Thread: Can You Write a Sure-fire Algorithm to Stop Bots?
View Single Post
  #15  
Old 05-14-2007, 01:36 AM
_dave_ _dave_ is offline
Senior Member
  
Join Date: Feb 2005
Location: UK
Posts: 2,628
Default Re: Can You Write a Sure-fire Algorithm to Stop Bots?
[ QUOTE ]

dave,

No I never programmed GUI apps at all, let alone manually in C. I am older (40s) than most of you guys here. As a clue, my first programming was via punch cards in COBOL and Fortran. I got into PCs in the early 80s and programmed in Pascal, C, Basic and some assembler (hated that). I do read things on programming theory occasionally and have screwed around with java a little as well as of course HTML, but that's about it for the past 15 years.

[/ QUOTE ]

Hi,

You don't have too many years on me [img]/images/graemlins/smile.gif[/img] My first programming was BBC Micro, ZX Spectrum, and ASM on Motorola 68030? chips [img]/images/graemlins/smile.gif[/img]

The reason I ask about Win32 GDI apps is to see if you were familiar with the way Windows abstracts hardware inputs and outputs from the apps running on it - obviously not, since no experience - so I will give a simplistic description.

it goes something like this:

Input devices -> Windows -> Applications -> Windows -> Output devices


Basically, each windows app implements a "message loop", which checks for input / events. Like a mouse click on an application is received by Windows - it notices the app under the mouse click - then passes the click message to the app in question for handling.

A "real" event, such as a mouse click, can place an event in to the applications message loop - but so can simple applications. In parts, this is how AHK works.

It is this behavior that makes it VERY hard for any app to know if an mouse click event was produced by a real person or an another app - one would have to hook the whole desktop and track all "mouse move" events just to make sure the click originated from the mouse location - and even then, another program can easily move the mouse around if a human isn't interfering.


I can think of a way sites could make hack/bot proof systems, but it wouldn't likely go down well.

Presumably you are familiar with MD5sum etc systems of ensuring the integrity of a file?

Sites could create bootable CDs, based on for example BartPE or a Linux variant.

Deny connections from any client whose (encrypted) root filesystem does not pass integrity checks, include zero capability in the liveCD for mounting other filesystems.

Might work, and would make a PC appear playstation-like, hell, a linux variant would run on a playstation / xbox (bring on the fish!!!) - but something I may not be thinking of may make such impossible - and it would render the AHK scripts i have become reliant upon useless - but such would create a very secure system, maybe?

dave.
Reply With Quote