the login.
Quote from: dlStevens on January 11, 2007, 12:55 PM
Quote from: UserLoser on January 11, 2007, 12:24 PM
I heard Skywing was already adding stuff to block massloaders like this in the next revision
Couldn't he just block an IP that has over 8+ open connections to battle.net?
Block as in, don't allow the login.
Would be better if he just reenabled the auth system.
There is also a new flood bot that is out that is doing like 500 floods per min, That has to be alot worse for bnls because it's doing like 9 connections per second I am supprised bnls hasent crashed yet.
Quote
[2:54:00 PM] -- WaR.1471N0#643 [0ms] has joined the channel using Starcraft Brood War (0 wins).
Lots and lots and lots of bots. Just take my word for it. - Arta
[2:54:54 PM] -- WaR.1471N0#397 [437ms] has joined the channel using Starcraft (0 wins).
Quote from: dlStevens on January 11, 2007, 12:55 PM
Quote from: UserLoser on January 11, 2007, 12:24 PM
I heard Skywing was already adding stuff to block massloaders like this in the next revision
Couldn't he just block an IP that has over 8+ open connections to battle.net?
Block as in, don't allow the login.
Not if the bot connects to proxies.
I in all honesty think BNLS should have restrictions. I jsut don't know of a good way to go implementing it.
QuoteCouldn't he just block an IP that has over 8+ open connections to battle.net?
Its REALLY easy to setup a single connection to BNLS to do all of your logins.
QuoteWould be better if he just reenabled the auth system.
This would be great, but it would cause a head ace trying to keep every bot account orginized.
Which is why i think he removed it in the 1st place.
If he does implement anything, I would like to know.
Also if anyone here has any suggestions on a effective system, let me know. I would love to add anti-abuse mesures to JBLS so that when the mesures are released on BNLS massers can't jsut go use JBLS
~-~(HDX)~-~
If it's done via Botnet, and various valued members are given limited access to modify accounts, it wouldn't be much of a bother. There'd be a flurry of activity the first few weeks when accounts are given, and then it wouldn't mean much. It would be simple to graph how many connections are made per day per week and ban/remove access from suspects.
Haha. People still mass load?
Quote from: Newby on January 12, 2007, 12:49 AM
Haha. People still mass load?
It's all the rage if you're 12.
I think the auth accounts was a good idea back in the day, helps keep track of whats going on as well, if some reason he decided to or even thinks about putting something like that back into BNLS, i'm requesting my account now. lol =]
Username: mystical
Password: bnls
j/p
Quote from: Yegg on January 11, 2007, 03:21 PM
Quote from: dlStevens on January 11, 2007, 12:55 PM
Quote from: UserLoser on January 11, 2007, 12:24 PM
I heard Skywing was already adding stuff to block massloaders like this in the next revision
Couldn't he just block an IP that has over 8+ open connections to battle.net?
Block as in, don't allow the login.
Not if the bot connects to proxies.
You know I was just kind of thinking of something, you know how some IRC servers scan you to see if port 1080 or 1050 (I can't remember which port it was) is open? Could bnls be setup in the same way to detect that open port, if so just simiply prevent it's connection?
Useless. Proxies can use almost any available port (2^16 - 1) and aren't confined to just 1080 and 1050.
True, but majority of the retarded massloaders, are 12, like somone said, and they're stupid...Chances are they use port 1080..., No you're not going to stop all flooders/loaders, but it'd put a lot out of bussiness for the moment...
(I've been out of battle.net dev, for a while now, so bare with me)
Also, Why not add an unique token, the computer has to send to the BNLS server? each computer has to have their own individual token, if that token has say 8+ logins at the same time, then disallow anymore from that computer until a connection is dropped?
Quote from: dlStevens on January 12, 2007, 10:08 AM
Also, Why not add an unique token, the computer has to send to the BNLS server? each computer has to have their own individual token, if that token has say 8+ logins at the same time, then disallow anymore from that computer until a connection is dropped?
Like I said, if this were the case, a bot could be written to use proxies. All they'd have to do is run
x amount of accounts per proxy, and BNLS wouldn't be able to do anything about it.
Quote from: Yegg on January 12, 2007, 02:07 PM
Quote from: dlStevens on January 12, 2007, 10:08 AM
Also, Why not add an unique token, the computer has to send to the BNLS server? each computer has to have their own individual token, if that token has say 8+ logins at the same time, then disallow anymore from that computer until a connection is dropped?
Like I said, if this were the case, a bot could be written to use proxies. All they'd have to do is run x amount of accounts per proxy, and BNLS wouldn't be able to do anything about it.
This has nothing to do with the connection, per-say.
I'm talking about you register a serial number with BNLS, and apon connecting, send the serial.
I know alot of flooders/loaders and almost all of them use port 1080 for their proxies.
Quote from: inner.de on January 12, 2007, 04:38 PM
I know alot of flooders/loaders and almost all of them use port 1080 for their proxies.
1080 and 26662
Wait a minute, thats just basic a Sock 4/5 connection routed through someones proxy server isn't it? These proxies that people log onto are just other peoples proxy servers left unsecure. I would imagine that the people who leave there servers like this open to the world don't even realize that others are massing with them. If they don't realize, then mostlikely the ports to connect to are at default (1080 and 26662) like what Mystical just said. So they can be anything, true, but the majority of the connections are on the 2 ports. If you blocked the 2, there is only a small handful of ports that people would leave open to the world that others would connect to, wouldn't it? If there were only a small handful, it doesn't correct massing completely but wouldn't it reduce it a whole lot?
Just make it closed. That will force people to procure a way to log on locally, although the amount of people flooding the forum might be the same as the massloads...
I hope you "block proxies" guys realize that ONLY YOU connect to the proxy on port 1080, the proxy connects to the destination server from a different local port, since 1080 is the listening port. ::)
Just bring back the simple username/password logon, and monitor the users for any type of abuse of the service.
Quote from: inner.de on January 12, 2007, 05:54 PM
Just bring back the simple username/password logon, and monitor the users for any type of abuse of the service.
Already Agreed.
Quote from: topaz on January 12, 2007, 08:53 AM
Useless. Proxies can use almost any available port (2^16 - 1) and aren't confined to just 1080 and 1050.
Cpt. Obvious plays WoW and gold farms.
Testing to see if the client is a proxy or not isn't practical. With the amount of connections that BNLS recieves per minute, it'd be just stupid to attempt a connection to each one on X port to see if it's a proxy. The BNLS server might as well just DDoS itself.
The easiest way to go about adding a "restriction" would be an algorithm calculating the amount of logon queries/cdkey encryption/connection attempts per bot id in Y amount of time resulting in a value determining or not if it's abusive.
Quote from: UserLoser on January 12, 2007, 10:36 PM
Testing to see if the client is a proxy or not isn't practical. With the amount of connections that BNLS recieves per minute, it'd be just stupid to attempt a connection to each one on X port to see if it's a proxy. The BNLS server might as well just DDoS itself.
The easiest way to go about adding a "restriction" would be an algorithm calculating the amount of logon queries/cdkey encryption/connection attempts per bot id in Y amount of time resulting in a value determining or not if it's abusive.
Something like that could work if the ip logging in goes passed 8 within a specified time frame, I know I hit bnls atleast 4 or 5 times times and they're probably only a few ms apart from eachother.
Quote from: UserLoser on January 12, 2007, 10:36 PM
Testing to see if the client is a proxy or not isn't practical. With the amount of connections that BNLS recieves per minute, it'd be just stupid to attempt a connection to each one on X port to see if it's a proxy. The BNLS server might as well just DDoS itself.
The easiest way to go about adding a "restriction" would be an algorithm calculating the amount of logon queries/cdkey encryption/connection attempts per bot id in Y amount of time resulting in a value determining or not if it's abusive.
Yes, Exactly what I was getting at.
Quote from: Mystical on January 12, 2007, 06:43 PM
Quote from: inner.de on January 12, 2007, 05:54 PM
Just bring back the simple username/password logon, and monitor the users for any type of abuse of the service.
Already Agreed.
Because they arn't sent in PLAIN TEXT to BNLS right?
I'm not positive, but I'm almost sure that they aren't sent in plain text.
They're probably sent encrypted, or what not.
But still, you can monitor it...
Quote from: UserLoser on January 12, 2007, 10:36 PM
Testing to see if the client is a proxy or not isn't practical. With the amount of connections that BNLS recieves per minute, it'd be just stupid to attempt a connection to each one on X port to see if it's a proxy. The BNLS server might as well just DDoS itself.
How would it DDoS itself? I think you mean DoS.
This problem has been been around since bots came out except back then it was a bit harder to massload. That is until nbbot came out. I remember massloading with ultimate bots back in the day. That was the fun days when we would load battlechat. The only problem with days now is every program is open source. Most bots that are massloading / flooding have been released to the public.
Proxies are not just on port 1080 but it is harder to test them on battle.net since telnet was taken away. I remember loading like 700 proxies and spamming people using the friendlist command which would read a channel and spam every user.
Ever since cuphead released cleanslate many bots came out. I remember stealthbot started from cleanslate then evolved into it's own bot.
I even see people massing on war3. Keys are not a problem anymore. Proxies arnt a problem.
I don't really have a problem with people massloading my channel it takes like 2 seconds to send an email to several people who can ban the account and proxy from battle.net
Like most of us that have been on for so long we could care less we have made filters so we don't even see massloads or flooding anymore.
Although gamers on actual broodwar do have a problem since they can only turn off notifications. All these massloaders / flooders do use bnls or that other server. There is an easy solution. Alot of flooders massload with a single name IE: Masstest and what follows are Masstest#, masstest#453. A simple solution is to ipban/cdkey ban everything on that account. For anything over #6.
Most Bots have a version thing they send like for example when it says your cdkey is inuse by Skywing. You could run a check for something along them lines. Like if the check said it was a massloader by bobdole. Ban all the strings by that.
There are alot of methods the easiest is using the auth system again. I remember having a cdkey tester which used the auth system back a year or two ago.
Bnls is just like battle.net nothing will be done unless it starts effecting the server itself. Also if enough people complain about it that usually helps as well.
You could also make people pay to use bnls. I'm not speaking of everyone just people that cause the problems. ban them from bnls then if they wish to come back. 20 dollars should be fine. that way you could make a little money and they might learn or keep paying money.
http://hdx.jbls.org/01-13-07-nersucks4.txt
The stupidity of massers today just annoys me.
I expecially like this line:
Quote[11:00:55 AM] <nersucks4> I AM ELITE
[11:01:00 AM] <nersucks4> im not good, i am ELITE
its funny because he did a better job spamming himself then he did us ;)
Eah I still think the best idea is to re-enable the auth system. (BotIDs/PWs)
Start with a completly new database and only current developers can get there names authed.
Writing a simple usage monitor shouldn't be to hard.
But what ever you do, I'd like to see it happen.
~-~(HDX)~-~
If he re-enables the auth system, how do you plan to handle that, Hdx, with your JBLS project?
I didn't read the whole thread by the way.
Quote from: Newby on January 13, 2007, 08:58 PMIf he re-enables the auth system, how do you plan to handle that, Hdx, with your JBLS project?
I didn't read the whole thread by the way.
JBLS already has suport for the auth system.
And I am personal friends with most of the people who wrote the bots that use my servers.
I also have a method of distributing the Bot Accounts in a secure method. So ya...
~-~(HDX)~-~
Quote from: Hdx on January 13, 2007, 09:52 PM
JBLS already has suport for the auth system.
And I am personal friends with most of the people who wrote the bots that use my servers.
I also have a method of distributing the Bot Accounts in a secure method. So ya...
~-~(HDX)~-~
So if a bot is configured for BNLS (with an account on it) and they switch to JBLS, they'll have to request the same account on JBLS?
I don't think people will trust you enough to do that.
Quote from: Newby on January 13, 2007, 10:42 PMSo if a bot is configured for BNLS (with an account on it) and they switch to JBLS, they'll have to request the same account on JBLS?
I don't think people will trust you enough to do that.
If they don't then sucks for them.
Worst comes to worst, i have a few ways of obtaining the passwords to BNLS accounts.
Newby, you know me, I'm trustworthy, so meh.
~-~(HDX)~-~
Quote from: Hdx on January 13, 2007, 10:51 PM
Newby, you know me, I'm trustworthy, so meh.
I may know you, but botmaker A who hears about JBLS may not.
Doesn't really matter, JBLS doesn't work with the new checkrevision.
QuoteThe easiest way to go about adding a "restriction" would be an algorithm calculating the amount of logon queries/cdkey encryption/connection attempts per bot id in Y amount of time resulting in a value determining or not if it's abusive.
This is also ineffective, these things are using proxies in the first place, and there's no way to discern which 'bot' is using BNLS as it is anonymous, the only solution to the problem is to reimplement user accounts and revoke those that are abusive.
Not that anyone still uses battle.net, or really cares...
Quote from: dlStevens on January 13, 2007, 11:54 AM
I'm not positive, but I'm almost sure that they aren't sent in plain text.
They're probably sent encrypted, or what not.
But still, you can monitor it...
They are sent in plaintext. Besides, it wouldn't matter. You just packetlog the Client and send the exact values it sends to BNLS.
This is why that idea didn't work/won't work.
Quote from: Warrior on January 14, 2007, 12:54 PM
Quote from: dlStevens on January 13, 2007, 11:54 AM
I'm not positive, but I'm almost sure that they aren't sent in plain text.
They're probably sent encrypted, or what not.
But still, you can monitor it...
They are sent in plaintext. Besides, it wouldn't matter. You just packetlog the Client and send the exact values it sends to BNLS.
This is why that idea didn't work/won't work.
http://bnetdocs.valhallalegends.com/content.php?Section=d&id=7
Not really... the passwords are also hashed with the server token which changes every login.
~-~(HDX)~-~
http://bnetdocs.valhallalegends.com/content.php?Section=m&Code=150
Also @ the Checksum: That won't do much, you can always set a bp when the Checksum is called and find out what exactly is being passed to it. In reality there is no effective client side solution for this.
Yes, Like I said, the either the password or username is hashed. It'd be plain stupidity to send a password, or cdkey plain text...So easy to packet log...
Quote from: Denial on January 13, 2007, 08:25 PM
Although gamers on actual broodwar do have a problem since they can only turn off notifications. All these massloaders / flooders do use bnls or that other server. There is an easy solution. Alot of flooders massload with a single name IE: Masstest and what follows are Masstest#, masstest#453. A simple solution is to ipban/cdkey ban everything on that account. For anything over #6.
You can't just ban someone that has over #6 or whatever... That doesn't make sense? What about back in the day with like uh whatever bot flood/massload bot Fleet- made... It changes the names randomly, Then you wouldn't have any #'s...Also what if people decide to have a #20 in their name? they'd get banned for no reason?
Your statement wouldn't work.
People could get around the name# idea pretty easily.
Yes, My point exactly.
Don't advertise.
why not?
It's not the place to advertise.
Also, Who cares a bot, or a few bots don't run on BNLS? the fact is over 90% do...
Sure, they'll eventually move on, but why not cut them short, for a while?
Use your head.
There isn't even a chat bot out there that supports local hashing, while 2 spambots already support lockdown WITHOUT BNLS!
Here your all wanting to make bnls private in an attempt to stop loaders.
So just keep on having lockdown private so no chatbots will ever use local hashing
Who here remembers all the months of when war3 hashing was kept secret? -- what the hell was the point in keeping it private?
You do know that Those bots didnt reimplement Lockdown right.....
They use a table fo ~2000 values... (100 per lockdown)
I actually got the source to Ldocx and I'm converint its contents to a easier database to work with.
star.dat (http://hdx.jbls.org/star.dat)
(BYTE) Mpq
(String) Value String
(DWORD) Checksum
(String) Exe Info String
~-~(HDX)~-~
with only a 0.2% chance of failure ( 1 in 500 chance of failing), I think that did a good enough job to get passed lockdown.
care to explain why war3 hashing was kept secret for so long?
Why should someone share something they worked so hard on to people who want everything for nothing? Sharing the War3 hashing stuff would lead to War3 bots which in the end could ruin War3 channels on Battle.net, kind of like bots in the recent years of Battle.net. Why do you think nobody has every publically released any Starcraft in-game stuff? So it's not abused. Look at what happened to Sc/Bw ladders, they took them away. Happens when people share how to make a winbot.
Quote from: replaced on January 14, 2007, 11:35 PMwith only a 0.2% chance of failure ( 1 in 500 chance of failing), I think that did a good enough job to get passed lockdown.
Where did you get that statistic?
~-~(HDX)~-~
Quote from: Hdx on January 14, 2007, 11:16 PM
You do know that Those bots didnt reimplement Lockdown right.....
They use a table fo ~2000 values... (100 per lockdown)
I actually got the source to Ldocx and I'm converint its contents to a easier database to work with.
Iv been working on a little CRDB class over the last few days, and what you just said sound alot like what iv been seeing.
I was going to post the class publicly somtime today, so BNLS doesnt get such a hammering, but it seems somone has beaten me to it :)
I think i already have around 500 results reported -- there is only 2000 over all?
I guess i will post anyway :P
Battle.net kiddies can't solve it, so they bruteforce it.
Ahh, pathetic. ;)
Quote from: Ringo on January 15, 2007, 05:46 AM
Iv been working on a little CRDB class over the last few days, and what you just said sound alot like what iv been seeing.
I was going to post the class publicly somtime today, so BNLS doesnt get such a hammering, but it seems somone has beaten me to it :)
I think i already have around 500 results reported -- there is only 2000 over all?
I guess i will post anyway :P
star.dat (http://hdx.jbls.org/star.dat)
(BYTE) Mpq
(String) Value String
(DWORD) Checksum
(String) Exe Info String
I've actually been thihnking of Making a cache for all versions of checkrevision, I have a extreamly large HDD, and quite a bit of ram on the server I run JBLS on. I was gona test it out with ~5,000,000 Crev messages to see if it would be worth it performance wise to save ALL the used values.
Currently people are hitting the cache ~70% of the time on my server... (Which makes there result < 0.1ms whereis actualy calculating takes atleast 300ms)
I was curious if I could get that % up it I kept the cached results accross the instances of JBLS (Save to file at shutdown, reload at startup)
Meh just a thought. I don't know if its pratical due to the known ammount of combanations in the old method.
I don't know why they only use 100 combanations per mpq...
@Newby, I take what I can get :*( I've been trying to reverse lockdown, but I suck, and thats all there is to it.
~-~(HDX)~-~
Quote from: replaced on January 15, 2007, 12:45 AM
Quote from: UserLoser on January 15, 2007, 12:41 AM
Why should someone share something they worked so hard on to people who want everything for nothing?
So your saying their hard work when given out turns to nothing? That makes no logical sense!
If someone else given out the lockdown solution, you wouldn't have hard work to begin with!
That doesn't make sense. You're contradicting yourself. You're saying if you give it out the hard work is still there, yet you then say if it's out the hard work wouldn't exist?
Reversing the lockdown was apparently not such a trivial task and who are you to request them to release it? BNLS was fixed that is the most they should have to do. Anything else is just your inability to take the initiative to maintain your own project.
What they should do is shutdown BNLS and say "fuck you, losers".
Quote from: rabbit on January 15, 2007, 11:48 AM
What they should do is shutdown BNLS and say "fuck you, losers".
all battle.net bots would be screwed, also those socalled massers and loaders don't run local hashing they all use bnls from what i was told.
sad thing is, battle.net put a big dent out in the battle.net bot community, but the battle.net hacks got far worse.
Quote from: Mystical on January 15, 2007, 07:29 PM
Quote from: rabbit on January 15, 2007, 11:48 AM
What they should do is shutdown BNLS and say "fuck you, losers".
also those socalled massers and loaders don't run local hashing they all use bnls from what i was told.
Easy way to find out, packetlog them.
Quote from: Mystical on January 15, 2007, 07:29 PM
Quote from: rabbit on January 15, 2007, 11:48 AM
What they should do is shutdown BNLS and say "fuck you, losers".
all battle.net bots would be screwed, also those socalled massers and loaders don't run local hashing they all use bnls from what i was told.
sad thing is, battle.net put a big dent out in the battle.net bot community, but the battle.net hacks got far worse.
Before lockdown u could run hacks before going on bnet, now u simply need to load it after logging in.
Quote from: Hdx on January 15, 2007, 11:35 AM
Quote from: Ringo on January 15, 2007, 05:46 AM
Iv been working on a little CRDB class over the last few days, and what you just said sound alot like what iv been seeing.
I was going to post the class publicly somtime today, so BNLS doesnt get such a hammering, but it seems somone has beaten me to it :)
I think i already have around 500 results reported -- there is only 2000 over all?
I guess i will post anyway :P
star.dat (http://hdx.jbls.org/star.dat)
(BYTE) Mpq
(String) Value String
(DWORD) Checksum
(String) Exe Info String
I've actually been thihnking of Making a cache for all versions of checkrevision, I have a extreamly large HDD, and quite a bit of ram on the server I run JBLS on. I was gona test it out with ~5,000,000 Crev messages to see if it would be worth it performance wise to save ALL the used values.
Currently people are hitting the cache ~70% of the time on my server... (Which makes there result < 0.1ms whereis actualy calculating takes atleast 300ms)
I was curious if I could get that % up it I kept the cached results accross the instances of JBLS (Save to file at shutdown, reload at startup)
Meh just a thought. I don't know if its pratical due to the known ammount of combanations in the old method.
I don't know why they only use 100 combanations per mpq...
@Newby, I take what I can get :*( I've been trying to reverse lockdown, but I suck, and thats all there is to it.
~-~(HDX)~-~
Instead of using a proprietary binary format, why not use a real, relational database like SQL Server or MySQL? Then you can do index searching, and even separate different DLL implementations into different tables.
You also have the advantage that you don't have to have a huge load time at startup or shutdown as the binary database is dumped. Any number of servers could query the database server. You could specify permissions for write operations.
All you really need is a pool of persistent connections to the database server (so that you're not constantly creating and destroying them) which will throttle the number of queries you perform (to manage load) and prevent massive concurrency issues if too many people attempt to write data at the same time.
So the only way to stop the abuse is what userloser said.
Bring back accounts, then get on skywings nuts and hope that he'll implement that time-span algorithm.
Basically just hope hes done it.
Thanks for following this up guys, havent been on in a few days. Glad to see some people agree.
and whoever said massloaders exist that use local hashing better look in the mirror, your nose is getting bigger.
Quote from: replaced on January 15, 2007, 09:20 PM
Quote from: Mystical on January 15, 2007, 07:29 PM
Quote from: rabbit on January 15, 2007, 11:48 AM
What they should do is shutdown BNLS and say "fuck you, losers".
all battle.net bots would be screwed, also those socalled massers and loaders don't run local hashing they all use bnls from what i was told.
sad thing is, battle.net put a big dent out in the battle.net bot community, but the battle.net hacks got far worse.
Before lockdown u could run hacks before going on bnet, now u simply need to load it after logging in.
Not true, I use a broodwar hack that is loaded with starcraft instead of after..
as far as i know, skywing hasn't said anything in this thread because once before he already has mentioned that he was working on somthing for this in other threads which is probley better then anything we are coming up with ahah oh well hope and wait!
Quote from: MyndFyre[vL] on January 16, 2007, 01:13 AMInstead of using a proprietary binary format, why not use a real, relational database like SQL Server or MySQL? Then you can do index searching, and even separate different DLL implementations into different tables.
You also have the advantage that you don't have to have a huge load time at startup or shutdown as the binary database is dumped. Any number of servers could query the database server. You could specify permissions for write operations.
All you really need is a pool of persistent connections to the database server (so that you're not constantly creating and destroying them) which will throttle the number of queries you perform (to manage load) and prevent massive concurrency issues if too many people attempt to write data at the same time.
I would use a SQl DB, but I don't kn ow howt o use SQl in Java.. I've looked into the DAC but I coud never get it working.
If you know of a good way to use a SQl database in Java I would <3 you forever if you tought me.
~-~(HDX)~-~
Freaken a... people need to really stop wasting their time massloading and harrasing people.
Also, it's so obvious that all the programs ne_sucks releases are binded with trojans and shit.
He is trying too hard in getting himself known on bnet -.-
And about the BNLS auth deal, wouldn't it be too much of a hassel for the person authorizing all the requests?
*Sigh* Why does popularity matter on the internet anyways... Is it going to get you anywhere?; Probably not.
Dean: "Do you have someone who can reccomend you?"
You: "OOH, YEUH! IM A UB3R PROGRAMMUR ON BNET, EVERYONE KNOWZ ME DER!"
:-[, Idiots.
Quote from: dlStevens on January 16, 2007, 11:36 AM
*Sigh* Why does popularity matter on the internet anyways... Is it going to get you anywhere?; Probably not.
Dean: "Do you have someone who can reccomend you?"
You: "OOH, YEUH! IM A UB3R PROGRAMMUR ON BNET, EVERYONE KNOWZ ME DER!"
:-[, Idiots.
Nobody directly talks to the dean in order to gain admittance, anymore. That's like so 1970's.
1). I'm not in college, I'm 16.
2). You got my point :D ;)
EDIT: I'm actually pretty sure that it was probably early 1990's and, Im sure private colleges do!
BNLS auth doesn't matter at all anymore, since the caching database for checkrevision requests has been released and that will be used until bnet decides to put a new amount of requests onto the server..
That nesucks douchetard is back. He tried to get me today...
(1:13:27 PM) nesucks5: http://geno.bot.nu/ -- Genocide 1.2c (comes with 400 working sc keys)
Quote from: rabbit on January 16, 2007, 06:59 PM
That nesucks douchetard is back. He tried to get me today...
(1:13:27 PM) nesucks5: http://geno.bot.nu/ -- Genocide 1.2c (comes with 400 working sc keys)
Hmm... just took a look at that:
[19:05:34] Loaded 399 cdkeys
what a scam.
Quote from: UserLoser on January 16, 2007, 07:08 PM
Quote from: rabbit on January 16, 2007, 06:59 PM
That nesucks douchetard is back. He tried to get me today...
(1:13:27 PM) nesucks5: http://geno.bot.nu/ -- Genocide 1.2c (comes with 400 working sc keys)
Hmm... just took a look at that:
[19:05:34] Loaded 399 cdkeys
what a scam.
you opened it? I figured it was a trojan..
Looks like it was made by PiAnKa or however the fuck he writes his name.
PiaNKA, and No. He quit months apon months ago.
EDIT: Heh, I just downloaded it, Someone obviously used his source....it's really obvious.
(he did release it a while back)
EDIT 2: LOL
1). Used Zoan.dll
2). Kept his readme in there.
3). Used PiaNKA's "Z" Icon.
4). Used his same text formation.
...This is too hillarious.
Quote from: dlStevens on January 16, 2007, 11:36 AM
*Sigh* Why does popularity matter on the internet anyways... Is it going to get you anywhere?; Probably not.
Dean: "Do you have someone who can reccomend you?"
You: "OOH, YEUH! IM A UB3R PROGRAMMUR ON BNET, EVERYONE KNOWZ ME DER!"
:-[, Idiots.
Popularity doesn't matter. Ability does. I don't have a degree in CS. I graduated from college in May; by December I had landed a Senior Developer position. What did my portfolio have? My Battle.net stuff.
Doing this work can get you places.
Yeah people tend to laugh at this kind of stuff, but if you look at what a complex chatter bot has it in it, it has most of the fundamentals used out there. Networking, GUI, databases, sometimes scripting, graphical stuff, data encryption/compression/hashes, algorithms, complex data structures, etc, etc. Now of course, we are not talking about random john doe's elite floodbot. Something like UserBot of course, work based off of hardcore reverse engineering on Blizzard's libraries.
I submitted code for my UserBot which I was re-writing at the time in C++ (overlapped i/o completion ports, icons.bni rendering, owner drawn windows, versioncheck file patcher [this isn't a easy process, took many hours of reversing to get it right], multiple profiles per executable accessed through system tray interface, just a couple of things to name) for a job a couple of months back. That might not sound like much, but when you look at the way the core of the bot was written and how the i/o completion ports fall into place with everything, it's pretty neat. The guy was stunned at it all and was extremely impressed, he showed his team too and one of the company heads and they were shocked to find out I was only 18 at the time, and self-taught with no degrees. They said it was all good, but the stuff they do is in C#. So unfortunately I had to turn down a good job.
Look at Skywing, he is a Microsoft SDK MVP, but to you, he is a nobody who wrote BNLS and you kids abuse it for your own personal enjoyment. Ask zorm, he can vouch for me and still bugs me to this day to update my bot and was suprised at my work when I shared some sources with him a while ago.
Update your bot.
Wow, your an idiot if you think you'll have a programming job in 10 yrs, (think india / china, and think minimum wage)
http://odesk.com/ -- all the countries (esp india) charge less
http://books.slashdot.org/books/04/12/16/2319240.shtml?tid=192&tid=156&tid=103&tid=6 -- look what democrats want (lose ur job)
big companies almost always take over, that is what capitalism is about.
Quote from: replaced on January 17, 2007, 11:35 AM
Wow, your an idiot if you think you'll have a programming job in 10 yrs, (think india / china, and think minimum wage)
http://odesk.com/ -- all the countries (esp india) charge less
http://books.slashdot.org/books/04/12/16/2319240.shtml?tid=192&tid=156&tid=103&tid=6 -- look what democrats want (lose ur job)
big companies almost always take over, that is what capitalism is about.
Nobody said they did. You know why? Because people here already have computer jobs. Skywing, MyndFyre and I (just a few to name) have jobs computer related. It was unfortunate for me that I had to turn it down though because it was C# based.
Moral of this story: Learn C#. Kthx.
Quote from: UserLoser on January 17, 2007, 01:25 PM
Skywing, MyndFyre and I (just a few to name) have jobs computer related. It was unfortunate for me that I had to turn it down though because it was C# based.
You have a computer-related job... but you had to turn it down? Or do you have another one you forgot to mention?
Seriously? do you think colleges care whether someone can program a emulated chat client for a server? No... They'll probably think you're a hacker too. Which they obviously don't want...
Maybe if you show them you can code (No not in Visual Basic 6 either); but in C/C++, Java...etc than possibly they'd be impressed.
A portfolio should contain shit that you have accomplished over the years, for your own use, or commercial not something that represents malicious use of a server. Understand?... :-* ::)
Quote from: dlStevens on January 17, 2007, 05:27 PM
Seriously? do you think colleges care whether someone can program a emulated chat client for a server? No... They'll probably think you're a hacker too. Which they obviously don't want...
Maybe if you show them you can code (No not in Visual Basic 6 either); but in C/C++, Java...etc than possibly they'd be impressed.
A portfolio should contain shit that you have accomplished over the years, for your own use, or commercial not something that represents malicious use of a server. Understand?... :-* ::)
No. You're an idiot. :P
Quote from: dlStevens on January 17, 2007, 05:27 PM
Seriously? do you think colleges care whether someone can program a emulated chat client for a server? No... They'll probably think you're a hacker too. Which they obviously don't want...
Maybe if you show them you can code (No not in Visual Basic 6 either); but in C/C++, Java...etc than possibly they'd be impressed.
A portfolio should contain shit that you have accomplished over the years, for your own use, or commercial not something that represents malicious use of a server. Understand?... :-* ::)
Several people just mentioned how they have/could have gotten jobs directly related to their work in Battle.net bot dev, and then you spout this shit? ARE YOU JOKES? YOU DON'T EVEN HAVE A JOB
Quote from: Newby on January 17, 2007, 04:58 PM
Quote from: UserLoser on January 17, 2007, 01:25 PM
Skywing, MyndFyre and I (just a few to name) have jobs computer related. It was unfortunate for me that I had to turn it down though because it was C# based.
You have a computer-related job... but you had to turn it down? Or do you have another one you forgot to mention?
The job was mine. I had the position if I wanted it, it was in my hands. I turned it down because I did not want to learn C#. Simple as that, what is so hard to understand
Quote from: Newby on January 17, 2007, 05:35 PM
Quote from: dlStevens on January 17, 2007, 05:27 PM
Seriously? do you think colleges care whether someone can program a emulated chat client for a server? No... They'll probably think you're a hacker too. Which they obviously don't want...
Maybe if you show them you can code (No not in Visual Basic 6 either); but in C/C++, Java...etc than possibly they'd be impressed.
A portfolio should contain shit that you have accomplished over the years, for your own use, or commercial not something that represents malicious use of a server. Understand?... :-* ::)
No. You're an idiot. :P
Enough from you Newby :D I get it enough from x86. ;)
topaz, Who said that the colleges (or jobs) wouldn't of accepted (or hired) you if, you didn't have that battle.net related stuff?
Quote from: UserLoser on January 17, 2007, 06:20 PMThe job was mine. I had the position if I wanted it, it was in my hands. I turned it down because I did not want to learn C#. Simple as that, what is so hard to understand
The fact that quality paychecks were as close as learning a language similar to one you already know. Then again, personally I think the only way I'd venture into programming as a profession would if I was going to be hired by a large company - one of the leaders in software development. I think right now investment banking is where it's at, which is why I'm in college for that! :P
Quote from: UserLoser on January 16, 2007, 10:06 PMLook at Skywing, he is a Microsoft SDK MVP, ...
thats like a forum rank. all that means is you post nonstop on their forums. it doesn't mean you're certified in anything other than that :P
https://mvp.support.microsoft.com/mvpexecsum
Quote from: UserLoser on January 17, 2007, 06:20 PM
The job was mine. I had the position if I wanted it, it was in my hands. I turned it down because I did not want to learn C#. Simple as that, what is so hard to understand
Why you didn't just pick up C# and take the job? :P
Quote from: Newby on January 17, 2007, 07:19 PM
Quote from: UserLoser on January 17, 2007, 06:20 PM
The job was mine. I had the position if I wanted it, it was in my hands. I turned it down because I did not want to learn C#. Simple as that, what is so hard to understand
Why you didn't just pick up C# and take the job? :P
I did for a while, I had to learn some MSSQL stuff too. Everything went ok, but in my current job I'm working fulltime/going to school fulltime so I don't have time for this. Especially since it's a whole new language to me, I wouldn't have time to learn anything "complex" or what not and deal with tough things with little knowledge.
You made a bot userloser?
Ya i had nes aim me and tell me to download his bot it was kinda stupid.
You know i was going to get some computer jobs but i just can't see myself sitting in a office 80 hours a week coding or doing something equal to that.
I just see computers as a hobby not as a full time you must do this job.
He wrote SphtBot, Also didn't you write something like Userbot? or Userloser bot?
Quote from: Denial on January 18, 2007, 03:57 PM
I just see computers as a hobby not as a full time you must do this job.
I'd rather manage a business revolving around computers. :P
Quote from: dlStevens on January 18, 2007, 05:45 PM
He wrote SphtBot, Also didn't you write something like Userbot? or Userloser bot?
I'm pretty sure Spht wrote SphtBot.
Quote from: dlStevens on January 18, 2007, 05:45 PM
He wrote SphtBot, Also didn't you write something like Userbot? or Userloser bot?
wow someone should do some research.
Oh, Yes sorry your right, Spht wrote Sphtbot... I googled "Userloser Bot" and saw a vL doc, under the caption that said "written by Userloser", (I didn't read it though.) It was ChatFilters.bcp. Written by UserLoser. Creates a "Plugin" menu from which you can manage user and message filters. I read.
Won't find any UserLoserBots out on the web.
Not true! There is a UserLoser Bot out on the web, it's just not made by you.
*gasp*
:-*
nesucks5 (2:30:50 AM): k i released geno 1.2e
freedom raven (2:30:52 AM): werd
freedom raven (2:30:59 AM): fluffymass is cooler
nesucks5 (2:31:05 AM): fuck fluffymass
freedom raven (2:31:06 AM): Skywing made it
freedom raven (2:31:10 AM): its so much cooler
nesucks5 (2:31:17 AM): fluffymass blows
freedom raven (2:31:23 AM): ya it blows geno up
freedom raven (2:31:31 AM): it comes with 700 free cdkeys
nesucks5 (2:31:32 AM): wheres the dl
freedom raven (2:31:35 AM): doesnt yours only come with like?
freedom raven (2:31:36 AM): 400?
freedom raven (2:31:47 AM): on battlecenter i think
nesucks5 (2:31:50 AM): 400
nesucks5 (2:34:24 AM): there is no fucking fluffy bot
freedom raven (2:35:00 AM): ya there is
freedom raven (2:35:04 AM): check the vl forums
nesucks5 (2:35:06 AM): NO THERE ISNT
nesucks5 signed off at 2:36:50 AM.
ROFL :P
On a different note, all he's doing is going around vL and spamming our IM accounts with this shit. He sent me another one under a different name (didn't even follow the nesucks# pattern!).
I thought for a second denial was gunna trojan him.
wow, lol
Quote from: Mystical on January 21, 2007, 08:13 AM
I thought for a second denial was gunna trojan him.
It crossed my mind but i have better things to do then trojan battle.net kids. When i can trojan senators and such.
*Gasp* nesucks5 IMed me :o
Quote from: dlStevens on January 21, 2007, 01:20 PM
*Gasp* nesucks5 IMed me :o
That nubcakes likes to mass in OTS on east.
Quote from: dlStevens on January 21, 2007, 01:20 PM
*Gasp* nesucks5 IMed me :o
he messaged me yesterday and asked me if i was too scared to run his bot.