47 replies to this topic

[snesdude64]

I'm not tech savvy enough to argue whether or not IP banning works. The phone idea doesn't sound like the worst thing in the world, although I guess it might be a bit excessive.

Still feel like banning the ip would stop some people. Not all of them, or maybe not even most of them, but anything that would help and wouldn't be incredibly excessive would be nice. I feel like they should add a right click option to report for botting, since no one wants to take the time to report "bwei234b" for botting on the forums or however you should report them. If I don't even know why would most people go out of their way to report it? 

What I think they should do:

1) Right click option to report for botting
2) Every 20 reports investigate the account
3) Ban account, ban ip
4) Repeat with reasonable response times until bot population dwindles

Maybe they already have their own system, but it doesn't seem to be working. I don't know much about this, and I probably sound stupid, but the bots are somewhat obnoxious. It'd be nice if they could do a better job somehow.

[Mikril]

The only way to deal with them is to make routine patrols. Banning the IP addresses doesn't work, and the phone idea wouldn't either. You can get temporary phone numbers online these days. If there was an easy solution, they would have come up with it years ago. That bot strike thread looks promising (I haven't seen it work yet, but I only posted once there) and they did respond in a decent amount of time to a ticket I sent in.

 

About the only thing I can think of has been suggested off and on for ages already. Pick out some trustworthy volunteer players and give them access to the tools needed to investigate bot reports themselves. After a couple false bans, ban the volunteer. No power abuse and more eyes in game.

[Viri]

This thread has me literally tearing up from laughter. Oh jesus.

[NorthenBeggar]

This thread has me literally tearing up from laughter. Oh jesus.

 

Your avatar suits this thread perfectly.

 

Okay, let's forget about all the tech stuff for a while and look at the simplest effect this smart idea can cause, though I can give a number of reasons why OP's idea won't work.

 

Say, Warp Portal could manage to implement the OP's suggestion somehow. Dunno if it's with an alien's help, a paranormal assistant, or whatever. Then, there will be a lot less players, because RO becomes a game only for

 

 

That be said, less people will buy in-game items, which means, less money to be spent on the game, which means, less income for Warp Portal, which means, they can't afford to pay their own servers and the paranormal, which means, RO won't have a place to run and because the paranormal is gone, bots will return, which means, the

 

 

won't be able to play anymore and iRO is filled by bots only.

Edited by NorthenBeggar, 24 February 2014 - 04:20 PM.

[Chizzmaks]

I GIVE UP.

You don't seem to know how IP works....

LOL      

[HansLowell]

Go with a multiple router ISP, everytime you reboot router you get a new IP. Pay skype to get a personal number for like 5 cent on each number. and there is probably even free software to get fake phone numbers. as for gmail you can have multiple email  with the same email. example theinfiniteemailguy@gmail.com

= the.infinite.email.guy@gmail.com will be counted as another adress but you will receive the mails on the same adress. theinfiniteemailguy+abcde@gmail.com same thing.

 

as for bots they have everything to just go in and usually have more powerful software to do that kind of things. The only people who would suffer of that kind of stuff is real players itself.

Edited by HansLowell, 26 February 2014 - 08:49 AM.

[DocNousakan]

Its funny to see how many people have no clue how IP addresses work. Just banning one IP could take out an entire school, apartment complex, business campus, etc. Look up network address translation overloading. That one address could be the public IP for thousands of private ones. Its like using a chainsaw to do brain surgery.

Edited by DocNousakan, 02 March 2014 - 02:15 PM.

[AlmrOfAtlas]

How about installing RO on your comp creating a unique, encrypted identifier in the registry or a dynamic file inside one of the packages in the RO folder (in case you have RO on a usb or something). This could also be done upon first patching the client.

 

If that client uses an account that gets its ass banhammered then the ident will be blacklisted. It won't affect other people using the same IP, just that computer or particular RO installation.

 

Of course it's easily possible to dig the key out of the registry or package and change it, or reinstall RO, which is why you tether the client to the ident and/or accounts accessed upon installation (or first log) and return a fatal error should it not match. This game requires internet connectivity, so an authentication barrier wouldn't be at all hard to implement should you want to do it server-side rather than client-side.

 

You'd screw up botting clients as well, since they'd require a valid ident to log in.

 

That creates a problem for those players who play RO from different locations and with different RO installations, so multiple client idents should be allowed to access the same account (maybe up to a cap of 5 or so) so long as the ident isn't blacklisted. You can monitor 'who accesses what' that way, and still keep banhammered and unofficial clients away from the game while adding a bit of security for regular players in the form of those idents.

 

It's not at all foolproof, but it provides an additional degree of irritation for frequent RMTers and botters that keep getting banned and recreating.

[NorthenBeggar]

How about installing RO on your comp creating a unique, encrypted identifier in the registry or a dynamic file inside one of the packages in the RO folder (in case you have RO on a usb or something). This could also be done upon first patching the client.

 

If that client uses an account that gets its ass banhammered then the ident will be blacklisted. It won't affect other people using the same IP, just that computer or particular RO installation.

 

Of course it's easily possible to dig the key out of the registry or package and change it, or reinstall RO, which is why you tether the client to the ident and/or accounts accessed upon installation (or first log) and return a fatal error should it not match. This game requires internet connectivity, so an authentication barrier wouldn't be at all hard to implement should you want to do it server-side rather than client-side.

 

You'd screw up botting clients as well, since they'd require a valid ident to log in.

 

That creates a problem for those players who play RO from different locations and with different RO installations, so multiple client idents should be allowed to access the same account (maybe up to a cap of 5 or so) so long as the ident isn't blacklisted. You can monitor 'who accesses what' that way, and still keep banhammered and unofficial clients away from the game while adding a bit of security for regular players in the form of those idents.

 

It's not at all foolproof, but it provides an additional degree of irritation for frequent RMTers and botters that keep getting banned and recreating.

 

y u re5 dis treet?

 

Actually the suggestion sounds good, but let me ask some questions. Won't someone be able to make a new account and re-install the client for a new client id if he gets banned? I mean, new account, new client id. I don't see much difference from just making a new id. Or would you assign the client id per installer instead of per installation? How would they do that? Re-compile the installer every single time someone downloads the game?

[AlmrOfAtlas]

y u re5 dis treet?

 

Actually the suggestion sounds good, but let me ask some questions. Won't someone be able to make a new account and re-install the client for a new client id if he gets banned? I mean, new account, new client id. I don't see much difference from just making a new id. Or would you assign the client id per installer instead of per installation? How would they do that? Re-compile the installer every single time someone downloads the game?

 

It depends on how Grav implements it.

 

The client itself would have a unique identifier that it would either randomly assign upon installation, or randomly assign upon patching it for the first time (probably the latter due to potential redistribution issues). This identifier could be encrypted to a package in the RO folder or entered into the registry. Could even be both for security's sake.

 

Reinstalling would cycle the ident if it was kept in the RO folder, but not if it was a permanent entry to the registry, as installations would check for and preserve existing idents. This is a practice that a lot of companies use with regards to software trial periods.

 

Grav could even pair this with their current IP banning method to determine if users are reinstalling and cycling idents via the same IP.

 

A blacklisted client would simply be unable to connect to the server. The server would refuse incoming connections from any client with a blacklisted or 'expired' ident via an authentication checkpoint that checks the ident and possibly also IP against the blacklist.

 

Should the ident not be on the blacklist, a connection is achieved, the client patches up and allows you to start the game.

 

The auth checkpoint could also be implemented after patching and before logging into one's account. So either implement the checkpoint on the patch server or the character server.

 

So I guess it'd be along the lines of:

 

 

                                                                                                                                              > [ID blacklisted] = refuse connection

Installation > Start up > Patch connection [assign ID if none] [check ID if present] >                                                                    > Patch up > Play > Account connection > Access account.

                                                                                                                                              > [ID whitelisted] = accept connection

 

OR

 

                                                                                                                                                                                                                   > [ID blacklisted] = refuse connection

Installation > Start up > Patch connection > Patch up > Play > Account connection [assign ID if none] [check ID if present] >                                                                    > Access account.

                                                                                                                                                                                                                   > [ID whitelisted] = accept connection

 

 

Or a combination of the two. The ID could be resolved against IP history at the auth checkpoint as well.

 

A good way to manage idents would be to require proper installation of the client, but I assume a lot of people play RO at work/school/etc. where the user doesn't have admin rights, so lots of people would be up-in-arms about that.

 

 

e: lol what on earth does "y u re5 dis treet" mean? 

Edited by AlmrOfAtlas, 05 March 2014 - 09:29 PM.

[NorthenBeggar]

It depends on how Grav implements it.

 

The client itself would have a unique identifier that it would either randomly assign upon installation, or randomly assign upon patching it for the first time (probably the latter due to potential redistribution issues). This identifier could be encrypted to a package in the RO folder or entered into the registry. Could even be both for security's sake.

 

 

That's exactly the problem. This identifier can be deleted in various ways (depending on how it's stored) and the user will get a new client identifier if he re-installs RO, so it will seem as if it's the first time the user installs RO. System restore, virtual machine. That's more pain for botters, indeed, but there are many things to be done to implement this. Making up new tables, setting relationships on the database, adding the authentication code, etc, and I feel like there's some potential problems with this suggestion. An account can use some valid client id to log in, like you said, so they can log in in different machines. A client id should also be available for various accounts. Duplicate records, duplicate records. I really have a bad feeling about it. I like the idea, though. It makes sense.

 

I didn't know that Gravity already implement IP blocking system, at least on iRO. It's practically not a wise thing to do. The IP seen on the Internet is a public IP, which is shared to many clients by the ISP. The client's original IP is masqueraded as the public IP, so if you block that seen IP, other clients will be blocked too. It also has something to do with the client id thingy. New players who happen to share the same public IP will be put to suspicion. Not to mention about proxy.

 

e: lol what on earth does "y u re5 dis treet" mean?  

 

"Why did you revive this thread?" :v

 

I know, I know. I'm a clever man. XD

 

P.S. You're Dame Hlin, right?

[Viri]

Sounds like something that people who wanted to would circumvent in about 5 seconds

[AlmrOfAtlas]

There's no way to make it foolproof without inconveniencing legit players, and iRO really can't afford to lose players :x

[NorthenBeggar]

I know it's a sarcasm. I'm just not sure to whom it's directed.

 

The best way to exterminate bots is by making them have no reason to. People bot to farm straw? Make an NPC who sells grapes. Something like that.

[ShadyNinja]

There's no way to make it foolproof without inconveniencing legit players, and iRO really can't afford to lose players :x

 

I quit this game about 10-11 years ago when I found out a few of my friends and a bunch of people in top guilds were using bot alts to farm.

 

Like you said, they can't afford to lose players, and many "legit" players will continue to use bots to earn wealth because they can do it risk-free.

[KittyLovely]

they need to make it very clear that buying/selling zeny and gears is illegal and the crackdown on that activity... not just once or twice but all the time... if they make it very very clear that botting and RMT is illegal and will get you banned then they could ban people who do these activities (not ban wipe and release)... perma bans for all offenders... make it HURT to buy or sell zeny... set up stings on zeny selling sites... there is alot more the GMs could do besides just banning bots in game... go look at the FB groups dedicated to buying/selling items and bust people there... its not that hard...ive been doing this collecting names from people and reporting those people to the support team... kill the source of the problem...

This.

[Viri]

You have to base it off of in game activity. Looking at forums is a terrible idea. I would honestly just make an acct with a user name similar to yours and say I'm looking to buy zeny or sell items or w/e and message me on your character name to get you banned just because of how stupid this idea is.

[Himeyasha]

It would be better if they changed the some aspect of the server on a random basis. IE packet Lengths, Server connection types, 

 

Before when they did this for some other reason botters couldn't connect for about 3 months. (and I made my first 2Billion)

 

The bot community is relatively slow to react now that the game is in decline (less developers) so if you make the more popular bot programs work you kill most bots because most botters do not know the details of connecting. The problem is that programers like a challenge so you'd end up with even more sophisticated bots eventually much like antibiotics and viruses. 

 

The other hitch is that Gravity Korea would need to actually need to allow or make such changes randomly which I highly doubt they would do or do smoothly. 

[Viri]

99% of botters just use precanned scripts and have no idea how they work. Totally agree on changing anything that will disrupt the bots will kill MOST botters for a sufficient amount of time. The changes would have to be unannounced and not to the same thing every time or they'd catch on but it would make a good difference.

[spikexp]

I just hope they can do this packet length and server connection type changing every so often. But I guess that would take a lot of work and we had to patch some large sized files.

That's okay, I love large sized patches. So why can't we have this random server aspect changes and major updates (like old GH or Rebellion) in at least an annual basis? Every quarter of half a year would be much better.

[NorthenBeggar]

It would be better if they changed the some aspect of the server on a random basis. IE packet Lengths, Server connection types, 

 

Before when they did this for some other reason botters couldn't connect for about 3 months. (and I made my first 2Billion)

 

The bot community is relatively slow to react now that the game is in decline (less developers) so if you make the more popular bot programs work you kill most bots because most botters do not know the details of connecting. The problem is that programers like a challenge so you'd end up with even more sophisticated bots eventually much like antibiotics and viruses. 

 

The other hitch is that Gravity Korea would need to actually need to allow or make such changes randomly which I highly doubt they would do or do smoothly. 

 

They're already doing that, if I'm not wrong. They seem to be changing items and menu id so that bots won't farm those items or get trapped on NPC dialogue.

 

As of changing technical aspects of the game like packet length and connection type, it's too expensive. Not expensive by the mean of money, but development. You need to adjust many other elements of the game, if you do that.

[spikexp]

As of changing technical aspects of the game like packet length and connection type, it's too expensive. Not expensive by the mean of money, but development. You need to adjust many other elements of the game, if you do that.

from what i've learned, the alteration can also be done by routing thingies, like, changing the routes to connect to the login, char, or map server. well, i don't know the details but it seems feasible. but then again, i guess there's not a lot of cheaper options.

[NorthenBeggar]

from what i've learned, the alteration can also be done by routing thingies, like, changing the routes to connect to the login, char, or map server. well, i don't know the details but it seems feasible. but then again, i guess there's not a lot of cheaper options.

 

Yeah, that's also expensive, but literally. You see, a client is connected to a kind of gateway server, which is connected to a server farm (a bunch of computers), which is the real things. Yes, RO has three kinds of servers, but there are more than three computers handling them. The gateway has a public IP to which the client calls to, so they don't know anything about the local server farm network. If you want to change the gateway's public IP so that bots can't connect (because they will need to know the new public IP of the server), you will need a lot of money. Of course, changing the server farm topology won't be a change to the bots, because clients only need to know about the gateway.

 

Source: I've tried to make an MMORPG.

Edited by NorthenBeggar, 23 March 2014 - 05:28 PM.