RMT spam fixes need to happen sooner then later

Quote:

---

Originally Posted by Okipuit

We understand that the current RMT shout/spam reporting procedure can be improved so we are working our hardest to implement a system that is faster and easier to report/block violators. With that said, we sincerely appreciate the assistance from those of you who have been submitting reports as we work towards improving the system.

---

Do me a favor and forward this thread to the devs. It gives a pretty good idea of how such a system should work.

Although taking the RMTs out of shout would be great, that's just the start of the problem. I want RMTs gone from the game. I know that's a tall order but, i just do not want to see the lazy people doing their pay to win like they did in FFXI. So SE really needs to look into gil transfers amongst players as well. I want these gil buyers found and banned. If they're buying gil they must care very little for the community and even less about the well being of the game itself.

Free Trial is over today and it have got a lot better, world is less crowded too. Barely any shout left. There some Hacks account left that people get hack from. I don't think this Gold Farmer go to the extend of buying their own copy. Hope people be smart, not buy their Gold or PL or you could end up embarrassing yourself by Shouting as a Gold Seller and get yourself Banned. Please SE, do not offer any more Free Trial or make this game F2P.

Is it possible to check user input on which a report was received, a separate program (like anti-Spam) that can block chat violators before the proceedings by operators?

P.S. reason for delete the previous: advanced posting.

Can we just get and option to click on the name and blacklist the user ?

It would already help if Characters were allowed to shout only once every 30 seconds.

I am willing to bet most of these are hacked accounts. I had a guildy have his account be hacked and then banned for RMT spam.

1. You need to investigate why these accounts are getting hacked, to verify it isn't something on your end, and fix any security holes you find.
2. You need to work toward a more streamlined method to report said gold spammers. (I used to report them, but it takes me a couple minutes of my gameplay to copy the message and post it in a ticket... this is horrid for an issue so prevalent... I just avoid the large cities when I can)
3. You need to work toward a better method to recover a hacked account. A friend of mine was told that he couldn't ever get his account back... perma banned. For something that he didn't even do. So he was forced to go buy the game again and start all over. This is unacceptable.

To the players, I don't know what method they are doing to steal accounts, but things you could do to protect yourself in general.
1. Never open emails from people you do not know or expect an email from (even opening emails in some clients can be enough to compromise you... yahoo I am looking at you...)
2. NEVER click on links in emails... EVER! You are seriously asking for trouble here.
3. Only open attachments if it is something you expected to be sent to you (Just because you got an email from your "mother" with a greeting card attached doesn't mean it actually came from her... if you didn't expect it, but is someone you know, ask them if they sent you something.)
4. Go get the latest patches and updates for everything. Especially JAVA, Adobe Flash and Adobe Reader. I would almost suggest you just disable JAVA because of how messed up it is (Note: JAVA is NOT the same as javascript). Then check for updates at least once a week. I can't tell you how many virus people get had by from security holes in software that was patched in 2010. Seriously... go update your software.

Quote:

---

Originally Posted by darios

Can we just get and option to click on the name and blacklist the user ?

---

DING! THANK YOU!

Please do this. It's already there that you can click on a name in a shout/tell and invite to party. Just add an option to add the black list and the problem is DRAMATICALLY reduced.

hire someone for min wage / an intern.
They get 3 accounts in each of the city in all server.
The log in, for 1 min and hit ban stick. Next character repeat all day long.

I would suggest having assigned SE players on watch in-game, with automatic banning tools, until the filters are implemented. If I had those I would have banned at least four RMTs, last night. :-P

The easiest way is to do it the same way ad blockers do it.

Make a world subscription Blist, and then have an option to participate on this blist. And make a simple query that if 100 people has the same name on the blist, then it goes on the subscription, and automatically filtered.

Then all the team has to do is gather up that list weekly or something, and cross check their account logs. It's pretty easy to find a spammer in that, signs like deleting and creating characters daily, etc.

GMs is all good but come on, it's not like we haven't advance with annoyance-ware solutions.

The spamming is really brining down the quality of the game. How are people new to Square going believe that you'll be productive at anything and deliver quality service when you allow rampant ToS violation to continue for HOURS?? It does not cost that much money to hire a monkey server admin that has multiple accounts open in the main cities where they can "investigate" (a.k.a. look at their monitor) and ban these people.

continued...

$8/hr * 24(hours) * 365(day) = ~70,000 a year to have a monkey sit and watch the screen (you could also outsource to lower your cost!). That is ~$6,000/month (rounded up so you can throw in some free bananas for the monkeys) or 500 subscription fees. I think there is about 50 server now? That's 5 subscriptions/per server to have someone take care of this crap 24/7. Also, I'd be very surprised if the RMT stuck around when their accounts get banned in 5 minutes. That means the cost will go down! Right now it's just open season. I'd like to believe that there is an "active" team to take care of the situation but this past weekend the same people were spamming in all 3 cities all weekend long on excalibur. It does not come down to anything less than being cheap and lazy on SE's part.


/rantoff

PS I love your game...this is issue is just ridiculous and doesn't make sense to me coming from an HR, customer service, and server administration background.

Quote:

---

Originally Posted by Okipuit

Greetings,

We would like to apologize for the inconveniences that RMT spam has been causing. We are diligently investigating any incoming reports or sightings of RMT shouts and banning them as soon as possible. In addition, we are working on speeding up the investigation flow.

We understand that the current RMT shout/spam reporting procedure can be improved so we are working our hardest to implement a system that is faster and easier to report/block violators. With that said, we sincerely appreciate the assistance from those of you who have been submitting reports as we work towards improving the system.

---

With the amount of time that I spend each day black listing and reporting the RMT bots can I just put down on my resume that I work for Square Enix & their Special Task Force?

Quote:

---

Originally Posted by Okipuit

snip

---

Does this also include the position hackers that are basically everywhere? I think those are just as much, if not more, of a priority, given that it'd be the source of the income they need to do transactions. Though in-your-face actions, like the spammers, can give the impression of it being more important. RMT are generally not as ignorant of themselves as people think. The accounts that are used for the bot gathering are often separate from the accounts that spam, as well as from the accounts that sell goods and accounts that hold funds.

Quote:

---

Originally Posted by Kamaru

/rantsnip

PS I love your game...this is issue is just ridiculous and doesn't make sense to me coming from an HR, customer service, and server administration background.

---

lol u have that background and completely avoided the issue that these RMT are using stolen accounts and SE doesnt even know how they are getting stolen. RMT arent making new accounts and new characters to keep their /sh's going on servers that arent allowing new character creations...

Quote:

---

Originally Posted by Rautzen

With the amount of time that I spend each day black listing and reporting the RMT bots can I just put down on my resume that I work for Square Enix & their Special Task Force?

---

Players are spending more time than GMs on the issue so why not?

Quote:

---

Originally Posted by Ninjaii

lol u have that background and completely avoided the issue that these RMT are using stolen accounts and SE doesnt even know how they are getting stolen. RMT arent making new accounts and new characters to keep their /sh's going on servers that arent allowing new character creations...

---

Current list: http://na.finalfantasyxiv.com/lodest...06d0909189e479

Excalibur was open a few days ago but was recently closed off.

I'll tell you how most of the accounts are compromised.
First is database hacking. It's not very complicated if a website is not secured and they can harvest tons of data.

The second method is a little more creative.
Step 1: You visit a website or open an email attachment that contains code that installs a key logger on your computer. It doesn't have to be a porn site or some underground website that contain the code, it could be your grandma's cookie business website(but we'll come back this to in a min)
Step 2:All keys from your computer are logged and sent to a remote server for processing. The majority of the username/password processing is done via scripting so they will pull out your email, website, and program login credentials.
Step 3:Use your accounts to send out more "advertisements" via social media/email etc. If they see you logging in to manage a website they will take your credentials and inject code on your site so now grandma's site is infected as well.
And the process repeats via automation over and over while they harvest huge list.

THEN
They take the data and sell it, so most likely that's where RMT is getting their data. Though it's not impossible for them to be "hacking" SE's database, it's just A LOT less likely than the above. This isn't a SE problem, it's an end user problem.

Even Se Support doesn't believe that it isn't SE's side anymore, while they are perpetually hit with call logs about the issue. But if you want to believe otherwise none can stop you from posting in these threads (unless your account ends up compromised). It's already confirmed that phone security tokens are pointless against the security breach. Users of the phone security app just have a faster way to recover their accounts.

Edited for typos lol

And Excalibur hasn't been lifted from character creation restrictions since before Sept. 5.

To be honest I haven't read up on all the accounts that were compromised. However, even if their token authentication is "crackable" (though it most likely has some sort of dumb recovery logic and the algorithm itself is not being cracked) they still need a username or email address at least. You have to have something to start with....

Quote:

---

Originally Posted by Kamaru

To be honest I haven't read up on all the accounts that were compromised. However, even if their token authentication is "crackable" (though it most likely has some sort of dumb recovery logic and the algorithm itself is not being cracked) they still need a username or email address at least. You have to have something to start with....

---

Microsoft and Sony would disagree based on how their networks were compromised. Just because those are the typical reasons careless gamers lose their account privileges doesn't mean the easy answer is relevant. It just means that once compromises were confirmed that's the 1st consideration, but that was about 2 weeks ago and they have 1000s of confirmed account compromised tickets @ SE Support-NA alone

One problem is the users that register their tickets in the Account sector of SE support and the users that register their tickets in the FFXIV sector are divided between 2 different ticket logs. Even though its just one problem.

No way to solve this unless you track them down, sue them, and hope this makes them scared but that didn't work when blizz did it so I expect it would not now.

Imo, SE should take a long look at Eve and or say GW2 if you want to see ways how they combated and near eliminated third part RMT groups from their games; it's not perfect but it DOES work.

Simply just fiddling with chat filters will never work b/c those spam bots WILL get around it within a minute. If they get banned, they just use another hacked account out of the 1000s they probably got control of.

Anyways, back to watching gather bots teleporting around...they are getting quite numerous.

Quote:

---

Originally Posted by Ninjaii

Cheers for the lame duck comment from a troll [...]

---

A troll? Mine is a REAL suggestion, not a troll.
For stolen accounts, people can claim the account was stolen, but I'm bored to be invaded with marketing

Quote:

---

Originally Posted by darios

EASY WAY TO BLACKLIST

Can we just get and option to click on the name and blacklist the user ?

---

Quote:

---

Originally Posted by Alanon

DING! THANK YOU!

Please do this. It's already there that you can click on a name in a shout/tell and invite to party. Just add an option to add the black list and the problem is DRAMATICALLY reduced.

---

This would help. So. Much.

Quote:

---

Originally Posted by Ethalio

It would already help if Characters were allowed to shout only once every 30 seconds.

---

This too. Yes.

Minor fixes but they seem fairly simple. I'm 100% for both of these.
I need not explain at length, point has been made, nail hit on the head, dead center, etc etc :p

At the very least anyone else in the industry or in information security would of said to have put in a mandatory password change by now, but SE hasn't, even though the breach was confirmed 2 weeks ago and they still cant identify anything, while more accounts continue to be compromised every day. Would of at least either confrimed stolen information or discarded it as no longer a plausibility.

And if they hadn't of lifted the auto-block of accounts accessed from an invalid IP that had been present since 1.0 up until a post-release patch, none of the compromised accounts would of happened

Quote:

---

Originally Posted by Ninjaii

Lol can u do math there are plenty of free companies that have over 100 members

not to mention the RMT could use it to easily populate an insta-ban

---

I see what you're getting at, but it works both ways. The way to improve the system is to automute players for an hour who are blacklisted by 4 reports within that hour, on a rolling window. So if a RMT spam bot keeps on spamming once muted, it stays muted until they stop for an hour. Meanwhile you'd think that a GM could check the report to see what they're being blacklisted for.

Quote:

---

Originally Posted by Ninjaii

At the very least anyone else in the industry or in information security would of said to have put in a mandatory password change by now, but SE hasn't,

---

That's because mandatory password changes aren't effective solutions when the average joe ticks the "save login info" box. What SE should have done, from the beginning is ask for either a mobile phone number (to SMS one-time passwords to), a mobile app (which they now have) or include hardware token with all boxed versions of the game. MMO games are the only "services" that people are so inherently lazy about that hacks roam free. Many people who are "hacked", end up hacked because they were already up to no good.

Why is there a 1000 character limit x.x

Tonight, every city I went to was completely quiet. SE is doing something and it is having a noticeable effect.

Quote:

---

Originally Posted by Ninjaii

At the very least anyone else in the industry or in information security would of said to have put in a mandatory password change by now, but SE hasn't, even though the breach was confirmed 2 weeks ago and they still cant identify anything, while more accounts continue to be compromised every day. Would of at least either confrimed stolen information or discarded it as no longer a plausibility.

And if they hadn't of lifted the auto-block of accounts accessed from an invalid IP that had been present since 1.0 up until a post-release patch, none of the compromised accounts would of happened

---

What breach? The only thing they've stated recently was that people were breaching other companies and trying to use that information here to steal accounts.

Perhaps you should put a chat filter in place to detect if someone is sending multiple hundred tells a second and auto-ban them. Real people don't do that. RMT spammers do. I was getting 2-3 tells a second from an RMT spammer a few days ago, assuming he was doing that to more people than just me since I wasn't even in town it would be fairly easy to spot these people.

There is really only one instant fix for these kinda problems, since they just keep remakeing new accounts, and use that IP changeing thing :p.
Hire more staff, place 3 on each server, in each main city, wich job is only to instant ban all gil selling spams they see.

tbh with the time it takes, for a report to reach SE, them to handle it, read truh the logs etc etc, there will allready be 5 new gil sellers, so as said above solution only solution.
Personally i didint use to mind them shouting evry now and then, but i must admitt at this point where the same character is able to spam 20msg pr. sek is reaching my tolerance level >.<.
god bless filters exist in this game

I like the 'Coin lock' that rift used where if you logged on from a different IP, your account was limited and you could not sell anything, buy anything, trash anything e.t.c. At the time your account was locked, you were sent an email with a code - put the code into the game and your account unlocked. It'd also be good if the account could not communicate with anyone other then GM's.

If you're silly enough to use the same password for the game and your mail account, and haven't taken advantage of either the free (for smartphone users) security token app, or purchased a hardware token - SE can't do much more for you.

I remember a day in Aion when GMs came into the game as a giant rabbits and started publicly dropping NUKES on the heads of RMT spammers banning them from the game (with accounts). This public act was sooo much loved by the community! This act started a crusade against RMT traders which had a pretty decent result.

Anyways as a suggestion to the developers.
1. Implement chat name click option to report spam. This button would both blist the player and send a report to GMs (with the message attached for GMs to be able to react fast).
2. When the player gets reported he should get the limit to the rate at which he may send messages (maybe only to /shout and /yell). When a player is reported multiple times (>10 for example) he would be blocked from /shout and /yell and maybe /tell
3. When committing a permaban on account you should remove this account's characters from all players' blists which are currently growing fast and will soon reach the limit of 200.

Quote:

---

Originally Posted by 10TailBeast

Tonight, every city I went to was completely quiet. SE is doing something and it is having a noticeable effect.

---

Or more simply, the hacked accounts were mostly legacy and the hackers didn't want to start paying the bill.

Quote:

---

Originally Posted by KisaiTenshi

That's because mandatory password changes aren't effective solutions when the average joe ticks the "save login info" box. What SE should have done, from the beginning is ask for either a mobile phone number (to SMS one-time passwords to), a mobile app (which they now have) or include hardware token with all boxed versions of the game. MMO games are the only "services" that people are so inherently lazy about that hacks roam free. Many people who are "hacked", end up hacked because they were already up to no good.

Why is there a 1000 character limit x.x

---

even if they tick 'save log-in info' there's the security question answer protecting their account. it would still prove whether its just a stolen database or is a persistent issue, and they havent done it or anything else.
And Why is there a daily limit, to go along with your 1000 character one lol. Or the fact that if a moderator deletes a thread it still counts against your daily allowance even if you're not the reason the thread is deleted.

As far as saying its ppl 'up to no good in the 1st place' the few people @SE that are stuck in the middle of customers filing tickets about stolen accounts and the task force that isnt doing anything totally disagree with your statement. cause players can make all the unfounded statements they want about other players, and there's nothing these compromised accounts can say to rebuttal that nonsense, because #1 they can't access the forums (unless they still have cookies from previously being logged in) and #2 no matter what they say ppl like u would just respond with 'suuure....'. i'm sure there's 'some' accounts that 'were up to no good' but theres way too many compromised accounts and i know 'some' did nothing wrong unlike u just assuming. Always assuming the easiest answer will unfoundedly provide all the results is the reason situations like this end up exacerbated the way it has.

Best thing to do is not try to sound informative w rhetoric about things you have no desire to be informed about, or you would of already known more information than you posted. The 'moble app' is already confirmed fruitless against the account compromises, just ppl with the phone app have a security measure to more expediently recover their account when compromised. Ppl without the phone app have to wait for SE to unblock their account for 'suspicious activity' ppl w the phone app are able to over-ride the marked account directly with an automated e-mail.

Granted the forum moderators tend to delete threads where people are disclosing that their 'phone app' account was compromised, but the support tickets are still there.

I could go on more and explain how the current all-region posting warning of 'phone app' accounts securing their information has a strong probability of being related to the fact that they offer no protection against the compromise, but the moderators deleted the thread with that information 2 days ago. And unlike you, i'm not going to post information that isn't able to be confirmed, even if i know it 'should be' but since the moderators deleted it, it cannot.

Quote:

---

Originally Posted by Maza

Even if they could just give us some kind of filter to turn on for specific words or just an infinate b-list and one click b-listing. Something ANYTHING!111 lol

---

Yes please! one click b-listing would do wonders for this game. It's a bit tedious to have to input someones name in the black list or type a macro just to put someone on a b-list.

I would also add that part of the problem is the creation of an environment where getting 1 million gil in game (which is worth quite a bit) is very difficult to do, but paying someone 20$ for that is very easy to do. As someone else mentioned using the example from EVE. There are other methods to it as well, as much as I hated SWTOR being F2P the best thing about their cash shop was EVERYTHING could be sold on the open market. So you could buy things to sell to other players. Was there still RMT spam in chat? sure. But the cost benefit to doing that was moot. You would pay the gold farmers easily 2x as much money as it would cost to buy someone off the cash shop and sell it yourself.

The real fix to RMT is removing the incentives to the player feeling like they NEED to buy gil. When I hit 50 on my first character I had 60k, others had maybe 150k-200k (depending on what you picked for quest rewards). High grade materia for some classes is costing around 80k per piece. The ONLY real option to making money in this game through "legitimate" means, is crafting. The only way to actually make money in crafting is to get it to 50 which takes a VERY LONG TIME. So of course people are going to buy gil for real money.

One of Two things need to happen, there need to be more methods in game to make money other than direct crafting (which is really just passing money around from player to player). Or second, there needs to be a sanctioned means to get money for cash through SOME method. Destroy the conditions which creates the problem in the first place, and you can fix the root of the problem instead of throwing duct tape on it, to hold it together.

Quote:

---

Originally Posted by Okipuit

We are also adding more complex chat filters to the already large list we have arranged in order to further prevent RMT spam. We will continue to do so in a manner that will not affect your normal conversations.

---

Unfortunately, my normal conversations are already affected as per my bug report (unless the cause of that is some different form of filtering).