It’s a battle all right.  In just a week one of my measures has stopped 1331 bots.  Some use the same IP, some don’t.  But yes hijacked computers are a big problem….

http://en.wikipedia.org/wiki/Kraken_botnet

So is this still an issue with anyone.  Kinda died this thread…

Roger Davie - Dec 22, 2010:

So is this still an issue with anyone

Yes of course, we are continuously implementing stuff to avoid this practice.

Roger Davie - Dec 22, 2010:

So is this still an issue with anyone.  Kinda died this thread…

don’t understand :-s

Sorry for being so vague Erwin.  What I mean is, are people still experiencing a lot of traffic ?  Is Pandorabots still being attacked ?

The conversation just dropped off, so it made me wonder if the main problems have eased off a little.

okay, tx for the clarification. I’ll ask Richard to come back to this.

About my other question: do you feel the need to share experience/join forces to avoid hackers on our forums/websites? What about my suggestion to set up a separate area to discuss this in more details (without hackers reading our conversations).

Roger Davie - Dec 22, 2010:

What I mean is, are people still experiencing a lot of traffic ?  Is Pandorabots still being attacked ?

The conversation just dropped off, so it made me wonder if the main problems have eased off a little.

Hi Roger,

I started this thread, and in my estimation, yes, it seems to be continuing, but it’s difficult to pin-point.  Service fluctuates at different times of the day and night.  When I’m editing using the Training Interface, it varies from being slow to occasionally timing out completely.

Hi, Dave (Thunder Walk), and welcome to the forums!

I’ve done some periodic testing with my test bot on Pandorabots, and haven’t had any difficulties at all, which is somewhat strange. Sometimes, these DoS attacks can last many days, but in my experience, don’t usually last more than a day, and sometimes only hours before the situation is brought under control, one way or another. It’s a serious problem, without a doubt; but almost never an extended one. Of course, I’ve only been the victim of two DoS attacks, and both of those were fairly minor (I was managing a small dial-up ISP at the time), so a large scale attack isn’t something I’ve had to deal with yet. So take what I’ve said with a grain of salt.

By the way, if possible, it’s common practice here to use our real names, and to post a profile pic. It’s certainly not a requirement, but it gives the community here a more intimate, closer feel. Just a suggestion, of course.

Dave Morton - Dec 22, 2010:

Hi, Dave (Thunder Walk), and welcome to the forums!

Thanks for all of your fatherly advice, Dave.  I’ve actually been a part of chatbots.org longer than you might think.  When Erwin first approached me this forum didn’t even exist. Back then, at his request, I was scanning the Internet, searching terms such as “virtual agent”  and listing not only my (at the time) four bots, but some of the others that have been around for a long time based on their historical value, such as ELIZA and John Lennon.  Eventually, my participation with chatbots.org became too much of a drain on my time, and so, I dropped out of any official involvement.

As for Pandorabots and the DoS attacks…

I opened my first Pandorabot in July of ‘05, and I joined the AI Nexus Forum (where I previously welcomed you as a member) in September.  I’ve been through several incarnations with Pandorabots including lots of problems and attempts to deal with them, as well as with the migration of everything to the new server (thank you God).  I can’t trace or diagnose the “intermittent” problem, but I can report when something is “different”.  My day, and most of my evenings and weekends are spent with Pandorabots.

Rich Wallace mentioned in a post earlier in this thread that “...  bots themselves can be used for denial-of-service types of attacks,” and I have reason to believe that I’ve observed that in one of my bot’s chatlogs in a single instance, but it’s difficult to prove.  The issue comes and goes, it varies within different day parts, and it changes depending on what I’m doing within Pandorabots.  I don’t “chat” with my own bots much, so I rarely see problems there (although I have had trouble just connecting to them recently).  I experience it more frequently when I employ the Training Interface, and most often when I’m altering large blocks of AIML and then attempting to save the file.  I notice there’s also a long lag time when switching between tasks using the Interface, and occasionally it’s timed out and I’ve lost all of my work and had to start over again… trying to remember all of the changes I’d made.  Frustration is a large part of my motivation.

But, I never reported a DoS attach, that came from Dr. Wallace.  My initial observation (in an email to Pandorabots) was that I had been experiencing some of the same old problems again that had been an issue with the old server.

As for using real names and photos…

Customs and practices differ from place to place.  However, within the chatbot community, with the exception of a few insiders, if you mentioned Richard Gray, or Steve Worswick, not many would know who you were talking about unless you used the names of Knyte Trypper and Square Bear.  Lots of people know Freddy as the administrator from AI Dreams, but try finding his last name.  In the 20-some years I’ve been involved with the Internet, from before I discovered chatbots, I’ve always been known as Thunder Walk, and eventually others shortened it to just Thunder.  I think anonymity is everyone’s right on the Internet, and in most cases, even advisable, unless they’re doing something wrong or behaving badly.  My name and photo already exist in places on the Net, and I suppose someone who is curious enough could find them.  But, in most instances, I’ve been cautious about sharing personal information with strangers, and I believe, for good reason.

If and when it becomes a requirement here, as Erwin has already advised me, I expect to have my privileges revoked.  But, if I posted just any picture and name, how would you even know if that information was even correct?

I hate to reply to my own lost but there seems to be no way to edit or to add to a posting.

At the suggestion of a member at the AI Nexus Forum, I searched for, and located a corresponding conversations between two of my bots, proving Dr. Wallace is correct, at least in this instance. Someone had connected two of my chatbots in a conversation, which is a TOS violation at Pandorabots, but it wasn’t me, verifiable by the IP address.

knytetrypper.proboards.com/index.cgi?action=gotopost&board=Pandora&thread=2572&post=7949

Of course I meant “post” and not “lost”.  Please give us the edit or delete option so we can at least start over again.

Sorry for the lack of editing functionality, Thunder. Unfortunately, that’s not something that I have control over. As to the two bots talking, one wasn’t Morti, was it? I’ve actually removed my bot conversation scripts from public access, so I’m reasonably certain it wasn’t something I caused, but there are other folks out there with the skill to create a script that puts a pair of bots together for a chat. A quick visit to Ipillion with the offending IP address(es) can give some useful information about the culprit.

No, Morti wasn’t involved, and I already know the IP traces to Tacoma, Washington.

Merlin had an some interesting observations.

http://knytetrypper.proboards.com/index.cgi?action=gotopost&board=Pandora&thread=2572&post=7950

@David (Thunder Walk), Dave: we’ll repair the edit button asap, it’s to prevents misuse of the forums.

Another thing: I noticed I couldn’t change the p-r-o-b-o-a-r-d-s.com url (remove the dashes), because the URL is blacklisted by our IP system, so I had to white list the knytetrypper subdomain. That’s the trouble we’re facing today, as we speak.

I worked online using the training interface from 7 AM this morning until around 10 AM when it became unusable.  Pages timed out, I’d get error messages in the browser window when I tried saving the update file after making changes, I was constantly redoing things several times in a row to get them to take hold.  Eventually, I emailed Pandorabots about the problem and gave up.

I tried again at 3 PM, but by then, it was even worse.  I had a hard time just raising the splash page at Pandorabots, and could get no further without losing the connection.  I was also not able to contact any Pandorabot, mine, or those of other botmasters.

It looks like the DoS attackers are winning.

This is NOT fun. What happens to a friendly site like Pandora can happen to everyone. We should work together to fight DoS attackers.

The solution might be found in distribution: instead of hosting on a single webserver, use multiple mirrored webservers instead. Or better: ask members to hosts/mirror parts of the website.

Suddenly, networked distribution becomes our friends. What do you think?