Diablo® III

Software Engineer's ideas to get rid of bots

(Locked)

To whom it may concern,

I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.

1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)

2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list.

3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).

Seriously, there are hundreds of people who are making 2K USD+ using bots. Running it 24 hours a day, 7 days a week.

If you really care about integrity of the game, use manpower to solve the problem if you have to. This is no longer some 'virtual items', it is a real problem.
1 Draenei Warrior
0
Posts: 1,227
I guess they don't teach you the correct spelling of captcha until you become a senior senior software engineer. :p
Bah, pick on little things, sure I made some spelling errors because I was typing it up, without any proof reading.

But I just want to say bots are a real issue, and it is fightable. I don't understand such a slow turn-around in Blizzard. Having many bots, go undetected.

It came to a point where it is stupid to not be running a bot. Where is the fun in that?
badb0y, I am making some suggestions that I believe Blizzard should implement to fight bot abusers, bot makers, etc.

You are right, some things do end up messing up the game for the legit players, but blatant botting is what is making me feel uncomfortable with this use.
I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.


Do you honestly think if Blizz actually cared about dealing with bots, farmers, spammers, and cheaters that they would be having these issues? No, they would have hired a few folks from the data security industry, a few lawyers to go quash the spammers' websites, and that would be the end of the problem.

The fact that spammers can post with impunity to the message boards, to say nothing of the fact that their websites remain untouched, just shows that Blizz doesn't care about this issue. If anything, they're somewhat dependent on the spammers and farmers as it helps drive up the prices on the all-important RMAH.
Next up: Batman's ideas to get rid of bots

To be serious, fighting against bots requires a lot of resources because you essentially have a world of hackers working against you. Also do not expect your solutions to be permanent. In the end it boils down to whether said company makes the effort and whether the botting can be kept to a minimum.
I know it isn't easy. Forget easy, I will say it is almost impossible.

Hook detection is already done with warden, but they only search for known DLL hooks, and such.

CAPTCHAS are not a waste of time, if they come on after 8+ hours in a popup, I'm sure botters will have fun babysitting the computers all the time.

And you are absolutely right, it is a never ending cycle. But, even local map data / structures should be scrambled to hell, instead of keeping them in a nice organized structs, and this should change every few hours, at least daily.

Blizzard can fight this, and I know this can be implemented.
11/18/2012 10:55 PMPosted by Heenooh
Blizzard can fight this, and I know this can be implemented.


Well if anyone has the resources it should be the game that boasts 10mill sales
I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.


Do you honestly think if Blizz actually cared about dealing with bots, farmers, spammers, and cheaters that they would be having these issues? No, they would have hired a few folks from the data security industry, a few lawyers to go quash the spammers' websites, and that would be the end of the problem.

The fact that spammers can post with impunity to the message boards, to say nothing of the fact that their websites remain untouched, just shows that Blizz doesn't care about this issue. If anything, they're somewhat dependent on the spammers and farmers as it helps drive up the prices on the all-important RMAH.


I am actually beginning to think that they really don't care about dealing with bots, at least not realistically. They might put up 2 guys to work on it or something, supporting millions of active users.
Iam not an engineer or something but I know one thing ...

Everything and I mean everythng is cheatable, crackable and hackable dont matter what you do ...

Thats the same BS that companies trying with copy protections theses days, they just lose the legit customers while the others just keep copying ... The only real copy protection these days is just to make a real good online mode.

Captchas lol why ppls think this is the holy grail ? It can be automated, I know it because Iam doing it too when Iam downloading stuff from download sites where you have to type in captchas ... There are programs out for it like cryptload and others.

And about 2.) just lol, you can tell bots to do random stuff at random speed and the speeds you want it to do. D2 and bnet and something like this when you entered to fast games or changed to quick charakters you got banned. Now the funny part is bots didnt get ban but the legit players ...

Bad ideas sorry :/ ..

I think the only real thing would be if we pay Blizzard monthly like for a MMO so they can hire staff for the money just to look for ppls who bot and do nothing else but ban them the whole day.
3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).


I'm a software engineer too.. And this is also my idea. This must be a server side request

CAPTCHAS are a waste of time. At the very least, a PUNK can type in the CAPTCHA and then run the hack/bot


The solution I'm thinking is the client will prompt a small window with captcha every 4 hours (or whatever necessary, not including idle times, players might be afk inside town or barracks or whatever).. And the player must answer it within a minute (or maybe more, why? because the player might be fighting champs, answering the captcha might kill them). I don't think the botter (or the PUNK) will be awake 24/7 just to answer captchas every 4 hours.. lol
1 Draenei Warrior
0
Posts: 1,227
Do you honestly think if Blizz actually cared about dealing with bots, farmers, spammers, and cheaters that they would be having these issues? No, they would have hired a few folks from the data security industry, a few lawyers to go quash the spammers' websites, and that would be the end of the problem.

The fact that spammers can post with impunity to the message boards, to say nothing of the fact that their websites remain untouched, just shows that Blizz doesn't care about this issue. If anything, they're somewhat dependent on the spammers and farmers as it helps drive up the prices on the all-important RMAH.


Wow, it's impressive just how clueless you are about the subject matter.

We'll start with the one that's most fun to address. Taking down websites. Explain to me, smart guy, how does Blizzard do this? Explain to us all the process of taking down someone else's website. Organizations like the MPAA and the RIAA, with far more money and influence than Blizzard could ever hope to have, can't even take down websites blatantly violating their copyrights on a daily basis, despite having been trying to do exactly this for years on end, but somehow Blizzard will just push the magical shutdown button nobody else knows about?

Now moving on to the botting problem. How do you know they do not have experts working on this? Do you really think it's this black and white? Why are there security vulnerabilities in pretty much all software that exists? Why do viruses still exist? Why are constant security updates needed for pretty much any software that interacts with the Internet in some way? Do none of them hire experts? I guess not, because if they did they'd have 100% solved all security flaws in like 3 seconds, amirite?

The fact is, the best bots will come from private websites, which sell access to their hacks/bots/etc to users. For these private websites, it's not only in their best interest to keep a skilled staff that can create these programs for popular games, but also to keep these programs as undetectable as possible. As such, it's a constant arms race between the developers of the game and the creators of the bots/hacks/etc. It's an unwinnable scenario as long as enough people are willing to pay money for these hacks/bots/etc (and they are), the best you can do is contain it.
Iam not an engineer or something but I know one thing ...

Everything and I mean everythng is cheatable, crackable and hackable dont matter what you do ...

Thats the same BS that companies trying with copy protections theses days, they just lose the legit customers while the others just keep copying ... The only real copy protection these days is just to make a real good online mode.

Captchas lol why ppls think this is the holy grail ? It can be automated, I know it because Iam doing it too when Iam downloading stuff from download sites where you have to type in captchas ... There are programs out for it like cryptload and others.

And about 2.) just lol, you can tell bots to do random stuff at random speed and the speeds you want it to do. D2 and bnet and something like this when you entered to fast games or changed to quick charakters you got banned. Now the funny part is bots didnt get ban but the legit players ...

Bad ideas sorry :/ ..

I think the only real thing would be if we pay Blizzard monthly like for a MMO so they can hire staff for the money just to look for ppls who bot and do nothing else but ban them the whole day.


Well, I am willing to discuss a bit more on details, Captchas are not the holy grail, but having a captcha popping up after 8 hours of playing will be a big headache to bot writers. It is difficult to test & implement.

2. I am not talking about speed of joining games or switching characters.

I am talking more about mouse movements / keyboard presses, which are unnatural. Research on this has been done, and when you graph relative displacement of mouse positions on typical 'bots' or such, it is very clear. Or even key presses.

Bottom line, if they want to fight it, they can fight it.

I'm more about scrambling their client data structures that only server sends the key / detecting memory collision / analysis of mouse and keyboard movements / and giving bot writers harder time by implementing painful situations after extended hours of play.
they do captchas in cabal online to stop bots.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]