Software Engineer's ideas to get rid of bots

General Discussion
Prev 1 4 5 6 13 Next
11/18/2012 10:35 PMPosted by Heenooh
3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).


I like this idea captcha every hour after 8hours in a day
11/18/2012 11:04 PMPosted by Artair
3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).


I'm a software engineer too.. And this is also my idea. This must be a server side request

CAPTCHAS are a waste of time. At the very least, a PUNK can type in the CAPTCHA and then run the hack/bot


The solution I'm thinking is the client will prompt a small window with captcha every 4 hours (or whatever necessary, not including idle times, players might be afk inside town or barracks or whatever).. And the player must answer it within a minute (or maybe more, why? because the player might be fighting champs, answering the captcha might kill them). I don't think the botter (or the PUNK) will be awake 24/7 just to answer captchas every 4 hours.. lol


Bad idea is bad.

Have you been in higher level MP fights or Uber runs yet? If you are in the middle of those, and Blizzard interrupts your fight to answer a stupid captcha request, they have just ruined the experience. Not to mention, there is a very high likelihood that you can't stop to answer it within a small time frame like 1-2 minutes, especially on an Uber fight.

Second, even if you started this based on a 4 or 8 hour playing time span, all that means is the botters will have to log out and back in at the end of that time span to re-start their bots. It's nothing more than a minor inconvenience to them at a cost of a massive inconvenience to the normal player base.

1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)


It is technically impossible. There are only two ways to detect when another process reads your memory:

1. Kernel hook in KeStackAttachProcess / RtlCopyMemory which are called by ReadProcessMemory. A driver would be needed and this driver would hook itself deep into the system code ... not feasible.

2. PAGE_GUARD on all memory blocks. The exception handler would be called so often, you would play with 1 fpm ... yes frame per minute.
Can't blizzard just cap the amount of Gold picked up per day?

Each account is allowed to pick up 2 mil gold/day ect ect
I don't think i've ever picked up 2 mil gold in a 24 hour time frame even over say 6 or 8 hours

Ok yes they will piss off a small percentage maybe 1/500 legit players who actually play 12+ hours a day but what would be the point of buying a D3 key to only have your bot farm 2 mil or $.60/day
Something has to be done. Who is to blame for all the bots:

http://us.battle.net/d3/en/forum/topic/7178978572
Dear Mr. Senior Software Engineer.

I too am a Senior Software Engineer, and while my company may not be fortune 50 (more like 300) I would say that you do not really understand the challenge.

The only way they could stop bots is to monitor all system processes and even that can be fooled. Every time they put in something to stop bots the bot makers make a better bot. Even putting 2 devs full time on it costs around a quarter mill a year at a very least. And then they will just make better bots. There are countless way to fool bot detection programs and once you have the code to see what it checks for you can work around that.

This is not some simple fix problem. Not saying it is not a problem, it is but not one with an easy fix.


Why stop at 2 full time developers dedicated to this? They should have a whole team dedicated to stop bots. I am sure most people would agree that stopping bots is long-term benefit to the company.

Not only they should have dedicated developers to combat bots, but they should have another dedicated team (low-cost users) who monitors suspecious behaviors / CHECK the accounts that plays 24/7 before paying them out. Stop 1000 bots that pays out 250 a month, that is already 250k a month, enough for a decent team to prevent such behaviors.

I couldn't agree more how difficult the fight against bot is, but not doing anything except a ban wave every few months - is not the right way to combat the problem.

Most players complain about economy, nothing is selling, lack of gameplay and balanced, etc. They are completely unaware of the root of the problem, that botters is sucking blood out of passionate / legit gamers.
I think Blizzard should just hire a handful of hackers/dupers/bot makers to fight these problems. They'll have the best inside knowledge of what can and needs to be done to curb these problems.
RageQuit, im not giong to be an ahole and point out all the holes in that idea, but i think it is a great idea!!


Do you honestly think if Blizz actually cared about dealing with bots, farmers, spammers, and cheaters that they would be having these issues? No, they would have hired a few folks from the data security industry, a few lawyers to go quash the spammers' websites, and that would be the end of the problem.

The fact that spammers can post with impunity to the message boards, to say nothing of the fact that their websites remain untouched, just shows that Blizz doesn't care about this issue. If anything, they're somewhat dependent on the spammers and farmers as it helps drive up the prices on the all-important RMAH.


I am actually beginning to think that they really don't care about dealing with bots, at least not realistically. They might put up 2 guys to work on it or something, supporting millions of active users.


go back and read.. since release there has been how many ban waves? Its not they DONT stop it... They do... let me dumb this out...

D3 = 60 $
200 000 000 000 gold 194 $ (Rmah when i checked)
Ip issues= ZERO
all they do after they get banned is go out and buy another game... run it till banned keeping most the stuff off of it...

so blizzard DOES care... they care about how many times that person buys their game... where do you think the 10 M in sales came from lol

Best idea would be to restrict the ammount of games / cdkeys Per IP or something like that

Best idea would be to restrict the ammount of games / cdkeys Per IP or something like that


Haha but that would not make much business sense!
Its not that easy Mr. Software Engineer.

Blizz needs the hack code so that they can block the hook.
PUNKS have the game code, but Blizz doesn't have the the hack code.

CAPTCHAS are a waste of time. At the very least, a PUNK can type in the CAPTCHA and then run the hack/bot

As long as there is computer code, a hack/cheat will always work until Blizz can figure out how to stop it. Its a never ending cycle.

Ask these guys http://www.evenbalance.com/ how hard it is.

;)

_______________________________________
Stick and move
Boogie fever!


Right smart guy, like you cant go search google, pay 15 bucks per bot site at most (at least for the prevalent ones) and presto you have the code, numbnuts.
There are easier ways to combat botting that takes a softer approach, that tackles the very thing why botting is more efficient than legit playing.

I think a diminishing returns system, similar that to stuns in inferno now, would work great. Having something like, after 12 hours (or some other fixed amount) of playtime your, magic find, gold find, drop rate and exp gain drops by 15% for every additional hour (that would be clearly communicated via popup message). If you exit game it replenishes at the rate something like 25% per hour or something. So not to loose any efficiency you'd have to 'rest' like after 12 hours of playtime for 6 hours.

No sane legit players play for 30 hours straight anyway. Real people need to sleep and eat, etc. Bots on the other hand after like 16 hours would get 0 gold, 0 drops and 0 exp, if not logged off to rest. And also characters that still 'play' knowing that they don't get anything raises a 100% red flag.


But there are several cases of people dying from playing D3 straight for hours, I'm just too lazy to fetch those articles for you, I think it happened in Taiwan or somewhere in SEA... I for one played Ragnarok Online for 24 hours in a computer shop occasionally when I was still younger, maybe 6-8 years ago. I know it's dumb and is a bad practice but it does happen.


That's all the more reason to do this then - b/c clearly we don't want people dying from playing too long.
1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)

2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list.

3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).


1. The do this, but when they release the patch, the parties that make the bot programs update almost immediately anyway.

2.) Good idea, up until they make the bot program slow down to human player timing.

3.) Captcha is easily defeated by computer programs. All it would do is cause more annoyance for legit players than solve bot problems.
To whom it may concern,

I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.

1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)

2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list.

3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).

Seriously, there are hundreds of people who are making 2K USD+ using bots. Running it 24 hours a day, 7 days a week.

If you really care about integrity of the game, use manpower to solve the problem if you have to. This is no longer some 'virtual items', it is a real problem.


This premise is likely false, so the rest becomes irrelevant.
Flag all accounts that exceed 1 account per ip.
Flag all accounts that exceed 8-10 hours game time.
please stopp boting i dont care about flippers but botting is just plain cheater!!
anyone who dis agree with any botting combatant is a botter himself!!
To whom it may concern,

I really hope this note gets to the right people working in Blizzard. As a reference, I am a senior software engineer in a fortune 50 company, and I hope the Diablo 3 community & software engineers in blizzard will seriously consider my ideas and implement if necessary.

1. Protect your game data with collision detection. (The bots should not be able to read memory managed by D3 w/o triggering red flags to warden.)

2. Do an analysis of mouse / key movements/keypress-keyup event speeds. If relative movements are too quick, flag it / do a review, add to bad wave list.

3. Do a captsha check for every hour after 8 hours of play time (along with a nice note saying excessive playing is hazardous to your health).

Seriously, there are hundreds of people who are making 2K USD+ using bots. Running it 24 hours a day, 7 days a week.

If you really care about integrity of the game, use manpower to


These idea's won't do a thing to bots. It's a cat and mouse game. About your idea's:

1) Bots use pixel reading, your collision detection won't do much against those.

2) If you want to analyze keystrokes/mousemovements etc of every player, you know how much data this is? It's not possible to manage. They have to buy 5000 new servers just for this. And the cheaters can fix this easily by making human like behaviour movements.

3) Captcha's is not a successfull method of stopping bots. there are alot of automated (human entry) ways to solve captcha codes automatically by scripts.
I may not be a software engineer but I do sale used cars for a living. I can tell you this, the problem does not take man power or technical expertise.

It would only take 1 phone call from Jay Wilson to stop the bots. These bots, they aren't a glitch in the system. They are here by design


I agree with you.

Flag all accounts that exceed 1 account per ip.
Flag all accounts that exceed 8-10 hours game time.


Sadly anything related to IP is not feasible. Some people play in computer shops. And even then, most people doesn't have a static IP (even shops don't because it's expensive). Most people have IP address that changes everytime they reboot their router/modem. And the IP that you get every time are leased, and cycles through your neighborhood aka cidr blocks.

Join the Conversation

Return to Forum