Cookiebot distributed cookies amongst other things. It provided the maplink command, and cookie cannons and cookie bazookes etc etc

I became interested in building a chat bot for the new lobby server built for the spring engine to arrange and host games between players. Nobody had written a bot for that protocol before save for Chanserv, a java bot created to manage private channels for the server providing channel operators with commands such as !lock !mute and !kick.

Initially cookiebot was a modified Chanserv, but this was problematic due to the poor architectural design of chanserv leading to excessive cpu usage. A rewrite of the bot using a new design yielded vast improvements and a greater understanding aswell as a true claim to an original code base of my own.

As I began to experiment with the bot I added numerous features, most of which were novelty and intended as a joke. The !cookie command became one notorious command. Users would have cookiecounts and I would hand out cookies using the !cookie command. A league table of who had the most cookies was put up, and those who behaved badly would be atatcked with ‘cookie weapons’, phrases and messages telling a whimsical story of how xyz fell down a neverending well and lost 5 cookies while he fell, or was blown up by a cookienuke and his cookies got stolen.

Another feature that was added was the !maplink command. This command would send the user a download link to the requested map, and became one of the most used features of all the bots of the time.

After a time, a new feature was introduced. Users could spend the cookies theyd been given on cookie weapons, and could thus attack each other. Once they realized they could buy things with their cookies that would deplete enemy users cookiecounts (at a cost to themselves) the #main channel became flooded with messages from cookiebot notifying users of attacks by other users using cookie weapons. The amount fo messages dwarfed legitimate chat which earned the ire of the server administrators.

Having became unpopular with the moderation and administrators, autohost bots appeared, and attempted to steal cookiebots monopoly on the !maplink command. When a user issued !maplink now, they could expect replies from 10-20 bot accounts with similar results. The feature was obsoleted when the lobby client integrated a new search function.

Now that the most popular functions where disabled or obsolete, the person hosting the bot started launching attacks in order to gain kudos with users who cause trouble on the forums. He programmed backdoors into the APIs he provided for cookiebot and told others how to launch flood attacks on cookiebot, including finding flaws to exploit cookiebot to attack innocent users maliciously. At this time the codebase for cookiebot was untidy and considered an experiment, I had focused on writing clean fast code for my newer bots and my lobby client which was in alpha stages at the time.

Having upgraded cookiebot to withstand the attacks and fixed the exploits, as well as discovering the backdoors, the host nuked my website and cookiebot. Since then I have not searched for a dedicated host to run cookiebot from 24/7.

Leave a Reply