• Web Development - WAYWO - #9
    4,377 replies, posted
[QUOTE=Cyberuben;47736579]Would it be possible to reverse engineer srcds and write a multithreaded one? I mean, that's how people create their own private servers for CoD and such too, right?[/QUOTE] Valve attempted to make SRCDS multithreaded but they trashed that version for some reason and never released any information about why. SRCDS works with 2 threads at least, one for networking and another one for physics, I/O, etc. [editline]edited:[/editline] Woops, guess I was too fast.
[QUOTE=Svenskunganka;47736572]As long as the bot doesn't interact with the Steam Marketplace it should be fine. Trading around does not raise any flags afaik. If it would, the CSGO Jackpot trader would've been banned a long time ago.[/QUOTE] Once a day I request prices for all of the items in the database (The website stores market prices for every CSGO item it encounters from people's inventories) but it doesnt buy or sell anything on the market place.
[QUOTE=G4MB!T;47736978]Once a day I request prices for all of the items in the database (The website stores market prices for every CSGO item it encounters from people's inventories) but it doesnt buy or sell anything on the market place.[/QUOTE] As long as you use Steam's official API you're not doing anything wrong, just don't try to scrape the market (e.g as soon as an item comes in stock)
[QUOTE=Svenskunganka;47737008]As long as you use Steam's official API you're not doing anything wrong, just don't try to scrape the market (e.g as soon as an item comes in stock)[/QUOTE] It uses [quote][url]http://steamcommunity.com/market/priceoverview/?currency=1&appid=730&market_hash_name=[/url][/quote] and doesnt require my API key. I found out that if I query it too much within a short period of time I get like a 30 minute ban from Steam services (Except the client).
[QUOTE=G4MB!T;47737018]It uses and doesnt require my API key. I found out that if I query it too much within a short period of time I get like a 30 minute ban from Steam services (Except the client).[/QUOTE] Now that I look into it a bit I can see that Steam doesn't have any API for the market, and a ton of people are already using that method you posted so I think you'll be fine. It responds with JSON content-type after all. Either way that doesn't have anything to do with the actual Steam Bot you're using, so you're fine!
[QUOTE=Svenskunganka;47737111]Now that I look into it a bit I can see that Steam doesn't have any API for the market, and a ton of people are already using that method you posted so I think you'll be fine. It responds with JSON content-type after all. Either way that doesn't have anything to do with the actual Steam Bot you're using, so you're fine![/QUOTE] Excellent. Functionally, the Jackpot works fine as far as I can tell (Limited testing) but I'm not happy with the code. It feels very messy and unorganised but I dont really know how else to do a lot of the things. I'm using NodeJS with a lot of extensions and I'm using EJS for the front end. If anyone wants to help me fix up any of the code, let me know and I'll put it in a repo (It isnt version controlled at the moment).
[QUOTE=G4MB!T;47737146]Excellent. Functionally, the Jackpot works fine as far as I can tell (Limited testing) but I'm not happy with the code. It feels very messy and unorganised but I dont really know how else to do a lot of the things. I'm using NodeJS with a lot of extensions and I'm using EJS for the front end. If anyone wants to help me fix up any of the code, let me know and I'll put it in a repo (It isnt version controlled at the moment).[/QUOTE] Shoot, I can help out :)
Made a landing page thingy (start-page): [URL="http://craftgrounds.net/"]http://craftgrounds.net/[/URL] (I got the domain free off someone - didn't say no. Would have a less "crappy" domain if I bothered to pay.) What do you think?
I made a thing [url]https://github.com/pthm/redular[/url] Its a scheduling system for Node.JS powered by Redis. Its now at a state where i think other people can use it / contribute to it
Just set up a git hook to compile SCSS / SASS, then git-ftp-include the generated files for upload. Feels good to regenerate, commit, then push over FTP all in one command.
Got bored and started making a read-only JSON API for Facepunch. Only two endpoints so far and it's pretty buggy but just wanted to show-off. [URL]http://fpapi.benbristow.co.uk/v1/user/1[/URL] [URL]http://fpapi.benbristow.co.uk/v1/forums[/URL] Sauce: [URL]https://github.com/benbristow/facepunch-api[/URL] Probably will be sort of useless because of Cloudflare.
[QUOTE=benbb;47741695]Probably will be sort of useless because of Cloudflare.[/QUOTE] You can get around the CloudFlare challenge pretty easily.
[QUOTE=Rocket;47744206]You can get around the CloudFlare challenge pretty easily.[/QUOTE] The captcha or the other verification page?
[QUOTE=Jelly;47746087]The captcha or the other verification page?[/QUOTE] The one that makes you wait five seconds to access the page and makes your browser process a JavaScript challenge to prove you're not a stupid spambot. The captcha page only shows up when CloudFlare thinks your IP is malicious or Facepunch is at a high security level, not if you're making too many requests.
[QUOTE=Rocket;47746189]The one that makes you wait five seconds to access the page and makes your browser process a JavaScript challenge to prove you're not a stupid spambot. The captcha page only shows up when CloudFlare thinks your IP is malicious or Facepunch is at a high security level, not if you're making too many requests.[/QUOTE] I know how it works, I work for CloudFlare. :v: That page is actually called [URL="https://blog.cloudflare.com/when-the-bad-guys-name-malware-after-you-you/"]IUAM[/URL] and is really only enabled when a website is being DDoSed.
[QUOTE=Jelly;47746257]I know how it works, I work for CloudFlare. :v: That page is actually called [URL="https://blog.cloudflare.com/when-the-bad-guys-name-malware-after-you-you/"]IUAM[/URL] and is really only enabled when a website is being DDoSed.[/QUOTE] Well maybe you can answer a question for me, since you know CloudFlare and you obviously know Javascript very well. On the CloudFlare challenge pages, there's stuff like this to keep bots away: [code] +((+!![]+[])+(!+[]+!![])) [/code] +!![] equals 1 (Number), and +[] equals 0 (Number). So why does +!![]+[] equal 1 (String)? This is pretty unrelated but it's been bugging me.
[QUOTE=Rocket;47746299]Well maybe you can answer a question for me, since you know CloudFlare and you obviously know Javascript very well. On the CloudFlare challenge pages, there's stuff like this to keep bots away: [code] +((+!![]+[])+(!+[]+!![])) [/code] +!![] equals 1 (Number), and +[] equals 0 (Number). So why does +!![]+[] equal 1 (String)? This is pretty unrelated but it's been bugging me.[/QUOTE] I believe what's happening is due to the differences between unary + and binary +. Unary + converts whatever is after it into a number, so +[] = 0 but binary + converts seems to favor converting both arguments to a string if they aren't compatible, so +!![]+[] = "1" because the +!![] turns into 1, then (the second) [] is converted into "" (empty string) and is then added because the second + is treated as a binary operator. In other words, +!![] turns into 1, then the second plus is evaluated as being a binary plus between two incompatible types so it coverts the arguments into strings and adds them.
[QUOTE=Rocket;47746299]Well maybe you can answer a question for me, since you know CloudFlare and you obviously know Javascript very well. On the CloudFlare challenge pages, there's stuff like this to keep bots away: [code] +((+!![]+[])+(!+[]+!![])) [/code] +!![] equals 1 (Number), and +[] equals 0 (Number). So why does +!![]+[] equal 1 (String)? This is pretty unrelated but it's been bugging me.[/QUOTE] DaMastez is basically write. You can read more about how it works in [URL=http://patriciopalladino.com/blog/2012/08/09/non-alphanumeric-javascript.html]this[/URL] blogpost.
[QUOTE=Jelly;47746257]I know how it works, I work for CloudFlare. :v: That page is actually called [URL="https://blog.cloudflare.com/when-the-bad-guys-name-malware-after-you-you/"]IUAM[/URL] and is really only enabled when a website is being DDoSed.[/QUOTE] I've always wondered what kind of mitigation would be used if something like sqlmap scanned a website using [url=https://github.com/Anorov/cloudflare-scrape]cloudflare-scrape (python requests)[/url] and some funky combination of tamper scripts. Will Cloudflare detect this and block the client? It's trivial to modify sqlmap to solve the challenge.
Accidentally came across the blur trend :v: was messing with css when this happened.. [video=youtube;aEwGCx3tLJI]https://www.youtube.com/watch?v=pEwiQX54mvw&feature=youtu.be&autoplay=1[/video] [editline]18th May 2015[/editline] -snip- irrelevant
[QUOTE=Mega1mpact;47747934]I've always wondered what kind of mitigation would be used if something like sqlmap scanned a website using [URL="https://github.com/Anorov/cloudflare-scrape"]cloudflare-scrape (python requests)[/URL] and some funky combination of tamper scripts. Will Cloudflare detect this and block the client? It's trivial to modify sqlmap to solve the challenge.[/QUOTE] We have a [URL="https://www.cloudflare.com/waf"]WAF[/URL] that would block stuff like that. As for the actual mitigation techniques/tactics, I can't really say much because it's ~~super duper top secret~~. [EDITLINE]a[/EDITLINE] As for blocking those types of libraries and adding more sophisticated JavaScript challenges, it's a never ending battle as they'll always be cracked. The maintenance and work to develop the challenges is significant compared to the trivial reverse engineering you have to do to beat them.
[QUOTE=wauterboi;47728882]I don't see the point of having so many columns. There's nothing to focus on. [img]https://dl.dropboxusercontent.com/u/965202/Facepunch/pug.png[/img] I don't know what your website is for, but you could do something like this. (The "~" is meant to represnt any icon you might want to use to help identify your thingy.)[/QUOTE] I like the look of that, although I imagine on a widescreen monitor you're just going to have a hell of a lot of empty space.
[QUOTE=Snakess;47748474]I like the look of that, although I imagine on a widescreen monitor you're just going to have a hell of a lot of empty space.[/QUOTE] It's a rough concept building off of his first attempt, so I didn't take that into consideration. I dunno what else he could do to fill in that empty space other than stretching stuff in a liquid layout.
you can create the illusion of used space by utilizing very large type, but i can imagine that it's not appropriate for this setting
White space isn't a bad thing. In this case, stretching that across the screen is just going to make it harder to follow which row pieces of information are from. Doing that would just move the whitespace from the edges of the page to the content area, not eliminate it. It's probably more usable as it is now.
I have just started playing with [URL="http://purecss.io/"]PureCSS[/URL], coming from bootstrap its just so simple, so minimalistic, so beautiful!
[QUOTE=Richy19;47752092]I have just started playing with [URL="http://purecss.io/"]PureCSS[/URL], coming from bootstrap its just so simple, so minimalistic, so beautiful![/QUOTE] I built something with Pure just under a week ago. The lack of conditional hiding of elements really put me off. And I really dislike the naming scheme they went with for classes. I'll probably stick to Foundation. :V
I still use Bootstrap for anything because I can't be bothered to adapt to something else.
Bootstrap and Pure and things like that get in the way more than they help past a certain point. I think you'll get way more milage out of solid use of SCSS and something like [url]http://susy.oddbird.net/[/url] and [url]http://breakpoint-sass.com/[/url] I mean, how hard is it really to write a button style once? It takes more effort to actually make the bootstrap buttons look the way you want them to.
[QUOTE=KmartSqrl;47752434]Bootstrap and Pure and things like that get in the way more than they help past a certain point. I think you'll get way more milage out of solid use of SCSS and something like [url]http://susy.oddbird.net/[/url] and [url]http://breakpoint-sass.com/[/url] I mean, how hard is it really to write a button style once? It takes more effort to actually make the bootstrap buttons look the way you want them to.[/QUOTE] Probably, the thing is, I rarily "design". I'm terrible at that sort of thing, all I do is just make my own bootstrap theme, because that's what people ask from me.
Sorry, you need to Log In to post a reply to this thread.