I have also thought many times that those stuff shouldn't require an authentication. Sometimes when I want to see the "online players" by the website and it asks to log in, I feel like "fuck it, I don't want to see them now". It's kinda annoying.

Also, I think it's not 'cause of "security matters" that they added it. I guess it's just some strategy to indirectly force users to create an account, or in case you already have one, it forces you to log in as a way to increase the forum "activity" and make it look less empty.

Indeed it's a strange request, you should instead ask permission and mention your purpose first to the server owners and developers.
Seems you are kinda new to making bots, for me it's amazing to create bots as well! (i just don't have money to host my own server like you), not saying too new but i'd say amateur, since you don't really think yet about some impacts from it. Well that's okay because you are new to here, perhaps you are already good on other stuff, but not the implementation here, but it does not really a matter if you are new or not, so let me just share my knowledge.
From what i know, the Live Player Map updates at frequent rate which updates every 2 minutes than Live Stats page (not Detailed Player Stats Page which requires authentication) that updates every 24 hours, comparing to the data size, live player stats gives fewer data than detailed player stats page, so the process is not really expensive. Now about the Live Map stats, the amount of data is relative to online players, it displays the player id, level indicator (brown unregistered, blue registered, green tp, yellow admin), the x,y coordinates. Now about the method to link the player data from sa-mp server to web server, i think it would be possible from using (ordered from worst to best): file function, database function, HTTP callback function, or plugin. I don't really know which method is used on gamerx gamemode, but if it's depending on file/database, i'd suggest you better not hope for that idea to happen. If it was using the built in HTTP function on the gamemode script, it would lag the server (gamemode script) as well since it updates frequently, and bots might spam request on the server. Plugin might be OK, as long player count is low or maybe the update frequent is lowered. But anyway lowering the update rate means it's no longer a "live" player map, like the current "live" player stats page. Or you could just make a bot to login to forum to get the cookies and access the page where you have to re-log after every 12 hours (see below my explanation to Lorsimon).
I'm saying this on the normal basis, if it was some naughty bots to spam the request and annoy the server process. If you still think that security is just about hiding secret data, then try to learn more.
I know you dont mean to update it that much, but still you'd have to ask permission from server owners & developers for that. Unfortunately GamerX doesn't provide us an API [ https://en.wikipedia.org/wiki/Applic...ming_interface ](which is the best solution of these all) with secure system that would share data to 3rd party like you.
Now why there is no robots.txt in GamerX web? Probably the login authentication is enough to prevent bots, since some naughty bots can always ignore the robots.txt permissions.
https://en.wikipedia.org/wiki/Robots_exclusion_standard


So far, web crawlers that online right now in this gamerx forums and are identified with these:

• Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) - The Microsoft's Bing Search indexer (good)
• Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) - The Google's search indexer (good)
• Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) - The Yahoo!'s search indexer (good)
• Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/) - the Ahrefs webpage indexer? (i don't know, maybe this is for page rankings, good)
• Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html) - the Baidu's search indexer (good)
• Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) - no idea what is this, probably for RSS index and search too (good)
• Mozilla/5.0 (compatible; linkdexbot/2.0; +http://www.linkdex.com/bots/) - i don't really know, but it says for profiling web pages (good).
• xpymep.exe - not sure, probably one of naughty bot

And these bot are not just one, there are like 4 google bots online at same time viewing different pages.
If you are wondering why they are having prefix "Mozilla", read https://en.wikipedia.org/wiki/User_agent and http://webaim.org/blog/user-agent-string-history/

I mean, ofcourse, forum moderator/adminstrator can maintain if the user is a naughty bot and block their access...

The webpage uses the cookies that was given by the forum to your browser, please don't just expect a free cookie without doing something (logging in), if you are in your personal computer, you could always tick "Remember Me" to keep you logged in for longer time that expires about 12 hours as i see in my browser option, might be different in forum options as i have no more access to that.
This way is much better than having a separated login session cookie where it would ask you to login both from website and forum, instead the gamerx web developer integrated it with forum cookies beside reducing the data needed to store separately to single data which depends on forum database, and also makes easy for user to just login one time.
More information about cookie (as it is not in /cookiehelp, thankfully Wikipedia has article about it): https://en.wikipedia.org/wiki/HTTP_cookie

Yet, even cookies are getting an trending topic about security and privacy in internet browsing, recently the EU Commission again starts mentioning about the Cookie Law, many articles from another websites says it's stupid, https://www.cookielaw.org/the-cookie-law/
From my own observation as i asked some players from EU countries if they know about cookie law or not, most of them don't know about it, some of them noticed of sites popping up message "This website uses cookies!" notifications but they don't really care about it either.
And ofcourse it's for security matters, those who browse the websites are not just human, but also a bot, requiring the user to register lets the web administration gets easy, since they know it's a human, and can always revoke the right to access (banning). Humans can evade that too, but they would mind and think when registering, a bot could do it in just a second for their purpose, either it's good (indexing for searches like Google, or archiving/back-up web page historically like Internet Archive's WayBack Machine) or evil (like email address harvester, spam ads bots, and DDoS-er).
Why would it be a strategy to force users to create an account? Logically, the lower visitor/user online on the website would be good for server traffic and bandwidth. Or if it's really a strategy to make the forum seems full, why not just GamerX makes bots online? (Don't tell me because bot can't post, they can post as long they are scripted/instructed to do). Maybe VBulletin has no restriction on that (CMIIW), but SA-MP does mention about using bots/fake players (not real npc) to show fake player amount data on sa-mp server browser (https://www.sa-mp.com/service_agreement.txt for point c and g), however i'm sure the server host, OVH does not allow use of their server infrastructure/resource for such thing. Just one point to remember about publicity, free and open is not the best of everything.
Afterall, i agree on an IRC bot developer words saying which makes sense comparing to Web Browser and Web Crawlers.

IRC bot is different case, IRC.tl does allow IRC bots, and also GamerX Echo channel policy about recording the data is fine too, as long you don't interact with users from that channel or even make contact with GX- echo bots, which you didn't is perfectly fine like how for other irc scripters in gamerx since the abuse can lead a ban by channel operators. System is ready, rules are ready, admins are ready too, but different case for web.

If you have idea regarding to that, you can always suggest it no need to make the hack by yourself (like hosting it from your own money).

Conclusion: A login/authentication is required to prevent abuse of that web page, or an uncontrolled access. for either a web user (human) or web spider (bots). There are some permissions to some data which public can't request/access at all time to make sure the server process disturbed.

So i'm against with your idea, but i explained alternative solution if you agree so, you'd have to make agreements with the server owners & developers. Otherwise just suggest your idea directly.

All of the references:
https://en.wikipedia.org/wiki/Authentication
https://en.wikipedia.org/wiki/Internet_security
https://en.wikipedia.org/wiki/Information_security
https://en.wikipedia.org/wiki/Web_crawler
https://en.wikipedia.org/wiki/Robots_exclusion_standard
https://en.wikipedia.org/wiki/Applic...ming_interface
https://en.wikipedia.org/wiki/Web_API
https://en.wikipedia.org/wiki/Web_browser
https://en.wikipedia.org/wiki/HTTP_cookie

Sorry if i get wrong information, bad statement, or post too long/hard to understand, i always try to get valid references (even you can always deny that) and see from many different aspects before getting bullied again. I mean, seriously, read it all again, as I'm not going to repeat, instead i'd delete my post than getting ashamed of or forced to quit contradicting, i was never mean to/have intention to be against everything after all, i give alternative solution which supports it too, so read again. Feel free to request me to delete this post if so.

I know it's easier to administrate if they register an account since you can ban them and all that, but the point here is why there would be a need to have an account to check such simple stuff like online players (it just makes the process annoying when you just DON'T WANT TO LOG IN). There shouldn't be a need for an account to check those features; it should be accessible for everyone at any moment no matter if they have an account or not.

About the strategy thingy, what's better, having a forum where only 4 players log in (you could understand logging in as "activity") or a forum where at least 20+ people log in per day? Even if they don't post or anything, it clearly makes the forum look less empty and "off", which makes the users feel more comfortable and stuff. It's a subjective/phychologycal thing. It's not good for the server to have bad activity statistics. It's clearly good for the forum if there are more registered players, people who log in, and all that.

And by the way, I clearly said "I think" in my first post. I'm not pretending that this is totally true. It's just a supposition. Actually only the ones who created this page know the answers. What I said perfectly makes sense for me, and I would actually do it as well if I had a site. Just to increase that "subjective activity" since it does help.

About creating bots for this, nah, that would be too nub from them to do that.

Because of possible BOTs omgggg i explained this arghh... *calming down*
I know it's annoying to login, but it's really made simple like i said before, you just have to sign in to forum, no need to sign in to website, and you can always tick that "Remember Me" to make you keep logged in for 12 hours or until you sign out.

It's NOT to be accessible at any moment, this is not matter of they have account or not, this is matter of how the sa-mp server that runs within an abstract machine (or "virtual machine") called PAWN, an Embedded Language, a very old one also (as used in sa-mp), runs in a single thread i guess? http://www.compuphase.com/pawn/pawn.htm
showing how it's intended to be used for simple and small thing without using a large number of memory and fewer process/calculation from CPU usage. Okay accessing that webpage is not really complex thing, but here again i mentioned, the number of visitors on website is not really limited, and if it doesn't require you to login, then it would be possible to have more visitor. In fact the visited page is not a static one, it's dynamic page that changes and need process every 2 minutes and it depends on the amount of online players there (that's why i said relative)
What is thread? No i don't mean thread or topic in forum, it's one of Parallel Computing method. Well i'm not going to make confusion about differences of Thread, Process, Multi Core, i'll just explain about parallel thing.
Actually it make sense for forum why it is called thread because it is a parallel topic, and not all same topics (what we are talking about) being made in one thread, but in reality of sa-mp script, it is like that.
Why do you have different thread for different topic, well it's to make it easier and faster to understand the topic, imagine all of this forum topic in one thread, you would have a very long time to understand the topic you are looking for. But unfortunately, in sa-mp it's like that... all the system and features, from admin, database, commands, anti-cheat, etc, all happening in one. Strategy for sa-mp scripters is to make their script more efficient so it does not need to do useless process, or use a plugin to extend more resources so it is not causing lag to other system. It's stupid for them if they write a code that is mainly to process webpages using PAWN script, imagine the lag unless you can run multiple pawn virtual machine in multiple processes (that's like opening alot sa-mp server).
Visitor of sa-mp server might be limited to 1000 players, but visitor for websites could be more than 100 000 depending how powerful is the server, still it's equivalent thing if web server can handle 100 000 web visitors, then the server can run 100 sa-mp servers of full 1000 players at same process rate and resource usage.

Really like i mentioned to Discoloured frog before, it's OK if the method used was using Plugin, this extends the ability to use more power of server higher and faster comparing to a PAWN script. This is design matters, i don't know which one (from the possibilities above) and how it's used in the server, like i said he need to ask permission from server owner & developer and can confirm to them as well.

Even though if the action was looks like an abuse for example Denial of Service which is intended to waste server resource and annoy traffic and bandwidth, the OVH has protection to block them automatically. It's not always effective, it's just like the last shield which is intended to not confuse a huge amount of normal traffic (like alot human visitor on gamerx web) with a not normal one (bot/malicious visitor). That's up to the server developers to design another layer of shield/security.
But here again, i know he is not having such evil intention, but removing this authentication means allow anyone to do the same thing who could be also evil.

Well even it's not totally true, still it doesn't make sense.. If it was intended to be like that, the forum would require you to use "Remember Me" which lets you to login longer time for 12 hours, because it's possible that the user is forgot to logout after they are done. So while the user forgot to logout, while they have went to sleep for example, their forum name will still show online until the cookie expires.
And also i mention about the bandwidth thing, the lower number of visitor, the faster that web server process the page and loaded faster for online user.
Well i know that gamerx is not really having problem with high number of visitor (this is talking about forum, not that sa-mp map) as the host has almost unlimited bandwidth (as in reality it can always be filtered/blocked temporary by ovh).
And how about the Forum "Invisible" mode available for all registered user in General Options that says:
If the forum allows the user to do that, does that mean the forum still require you to appear "active" and "online" in forum? That hidden user only visible to logged in forum moderators, and not other visitor. So far, no one has getting trouble that they get punishment because they set "invisible" mode to on. If everyone is using this invisible mode, so the forum will look empty right? Except those Web Crawlers and Bots as i mentioned above who appears as Guest, they are like 50 of them and then what? would they blame the forum admin for letting all users to have this invisible mode? Oh and please don't say that i (as forum admin) just enabled it as i am protecting my arguments, haha No. You can ask few used who has used this for long time, one is xcell/rank100 he used this invisible before for long time before he is a TP as i observed. Feel free to confirm it to them. In fact i have no longer access (some limited administrative right now) or i don't even know if there is option to enable/disable that for user even since i was having that less limited admin right.

And what about like i mentioned before, about separated Login:
What if the login was separated, you don't have to login to forum (so your theory about forum activity is wrong), but still it require you to login to web site, right? Where on part of this website now that showing statistics of how many users online and who are online right now? Just forum right?

If you had a site, you would consider of spending more money to upgrade your website to allow more bandwidth before doing that subjective activity. But as i'm aware of, it's not something Matite/server owner & developer (either it was a design from old web developer or Matite) wants you to login because of the reasons i mentioned above. I am not the developer here, but if i was, i would still keep the user to login as i mentioned about the impact regarding to bots above. I hope you didn't ignore my point here:
And again about this:
Do you ever ever wondering WHY some other websites require you to do AN ANNOYING CAPTCHA, AN ANNOYING PIN/DOUBLE LOCK AUTHENTICATION (to verify from mobile phone, email, etc), While you already logging in with your username and correct password? I'm asking you, is it to make their website more active and not empty??
These are why a "Single Sign On",
then a longer cookie time from "Remember Me, Keep me Signed In", "Auto-IP Login" was made for, this is mean to make it easier and secure, not to make you hard to login. So far the technology of website right now does not allow you to Login with Fingerprint, Face, Iris, eye vein scans/recognitions or any Biometric authentication yet, which would be perfect for every lazy people and is also more secure. Well there is probably a small amount use of this technology on website as it's expensive (although it's still insecure as it might be faked).
The topic about this: https://en.wikipedia.org/wiki/Author...ccess_control)
And for the reason, i explained it all above.

Yea of course (explained already).

This is just show how useless i am writing such essay or how stupid i am at explaining to some people that can't understand yet so i need to repeat a few point deeply, like i said before, i better delete my post soon. Well but sorry if some of my points are wrong, you can correct me if you are expert on this, since i'm still studying about Information System.

Well for discolouredfrog, like i explained before, maybe you now understand (since you have experience about that), the last decision however is up to Server Owners & Developers like i mentioned to you.

I have tried this before, but now days it is not easy to get hold of them, and like them I am also busy. I considered it easier to make this thread to get their attention instead, but I don't want to give out too many details of what I am working on via this public thread because I want to reveal my work later once I have completed it. I would be happy to discuss my work in private.

I am actually not too new at creating bots, I am aware and capable of estimating some of the impacts and practicalities of my work, but I really thank you for sharing your knowledge with me, more knowledge is always helpful and no doubt you have thought of certain impacts I haven't considered and vice versa. I love bots, and I'm glad you do as well.

Whilst it is relative to the player count, the information per player doesn't seem to be a lot, and so the performance in my mind wouldn't be impacted much by player count, unless it was a drastic difference like 10 players or 200 players. It is true that the bot would be required to access the webpage every 2 minutes, which might be costly. However, considering the webpage updates every 2 minutes and isn't "real time", I'm guessing that it is grabbing the information from a file or database and not directly from the gamemode, so it shouldn't impact server performance much? The developers would know the impact better than I, but from how I can imagine it's been implemented, the cost would be minimal.

I agree, an API would be great, but I doubt Rick has time to implement this. I also suggested to Rick once that he implement OAUTH, an API that allows third parties to gather certain bits of information stored in the servers database (only data which would be granted access by GamerX). Rick said that it would take a long time to implement, and I can understand that the need for OAUTH is only very small by me and maybe a few other enthusiastic programmers so isn't worth the implementation time. If an API was to ever be developed by GamerX (Which would be amazing - though unlikely), please let me know.

I wasn't aware of the Robots Exclusion/Inclusion Standard, this is an interesting source, thanks for this.

This is also an interesting source, thanks.

It is true, it could be developed internally by Rick, but chances are he is busy implementing more important things. Also, I do programming not only for my work, but also for my hobby, so hacking together useful tools is always fun for me, and helpful to the community at the same time.

I appreciate your feedback. Regards security, I don't consider the data on the webpage to be confidential, abuse by robots isn't really a concern in my mind, though again this is for you and the other management/owners to decide so I respect that. In terms of server impact, that would depend entirely on how the Live Map is implemented, something I can only speculate about.

Thanks again for these sources, very helpful, and you certainly know what you're talking about.

Might be nice for you to summarise in a short paragraph what your alternative solutions are again, since your post is very long and covers many topics. Though from what I understand, you suggest I either suggest it to Rick to implement, or add login capabilities for my robot so that I can access the webpage through my DiscolouredFrog account?


You two have posted more replies since, and i haven't had a chance to read those later replies yet. I am busy and must go, but I will read and reply to your other posts soon (yours also LorSimon)! Thanks.

I'm not saying that you are new to making bots, but you are new on implementing your codes here in gamerx so you need to know how the things works in gamerx server.
The impact itself is not mainly on the website, it's on the sa-mp code that links it, i've explained it so well above. It seems to be the only way to get data from sa-mp script, but the script itself is not intended to do high works as web server do as it's kinda old and weak. Again, i don't know which method is used, so you can confirm it to Matite/Rick.

Yes i do agree Rick is Busy, but there are actually some weakness in the gamerx server which i can't expose it (and so that's why it's up to developers agreement). Like i said before in my post, for now you can just make the bot to login into forum first and collect the cookie (means you have to register the bot account and settings manually). Don't use your DiscolouredFrog main account to avoid unexpected events. The cookie expires after 1 year of login time (as i explained before), means you have to run the re-log code after that expire time. And what would be problem is i don't know exactly how to check if the cookie you have already is valid for your forum account login session. You can try to run the code to check the page again if it still asking for login and then run the code for re log.

The forum login page is here: http://gamerxserver.com/forum/login.php?do=login (if that redirect you to forum index, just click "Login" button in the top of page with blank username and password)
Fill the form fields (username, password with MD5 hash) and send/submit request with POST method to address above, and then store the cookie output.
You can view the source page of the link i gave above to inspect how the login form works. Or you can google with keyword for example "vBulletin 4.2 cURL login" (in case you are using PHP) to see some codes that other people have made.
As you noticed it does not uses https so you don't have to add extra code for SSL verification.
Make sure you name your bot User Agent to include your name as well so we can track your online session if in any case the account logged out.
And again, please consult with Matite/Rick as soon as possible if they allow you to do this.

Implement of server API is however a thumbs up from most programmer/enthusiast, it is also one of my hobby too, just so far i don't have money to host a server or even making algorithm to parse the webpage DOM which is difficult for me, an API is much easier and reliable.

The main reason why i say it's better to suggest the idea to the developers is because if a work can be done internally in the server, why do it must have to be done from a bot?

So yeah, adding login capabilities is the only possible way for now. But again, removing authentication is likely not going to happen, that's up to owners & developers though. Sorry for a non brief paragraph.

EDIT: After crosscheck, it seems that the vbulletin login cookies by default expire after 1 year not 12 hours if "Remember Me" is ticked, this cookie store the username and password to re-log automatically and separated with session cookie. The online session ends after inactivity automatically (probably after 1 hour) or after you close the session (in user case, closing the browser).

Lol. Why do you always go so emotional on suggestion stuff? Just calm down lmao.

The last quote makes me think you're insinuating that I am a dumb who can't understand about this? Well, if you mean that, I am trying to avoid words which can offend people, but since you seem to be so agressive towards me for apparently no reason (at least your wording makes it clear), then I am going to go ahead and tell you that it's not that I can't understand informatic stuff, it's just that your english is so poor that it really makes things harder to be understandable.

However, thanks for your time and your words; I guess you're right and it might be a way to avoid bots. Still doesn't completely makes sense for me, 'cause there are bots to create multiple accounts here, which makes it useless for those cases.

And you don't need to delete your posts by the way.

Okay thanks for clearing that up, now I understand.

As you say, we'll have to confirm with Matite/Rick (hopefully soon), though I was hoping that they would have implemented it in such a way that the website would not impact the samp server. The only thing that suggests to me that the webpage load may in-fact not affect samp server performance is the fact that the webpage updates every 2 minutes, so data is being stored and not retrieved directly every time presumably? It would be interesting to know whether that page load would impact server performance or not.

Okay great, I still think my suggestion should be considered, though I will try and implement an auto-login feature for my bot (once I get permission to make it - I may however start development now, as a proof of concept and to make sure I can get it working as intended). Okay I won't use DiscolouredFrog account, you're right it's best to create a new account for it. Interestingly, whilst I have made webpage bots before, I haven't made one to deal with authentication, so this will be a first for me also.

Thanks for your suggestion on implementation, I will look into this very soon and start development (as proof of concept for now, as mentioned before).

I will be sure to name my User Agent appropriately. And yes, I will try and get in contact with Matite/Rick soon (maybe they could reply to this thread?). As mentioned before, I will probably begin implementation tonight, but I won't actually start using my bot properly without your permission. I haven't done auto-login for a bot before, so I am starting implementation now so that I can get it working.

Maybe GamerX developers and other programmers should discuss the possibility of implementing an API sometime, it would certainly be something to promote the quality of GamerX, and would be a unique feature which not many samp servers would be able to boast about.

Again, I can understand that and respect that. If the ideas I had were proper, I would suggest them for proper implementation in the server... though the ideas I am suggesting are not of much important, and is also a fun project for me that will allow me to learn more about making bots and interacting with and interrogating webpages. Therefore I have decided to go ahead and try and do it myself externally instead.

Okay, thanks again for your help, I will look into adding login capabilities. I still stand by my suggestion, though I can understand if authentication remains. It was just a suggestion, and without knowledge of how gamerx works, I can only make suggestions based on assumptions.


I would prefer it if you guys didn't go off topic. I value your feedback and I'm grateful for both of you guys sharing your thoughts on the subject, but now we're going off topic and making things more personal.

Neither of you should delete your posts, both contain useful information for all readers.

Thanks again guys. Regards server performance; most things said by Robo are based on assumptions (as are mine and LorSimons), so I will stick by my original suggestion and say that removing authentication is a good idea. However, neither side would know exactly how the server would be impacted, we'd need confirmation from the owners. Maybe Robo is right, and performance would be an issue.
I will look into adding login capabilities for my bot, until this authentication suggestion has a conclusion. (I will not start using my bot until I have permission to do so).