BonziWORLD - siobhan-saoirse/bw-wiki GitHub Wiki

Not to be confused with BonziWORLD (2022)

BonziWORLD was a Node.js Socket.io chat client created by heyjoeway, It was originally designed to be a interactive BonziBUDDY HTML5 port, but was eventually changed to a chat client during development. Since July 2019, It was shut down due to conflicts of interest and the inability to control the users. The source code for the website was released on GitHub in July 2017.

Features

BonziWORLD was a humorous website based off of Vinesauce memes and other memes that were created at the time of it's creation. (2016) You were able to speak as a BonziBUDDY with text to speech, It utilized the text-to-speech engine ESpeak ported to Javascript. You were also able to choose any color listed on the README page, change your name, voice speed and pitch, and more.

List of all available commands

  • /name [name] - Change your name.
    • There is a 25 character limit on names.
  • /speed [speed] - Change your voice's speed.
    • Max value is 275, min value is 125.
  • /pitch [pitch] - Change your voice's pitch.
    • Max value is 125, min value is 15.
  • /color [color] - Change your BonziBUDDY's color! The ones available are:
    • red
    • brown
    • green
    • blue
    • purple
    • black
    • pink
    • If you don't type a color, you will be given one at random.
  • /joke - Tell a horribly written joke.
  • /fact - Tell a horribly written "fact".
  • /backflip - Do a backflip.
    • Do '/backflip swag' for extra swag.
  • /youtube [video ID] - Play a YouTube video.
    • Alternatively, you can simply paste the URL in chat and it will automatically play it.
  • /asshole [name] - Call someone an asshole.
    • Don't ask why I implemented this. There's no answer.
    • You can also right click on people to do the same thing.
    • If you ever see a person named "fuG", make sure to call them an asshole.
  • /owo [name] - owo, wat dis?
    • kill me
    • Works pretty much the same as /asshole, right click and all.
  • /triggered - The best copypasta.
  • /linux - I'd just like to interject for a moment.
  • /pawn - Hi, my name is BonziBUDDY, and this is my website.
  • /bees - According to all known laws of aviation, there is no way a bee should be able to fly.
  • /vaporwave - AESTHETIC
  • /unvaporwave - AESTHETIC IS KILL

Hidden commands and features

There are a few commands that are not documented on the README page.

  • /godmode [password] - Attempt to gain access to admin privileges. It requires a room based password that a server would have to define. If there was no godmode password defined, any user would gain access to admin privileges and is a high-level security risk.
  • /pope - Change your color to the infamous BonziPOPE. It requires you to have admin privileges before it can be used.

Potential security risks and other issues

As you would expect with hosting a chatting client, there are many security issues in both the server and the client.

  • A high-risk remote code execution exploit in the /youtube command can be run and is not patched in the original version.
  • The original source code for the server is running many outdated dependencies, because of this, attackers can run malicious code using HTML entities.
  • Commands have no text limit. An attacker can DDoS the server using the /asshole command with a extremely long amount of text.
  • The server and client have a memory leak issue. This was never fixed. Even if you prevent speak.js from logging in the developer console, It still generally has bad performance.

Shutdown

In Summer 2019, bonziworld.com was officially shut down with no warning. The GitHub page was archived since it's no longer being maintained and used by the creator. It was unarchived in 2020 as a request by Siobhan to document security issues, but was eventually archived again due to heyjoeway no longer wanting to get involved with the website and it's fans. The shutdown would lead to some backlash, but due to the unexpected efforts of Siobhan finding a brand new server that uses this software, they would all migrate to bonzi.dega.io.

Aftermath

BonziWORLD is nowadays maintained by a European neo-fascist cybercriminal group managed by a group of professional trolls that produces misinformation about small internet celebrities. They are known to DDoS websites, create lies and misinformation, troll everyone they see and many others. This would lead to the shutdown of BonziWORLD Revived due to social engineering and many other fanmade servers due to cyberattacks on the servers.