Diablo® III

Software Engineer's ideas to get rid of bots

(Locked)

11/18/2012 11:08 PMPosted by Sylak
As sad as it is, cheating PUNKS always have the upper hand because they have the game code and Blizz does not have the individual cheat code until it is given to them.


Cheating punks will always have game code, but client side only.

The way botters do their work all follows a pattern.

1. Look at pixels. React based on pixels. (Crappy auto-it scripts).
2. Look at d3 memory location to get data, get directX hooks for objects, or sniff packets to see what is being sent, and react based on render.

Fix #2. Scramble data, do daily updates, have server send keys, etc.

My ideas is valid, and it is implementable, and quality of the game will improve.
path of exile has a good idea they have no gold in game they just trade items.. this ring is worth 3 orbs of mutation..type of thing wonderful economym no bots...when u have pay to win u will have bots
.
Edited by jxfuller#1507 on 11/18/2012 11:19 PM PST
Another Senior Software Engineer who has worked at 2 Fortune 50 companies and another Fortune 500.

OP's suggestions are valid and they will deter bots until a hacker Senior Software Engineer engineers a bot that beats their system.

The best way to kill bots is a period Map Reduce job with a smart machine learning component. Identify the likely bots by hours played, money made, keystroke patterns, and anything else pertinent.

EVERY OTHER TOP COMPANY DOES THIS BLIZZARD!! How do you think Google/Microsoft/Amazon/OtherNonTardCompanies detect fraud?? MACHINE LEARNING! Use it you fools. Hire a Hadoop expert and a Machine Learning expert and bask in the win that is modern technology.

The only reason you wouldn't do this is that someone high up *cough* dbag CEO knows that you'll make more RMAH money with more drops even if the drops come from bots. What your ill-informed CEO doesn't realize is that he's killing your product and he can't make money without any customers.
11/18/2012 11:04 PMPosted by Artair
3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).


I'm a software engineer too.. And this is also my idea. This must be a server side request

CAPTCHAS are a waste of time. At the very least, a PUNK can type in the CAPTCHA and then run the hack/bot


The solution I'm thinking is the client will prompt a small window with captcha every 4 hours (or whatever necessary, not including idle times, players might be afk inside town or barracks or whatever).. And the player must answer it within a minute (or maybe more, why? because the player might be fighting champs, answering the captcha might kill them). I don't think the botter (or the PUNK) will be awake 24/7 just to answer captchas every 4 hours.. lol


Agree.
You guys do realize that bots makes Blizzard probably most of their money right? Which is why they will never enter anything like captcha's into the game to get rid of them.

1.) Botters buy multiple game boxes and farm nonstop. ($$$)

2.) Most of them (normal people) then use the RMAH to make money off the bots, which also makes Blizz more money.

3.) Blizzard catches them and bans them, but the botter has just made way more on the bot than they spent on the game in the first place.

4.) The botter then replaces the banned accounts with newly bought boxes/cd keys.

5.) Rinse and repeat, Blizzard loves bots.

Don't get me wrong, I totally hate that botters make me farm endlessly to afford any gear. But I'm just saying, there's a reason why there hasn't been any new idea to get rid of bots.
11/18/2012 11:24 PMPosted by Sylak


Cheating punks will always have game code, but client side only.

The way botters do their work all follows a pattern.

1. Look at pixels. React based on pixels. (Crappy auto-it scripts).
2. Look at d3 memory location to get data, get directX hooks for objects, or sniff packets to see what is being sent, and react based on render.

Fix #2. Scramble data, do daily updates, have server send keys, etc.

My ideas is valid, and it is implementable, and quality of the game will improve.


I'm not gonna argue anymore. :)

I've been around the PUNKS for many years. Blizzard has been making games for many years. Warden has been around for a long time. PunkBuster has been a round for a long time.

You know more then all of them. You should do just fine.

_______________________________________
Stick and move
Boogie fever!


Fighting bots is one of the hardest thing to do, I couldn't agree more.

But some few simple implementations can cause major headaches to bot writers, and that is one way to combat the problem.

Blizzard should acknowledge the issue. Let farmers farm, but don't let bot win the game.

Blizzard has done many things that made bot writing harder than ever before, with server side code, never trust client model, etc...

But bot writers are evolving. Blizzard should evolve too and continue the fight, dedicate some resources to not allow this kind of behavior to continue.
Why would they care about the integrity of the game when the bots make them a ton of money? It doesn't matter what system they have in place, there will always be someone smarter out there to circumvent whatever security measure they put in.

If they are serious about getting rid of botting, they need to take the very reason to bot away.
If botters can't sell their gold.. are they going to bot? Probably not. Bind gold to the account.

Do people still bot for items? Perhaps, but the drops are so terrible, it probably isn't anything to worry about.
1) Make a super rare "riddle" npc who appears in town next to the portals. He never appears at the beginning of the game, but randomly appears there while playing.

He is obvious, unique garb, and shouts something like "Pick the correct answer, to claim your prize" with a little caption about his head. He asks stupid insultingly easy riddles, randomly from a list that changes week to week. You get four answer choices, and if you pick correctly, you get a million gold, perhaps less for low levels.

The riddler is phased, and appears only to one individual at a time...never to everyone in a group. When teleporting back to town, you will see him, and trigger a 2 minute timer to interact with him and answer the riddle. (the timer targets afk botting).

Players who trigger the timer but fail to interact (especially consecutive failures) are flagged for immediate review. Players with a track record of answering the question are then prioritized for review in order of their inability to answer the riddles.

To make it fun for players who have good track records, he'll occasionally ask tougher questions about D3 lore, with bigger prizes than the million gold. E.g. maybe a few legendaries that only the riddler can drop, which will strongly encourage players to take answering the riddler seriously.
1 Draenei Warrior
0
Posts: 1,251
I don't understand how people keep thinking captcha is somehow the end all solution.

Problem 1: Captcha needs to occur often enough to really deter botters (for example, every 8 hours is no deterrent at all), yet not often enough to annoy customers. This is hard to balance. Something like every game would hurt botters, but would also annoy customers to no end. If you make it so the game tries to detect botters in some way and only captcha's those, botters will simply attempt to find ways around being flagged for captcha.

Problem 2: Users need to be allowed to fail the captcha without penalty. Pretty simple, you can't lock people out or the likes for failing a captcha, doing so would floor your CS department with complaints, so you can't really hurt the bots either. Worst case the bot doesn't work for a while until a human enters the captcha. Best case, if they try to make the captcha fit into the game like the pick the class that fits example mentioned above, there's a good chance it'll be an easily guessable answer and the bot will just keep guessing (pick the class is a 1/5 guess) until it gets it right, rendering it pointless.

The reality is, the captcha needs to be rare to non-existent for real players, or they'll get annoyed by it. Yet if they do this, bot writers will simply learn what steps are needed to avoid being flagged. Any captcha system that is suggested that would also annoy a a large chunk of actual players is right out the window, whatever "value" they might gain from slowing down botters is simply lost again to annoyed customers.

People focus only on the aspect of stopping botting while completely ignoring all the consequences of their choices. Even if you personally feel the annoyance of captcha is worth it to fight bots, it all comes down to Blizzard's bottom line. If they stand to lose more by annoying their player base with captcha than they could gain by hurting botters with it, then they will not implement it, because it simply makes no sense to do so.
Well here's an idea:

1. Randomly spawn invisible legendary items and gold in the game
2. The bot will be stuck trying to pickup the invisible gold and items
3. A normal player will never be able to see the invisible spawned fake items
4. Mass wave ban

Even with pickup radius you will never be able to pickup the invisible fake gold. So the bots will run around in circles until they pick it up.

Or you can do like some MMO's and have a GM join a suspected botter's game. Then spawn Uber Diablo and if the bot attempts to continually fight the undefeatable NPC then you know they're a bot.
Well here's an idea:

1. Randomly spawn invisible legendary items and gold in the game
2. The bot will be stuck trying to pickup the invisible gold and items
3. A normal player will never be able to see the invisible spawned fake items
4. Mass wave ban


Botters would just add code, after some got caught, to check if the item or enemy was suspect (e.g. transparent color, item stuck = true, enemy = uber diablo or does not die, etc.) Then we'll be back at square one, after one ban wave.

Whatever bot check is implemented needs to vary in some way that is virtually impossible to code all the scenerios the botter will encounter. That's why captchas keep getting suggested.

My riddler suggestion is kind of like a captcha, as it requires the botter to pick an answer to a simple question -- but the questions can be from a random pool and the list can easily change from week to week. Suspect players (based on heuristics) can even be directed "fresh" questions, that few if any other players have yet been asked.
Well here's an idea:

1. Randomly spawn invisible legendary items and gold in the game
2. The bot will be stuck trying to pickup the invisible gold and items
3. A normal player will never be able to see the invisible spawned fake items
4. Mass wave ban

Even with pickup radius you will never be able to pickup the invisible fake gold. So the bots will run around in circles until they pick it up.

Or you can do like some MMO's and have a GM join a suspected botter's game. Then spawn Uber Diablo and if the bot attempts to continually fight the undefeatable NPC then you know they're a bot.


don't know if implementing GMs will be an efficient idea since there will be thousands of separate games running at once at multiple servers... the past MMO's that i've played have specific servers... like maybe 10 servers in total... each server has got it's own GM and will be monitoring for any types of cheats/hacks/bugabuse which is all happening at the same time in 1 server... but D3 in this case... is not a full MMO

Well, if Blizz really wants to prevent botters, they just need to put up more resources and $$$ and i believe its against their policy >.<
11/18/2012 10:42 PMPosted by badb0y
Op is retard, this problem has existed since the beginning of online gaming. You think they haven't considered your suggestions? The fact of the matter is if your bot detection system ends up messing up the game for legit players they will not implement it.


I believe he has manner better than you who called people a retard so freely. That alone, I side with him.

Get some manner.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]