DeviantART update December 2010

From Botdom Wiki
Jump to navigation Jump to search
The correct title of this article is deviantART update December 2010. The initial letter is capitalized due to technical limitations.

Somewhere around the week starting 29th November 2010, deviantART appeared to make some server-side changes which affects the authtoken-resolving mechanism in most PHP dAmn bots. The login system now seems to be far more strict, and does not accept requests with even slightly malformed HTTP headers. Note, most PHP bots neglected to use a full Carriage Return Line Feed ("\r\n") for line breaks, and only used a single Line Feed ("\n"). This goes against the RFC for HTTP headers. It also seems as though the "ref" value mentioned in the login update, October 2008 is not required. Bot developers are currently unsure about the necessity of the value.

Side effects

PHP bots which were popular at the time were unable to resolve authtokens. This meant that bots which did not already have the proper authtoken stored, could not connect to dAmn. Older PHP bots need to be tested to see if they are unable to resolve authtokens. Bots written in other languages should also be double-checked, where the authtoken-resolving mechanisms use low-level socket interfaces.


  • Make sure that a full Carriage Return Line Feed is used, rather than simply using a Line Feed character alone. ("\r\n" instead of just "\n").
  • Use a higher level abstraction than sockets to resolve authtokens.
    • This is somewhat problematic in PHP.
    • dAmn Viper already does this (Python). As do some libraries written in other languages.

Fixed bots

Bots that do not appear in this list are either still broken or were not broken in the first place.