Diablo® III

Software Engineer's ideas to get rid of bots

(Locked)

capchas belong nowhere on the internet. They are a lazy system designed by lazy programmers.
To whom it may concern,

I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.

1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)

2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list.

3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).

Seriously, there are hundreds of people who are making 2K USD+ using bots. Running it 24 hours a day, 7 days a week.

If you really care about integrity of the game, use manpower to


These idea's won't do a thing to bots. It's a cat and mouse game. About your idea's:

1) Bots use pixel reading, your collision detection won't do much against those.

2) If you want to analyze keystrokes/mousemovements etc of every player, you know how much data this is? It's not possible to manage. They have to buy 5000 new servers just for this. And the cheaters can fix this easily by making human like behaviour movements.

3) Captcha's is not a successfull method of stopping bots. there are alot of automated (human entry) ways to solve captcha codes automatically by scripts.


1. Let them pixel read. Creating an efficient bot based on pixel reading is near impossible. The best they can do is some stupid auto-it scripts that can barely do a small area that rarely changes. Prevent reading from memory is top priority.

2. It's a lot of data, but they can start in a small samples. Only log data for players who play 20+ hours a day. Tackle down the biggest offenders, and continue to narrow it down. About bot writers adapting, let them adapt. But make it difficult for them, to a point where they are losing money.

3. You are right, captcha's aren't the best solution, I hate them too. But my point is that blizzard has good reason to suspect a player who plays exceedingly more than others. And if they do, treat them differently. Make sure they are not a bot.

Maybe my ideas aren't the brightest, but giving up the fight against bots is the worst thing that can be done to a gaming community.

I say, when botter is detected, freeze their battle.net account balance, log hardware ID / IP addresses, actively search for repeat offenders.

Also, if there is 8 accounts coming from 1 IP address, flag that too. Oh my god, the easy ideas are endless.
Posts: 1,244
I think captchas are good ideas - but NOT periodically - you need to randomize it to pop up "once" (some time) every X hours (4-8 hours) of playtime.

Then it will become more of a headache for those running 100+ clients.
Edited by MysticaL#1298 on 11/19/2012 12:01 PM PST

1. Protect your game data with collision detection.


LOL.

I got this far then stopped dead.

"collision detection"

You just made that up, right?
Posts: 1,883
View profile
They(Blizz) won't probably care. Since bot bring in some more gold/item into the game = more transaction in the RMAH, though its bad for the economy. Then again, we don't really need(gamers) an economy within a game. I just don't know what the !@#$ is going on inside Blizzard meetings.
Edited by LethalSeraph#1714 on 11/19/2012 12:08 PM PST

1. Protect your game data with collision detection.


LOL.

I got this far then stopped dead.

"collision detection"

You just made that up, right?


You might be confusing graphical collision detection (like your character running into a wall) with information collision detection. The collision detection he is referring to is when data is being written and read at the same time, which is what would eventually happen if you had a bot monitoring and reacting to data changes in memory.

1. Protect your game data with collision detection.


LOL.

I got this far then stopped dead.

"collision detection"

You just made that up, right?


LOL, no offense to OP but do you even have the slightest idea on how the dev team (those who have planned, analyzed, designed and implemented this game) would react to what you're trying to say when the CMs actually relay this thread? Unless you can show them some of your open sourced works or have created something that the programming community is widely using, I think they'll just dismiss you as a troll.

You see there's this line between shipping a game (regardless) and claiming to be a fortune n softeng. I'm actually curious on your employer, perhaps sharing the name isn't breaching NDA?
Edited by arscariosus#6419 on 11/19/2012 12:15 PM PST

1. Protect your game data with collision detection.


LOL.

I got this far then stopped dead.

"collision detection"

You just made that up, right?


http://www.google.com/patents/US7962698

You can call it whatever you want, but if you got the general idea what this means, that's all that matters.


These idea's won't do a thing to bots. It's a cat and mouse game. About your idea's:

1) Bots use pixel reading, your collision detection won't do much against those.

2) If you want to analyze keystrokes/mousemovements etc of every player, you know how much data this is? It's not possible to manage. They have to buy 5000 new servers just for this. And the cheaters can fix this easily by making human like behaviour movements.

3) Captcha's is not a successfull method of stopping bots. there are alot of automated (human entry) ways to solve captcha codes automatically by scripts.


1. Let them pixel read. Creating an efficient bot based on pixel reading is near impossible. The best they can do is some stupid auto-it scripts that can barely do a small area that rarely changes. Prevent reading from memory is top priority.

2. It's a lot of data, but they can start in a small samples. Only log data for players who play 20+ hours a day. Tackle down the biggest offenders, and continue to narrow it down. About bot writers adapting, let them adapt. But make it difficult for them, to a point where they are losing money.

3. You are right, captcha's aren't the best solution, I hate them too. But my point is that blizzard has good reason to suspect a player who plays exceedingly more than others. And if they do, treat them differently. Make sure they are not a bot.

Maybe my ideas aren't the brightest, but giving up the fight against bots is the worst thing that can be done to a gaming community.

I say, when botter is detected, freeze their battle.net account balance, log hardware ID / IP addresses, actively search for repeat offenders.

Also, if there is 8 accounts coming from 1 IP address, flag that too. Oh my god, the easy ideas are endless.


It's good that you are providing some idea's, but seriously. Blizzard can invest 10 million in stuff to stopt bots, but after that, there will still be bots.

If it will become littlebit harder, you will just scare away some noob botters. But the professionals will always adapt if there is alot of money to make while botting. And if alot of noob botters can't bot, it will be even MORE lucrative for professionals to make some good bot/sell the bot or use it themselves.

log/ban based hardware ID / IP addresses is a joke also. You can buy VPN/proxy, create fake hardware ID's by just using virtual machines etc etc, use dynamic IP, blablbala. It also raises the problem of false positives. (people use d3 in public places?)

And there is a thing called "false positives" also. If blizzard make their bot detection algoritm very strickt. There is a high chance that legit player will et flagged/banned also. You have to be aware of this. Thats why blizzard can never autoban very aggresively based on amount of hours played/elite kills/how many times a button is pressed etc etc. I think alot of times they have to manually check the accounts they ban. ALot of manpower is needed.

Also, for alot of hackers and programmers, its a challenge to create a moneymaking bot. They do it for fun. If blizzard makes it really hard, it means more fun for them to make a working bot.
Edited by NosSie#2453 on 11/19/2012 12:24 PM PST
You do know that conventional DRAM in a desktop machine isn't multiport memory, right?
Edited by nyet#1878 on 11/19/2012 12:20 PM PST
Posts: 86
The problem here isn't that they can't do anything to stop them, sure, they can stop the CURRENT system... but once they do that, someone will develop a work around, and the cycle will continue. I knew a few of these 'hackers' a couple years ago, and a lot of them don't do it because they want money or free games or w/e. They mostly do it for the challenge, so Blizzard investing more money into blocking them would be basically issuing a challenge to all the hackers out there
11/19/2012 12:22 PMPosted by Spacepickle
The problem here isn't that they can't do anything to stop them, sure, they can stop the CURRENT system... but once they do that, someone will develop a work around, and the cycle will continue. I knew a few of these 'hackers' a couple years ago, and a lot of them don't do it because they want money or free games or w/e. They mostly do it for the challenge, so Blizzard investing more money into blocking them would be basically issuing a challenge to all the hackers out there


True, next question is why don't Blizzard organize a "crack their products" day just like what Google did to Chrome several months ago? Then they give prizes to successful crackers (depending on the severity/potential threat of the crack) so they'll have the challenge of being pitted against equally skilled leet hackers, earning money and even land a job offer to "challenge" the never ending challenge of reverse engineering software...
The problem here isn't that they can't do anything to stop them, sure, they can stop the CURRENT system... but once they do that, someone will develop a work around, and the cycle will continue. I knew a few of these 'hackers' a couple years ago, and a lot of them don't do it because they want money or free games or w/e. They mostly do it for the challenge, so Blizzard investing more money into blocking them would be basically issuing a challenge to all the hackers out there


True, next question is why don't Blizzard organize a "crack their products" day just like what Google did to Chrome several months ago? Then they give prizes to successful crackers (depending on the severity/potential threat of the crack) so they'll have the challenge of being pitted against equally skilled leet hackers, earning money and even land a job offer to "challenge" the never ending challenge of reverse engineering software...


Because botting is different then actually cracking/hacking an application. Botting is just automating tasks that a mouse can do. You can't protect a program against automation. Any application that runs on a local computer can be automated by mousemovements/clicks etc.
Edited by NosSie#2453 on 11/19/2012 12:35 PM PST
1) Make a super rare "riddle" npc who appears in town next to the portals. He never appears at the beginning of the game, but randomly appears there while playing.

He is obvious, unique garb, and shouts something like "Pick the correct answer, to claim your prize" with a little caption about his head. He asks stupid insultingly easy riddles, randomly from a list that changes week to week. You get four answer choices, and if you pick correctly, you get a million gold, perhaps less for low levels.

The riddler is phased, and appears only to one individual at a time...never to everyone in a group. When teleporting back to town, you will see him, and trigger a 2 minute timer to interact with him and answer the riddle. (the timer targets afk botting).

Players who trigger the timer but fail to interact (especially consecutive failures) are flagged for immediate review. Players with a track record of answering the question are then prioritized for review in order of their inability to answer the riddles.

To make it fun for players who have good track records, he'll occasionally ask tougher questions about D3 lore, with bigger prizes than the million gold. E.g. maybe a few legendaries that only the riddler can drop, which will strongly encourage players to take answering the riddler seriously.


This is a terrible idea.
All good and well, but there is one thing.. This is Blizzard man, they don't care about bots they don't care for their players at all. Infact bots are giving them money, so why should they develop anti-bot software that would make them loose money?
lol what you don't get is they don't care anymore you already bought their game.
badb0y, I am making some suggestions that I believe Blizzard should implement to fight bot abusers, bot makers, etc.

You are right, some things do end up messing up the game for the legit players, but blatant botting is what is making me feel uncomfortable with this use.


Those things can all be added fairly easily, but i dont think the ACTUAL players playing for 8 hours + will take too kindly a "Playing in excess is detrimental to your health." every hour. I can hear the QQ now... "Im playing D3 not the Wii!! I dont need to be told whats bad for me while interrupting my play!"
11/19/2012 12:53 PMPosted by kinghouse51
lol what you don't get is they don't care anymore you already bought their game.


Yes. Thats why they continue to release patches to make the game better. Content patches at that.
Do you honestly think if Blizz actually cared about dealing with bots, farmers, spammers, and cheaters that they would be having these issues? No, they would have hired a few folks from the data security industry, a few lawyers to go quash the spammers' websites, and that would be the end of the problem.

The fact that spammers can post with impunity to the message boards, to say nothing of the fact that their websites remain untouched, just shows that Blizz doesn't care about this issue. If anything, they're somewhat dependent on the spammers and farmers as it helps drive up the prices on the all-important RMAH.


Dunno if you're mentally challenged or just stupid. What happened to all the well known bots out there, like Immortal, Hallbuddy (I think?) and probably many more that got shut down? You dont think Blizz had a part of it? Blizz is doing their job
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]