search

NithishCodez / alexa-bot-api

A light weight [asynchronous / promise] based Neural Network [Artificial Intelligence]
6 stars 7 forks source link

You are breaking Cleverbot's terms of use #3

Closed paulexistor closed 3 years ago

paulexistor commented 3 years ago

Hello, The reason you had to fix your code a couple days ago is because we (the maintainers of Cleverbot) changed it to try and prevent your code from working. You are not actually using our API - you are hacking into an internal communication method between our website and servers. Our servers cost a lot to run so we need the revenue from people visiting the site and clicking the ads, or registering and paying for the official Cleverbot API (which is not expensive at all). Please disable this Github project and direct your users to the API. We will also contact Github and ask them to disable the project. Thank you, Paul (Existor Ltd)

NithishCodez commented 3 years ago

Hey, i do understand your concern, but its like not even hacking, Cleverbot's test API is like literally open for anyone to find with the dev tools, All i did in the script is visit cleverbot.com and save the cookie, then request to the test API that cleverbot client uses, I'll take this down sure, I don't want to worry any of you, I do understand it costs alot to run the servers, But look, I'm a 16 year old kid, and If i can crack your system any experienced engineer can, I kindly request you to make it much more secure

I'll take down the project, or just update it to another API in few hrs

Thank you, Nithish Pravin

On Mon, Apr 19, 2021 at 4:08 PM paulexistor @.***> wrote:

Hello, The reason you had to fix your code a couple days ago is because we (the maintainers of Cleverbot) changed it to try and prevent your code from working. You are not actually using our API - you are hacking into an internal communication method between our website and servers. Our servers cost a lot to run so we need the revenue from people visiting the site and clicking the ads, or registering and paying for the official Cleverbot API (which is not expensive at all). Please disable this Github project and direct your users to the API. We will also contact Github and ask them to disable the project. Thank you, Paul (Existor Ltd)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Major-Thrust/alexa-bot-api/issues/3, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARFYO4HMXGAZKWRZTQQ6Z23TJQB2FANCNFSM43FRZB2Q .

NithishCodez commented 3 years ago

Also I'm really sorry for making you guys work on this to prevent my script from working, sorry for everything happened

paulexistor commented 3 years ago

Hi Nithish,

Thank you for your reply and for removing the project.

Maybe it’s not hacking, but it’s very clearly against our terms and conditions.

And it’s very difficult to protect Javascript applications like Cleverbot. I’m not a security expert, and we don’t have the resources to hire one. So you’re right, any experienced engineer could crack it, though most would know it’s a pretty crap thing to do.

Thank you anyway, Paul

On 20 Apr 2021, at 12:57, Nithish Pravin @.***> wrote:

Hey, i do understand your concern, but its like not even hacking, Cleverbot's test API is like literally open for anyone to find with the dev tools, All i did in the script is visit cleverbot.com and save the cookie, then request to the test API that cleverbot client uses, I'll take this down sure, I don't want to worry any of you, I do understand it costs alot to run the servers, But look, I'm a 16 year old kid, and If i can crack your system any experienced engineer can, I kindly request you to make it much more secure

I'll take down the project, or just update it to another API in few hrs

Thank you, Nithish Pravin

On Mon, Apr 19, 2021 at 4:08 PM paulexistor @.***> wrote:

Hello, The reason you had to fix your code a couple days ago is because we (the maintainers of Cleverbot) changed it to try and prevent your code from working. You are not actually using our API - you are hacking into an internal communication method between our website and servers. Our servers cost a lot to run so we need the revenue from people visiting the site and clicking the ads, or registering and paying for the official Cleverbot API (which is not expensive at all). Please disable this Github project and direct your users to the API. We will also contact Github and ask them to disable the project. Thank you, Paul (Existor Ltd)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Major-Thrust/alexa-bot-api/issues/3, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARFYO4HMXGAZKWRZTQQ6Z23TJQB2FANCNFSM43FRZB2Q .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Major-Thrust/alexa-bot-api/issues/3#issuecomment-823214086, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF6ZGBY77BFZ4JUV3TRKHVLTJVTZ3ANCNFSM43FRZB2Q.

paulexistor commented 3 years ago

Hi Nithish,

Thanks for the apology. There is a cost - a few hours of our time

The project is listed in several places like Skypack and Npmjs - maybe they all link back to GitHub, but please remove them.

Thank you, Paul

On 20 Apr 2021, at 13:10, Nithish Pravin @.***> wrote:

Also I'm really sorry for making you guys work on this to prevent my script from working, sorry for everything happened

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Major-Thrust/alexa-bot-api/issues/3#issuecomment-823222258, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF6ZGB6L75LINXN3WPRSEILTJVVNDANCNFSM43FRZB2Q.

NithishCodez commented 3 years ago

I'd Recommend routing through Node JS instead and use ejs to prevent the vital scripts from being read, That can make it secure :), I'll remove the package in a hr

paulexistor commented 3 years ago

Hi Nithish,

I’m not sure what you mean about routing through Node JS?

I would be interested to know how you obfuscated your code though - we just a simple JS compressor at the moment.

Kind regards, Paul

On 20 Apr 2021, at 13:21, Nithish Pravin @.***> wrote:

I'd Recommend routing through Node JS instead and use ejs to prevent the vital scripts from being read, That can make it secure :), I'll remove the package in a hr

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Major-Thrust/alexa-bot-api/issues/3#issuecomment-823228248, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF6ZGBY6ZNACEDVCROAN22DTJVWS5ANCNFSM43FRZB2Q.

NithishCodez commented 3 years ago

I didn't do anything big for obfuscating it, I used couple online obfuscators plenty times, I obfuscated the same code for more than 100 times that made it almost impossible to deobfuscate, The tools are: https://obfuscator.io/ and https://www.javascriptobfuscator.com/Javascript-Obfuscator.aspx

NithishCodez commented 3 years ago

also routing through nodejs, I meant use express to serve ejs version of cleverbot, it will make it almost impossibel to crack the system

NithishCodez commented 3 years ago

also routing through nodejs, I meant use express to serve ejs version of cleverbot, it will make it almost impossibel to crack the system

NithishCodez commented 3 years ago

You're welcome

insomnia-creator commented 3 years ago

noooooo but what about my discord bot 😭 nooooooo i use your api cuz im broke!11!11!11!

NithishCodez commented 3 years ago

hey dw man, I'll update it with other api, :)

insomnia-creator commented 3 years ago

ok ty when will it come?

WallopingEwe commented 3 years ago

I just installed this last night and itś already being yoinked

WallopingEwe commented 3 years ago

Maybe ill just attempt to do my own

NithishCodez commented 3 years ago

Fulfilled! Closing issue