Diablo® III

Software Engineer's ideas to get rid of bots


Its not the end of the world. But its the end of the game for the majority of players. Why play when the next 50 guys beside you are all bots that never need to stop, or take breaks can turn in 10x the gold and items you can and hit higher paragon then you can.

Once you've beaten diablo inferno the only thing left to do really is get money to get new gear, then when your happy with your gear get money to get real money.

If you can't do those there's nothing to do
Cool software engineer story, too bad none of those ideas are good because it'll hinder the legit players more than the bots. Too bad you aren't one.

1. Impossible, you can only prevent/detect injections in the memory.

2. Scanning mouse movement? Hope you don't play with a fast mouse movement or that your computer never ever lags.

3. Let's annoy the crap out of people and also kill hardcore players
Posts: 1,066
View profile
It's a good thing OP is here because I'm sure no one has ever thought of any of these approaches before...
11/19/2012 06:14 AMPosted by JACKAL
IP ban or hardware ban? Is it possible?

Wth is hardware ban, and IP ban yes, but that would be against Blizz's favor. What you ban a whole house? A whole neighborhood? A whole internet cafe? Plus it's pretty easy to work around this. Blizz wants to ban account to account and not IP. They want you to buy more accounts, not change your IP.
We don't need any fancy ideas to stop botters and dupers, we just need Blizzard to give a crap. There were accounts with 100k elite kills within a month of the game being out, fully loaded with gold find and pickup radius gear and online 24/7. It should have been absurdly easy to see where the bots were and ban them. Some got over 400k elite kills before finally being banned, that is absolutely absurd.

You're never going to stop them completely without ruining the game. What you can do is make it unprofitable for them. Right now you have to bot 120 million gold to make back the cost of a banned account. It shouldn't be that hard to figure out what is a bot before it makes 120 million gold. Once it's no longer profitable, BAM, bots are gone.
Edited by Zoid#1297 on 11/19/2012 6:47 AM PST
"1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)"
Now tell us how is this bot initially different than a player, especially if they are not simply repeating the same thing every few minutes. We have watched warden for years now and if you don't trample the memory it monitors your bot is simply another player. I'm pretty sure that the older bots used a given part of memory to load, not sure the new ones do.

Where do you come from, pretending to know what you are talking about?

Does a player send calls to kernel32.dll? Memory read detection can be done by using hooks to kernel32.dll. Unless the bot is strictly screen scrapping (difficult to write and slow even if done successfully).

"2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list."
Pretty sure that Blizzard uses this to catch the macro users. The bots take this into consideration btw.

No, they don't. Behavior analysis can be done better, and start recording relative displacement of mouse inputs / etc. Yes, I agree bots will take this in to consideration over time, but the whole idea is to give them rough time doing it.

Keyboard and mouse behavior detection can be questionable, but by no means, they let some obvious behaviors (such as 24/7) get away. And the behavior detection might not prevent all bots, but will force them to behave similar to a human player.

"3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health)."
This has been beat to death and guess what it did not take a software engineer to first suggest it. There are people that actually play 12 hours or better on a regular basis. I have done it in the past. That said at best it would simply mean a person monitering the bots would have to do a restart.

Captcha is simple to implement, but complicated headaches for bot writers. The idea is to make it difficult for bots to play 8+ hour sessions (or how about over 60 hours a week, etc.)

11/18/2012 11:45 PMPosted by DeadRu
I don't care what you say your title is you have the logic of a ten year old. Everything you mention has been seen and tested by the bot makers, except the "captsha". Actually if I were Blizzard I'd find this post insulting.

Talk is cheap, ideas are a dime a dozen, and the reason I have my title is because I am able to implement the ideas and make it work. I hope Blizzard does find this post as something helpful, atleast have them acknowledge that they have a serious issue that needs to be addressed quickly. If there is no universal way to fight bots, they should fight it the hard way, and bottom line is to fight bots.
Blizzard don't give a fvck!
11/18/2012 11:00 PMPosted by CRUShER
Everything and I mean everythng is cheatable, crackable and hackable dont matter what you do ...

Except eatting and sleeping, to name a few.
blizzard needs to just hire this guy!!!! <3
*%^# BOTTERS!!!!!
if they ever manage to remove botter then people will hammer "chinese farmers" ... and so on...

the problem is people can not enjoy the game because it is a big lottery and unless you are lucky to drop a billion item the only other solution is to bot the !@#$ out of the game.... this game doesn't reward the time you spent, it does reward your luck....

I have to admit Parangon and Infernal machine are nice addition and rewarding addition, it reward the time you spend in the game.... just sad having a good infernal ring relly solely on cheer luck.....

You have no idea what you're talking about. The term "hacker" here is totally generic meaning someone who circumvents a system (a.k.a botting). You would know that if you were in the industry or knew anything about the topc. I, in no way, meant actually hacking Blizzard's databases or anything else...

My point is that captcha has been beaten and will become cheaper and cheaper to beat as the algorithms continue to evolve.

You can filter the unsophisticated botters now by doing simple algorithm checking at play time (captcha, keystroke repetition, etc). The more sophisticated botters will have to be caught by offline batch processes that analyze data on a periodic basis and flag certain attributes which are suspicious.

This is the same way Google and Bing search engines determine fraudulent clickers (web crawling bots) which attempt to make money by clicking on Internet Ads.

Before you criticize someone know wtf you're talking about.
Bots and scripts are now starting to get rid of themselves by themself. Gold price at EU RMAH is down to 0.25E/mil and keeps steadily diving.

3 months from now and the economy will be ruined for real this time. They have milked this cow to the last drip by then :D It's not a joke anymore. This has been going on for too long now, really.

I don't think it's too much of a concern for blizzard though.

This is all very interesting, but the only way to stop Bots would be to 'Glass' the Game.

Make it so you had to go through a remote session window to play the game, and you stop botters. But the technology isn't there yet for 3d rendering and Graphics.

The issue is the code is out there, we all have access to the client in which turns into the patches and what not. That coupled with the code = never ending battle for Blizzard.
the only way to combat it would be to take away the client code, make a secure session between the client and servers and make it so we do not have access to the client's installation anymore. Hense the 'Pane of glass' Comment.

Other then there, there is NOTHING that can be done to stop botters. other then identifying them and banning them as its being done now.
It's not like it would be hard for Blizz to get a hold of the software most botters are using. Most of the public bots, hacks, and exploits are posted on a certain website that has been around for many years and was also the #1 site for D2 botting information. It takes like one google search to find, so Blizz must be aware of its existence.
To whom it may concern,

I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.

1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)

2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list.

3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).

Seriously, there are hundreds of people who are making 2K USD+ using bots. Running it 24 hours a day, 7 days a week.

If you really care about integrity of the game, use manpower to solve the problem if you have to. This is no longer some 'virtual items', it is a real problem.

How about fixing game balance and improving other areas instead of worrying about bots.
Dear Mr. Senior Software Engineer.

I too am a Senior Software Engineer, and while my company may not be fortune 50 (more like 300) I would say that you do not really understand the challenge.

The only way they could stop bots is to monitor all system processes and even that can be fooled. Every time they put in something to stop bots the bot makers make a better bot. Even putting 2 devs full time on it costs around a quarter mill a year at a very least. And then they will just make better bots. There are countless way to fool bot detection programs and once you have the code to see what it checks for you can work around that.

This is not some simple fix problem. Not saying it is not a problem, it is but not one with an easy fix.
A Captcha is a worthless idea for stopping bots in gaming. If a botter has 50 accounts, they are probably using some sort of server farm or multiboxing system. If you're asking for a captcha every 8 hours, all it takes is one person every 8 hours entering 50 captchas. Then they have another 8 hours that they can both without issue.
Edited by IAmTheWinnar#1659 on 11/19/2012 9:19 AM PST
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Explain (256 characters max)