|
|
| Author |
Thread Statistics | Show CCP posts - 8 post(s) |
Miilla
Hulkageddon Orphanage
52
   |
Posted - 2011.09.20 15:44:00 -
[1] - Quote
Kill boards are wildly inaccurate for depending information. I for one don't keep one but it exists because of the kills OTHER players post, however, still an incomplete and unreliable source of information, for example, I swear I have lost many more Cheetahs than it shows.
|
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 15:49:00 -
[2] - Quote
Azitek wrote:Othran wrote:so unless you can tell the characters on an account which you don't have the limited API key for, its leaked from one of them.  This is exactly what he's doing: creating a program that guesses massive amounts API keys. When it happens on one that's in use, it records what it finds. No leaks needed, just some dedicated CPU power.
So if he is abusing the API, and attempting to scan it for API keys, then he should be banned according to the rules no?
|
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 15:56:00 -
[3] - Quote
Adrenaline Reaper wrote:Azitek wrote:Othran wrote:so unless you can tell the characters on an account which you don't have the limited API key for, its leaked from one of them. This is exactly what he's doing: creating a program that guesses massive amounts API keys. When it happens on one that's in use, it records what it finds. No leaks needed, just some dedicated CPU power. He is not cracking the API keys, that would not be allowed as you have effectively hacked someone's account. But you are on the right lines, he is just guessing char ids and seeing if they work, its not even that compute intensive.
Scanning the API's by brute force SCRAPING DATA.
Reported for abuse and hacking :)
I wondered why the API was taking longer, it is probably him scanning it.
|
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 17:16:00 -
[4] - Quote
WIN for PRIVACY LEAKS!
Go CCP! |
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 17:22:00 -
[5] - Quote
So what was the point of having API Keys controlled by the CUSTOMER if it is being leaked all over the API surface.
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:27:00 -
[6] - Quote
Othran wrote:Given the amount of idiots who have account and character names the same it looks quite useful for a bit of brute forcing/social engineering accounts too.
So who's the muppet designer who ****** this up?
"Stay the course!"
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:32:00 -
[7] - Quote
Remember that Eve Developer Licensing a while back?
This guy is just going to screw it up for all the developers such as myself by now making the reality of Authorised Application Keys to being enforced on all API consuming Apps so CCP can identify applications that abuse the API and block them out.
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:33:00 -
[8] - Quote
malaire wrote:Tippia wrote:For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way. You can find it in-game, you can search by partial character name and try to find there "hidden" characters.
But then you actually have to log in and PLAY EVE.
This guy is bascially MACROING :)
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:39:00 -
[9] - Quote
malaire wrote:Miilla wrote:This guy is bascially MACROING :)
So what? Macroing outside EVE, using external applications and API is allowed.
Abuse of API is against the rules, causing a detrimental affect on the servers or game.
Infact you will see that there is a cache time on the server API responses, he is not adhering to that most likely.
In EveMon you will also see that there is a delay on the calling of API's, to reduded load on the server.
He most likely is not doing that.
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:44:00 -
[10] - Quote
CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.
So it is ok to scan the API?
CONFIRMED, get those API scanners going people |
|
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:46:00 -
[11] - Quote
Eve API is as secure as their email petition link replying system.
You can reply to ANY other person's petition IF you can guess the date and ID. I reported this one many times. Fell on deaf ears.
No authentication required. |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:52:00 -
[12] - Quote
CCP Navigator wrote:Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I suggest you refrain from confirming anything. the details of what is allowed with the EVE API is decided by the developers who work on that code.
This guy is obviously scraping the API charID's, that is scanning the API parameters.
YOU said he had done nothing "illegal".
Is it allowed or not?
Your post said it was. |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:58:00 -
[13] - Quote
CCP Stillman wrote:Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I just want to clarify: We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data. Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if an error is generated. |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:02:00 -
[14] - Quote
CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls 
So spread them over multiple proxies, API calls are lightweight on a proxy/VPN.
The API can be called from Amazon's Elastic Cloud VM's :) |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:06:00 -
[15] - Quote
Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:10:00 -
[16] - Quote
How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:11:00 -
[17] - Quote
CCP Stillman wrote:Miilla wrote:Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
I can't speak in certain terms, as the plans aren't done at this point. But does it make sense to me? Yes.
Which would also allow the API to be load balanced based on app and also a SHARDED API by having a "Pro" level developer license with "enhanced APIs" and a "FREE" API license with minimal APIs
Which would also make App certificate/key hijacking a reality to deny authorised apps access by abusing a "lock out" mechanism. |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:14:00 -
[18] - Quote
Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick.
Which is a concern as I am on a mobile internet and many times the API calls fail or partially completed due to connection drop outs.
That wasnt for Save jita was it? lol at least put a picture of a hulk contract that I sold for lulz. PS: Im never in jita. |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:21:00 -
[19] - Quote
Othran wrote:Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick. This is likely to become more of a problem soon(ish). Reason being its quite likely that as IPv6 (finally) gets introduced in Europe/North America the more likely that all the legacy modems/routers consumers have will be proxied through a gateway. For anyone in the UK, all your mobile phone stuff works like this - its all proxied and logged due to rules about under 18s, more to do with contracts than morality IMHO ;)
All ISP's are gateways.
It says I am in A location but infact i am hundreds of miles away from that location.
All ISP's cache (Squid most likely) and log and route out, not just mobiles.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:23:00 -
[20] - Quote
Squizz Caphinator wrote:Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API.
2) All information I've retrieved is publicly available somewhere.
3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous,
Squizz
Provide an opt out mechanism and you wont be ganked non stop in game.
EveWho-Squizz Caphinator-A-GEDDON! Comming SOON!
Quote:
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
Then you should get ZERO ERRORS if you are calling with VALID parameters. |
|
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:34:00 -
[21] - Quote
Karbowiak wrote:Squizz is using the EVSCO API proxy, and if ur interested in knowing numbers and statistics on the EVE API as we see it, have at it! ;) EVE API errors (how many errors we generate a day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_errors_php.htmlEVE API requests (How many requests we do each day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_requests_php.htmland if you want more stats then take a look here: http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve%20apiand http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve-killCCP are also welcome to keep a look at it, im sure you can use it for something. also, <3 Squizz
So IF we use EVSCO API proxy to generate a large number of errors, EVSCO API proxy gets the IP blocked.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:54:00 -
[22] - Quote
malaire wrote:Karbowiak wrote:Squizz is using the EVSCO API proxy, ... quite a few people who use our API proxy for various things (evemon for example)) So let me get this straight: Every bit of data I fetch with EVEMon, is fetched via service provided by EVSCO? So EVSCO gets to see everything I see via EVEMon and also keeps that data cached  Maybe it's time to stop using EVEMon then.. I never knew about such caching being used...
Yeah classic MAN IN THE MIDDLE sniffing :)
EVSCO probably have everybodies API Keys and Char IDs
LOL
Best scam ever. |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 23:10:00 -
[23] - Quote
CCP Stillman wrote:Miilla wrote:Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
I can't speak in certain terms, as the plans aren't done at this point. But does it make sense to me? Yes.
So a likely future direction of the Eve API.
1) Paid for license App certificate / key to allow full access API's or perhaps priority queued and full query capabilities
2) Free license App certificate / key to allow basic API's and perhaps a slower secondary priority access, after paid for apps have got their share of calls completed and perhaps even limited in number of queries or time between queries.
I can see managing those app certificates being very messy, especially when those certs have been compromised, and they will, if there is a tiered API service. |
Miilla
Hulkageddon Orphanage
57
|
Posted - 2011.09.21 10:27:00 -
[24] - Quote
THE END IS NIGH!!
NIGH!
|
Miilla
Hulkageddon Orphanage
57
|
Posted - 2011.09.21 10:29:00 -
[25] - Quote
I suggest EVERYBODY makes at least 1 call that generates an error using EVSCO API proxy cache :)
|
Miilla
Hulkageddon Orphanage
57
|
Posted - 2011.09.21 10:41:00 -
[26] - Quote
All this MAYBE ingame, so what, if they want it IN GAME, they can LOG IN to the game and PLAY THE GAME.
Not automate it, that is something we are always told, CCP want people to LOG INTO the game to PLAY THE GAME to get info etc.
|
Miilla
Hulkageddon Orphanage
58
|
Posted - 2011.09.21 10:48:00 -
[27] - Quote
DoooooooooooooooooommmmM!!! |
Miilla
Hulkageddon Orphanage
58
|
Posted - 2011.09.21 10:50:00 -
[28] - Quote
Karbowiak wrote:And with that last remark, i think we can call this rage thread for over.
Toodles o/
LOL no you are not getting away that easy.
|
Miilla
Hulkageddon Orphanage
58
|
Posted - 2011.09.21 11:10:00 -
[29] - Quote
BOYCOTT EVSCO!!!
Generate an ERROR protest :) |
Miilla
Hulkageddon Orphanage
59
|
Posted - 2011.09.21 13:51:00 -
[30] - Quote
CCP is the best scam ever.
|
|
|
Miilla
Hulkageddon Orphanage
75
|
Posted - 2011.10.06 14:33:00 -
[31] - Quote
EVERYBODY generate an ERROR API call on their proxy :) |
|
|
| |
|