Updates from the Repl.it team about the product

← Back to all posts
Banned abuser
amasad (2065)

You all may have seen that someone has been going around posting unsavory content (to say the least) to various apps and challenge entries.

With the help of @TheDrone7, we've been able to locate the abuser and ban them from the site for life. We also have all his information and IP address and if the person in question were to return we'll be escalating to the authorities.

I wanted to share this publicly so that:

1- you know that we don't tolerate behavior like this
2- you secure your apps and websites preferably with Repl.it auth (which allowed us to catch the attacker)

Read more about Auth here: https://repl.it/talk/learn/Authenticating-users-with-Replit-Auth/23460

Commentshotnewtop
LittleNomster (108)

Rawr!! Go Admins!! <3

LittleNomster (108)

@Zavexeon omg yes, am stuck in a group home atm so i cant get on discord it blocked, no phones, life sucks, just me and my drawings is all i have

Zavexeon (976)

@LittleNomster Aww... sorry to hear about that. If you're ever feeling lonely feel free to invite me to a multiplayer repl and I'd be happy to chat with you there. :3

I hope things get better for you in the future.

eaz (7)

@LittleNomster if you really wanna get on discord, it should be possible to access discord through a web proxy.
ive only bypassed a discord block using a standard system-level proxy, but id definitely be willing to cobble together a web proxy in the name of free speech

rediar (239)

@eaz is there a tutorial on proxies?

eaz (7)

@rediar uhh i kinda remember someone saying they were going to make one, but i dont actually know who or if they actually made it

LittleNomster (108)

I know i used to use tor browser, but its kinda hard to not get caught in placement

LittleNomster (108)

although i should be able to get away with a repl

eaz (7)

@LittleNomster i have some experience getting away with social media in extremely locked down environments, that id rather not elaborate on here.
by the way, there are web interfaces to at least some areas of discord made by repl.it users, some of which should be barebones enough to not look like discord and which should bypass the firewall.
edit: the most well-known one is discross (https://discross.digital/) but it requires that you have a discord account
however, if all you need is a non-suspicious chat that relays to discord servers i have admin in, im more than willing to set up a bot for it

LittleNomster (108)

@eaz discross doesnt work, i login and get a square

eaz (7)

@LittleNomster discross doesnt want your discord username and password, they want the name and password you get from linking your actual discord account by sending the bot a message with your actual account
i actually just switched tabs from programming a system that once complete will allow users to talk in specific discord channels without a discord account at all

eaz (7)

@LittleNomster ive finished the basic system; register at https://static.eaz.repl.co/altruischat.html and ill add you to a channel

codergamer420 (135)

Lets go first we ban the abusers and next we ban racism >:). Coding will solve the worlds problem. #BangladeshianAmericanCoders

CodeSalvageON (333)

@codergamer420 Well you see, hatred really can't ever be "banned" per say, but it really depends on what your version of racism is. My definition would be that racism is when someone is dehumanized because of their race. It is indeed a vague term, and of course, it would be hard to "ban". I do agree that it is bad. On my websites I do see the N-Word sometimes(I embed Google Documents onto them for a little interactivity) but I have not removed them because of my shear laziness.

codergamer420 (135)

@CodeSalvageON well actually, i see ending racism as one of my biggest code goals, and method i view ending racism is through changing the view s of everyone so they arent racist through extremely beautiful code. You do not have the pakistanian spirit that is needed to fight racism. #brave pakistna code

DJWang (1010)

Thank you @amasad and @TheDrone7 for taking care of this!

PDanielY (726)

Will you share who did iy?

[deleted]

@PDanielY I'm wondering the same too, so I can pursue my own "route of justice" on this kid.

generationXcode (33)

@sanjaykdragon he/she might be older than u... But even I'm curious

eaz (7)

@PDanielY i imagine they dont want us all mobbing whoever it was

PDanielY (726)

@eaz But how? The person was banned from repl.it and if they are in the discord server probably banned there

eaz (7)

@PDanielY like @sanjaykdragon said they would
"pursue justice"

[deleted]

@eaz man it sure is odd how someone who is inactive for months at a time suddenly comes on after a spammer gets banned

eaz (7)

@sanjaykdragon what, you accusing me? are you not in the repl.it discord?
im just not active on repl talk cuz i use discord for talk
(and im active there)

wikiworld (4)

was it @jellyface I think he was faker some guy posted bout it

amasad (2065)

@wikiworld jellyface was banned earlier for plagiarism and vote farming.

wikiworld (4)

@amasad what he plagiarises I
would love to see how cool the original version was!

[deleted]

the banned user is @haltosan

roylatgnail (770)

@sanjaykdragon How did you find out who it was?

[deleted]

@TaylorLiang
EDIT: this link does not work:
http://dolya.me/CHANGES.txt

go to https://repl.it/@Zavexeon/dolyame
and check the public folder, and CHANGES.txt

bossotron13 (65)

@sanjaykdragon You might want to remove it, people might actually login the phishing site.

[deleted]

@bossotron13 how is it a phishing site? what? this is a project by someone on this site

bossotron13 (65)

@sanjaykdragon So why did u link it if the person asked “How did you find out who it was?”, i though it was a phishing site because it asked for my username and password for repl.it.

[deleted]

@bossotron13 oh ok, you can just read CHANGES.txt in https://repl.it/@Zavexeon/dolyame
its in the folder called public

TheDrone7 (778)

@bossotron13 It's not a phishing site LMAO, we just make a request to repl.it to verify the user and get their Email ID, username and avatar icon. It is open source to let those who worry that their credentials might be stolen know that their credentials are as safe as they can be.

Also, it's trust-able enough to win the entire Massively Multiplayer Hackathon.

TheDrone7 (778)

@sanjaykdragon It's supposed to be https://www.dolya.me/CHANGES.txt The www is compulsory if you wish to directly access one of our static files. As when you visit the regular link i.e. https://dolya.me we just have a permanent redirect to https://www.dolya.me irrespective of path. We had to do this because repls can be linked to only CNAMEs and most DNS Management services don't allow CNAMEs at root level so we choose www to be the CNAME.

bossotron13 (65)

@TheDrone7 ask i said in the post above, I though it was phishing because i had no context.

AdCharity (1110)

Hopefully we got him... but literally 20 minutes ago a similar person just defaced the meme.me project with a bunch of nsfw and ours just got spammed with troll/hacker faces...

Zavexeon (976)

@AdCharity That's odd. Ours was never hit, at least not yet. Our rate limiting should stop botting, though.

AdCharity (1110)

@Zavexeon yeah I shut down green scale permanently. We're moving it to node.js now

rediar (239)

@AdCharity It may be a copycat attack.

MatthewDoan1 (312)

@AdCharity What was GreenScale using originally?

amasad (2065)

@MatthewDoan1 it was all static and html and no backend so hard to secure.

Eventually we want to repl auth work on frontend too but that's gonna be sometime.

AdCharity (1110)

@MatthewDoan1 well it used html, css, and js (which was bad because it exposed the firebase key and relied too much on the client) and built on top of brain.js (for text classification for the environment) and firebase (for the database). I guess you could read the essay we wrote, but that's pretty much it.

MatthewDoan1 (312)

@AdCharity You wrote an essay? Where is it?

Also, why not use a .env file for your database key?

AdCharity (1110)

@MatthewDoan1 well the original post (its actually pretty long). btw i don't think you can access environment variables if it isn't node.js (which is where our project is transitioning right now)