Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Can a programmer explain to us laymen why NCSOFT (et al) cant stop bots?

mmofan2112mmofan2112 Member Posts: 38

 Can some programmer explain bots to the majority of us that have very little programming knowledge?

For example: Programs like Warden read your PC memory...why can it not see the bots?

An even bigger question...I am sure game companies can buy the bot programs themselves and disassemble the code and sees what it does, and how it hides. This would make catching it even more likely.

Their is a ton of anger directed at NCSOFT because of their seeming lack of effort (and their past history) of dealing with this.

If some programmer can explain it to us, then maybe we would understand what NCSOFT is up against.

It is really ashame that a game with such potential is about to lose a ton of subscribers (me included) because we simply can not understand why we players can spot the bots so easy and even help by reporting them, yet weeks later, there they are, and they have been fruitful and multiplied. 

A similar question would be why the spam adds are growing like a plague. Are they getting free trial accounts in Asia? If every report = account and IP ban, why is the spam growing at unbelievable numbers?

Thank you! 

«13

Comments

  • CzzarreCzzarre Member, Newbie CommonPosts: 3,742

    I honestly believe that NCSoft (and other MMOs) are just now out-gunned. there are so many companies using so many tacticsf it's like trying to fight a war on 10 different fronts. Aion is surrounded

  • CymTyrCymTyr Member Posts: 166
    Originally posted by Czzarre


    I honestly believe that NCSoft (and other MMOs) are just now out-gunned. there are so many companies using so many tacticsf it's like trying to fight a war on 10 different fronts. Aion is surrounded

     

    I don't believe this. All it takes is 2-3 full-time employees per server to insta-ban bots and investigate the /autohuntingreports

    That's all it takes. If GMs actively monitored chat like we were told they do, then the spammers would not be multiplying daily. I blocked a spammer and then 5 days later I unblocked him because I figured he'd been banned by that point. You know what? He wasn't. To me, that screams that NCS is actually getting kickbacks from the botting and gold sales companies.

    image

  • baggenbaggen Member Posts: 7

    If you think about it,  bots can actually be profitable for the companies. Think about World of Warcraft per example, there are a shitload of bots there mostly used for gold farming proposes. Blizzard bans the accounts and they will most likely  buy a new subscription to keep farming. This gets blizz a lot of new subscriptions.

  • wjrasmussenwjrasmussen Member Posts: 1,493
    Originally posted by mmofan2112


     Can some programmer explain bots to the majority of us that have very little programming knowledge?
    For example: Programs like Warden read your PC memory...why can it not see the bots?
    An even bigger question...I am sure game companies can buy the bot programs themselves and disassemble the code and sees what it does, and how it hides. This would make catching it even more likely.
    Their is a ton of anger directed at NCSOFT because of their seeming lack of effort (and their past history) of dealing with this.
    If some programmer can explain it to us, then maybe we would understand what NCSOFT is up against.
    It is really ashame that a game with such potential is about to lose a ton of subscribers (me included) because we simply can not understand why we players can spot the bots so easy and even help by reporting them, yet weeks later, there they are, and they have been fruitful and multiplied. 
    A similar question would be why the spam adds are growing like a plague. Are they getting free trial accounts in Asia? If every report = account and IP ban, why is the spam growing at unbelievable numbers?
    Thank you! 

    It really doesn't matter if you understand this or not.  You want to quit then quit.

  • BloodaxesBloodaxes Member EpicPosts: 4,662
    Originally posted by baggen


    If you think about it,  bots can actually be profitable for the companies. Think about World of Warcraft per example, there are a shitload of bots there mostly used for gold farming proposes. Blizzard bans the accounts and they will most likely  buy a new subscription to keep farming. This gets blizz a lot of new subscriptions.

     

    They probably change IP and get another trial account everytime they get banned.


  • mrw0lfmrw0lf Member Posts: 2,269

    Bots pay subs

    incentive to prevent bots = 0

    -----
    “The person who is certain, and who claims divine warrant for his certainty, belongs now to the infancy of our species.”

  • baggenbaggen Member Posts: 7
    Originally posted by bloodaxes

    Originally posted by baggen


    If you think about it,  bots can actually be profitable for the companies. Think about World of Warcraft per example, there are a shitload of bots there mostly used for gold farming proposes. Blizzard bans the accounts and they will most likely  buy a new subscription to keep farming. This gets blizz a lot of new subscriptions.

     

    They probably change IP and get another trial account everytime they get banned.

     

    Gold Farmers do not use trial accounts, the ones that spam your whisper about gold selling do.

  • UNH0LYEV1LUNH0LYEV1L Member UncommonPosts: 572

    If your talking about creating a progrma to monitor what is said in chat channels and to detect bot controlled charecters, I can tell you as an amature programmer that it is difficult mostly because of the randomness of the messsages being generated.

    It is difficult to take into account all aspects of a message to determine if its gold spam or not.  For example they cant just ban www.website.com links because what happens if someone that isnt gold spaming posts a link?  They would get banned as well.  Creating a smart bit of code to check if a message is spam or not is tedious work.  And just when the developers think they get it right the damn gold botters take advantage of the website ban by doing something like this www(dot)website(dot)com.  Or maybe leaving off www is enough to confuse the code.  This is just one of the examples that must be taken in to account and I hope you can understand why it can be difficult.

    Determining every case of whats spam and whats not is a tough issue to resolve with creating a monitoring program.

    In terms of stopping botters from leveling charecters that is a different story.  Most bots exploit the game using the same or near the same game vulnerabilities.  It can be done though and many games have successful anti-cheat/bot systems.

    Most of the simple bots that are easy to spot are ones that emmulate the use of a keyboard virtually.  In other words you have to put your skills in certain slots and the program knows which skill is which and monitors certain data in the game like your health mana and the mobs mana and presses the corresponding key virtually in game.  Often times these are easy to spot.  More advanced bots constantly re-evaluate situations, scan for enemies to fight, etc.

    In my opinion a solid GM crew to handle responses, ban spammers, etc is a great way to clear up the servers but remember the big thing is NCSoft would likely have to pay these people wages.

  • TaiphozTaiphoz Member UncommonPosts: 353

    Ex : Indie Games Developer, and Programmer.

     

    Bot's work in a number of ways, all depening on the game at hand and how that game handles scripts, macros, and its interface with the Human, ie keyboard and mouse or joystick.

    The reason it's hard for the dev teams to spot bots is because the Bot's are designed to use the same control mechanics that us Humans do, an App will actually send the call that the button A has been pressed, there is no way for the game to know if the Human actually hit A or if some third party tool hit A.

    Carnivore and other scanning application look in active memory for known bot application header names, kinda like you doing CTRL+ALT+DEL and looking at your active processes, if you look and see something called IM_A_BOT_HAHA.exe running then you know something is up, their detection works in a lot of cases in the same way, the devs or their team in charge will actually run the bots, look for key signals and then train their detection software to look for those key signals. like the application name in the process tree.

    The thing is that the bot developers can easily code their applications to change it's application name and the way that it does things making them harder to detect, players in the game often detect bots way before the dev's do, its simple number here.

    Even then it's hard, look at bots in WoW, the Bot code can actually have a conversation with you if you try and whisper a bot it might start asking you questions, or just say something like I am busy talk later and then flag DND.

    All of this makes it really hard for companies to detect, and act on bot abuse, but not impossible.

    The Bot's will always be ahead of the Dev's the Dev's cant prevent them until some one comes up with a way of telling if a key press was actually made by a human, or if it was faked by an application. and until that happens. we will suffer bots and the devs will strugle to ban them before they cause to much damage.

  • LynxJSALynxJSA Member RarePosts: 3,333
    Originally posted by mrw0lf


    Bots pay subs
    incentive to prevent bots = 0

     

    Lineage 2 says you are incorrect.

    -- Whammy - a 64x64 miniRPG 
    RPG Quiz - can you get all 25 right? 
    FPS Quiz - how well do you know your shooters?  
  • xiirotxiirot Fallen Earth CorrespondentMember Posts: 328

    From a programmer perspective:

    I have written an application that does nothing more than pull data from two separate databases on a company network, then inputs the data into shipping labels and receipts. This application, however seemingly simple, requires approximately 3 thousand lines of code.

    An MMORPG, with physics and 3D environments, as well as AI and tons of other goodies, I imagine would require hundreds of thousands, if not millions, lines of code. The challenge then, is sifting through the code and trying to discover where the vulnerabilities are. And if a vulnerability is discovered, there is a good chance that hundreds, if not thousands more lines of code need to be altered in order to tackle that single vulnerability.

    My guess is that many BOTs use the API to input different mouse and key strokes, which could be virtually undetectable. This is because in order to play a video game, you must use your mouse and keyboard. If a BOT is programatically sending mouse and keyboard commands, then it would be very difficult to detect. The only thing that could be detected is the time between mouse and keystrokes, but is also not 100% foolproof. Because some players hit those keys and use that mouse much faster than others, so it would be difficult to detect this.

     

    Not sure if that's even accurate, but that's just my speculation as an application and web developer.

    "Good people are good because they've come to wisdom through failure. We get very little wisdom from success, you know." William Saroyan

  • kamenwatikamenwati Member Posts: 168
    Originally posted by mrw0lf


    Bots pay subs
    incentive to prevent bots = 0



     

    Banned botters buy new accounts

    Incentive to ban bots > 0

  • AntariousAntarious Member UncommonPosts: 2,841
    Originally posted by Yavln


    Ex : Indie Games Developer, and Programmer.
     
    The Bot's will always be ahead of the Dev's the Dev's cant prevent them until some one comes up with a way of telling if a key press was actually made by a human, or if it was faked by an application. and until that happens. we will suffer bots and the devs will strugle to ban them before they cause to much damage.



     

     

    So basicly telling if the keypress actually came from a keyboard or not.  It would seem to me there is a way to tell if input is coming from an external device (ie: keyboard, mouse, nostromo etc)

     

    I know in that many programs will mimic these things but the actual input device isn't being used.  /shrug

  • eric_w66eric_w66 Member UncommonPosts: 1,006
    Originally posted by kamenwati

    Originally posted by mrw0lf


    Bots pay subs
    incentive to prevent bots = 0



     

    Banned botters buy new accounts

    Incentive to ban bots > 0



     

    Botters use credit card fraud to buy new accounts and then either don't pay or just do a chargeback on the purchase so they don't spend any money to get effectively infinite accounts. The credit card associations won't fight charge backs on internet purchases that are small (like 50 bucks), so the seller loses every time and has to refund the money, which of course, costs them even more since the key is now invalid, if there was a box sold, its useless (or never returned). If the botters were in the USA, you could do something about it, but most are not.

  • wjrasmussenwjrasmussen Member Posts: 1,493
    Originally posted by kamenwati

    Originally posted by mrw0lf


    Bots pay subs
    incentive to prevent bots = 0



     

    Banned botters buy new accounts

    Incentive to ban bots > 0



     

    If you believe that many people will quit over the bot issue, you must be a bot.

  • metalcoremetalcore Member Posts: 798


    Originally posted by mrw0lf
    Bots pay subs
    incentive to prevent bots = 0

    That is largely true.

    However programmically, how do you tell a machine is repeating a sequence of commands or a human is doing the same thing, especially if the machine is reacting to stuff.

    Best way to stop this is employ good GMS, have options on the chat for blocking and notifying and get the GMs to actively speak with the bots to see if they are or not.

    This by no means doesn't solve the problem since you can employ a 3rd world guy to sit their farming...

    Now playing: VG (after a long break from MMORPGS)
    Played for more than a month: Darkfall online, Vanguard SOH, Everquest, Horizons, WoW, SWG, Everquest II, Eve

  • therain93therain93 Member UncommonPosts: 2,039
    Originally posted by mrw0lf


    Bots pay subs
    incentive to prevent bots = 0



     

    Some players pay botters for virtual goods

    Players enjoying their virtual goods will play longer, thereby extending their subscriptions.

    Friends and guildies of players buying virtual goods play longer because they have people to play with, thereby extending more subscriptions.

    incentive to prevent bots = 0

  • TaiphozTaiphoz Member UncommonPosts: 353

    Good GM's is the Key.

    I sat and watched a GM in wow, take a bot and move it to the other end of the zone, the bot mindlessly checked realized it was in the wrong place, used its preset pathing tool and walked all the way back to me and the GM, where the GM then moved the bot again to another location, 5 minutes later the bot was back, all the while ignoring the GM's whispers.

     

    Finally the bot vanished, when I asked if he was kicked the GM said no with a smile, I left him some where he cant get out from, and when he logs out he will not be able to log back in.

     

    a good GM can be the most valuable thing to an MMO.

  • Daffid011Daffid011 Member UncommonPosts: 7,945
    Originally posted by CymTyr

    Originally posted by Czzarre


    I honestly believe that NCSoft (and other MMOs) are just now out-gunned. there are so many companies using so many tacticsf it's like trying to fight a war on 10 different fronts. Aion is surrounded

     

    I don't believe this. All it takes is 2-3 full-time employees per server to insta-ban bots and investigate the /autohuntingreports

    That's all it takes. If GMs actively monitored chat like we were told they do, then the spammers would not be multiplying daily. I blocked a spammer and then 5 days later I unblocked him because I figured he'd been banned by that point. You know what? He wasn't. To me, that screams that NCS is actually getting kickbacks from the botting and gold sales companies.

    If NCSoft was getting kick backs, then that would mean they have some secret relationship with the gold sellers.

    If that was the case, then NCSoft could speak directly to them and come up with some solution to reduce the spam in game.  They could come up with some middleground that would allow advertising the gold spam, not destroy players ability to communicate and honestly come up with some "system" that would allow NCSoft to look like they are banning the spammers.

    One partner doesn't allow the parasite partner to completely destroy the players ability to use the games basic functions. 

    I don't think ncsoft makes money from spammers, but any thing is possible I guess.  

     

  • mmofan2112mmofan2112 Member Posts: 38

     Here is what I was trying to get at, but maybe did not say it clearly.

    From what little programming I know, all code is eventually loaded into RAM. So, lets assume the makers of

    Warden, GameGuard, what ever...have these bot programs to study. They examine their ram before they load bot.

    Now, they load the bot...and see what changed.

    I am sure this is way to simple an example...but...here goes:

    Lets assume I could read your RAM and wanted to know if you were reading an e-text of Shakespeare Romeo and Juliet.

    I know before you were reading,  ram did not contain the binary equivalent of the word 'Romeo'. But, since I now 

    know what to look for (they have the bot program and know what it puts in ram'...I now search for 

    the word 'romeo' in your ram. 

    Now, as I said I am sure its not that simple...but have no clue why not. They (programmers that make good money) 

    have the code of the bot program. They can see what it does to their RAM. It MUST do something....find what

    and then wave a king size ban hammer. Again, why is it NOT this simple? T

  • AnubisanAnubisan Member UncommonPosts: 1,798

    NCSoft cannot stop the bots because they are indecipherable from legitimate clients from their point of view. The bots are updated very quickly to exactly emulate normal client activity, so the only way you can really tell they are present is to either use some sort of system monitor/anti-cheat program (like GameGuard) to observe other processes running with the game OR manually monitor for players doing the exact same things over and over again. Even then, many bots are designed to switch up their behavior from time to time and even respond to communication from GMs and players... so it is almost impossible to keep on top of them.

    Unfortunately NCSoft does not seem to care enough to employ the manpower it would take to combat this issue manually, so they try things like changing the packet encryption. This works, but the bots are updated so quickly that they can't keep up for long. When you rely on something like GameGuard, which many hackers are already very very familiar with, you open yourself up to being exploited much more than if you were to design something yourself. As it stands, NCSoft is not using ANY anti-cheat detection software in Aion at the moment... which is probably the biggest reason it is so hard hit right now.

    I think Blizzard is as successful as they are against bots because they use their own proprietary anti-cheat code and it is very good. On top of that, they also have the manpower to combat the problem manually if neccessary.

     

  • theAsnatheAsna Member UncommonPosts: 324

    There are so many ways to make a programm that will control an avatar in a MMO. To name a few:

    • You can either try and reverse engineer the client and/or evaluate network traffic, so you could make your customized client for the Bot.
    • You can use the built-in scripting capabilities (which the vendor provides "knowingly" or "unknowingly") to automate tasks.
    • You can use test automation tools (or the techniques and concepts these tools incorporate) for a similar effect.

    and many more. But most likely a mix of different techniques will lead you to your goal.

     

    Measures the game company can take:

    • Assert that the client is not manipulated
    • Check which software runs on the client machine
    • Have GMs check reported individuals in-game
    • Use a software that will log chat messages that contain key words, for a later inspection of the "speaker"

    There will always be some means to bypass security barriers, though.

     

    Besides that the only thing to really prevent botting would be to

    • make gameplay more complex.
    • don't include "static-dialog-NPCs"
    • change game mechanics (e.g "kill NPC-loot drops") that are ideal candidates for automation 
  • djazzydjazzy Member Posts: 3,578

    What the hell is my $14.99 going to if they can't have gm support to combat this crap? Seriously either make it free to play or step up and do something NCSoft.

  • DistopiaDistopia Member EpicPosts: 21,183
    Originally posted by mmofan2112


     Here is what I was trying to get at, but maybe did not say it clearly.
    From what little programming I know, all code is eventually loaded into RAM. So, lets assume the makers of
    Warden, GameGuard, what ever...have these bot programs to study. They examine their ram before they load bot.
    Now, they load the bot...and see what changed.
    I am sure this is way to simple an example...but...here goes:
    Lets assume I could read your RAM and wanted to know if you were reading an e-text of Shakespeare Romeo and Juliet.
    I know before you were reading,  ram did not contain the binary equivalent of the word 'Romeo'. But, since I now 
    know what to look for (they have the bot program and know what it puts in ram'...I now search for 
    the word 'romeo' in your ram. 
    Now, as I said I am sure its not that simple...but have no clue why not. They (programmers that make good money) 
    have the code of the bot program. They can see what it does to their RAM. It MUST do something....find what
    and then wave a king size ban hammer. Again, why is it NOT this simple? T

     

    I don't know I'm not a programmer at all but I still wonder about this. If you're judging by someones ram usage, you're leaving a lot of room for error. As a programmer you should expect half of your clients to be pc illiterate. Meaning expect a certain percentage to be running all kinds of crap in the background of their pc without even realizing it. Not to mention viruses that eat up ram or similar pc problems.  Just doesn't seem like an acceptable stop measure to me.

    For every minute you are angry , you lose 60 seconds of happiness."-Emerson


  • alakramalakram Member UncommonPosts: 2,301
    Originally posted by mrw0lf


    Bots pay subs
    incentive to prevent bots = 0

     

    Thats it.



Sign In or Register to comment.