Diablo® III

Software Engineer's ideas to get rid of bots

(Locked)

how do I report botter joined my game dog#6463. it was a level 80 monk. all it kept doing is it was following me, doesn't respond when I talk to him and keeps towning if I'm not moving then ports back onto me a second later.
I would like to see him get banned. anything I can do?
Bro... Blizzard can't be THAT retarded - I'm 100% sure they know how to get rid of bots - every 16yo kid would know.

I'd hire 10 people to buy gold from 3rd party sites, etc and perma-ban the sellers as an add :)

But... Botters give $$$ to Blizz and they raise their sellings, sry :)
Only 1 thing can stop bot, RANDOM MAP GENERATOR
I'm not a regular forum user but i also wish to say few words to blizzard about this topic.

If you dont deal with bots (and you clearly can) you will loose players.

It would be a shame cuz i really like d3. but lately AH is inflated n there is no satisfation puttin somethin on auction anymore. As result i didnt play much last week.

Please dont ruin your own game by not putting a solution to bots.
Edited by Battlew#1886 on 11/20/2012 11:00 AM PST
To whom it may concern,

I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.

1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)

2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list.

3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).

Seriously, there are hundreds of people who are making 2K USD+ using bots. Running it 24 hours a day, 7 days a week.

If you really care about integrity of the game, use manpower to solve the problem if you have to. This is no longer some 'virtual items', it is a real problem.


You're failing to address the companies primary concern: How to make more money.

Please remember that those people making 2k USD+ are putting a serious % of that back in Bli$$ards pockets. As soon as you can come up with a plan to remove the bots and increase revenue despite losing bot revenue... I'm sure they'll listen.

In the meantime, the rest of us can realize that the new Bli$$ard is the old Blizzard in name only. They no longer deserve your respect much less your money.
To whom it may concern,

I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.

1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)

2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list.

3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).

Seriously, there are hundreds of people who are making 2K USD+ using bots. Running it 24 hours a day, 7 days a week.

If you really care about integrity of the game, use manpower to solve the problem if you have to. This is no longer some 'virtual items', it is a real problem.


1. can be bypassed easily, there packet bot out there also, it not easy to analyze something on client and return a value when the communication channel is filtered by the bot.

2. You will ban auto-it feature which people use while playing legit, blizzard doesn't want to ban those player but they did say, user can use it at their own risk. Again if something is detected, the client need to report it to blizzard and bot control the communication TCP channel of every message in and out and they can just stop a packet from leaving or terminate the communication as blizzard on the other side will never know why, could be just internet drop.

3. Captcha have been over-used in the past 5 years. All bot maker already have script to bypass the best of the best captcha out there. If you ever owned a vbulletin forum, you would know that no matter what captcha you apply during the login, spam bot manage to go around it and spam your forum.
I am a massive gamer, I have played lots of game with captcha and all the good bot does bypass the captcha and answer it correctly, while legit players get annoyed by the captcha.
While your method wouldn't annoy the legit player, it still proven to not be efficient.

Captcha does help against some bot, but there always a few that knows how and where to get anticaptcha script that are really efficient, there lots of open source code to bypass captcha.

Best to just take a public bot that make to much noise and detect that specific bot at the spot where it alter the memory and do a massive ban here and there.
Good money income while people bot and a way to terminate public bot at anytime they want.
Edited by Arden#1669 on 11/20/2012 12:31 PM PST
How about just drop the maximum gold available to 1 billion gold then there is no reason to bot cause if you play for more then a week you capped out.. either that or completly random maps but even those can be botted if the program is carefully written
Edited by Waah#1576 on 11/20/2012 1:17 PM PST
The only way to beat the extreme 24/7 bots would be to add a limit on gold gained within a window of time. If you go over the limit, your account will either be flagged for review or automatically disabled.
1 Human Mage
0
Posts: 66
1. Possible but will slow down the game and good hackers/bots will just remove it from the game client. Similar to how they avoid warden now.

2. Won't work. Will only make the bots do things slightly slower. In the end you can just have a bot replay user input if needed.

3. Won't work. Bots will just relog every 4 hours to avoid it. If needed they will use multiple accounts.

Think you need to learn a bit more about botting before coming up with solutions that have already failed for other games.
1. Are u for real? Check how RAM works and memory reading. then come back.
2.U can just use PostMessage,SendMessage to fake the input, bad idea.
3. Captcha check is not player friendly + besides there is API for captcha.
I Guess you are as good a software engineer as athene who said: increase the INTEGRER size to 1 trillion GOLD. OKAY!
Thanks for all the attention to just a few simple ideas. FYI, the three ideas I proposed is not an ultimate solution to all bots, but what Blizzard should do to discourage / make it less economical for majority of botters without having impact on legit players.

Not only that, there are many many more anti-bot ideas without invading legit players. Some people who has responded to this post has many great ideas, and I would not mind some of them implemented to discourage out-right abuse of bots.

I also notice lot of responders are saying why certain method will not work, so I will take a bit to explain why it could work.

11/20/2012 12:30 PMPosted by Arden
1. can be bypassed easily, there packet bot out there also, it not easy to analyze something on client and return a value when the communication channel is filtered by the bot.


Although it is impossible to prevent access to memory block managed by d3, it is not impossible detecting if a 'bot' is accessing this memory block. No legit program should be reading memory managed by d3 'for example, map data, location of monsters ...etc' and if they do, the account should be flagged. Packets are much much harder to be useful to bot makers, since they are encrypted.

11/20/2012 01:38 PMPosted by Almiel
1. Possible but will slow down the game and good hackers/bots will just remove it from the game client. Similar to how they avoid warden now.


Any modifications to client is already caught by warden. md5sum checks do wonderful things already. The checks doesn't have to be always running feature, it can be periodic checks - perhaps once every few hours.

11/20/2012 12:30 PMPosted by Arden
2. You will ban auto-it feature which people use while playing legit, blizzard doesn't want to ban those player but they did say, user can use it at their own risk. Again if something is detected, the client need to report it to blizzard and bot control the communication TCP channel of every message in and out and they can just stop a packet from leaving or terminate the communication as blizzard on the other side will never know why, could be just internet drop.


Again, modifying packets that is encrypted is unlikely, almost impossible. The mouse/keyboard logging can also be done on the server, and few additional things that should be logged and analyized that is behavior like. If an account is playing 24/7 for example, or plays act3 core of arrest only 100 times in a row, over and over again, those should be automatically analyized, and flagged.

11/20/2012 01:38 PMPosted by Almiel
2. Won't work. Will only make the bots do things slightly slower. In the end you can just have a bot replay user input if needed.


Could be done, but it will be very difficult to make a bot that is purely abusive.

3. Captcha have been over-used in the past 5 years. All bot maker already have script to bypass the best of the best captcha out there. If you ever owned a vbulletin forum, you would know that no matter what captcha you apply during the login, spam bot manage to go around it and spam your forum.
I am a massive gamer, I have played lots of game with captcha and all the good bot does bypass the captcha and answer it correctly, while legit players get annoyed by the captcha.
While your method wouldn't annoy the legit player, it still proven to not be efficient.


To many people's surprise, there is more than 1 type of captcha. It's not only those funny looking letters you have to type in, but any implementation that can tell difference between human and a machine. A simple example is have 3 pictures, one being a cat, others being a snake and a dog, and asking the user to select the cat. Without having a database of all possible images already, implementing a captcha such as this to be automatic is near impossible.

11/20/2012 01:38 PMPosted by Almiel
3. Won't work. Bots will just relog every 4 hours to avoid it. If needed they will use multiple accounts.


What I meant is in a 24 hour session, if logged time is greater then 8 hours, they will be asked to perform a captcha check. Logging out and logging in won't do any good, and the bot operator would have to babysit the bot on an hourly basis.

11/20/2012 01:38 PMPosted by Almiel
Think you need to learn a bit more about botting before coming up with solutions that have already failed for other games.


Please, let's not assume what I know or do not know. I already stated that ideas are a dime a dozen, and implementation and execution is the hard part. I am hoping that decision makers in Blizzard will be committed to fight bots and dedicate resources to protect D3 economy and legit user base.
Try this:

The D3 captcha should be D3 themed. So instead of typing letters, it should be based on a jumble of gear, and a character in various poses. The player should have to drag 4 different pieces of gear in jumbled up pile to their correct places. The correct places would be easy to code, and stuff will snap in when it is close. Jumbling the pieces together will make it hard for the AI/bots to ID the pieces (gloves, pants, chests, helms weapons, etc., all with existing artwork all in place), and the various poses (kicking, jumping, throwing, in any number of degrees that the character will do in its usual animations) will also make it computationally difficult for the BOTs to identify the locations.

The captcha should pop up every random number of portals (between 5 and 20) town portals. Bliz will probably have to test to determine the best RNG parameter to use. And answering a captcha correcrtly should earn the player an extra drop chance, similar to breaking a vase. Answering it wrong for 3 tries should get the player to lose their NV stack. Answering it wrong 2 additional times, should get the player disconnected.
Something like this.
Posts: 80
3. Captcha have been over-used in the past 5 years. All bot maker already have script to bypass the best of the best captcha out there. If you ever owned a vbulletin forum, you would know that no matter what captcha you apply during the login, spam bot manage to go around it and spam your forum.
I am a massive gamer, I have played lots of game with captcha and all the good bot does bypass the captcha and answer it correctly, while legit players get annoyed by the captcha.
While your method wouldn't annoy the legit player, it still proven to not be efficient.

To many people's surprise, there is more than 1 type of captcha. It's not only those funny looking letters you have to type in, but any implementation that can tell difference between human and a machine. A simple example is have 3 pictures, one being a cat, others being a snake and a dog, and asking the user to select the cat. Without having a database of all possible images already, implementing a captcha such as this to be automatic is near impossible.


While we're concentrating on the different form of captcha and how to beat it etc, your suggestion forgot that there is a simple strategy calls "bypassing" the condition. Going back to your original post, you said after 8 hours, show a captcha every 1 hour. This can easily bypassed by coding to bot to log out after say 7 hours, and log back in again.

Otherwise, having random interval will annoys legit players as hell, like mentioned in the inner quote (top paragraph).
Edited by ekcolysp#6376 on 11/20/2012 2:33 PM PST
Banning Botters? They'll just buy more copies (Blizzard wins)
Adding Captchas? Slows them down, they buy more copies to compensate (Blizzard wins)
Ban their IP's? They get new IP's

Take their reason to bot away and what do they have? Nothing, finished, botting is done.
Edited by Deadlysynz#1583 on 11/20/2012 3:30 PM PST
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]