Insult socketbot

By s00p
Published  Feb 26, 2011
Updated  Feb 26, 2011

Description

Some requested my previous insult generator in the form of a socketbot, so I dug up some of my ancient code and whipped this together. It uses binary variables, regular expressions and hashtables to parse raw IRC rather extensibly and efficiently.

Download

Filename
Size
Date
Downloads
3.94 KB
Feb 26, 2011
60

Comments

Sign in to comment.
s00p   -  Mar 02, 2011

The other point is that making it secure would involve either:

  1. Far more complex logic or
  2. Far less customisability.
 Respond  
s00p   -  Mar 02, 2011

You still seem to be missing the point. Merely introducing a server to THIS script, without changing any other aspects of the functionality would make THIS script insecure.

 Respond  
Jethro   -  Mar 02, 2011

Well, s00p, as far as the security is concerned, not including MSL by itself, mIRC is relatively safe to get info from a website using a socket...not unless someone has a website specially crafted to aim for mIRC users to fall victim.

If you really are that security savvy, isn't it evident to NOT fetch info from a website that has security holes? Perhaps check the sites first with handy tools like site advisor or link scanner or any other software that can scan a website to see it's been exploited? This is a coder's responsibility when it comes to sockets. Just a matter of my opinion.

 Respond  
s00p   -  Mar 02, 2011

@sunslayer: You seem to be missing the point. If you involve a webserver, one of the three compromises must be made:
[] The security of the script must be compromised.
[
] The script must lose abstraction and customisability.
[*] The script must become far more complex.
You seem to be saying that I can make the script less customisable (which some people would complain about), or that I can make the script more complex (which others would complain about) and secure the script. Am I correct?

@Jethro_: Learning about security is an essential, basic part of scripting. I think you're confusing "high horse" with "truth serum".

 Respond  
Jethro   -  Feb 28, 2011

Can you please define the term "elementary scripting?" You sound like a guy who's always on your high horse.

 Respond  
sunslayer   -  Feb 28, 2011

I don't disagree with anything you said as its possible, but you can easily protect yourself from such injections, and your concern with the use of web fetches is ridiculous unless the person who wrote the code purposely left the snippet open to attacks as mIRC doesn't evaluate anything in the buffer

 Respond  
s00p   -  Feb 28, 2011

Actually, it doesn't work. My definition of "work" is "functions correctly, 100% of the time". I noticed a bug today: Some of the lines in the insult files rely on $1 being the nickname of the person to insult. I forgot about this. I'll fix + update it momentarily.

To thise who think what I said above was nonsense, I wish you'd have been more specific so I could actually form a response that is directly relevant. Since you were obscure about what you disagreed with, I'll consider it a disagreement to everything I said.

By writing the insult generating part of the script the way I have, it's simple, secure (providing care is taken to ensure insecure code doesn't end up in the .txt files) and extensible. This script uses a layer of evaluation native to $read. If you open up the .txt files that the insults are read from, you'll notice $identifiers used in it. Those are evaluated when a line is randomly read from the file. This is elementary scripting, and if you don't know this then you shouldn't be running scripts on Hawkee; Running scripts without knowing precisely what the script can do is dangerous. By auditing the files, you can see that my script isn't dangerous. If I were to use a server, the script would either lose abstraction, become a security issue, or that layer of evaluation would be lost and as a result the script would become a lot more complex.

Any questions or comments? Do you disagree with anything there?

 Respond  
blackvenomm666   -  Feb 27, 2011

long as it works right? thats the main point:D

 Respond  
napa182   -  Feb 27, 2011

You may be right about that Jethro_.
s00p, ur comment seems like an odd thing to say tbh, but ur script is an interesting way to go about it.

 Respond  
Jethro   -  Feb 27, 2011

I thought it was an intoxicated drivel.

 Respond  
napa182   -  Feb 27, 2011

lolwut..

 Respond  
Jethro   -  Feb 26, 2011

:|

 Respond  
sunslayer   -  Feb 26, 2011

lol...

 Respond  
s00p   -  Feb 26, 2011

That sounds like a fairly wasteful idea. It'd be far easier to request them as quotes from a qotd service, but what's the problem with that? The extra layer of evaluation is missing. Mind you, it's a safe layer of evaluation.

The minute you involve web fetches of any kind, you either lose the layer of evaluation or you expose your entire system to the server; You essentially become part of a botnet. Don't trust scripts that use "automatic fetching from HTTP", particularly in conjunction with $eval, $(), timer, /flash, /scid, /alias, $read without the n switch (as in my script), etc. They're a real potential security risk... It's your credit card ;)

 Respond  
sunslayer   -  Feb 26, 2011

i think by "socket bot" they meant it retrieved insults from a webpage

 Respond  
Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.