|
if you use accounts, they're just going to register 1500 accounts at once (in the same way they'd register 1500 API keys). you should move to an account system, but also require an invite from an existing user to create a new account. the ideal there is that you end up with a friend-of-a-friend network of users where most of them are legit. people will try to sell your accounts and invites, so you'll need to give each user a limited number. you may also want to secretly embed identifying information into any screens that someone might show as proof that they have an invite to sell. this won't work on everyone, but you'd be surprised at the number of people who will just printscreen the page and blur out their username to sell invites on a public forum. doing this will make the problem a lot more manageable since they can no longer just get a new account through an automated interface, they instead need to socially engineer or buy an invite from one of your existing users which drastically slows down the rear end in a top hat account creation process. alternatively find a better hobby, ideally one that has nothing to do with gamers
|
#
?
Oct 4, 2016 07:18
|
|
|
|
| # ? May 26, 2024 04:03 |
|
|
* sold invites will ban the invite tree, how many levels is dependant, i'm sure that will piss off people * embed some userdata in the background of pages, only need a few bits of entropy for a uid or something * at signup time tbd: i already have a few methods that check for things like VPNs and hosting IP ranges; considering honeypotting these and throwing up incessant "verify a phone number" and constant slow response times, 503s, random errors and etc while not showing obvious signs of it not working - can also use this to ban entire invite trees * have the person being invited get shown the full name, email, and character name of the person inviting them - friends probably won't have a problem with this, online giveaways will more so * gently caress anything to do with online gaming communities, they are all toxic cesspools of poo poo, at some point i'm going to dump all of this? * have invites grow over time, and give users max 1 invite for verifications (non-throwaway email, linking fb with friend count over n?) so they can't exponentially grow invite trees * attempt to detect headless browsers via JS (already implemented) -- check for canvas, webgl, gpu name via webgl unmasked renderer, webrtc to expose internal IPs, font and plugin and resolution enumeration (headless usually fails these)
|
|
#
?
Oct 4, 2016 07:28
|
|
|
Biowarfare posted:that's acutally something i was looking at but i can't find a self hosted version of https://hashcash.io/ or whatever http://www.hashcash.org/ is the original version, but it basically boils down to "have them submit a unique hash that fulfills some requirement, such as 'has a certain number of leading zeros'" it is the same thing that makes mining bitcoins hard
|
|
#
?
Oct 4, 2016 07:31
|
|
|
the past page or so is super shameful fyi
|
|
#
?
Oct 4, 2016 07:38
|
|
|
shameful posting is what this thread is for
|
|
#
?
Oct 4, 2016 09:24
|
|
|
get the gently caress out of anything doing with lol, or just ask riot for a job already or something. whatever intrinsic value you're getting from solving the actual problem here is obviously outweighed by the problems you're being forced to solve and are asking us about. I also have to imagine that any money you're making off this endeavor is less than the amount of time you're spending trying to get the Chinese off your dick.
|
|
#
?
Oct 4, 2016 10:58
|
|
|
imo, keep doing it and keep posting about it because it's interesting and entertaining. plus it sounds like hella good resume snippets if you include the numbers
|
|
#
?
Oct 4, 2016 13:21
|
|
|
You know what's really interesting? Money. Why not take what you've learned to The Next Level and make something less complicated that doesn't break anyone's ToS. If you only want resume-juice, I think you'd get more with less static from just having a good blog.
|
|
#
?
Oct 4, 2016 13:48
|
|
|
Easy solution would be to serve cached data by default (and just mention that it's X seconds old or whatever), and prioritize requests for fresh data based on how old the cache is for that. So even if someone makes a million requests from a million smurfs for a particular thing, that's not weighted any higher than the one legitimate user making one request for something different.
|
|
#
?
Oct 4, 2016 14:32
|
|
|
holy poo poo people love massive commits and/or hoarding small commits until they have a mountain of them that they can push in one go
|
|
#
?
Oct 4, 2016 14:36
|
|
|
I think it's interesting because both stopping scraping and Web scraping are difficult, real world problems which people get paid to solve (often in more serious and less shady scenarios than this) which you can't just find the answer to in a book.
|
|
#
?
Oct 4, 2016 14:37
|
|
|
Wheany posted:holy poo poo people love massive commits and/or hoarding small commits until they have a mountain of them that they can push in one go please don't post about your coworkers making GBS threads habits in this thread
|
|
#
?
Oct 4, 2016 14:38
|
|
|
i have a guy who stubbornly refuses to stop using his copy-paste-datestamp-folder versioning system even though i require that he use git. so he commits like once every two weeks and its always a clusterfuck. he's been bitten by his horrible versioning system since we've started using git and acknowledged he wouldn't have been bitten if he used git properly but he continues to refuse 
|
|
#
?
Oct 4, 2016 14:38
|
|
|
Wheany posted:hoarding small commits until they have a mountain of them that they can push in one go isn't that just topic branches? lately any time i'm testing a design that's evolving in an uncertain direction i'll maintain a massive commit that i'm constantly amending called "wip" on my private branch and then occasionally git reset HEAD^ and break pieces out of it and turn them into commits.
|
|
#
?
Oct 4, 2016 14:44
|
|
|
Sapozhnik posted:isn't that just topic branches? a branch with a billion tiny commits is definitely preferable to having 1 commit with a billion-line diff. but i like pushing my changes (to review) as soon as they compile and don't obviously break anything
|
|
#
?
Oct 4, 2016 14:51
|
|
|
Wheany posted:a branch with a billion tiny commits is definitely preferable to having 1 commit with a billion-line diff. but i like pushing my changes (to review) as soon as they compile and don't obviously break anything our "development log" process essentially enforces that you can't commit to the trunk for first stage testing until you have a complete and functioning feature. perhaps your coworkers learned version control in such a system?
|
|
#
?
Oct 4, 2016 15:47
|
|
|
LeftistMuslimObama posted:our "development log" process essentially enforces that you can't commit to the trunk for first stage testing until you have a complete and functioning feature. perhaps your coworkers learned version control in such a system? We had the same thing, it was really fun to work like that when you needed to context switch. 
|
|
#
?
Oct 4, 2016 16:10
|
|
|
Xarn posted:We had the same thing, it was really fun to work like that when you needed to context switch. git help stash
|
|
#
?
Oct 4, 2016 16:13
|
|
|
Biowarfare posted:gpu name via webgl unmasked renderer, webrtc to expose internal IPs, font and plugin and resolution enumeration (headless usually fails these) gently caress scrapers and gently caress you, burn the whole thing to the ground jfc you're seriously considering softcore exploitation of the user's browser
|
|
#
?
Oct 4, 2016 17:51
|
|
|
idk for a game like that the market's there, someone will extract the information one way or another a third-party dev acting in good faith is probably the best case scenario for the first party. the folks slamming his service would just slam the game instead path of exile has a third-party dev that's built an item search on top of their API, the sort of thing people would hate if they implemented it themselves but someone would build it regardless
|
|
#
?
Oct 4, 2016 17:59
|
|
|
Finster Dexter posted:git help stash I just press the stash button in source tree, it's very easy
|
|
#
?
Oct 4, 2016 18:23
|
|
|
JawnV6 posted:idk for a game like that the market's there, someone will extract the information one way or another Just employ the poe.trade guy, rehost on their own domain. Job done, no more reliance on a third party (and it really is a reliance if you remember the days of trade chat)
|
|
#
?
Oct 4, 2016 18:26
|
|
|
hackbunny posted:you're seriously considering softcore exploitation of the user's browser people already do this commercially and charge people for it and go significantly past what i'm doing, up to and including executing browser exploits. i collect pretty much just sha512 fingerprints. http://cdn4.forter.com/script.js?sn=3326ea178bfb http://cdn.augur.io/augur.min.js http://s3.amazonaws.com/nxcache/nxl/js/ncj.min.js some go past softcore and attempt to install dll/ocx/exes and browser plugins: https://mpsnare.iesnare.com/snare.js JawnV6 posted:idk for a game like that the market's there, someone will extract the information one way or another this is basically the situation i have (riot is not involved here; they don't manage or deal with those regions); we have a decent relationship to the point where they periodically email me things like "we're removing sha1 ssl certs from the login load balancers on x day make sure you dont pin certs" in advance, they know i'm doing it, have linked to me before on facebook/weibo/etc, and i have more or less permission with the "dont obviously sell pay-per-api-call things or run malware ads" constraint pointsofdata posted:I think it's interesting because both stopping scraping and Web scraping are difficult, real world problems which people get paid to solve (often in more serious and less shady scenarios than this) which you can't just find the answer to in a book. this is basically why i'm doing this, but i have no real attachment to it, i just consider it an interesting problem to solve in addition to serving underserved regions that don't have any other alternatives. understandably it's still scraper turtles all the way down but i think of it as more of a challenge than an issue Impotence fucked around with this message at 18:36 on Oct 4, 2016 |
|
#
?
Oct 4, 2016 18:33
|
|
|
gonadic io posted:Just employ the poe.trade guy, rehost on their own domain. Job done, no more reliance on a third party (and it really is a reliance if you remember the days of trade chat) the third-party-ness gives some plausible deniability. it's like the wiki, if they hosted the same they'd have to make it accurate when they dropped new content, because it's a third party every accepts some lag from their introduction until complete documentation
|
|
#
?
Oct 4, 2016 19:03
|
|
|
  it's actually legible
|
|
#
?
Oct 4, 2016 19:18
|
|
|
Luigi Thirty posted:
obviously these
|
|
#
?
Oct 4, 2016 19:40
|
|
|
gonadic io posted:I just press the stash button in source tree, it's very easy source tree is so good it blows my mind that people prefer to use a command line app
|
|
#
?
Oct 4, 2016 20:28
|
|
|
especially when the command line interface is so bad
|
|
#
?
Oct 4, 2016 20:31
|
|
|
where were folks talking about gitless? idk, i was perfectly happy washing into accounts to get around the 16 group limit, but I've found a very comfortable git rut to work in
|
|
#
?
Oct 4, 2016 20:40
|
|
|
Biowarfare posted:* sold invites will ban the invite tree, how many levels is dependant, i'm sure that will piss off people let people walk through your results using a per-user cursor/client identifier that can only be walked forward/backward through a page, and rate limit it.
|
|
#
?
Oct 4, 2016 20:42
|
|
|
Blinkz0rz posted:source tree is so good it blows my mind that people prefer to use a command line app sourcetree is slow crashy garbage. Last time I tried to use it it crashed when I tried to clone a newly created repository on bitbucket. tortoisehg on the other hand is excellent
|
|
#
?
Oct 4, 2016 21:29
|
|
|
Blinkz0rz posted:source tree is so good it blows my mind that people prefer to use a command line app the command line works the same way everywhere. i mean i could learn to do things in one gui on my mac at home and another gui or two on the various windows and linux boxes at work, and then i'd ... still be screwed when i want to do something when i'm just ssh'd to a headless vm. or i could stop being a big whiny baby and learn a few command line options.
|
|
#
?
Oct 4, 2016 23:57
|
|
|
Soricidus posted:the command line works the same way everywhere. i mean i could learn to do things in one gui on my mac at home and another gui or two on the various windows and linux boxes at work, and then i'd ... still be screwed when i want to do something when i'm just ssh'd to a headless vm. or i could stop being a big whiny baby and learn a few command line options. git, man, man git
|
|
#
?
Oct 5, 2016 00:17
|
|
|
you can just install source tree everywhere
|
|
#
?
Oct 5, 2016 01:10
|
|
|
I literally can't imagine using git without being able to stare at a graph of commits
|
|
#
?
Oct 5, 2016 01:11
|
|
|
Bloody posted:I literally can't imagine using git without being able to stare at a graph of commits git log --graph
|
|
#
?
Oct 5, 2016 01:34
|
|
|
use tig to make git usable
|
|
#
?
Oct 5, 2016 01:58
|
|
|
MononcQc posted:use tig for git justice
|
|
#
?
Oct 5, 2016 02:10
|
|
|
https://twitter.com/hintjens/status/783254242052206592 welp the guy who has bailed me out of hundreds of hours of socket writing is gone 
|
|
#
?
Oct 5, 2016 02:54
|
|
|
|
| # ? May 26, 2024 04:03 |
|
|
CRIP EATIN BREAD posted:https://twitter.com/hintjens/status/783254242052206592 
|
|
#
?
Oct 5, 2016 03:20
|
|