War Against the Bots

[PLOlover]

[ QUOTE ]
Plus, they should be identified publicly and turned over to the feds. Those should be easy prosecutions.

[/ QUOTE ]

under what law? not to mention jurisdiction.

Spam email is a good analogy I guess but only recently was it criminalized or civil penalties introduced into law or whatever.

[wildzer0]

Just reading all these threads, I've been thinking. It seems like one common theme of all these bots is that bots operated by the same person never play at the same table together. It would be really easy to query your PT DB to select the screennames of players with >x amount of hands played that have never been at the same table. As long as x was large enough, this would likely give you something to start working with and pretty easy to drill down to criteria similar to what sukittrebek posted in the first place. As the resident sql guy, if people want this, i could probably rig it up in the next day or two.

[WordWhiz]

No computer programming experience here, so forgive my ignorance. Could bots be combated by the sites slightly changing the software every day or so? Make minor modifications to the graphics, the hand histories, the location of buttons/ items on the screen, how the program interacts with user commands, etc. These changes would be virtually unnoticeable to humans, but would throw off the bots.

Done right, it seems like these changes could not only throw off, but even detect the bots. Say the "bet" button is 20 pixels high. A dumb bot might auto-click in the exact center every time. A smarter bot would be programmed with some element of randomness as to where it clicked to better mimic a human. One day, the site shifts the location of the button 5 pixels upward from the rest of the table. Smart bot still clicks semi-randomly, but now it's missing the button a small portion of the time and is caught.

[BluffTHIS!]

WordWhiz,

The answer seems like "sure they could". They could define graphics algorithms and just change some numbers in it with a new mini-update every day. But they don't take the problem seriously enough to do anything monthly, let alone daily.

[LeapFrog]

[ QUOTE ]
[ QUOTE ]

And as to "shotgun" attacks, if they had the desired effect, they're better than the current situation.


[/ QUOTE ]

Even if say a DOS attack on a server running a bot website causes said server to 'crash' and negatively impacts the small business owner (and everyone else) who has his website hosted on it?

[/ QUOTE ]

Bluff, to reiterate -- I am not trolling here but considering you were calling out M2TR as a 'low ethics' poster in the FT bot thread, I think it would be appropriate for you to clarify your position regarding the use of 'force' against botters/bot websites/etc.

Some of the 'Guerilla warfare' methods mentioned in your OP have the potential to cause damages to persons other then the botters. Would you condone say a DOS attack on a server that hosts a bot website (ignoring the legality of such an attack)?

[RikaKazak]

[ QUOTE ]
No computer programming experience here, so forgive my ignorance. Could bots be combated by the sites slightly changing the software every day or so? Make minor modifications to the graphics, the hand histories, the location of buttons/ items on the screen, how the program interacts with user commands, etc. These changes would be virtually unnoticeable to humans, but would throw off the bots.

Done right, it seems like these changes could not only throw off, but even detect the bots. Say the "bet" button is 20 pixels high. A dumb bot might auto-click in the exact center every time. A smarter bot would be programmed with some element of randomness as to where it clicked to better mimic a human. One day, the site shifts the location of the button 5 pixels upward from the rest of the table. Smart bot still clicks semi-randomly, but now it's missing the button a small portion of the time and is caught.

[/ QUOTE ]

I'm sure sites could...but they simply don't care enough.

I wish they did though....I wish they at least took combatting bots seriously that is [img]/images/graemlins/frown.gif[/img]

[BluffTHIS!]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]

And as to "shotgun" attacks, if they had the desired effect, they're better than the current situation.


[/ QUOTE ]

Even if say a DOS attack on a server running a bot website causes said server to 'crash' and negatively impacts the small business owner (and everyone else) who has his website hosted on it?

[/ QUOTE ]

Bluff, to reiterate -- I am not trolling here but considering you were calling out M2TR as a 'low ethics' poster in the FT bot thread, I think it would be appropriate for you to clarify your position regarding the use of 'force' against botters/bot websites/etc.

Some of the 'Guerilla warfare' methods mentioned in your OP have the potential to cause damages to persons other then the botters. Would you condone say a DOS attack on a server that hosts a bot website (ignoring the legality of such an attack)?

[/ QUOTE ]


LF,

We aren't talking about guns and bombs here and killing people. However there is a concept from the War on Terror that applies here. And that is that terrorists have to live and be supported by/in a physical location in some nation, and don't just exist in limbo. And it is right and necessary to attack those who support and enable them. So ignoring the legality of an issue, or just confining ourselves to an example that is legal but "harms" others, I would have ZERO ethical qualms in harming the webhosts of bot sites, spammers or hackers, *provided that*, I gave them a fair warning first.

An example of this was the famous "love not spam" campaign a few years ago by Lycos where they had a screensaver for download that attacked the servers that spam originated from with a DOS (really DDS) attack. That is *totally* OK by me.

[LeapFrog]

[ QUOTE ]

LF,

We aren't talking about guns and bombs here and killing people. However there is a concept from the War on Terror that applies here. And that is that terrorists have to live and be supported by/in a physical location in some nation, and don't just exist in limbo. And it is right and necessary to attack those who support and enable them. So ignoring the legality of an issue, or just confining ourselves to an example that is legal but "harms" others, I would have ZERO ethical qualms in harming the webhosts of bot sites, spammers or hackers, *provided that*, I gave them a fair warning first.


[/ QUOTE ]
I am quite tired so I will try to keep this brief and resonably coherent.

What can I say except that I disagree completely. Legal issues aside I would support a 'surgical strike' (such as a hack) of only the website of the botter. However, I draw the line at any sort of action that would effect 'innocents' and I have a tough time seeing how you can justify it.

[ QUOTE ]

And it is right and necessary to attack those who support and enable them.


[/ QUOTE ]
I don't feel that the webhoster should carry the burden of policing the content of the sites they host (beyond making sure no laws are violated).

But ok, lets say they are in the wrong. Are you going to notify every one of the people who have a website on hosted on the same server? Should they have to research every website hosted on it before they put up a page in order to prevent being attacked by vigilantes? Ridiculous.

[ QUOTE ]

We aren't talking about guns and bombs here and killing people


[/ QUOTE ]
No, but you are talking about causing damage (either actual $, time wasted/whatever) to people who are not associated with the botter. If some dude is on the brink with his small business, who knows maybe with a bit of the butterfly effect the business tanks and he 'kisses the gun'.


As to this:
[ QUOTE ]

An example of this was the famous "love not spam" campaign a few years ago by Lycos where they had a screensaver for download that attacked the servers that spam originated from with a DOS (really DDS) attack. That is *totally* OK by me.

[/ QUOTE ]

From a brief web search (I don't know what is up with the formatting on the page):

http://www.imediaconnection.com/content/4751.asp

[ QUOTE ]

Another issue with Make Love Not Spam is that the program could easily impact other organizations. According to Steve Linford of the UK-based anti-spam organization Spamhaus, The problem is, most spammers' sites are hosted on Web servers using Virtual Hosting', so the same Web server is often serving hundreds of Web sites, of which almost all will be innocent users. So by overloading the spammer servers, Lycos could also be inadvertently impacting the servers of companies that happen to be hosted with the spammers.


[/ QUOTE ]

Along the same lines my arguments above this was a terrible idea. More vigilante justice and people unrelated to the spammers were likely affected. I firmly believe that people should pursue legal avenues unless the circumstances are quite dire.

[Bobo Fett]

[ QUOTE ]
Post deleted by Mike Haven

[/ QUOTE ]

Wow...my first ever, I think! This must have been the links to the apparently not-to-be-named botter and his prior threads. I will endeavor not to use Mr. B's name in vain again. [img]/images/graemlins/grin.gif[/img]

[BluffTHIS!]

LF,

Check out those legal avenues. They are largely ineffective and most often except in a handful of cases, only result in small damages awarded and the perpetrators moving on to a different webhost.

And you are failing to grasp some key points here:

1) A webhost that knowlingly (after warning) enbables those who attack sites/users via spam or virus attacks and such, is an accomplice and deserving of retribution;

2) If someone's computer gets attacked by a virus or spam (and yes the sheer size of spam is an attack individually and collectively), or they get cheated in an online game, the attacker has effectively come into that person's home just as with a robber in the B&M world and one is entitled to use *effective means* of self-defense, both to stop a current attack, and *pre-emptively* to stop future attacks, when there is a moral certainty that legal means won't be sufficient as an alternative.

3) As to "collateral damage", that is unavoidable many times just as in real war as it is very hard to pinpoint an attack that only strikes the intended target. If you want to avoid problems, then don't use IPs/hosts that are indiscriminate as to whom their customers are and what they do.