North Thanalan Botting

[IzzyData]

You only get a 2 week ban for botting? brb.

But seriously, other subscription based mmos aren't nearly this bad at banning bots quickly. Write some software to auto detect this kind of thing then auto perma ban them. Done.

[KisaiTenshi]

You only get a 2 week ban for botting? brb.

But seriously, other subscription based mmos aren't nearly this bad at banning bots quickly. Write some software to auto detect this kind of thing then auto perma ban them. Done.

I take it you've never researched what exactly botting entails.

I've been "taking notes" on what bots do for years. The bots for FFXIV utilize the same software "DPS parsers" do, and hook into the "add ons" API so it gives them access to almost as much stuff as the developers do. The reason it's so "easy" for FFXIV bots to exist is that there's no protection on the game binaries, so players and botters can just drop whatever files they want into the program directory and the game will happily let hook/injections run. This is how most if not -ALL- unauthorized addons work in any game, it's also how protection software gets "patched out" by having the C/C++ runtime patched to hide itself.

The dumbest bots, are the ones that use a certain open-source utility to just copy-paste text into the game and spam relentlessly. They have no feedback loop, so they don't actually know what's going on in the game, unless the pixel-hunting aspect of it recognizes a dialog box. This is generally what RMT's use on throw-away accounts.

The fight against botting requires better self-protections in the software before anything will change. Because a 2 week ban means nothing to a throw-away account.

[IzzyData]

The bots for FFXIV utilize the same software "DPS parsers" do, and hook into the "add ons" API so it gives them access to almost as much stuff as the developers do. The reason it's so "easy" for FFXIV bots to exist is that there's no protection on the game binaries,

I don't see how that is relevant although I wouldn't mind them making parsers be recognized as 3rd party alteration and ban them too as long as they add in an official dps meter.

What they should do is create a separate system to watch for patterns in player behavior that could be determine as a bot. Or if they are never going to make player addons a thing then severely limit the unused addons api so that you can only do a limited number of things.

[KisaiTenshi]

I don't see how that is relevant although I wouldn't mind them making parsers be recognized as 3rd party alteration and ban them too as long as they add in an official dps meter.

What they should do is create a separate system to watch for patterns in player behavior that could be determine as a bot. Or if they are never going to make player addons a thing then severely limit the unused addons api so that you can only do a limited number of things.

The problem here is that it's impossible for SE to know the difference between an unauthorized add-on and legitimate one. Since there are no authorized ones, right -now- they could just outright ban anyone using an addon and that will ban everyone with a DPS parser, no matter how they were using it.

As for "patterns"... they could look for people who are solo in content that should be impossible (Eg Extreme Primals) if they want to nab people who are cheating for the sake of cheating. A lot of what cheating players do is ALSO quite lazy.

Agreed, but when the developers can't (or won't) even secure the server-side database against teleportation hacks, sanity check movements, or even enforce basic in-world geometry to prevent 'underground' mining, I can't see them doing anything to protect the executable or integrity of the game client when the database and/or game servers are as open for abuse as they appear to be.

I just want to mention that there is a bit of a misunderstanding about what is going on. In FFXIV V1.0, SE encrypted the Login server but not the Gameplay Server, at most they compressed some packets. In V2.0 they reused this mechanism, so "not securing the database" isn't what is going on, rather it's they are fabricating/editing extra packets. There are cheat tools that are readily available that hack memory and packets. "Teleporting" happens because the game client and server send a "where am I" packet several times every second, and the server does NOT go "no you're not there" rather it just accepts it. A lot of MMORPG network traffic is no different.

As I mentioned elsewhere, the server isn't aware of the world geometry, all the collision detection is on the game client. So teleporting bots are simply getting a list of the gathering nodes straight out of the network stream, teleporting to them (many of the bots at ARR V2.0 release literately dropped out of the sky, because they were teleporting to the actual node location) and they end up "underneath" the ground by setting the Z location to whatever Z coordinate would put them under the node but still let the game client see it within reach.

A lot of "fixes" require validating every action, which immensely slows down the server and it's capacity, which increases the amount of network traffic. So unless we want much smaller maps I don't see these things happening in real time. Rather mass-data-entry systems could check player velocities and locations and anything that is more than 0.1% out of normal gets flagged. Like there is absolutely no excuse for bots being "underground", the server is being told by the bots they are under the map, an out of bounds checker could scan every player on the server in seconds against the actual map's geometry and ban the accounts instantly... if there was a will to do it.

[Kosmos992k]

A lot of "fixes" require validating every action, which immensely slows down the server and it's capacity, which increases the amount of network traffic. So unless we want much smaller maps I don't see these things happening in real time. Rather mass-data-entry systems could check player velocities and locations and anything that is more than 0.1% out of normal gets flagged. Like there is absolutely no excuse for bots being "underground", the server is being told by the bots they are under the map, an out of bounds checker could scan every player on the server in seconds against the actual map's geometry and ban the accounts instantly... if there was a will to do it.

Thats the kind of thing that I am talking about, except performing some real-time sanity checking should be possible, the client already does it for every invisible wall players encounter. One thing I have to say though about the other information you gave about the hacks essentially editing, or reconstructing data packets en-route to the server. There is zero excuse for allowing that to occur.

The communication between the game and client should be secure enough that without some decent effort it's not possible to perform live packet modification. Hell, even if the encryption is hacked and the key reversed, we have sufficiently frequent patches to allow the encryption scheme to morph each time, as well as changing the keys. Not securing the communication between client and server is a pretty horrible data security failure.

From a database point of view, the coordinate system should have validation rules on the coordinates themselves, to do exactly what you stated. I also agree that the player movement and teleportation commands could and should be validated off-line by a system that has no impact on the game servers. As you say, violations detected there should result in account suspension. Hell, every reported bot/cheat should be put through that ringer at least, to facilitate faster/more accurate detection.

I'm not familiar with other MMO's and how they do their thing, but in the world of corporate databases, systems, networks and data security, the lack of security and integrity in the data seen here would be inexcusable.

[Arkann]

So, there's this guy who used to be in my FC then left to make his own with another member (a girl he literally showered with minions, glamour items, money for a house, furniture, etc. despite not being a crafter, gatherer, raider, anything that makes money). It's been a week (maybe more) since he's been botting in N. Thanalan, not answering my /tell or emotes. So there is not the shadow of a doubt he's botting. And I've noticed many of those who bot use the same gear:

When the bot was leveling his Dragoon, it was also wearing the Dragoon-equivalent on the left side, and level 30 strength accessories instead of level 30 vitality accessories. Looks like there's a pattern here.

[Mwynn]

Blubb

It's probably the same Guy running tons of Characters at once. It's a common thing for Gil/Gold/Whatever Farmer.
They level up to 60 and then they only run Duties (No Random Group but his own Group of 4 Bots run these) to farm Gil and other Stuff which they sell on the Marketboard.

You'd be surprised how stupid some Bot Owners are, they gather all their Characters in a Spot, wearing all the same Items.

There are also a few "Clever" Bot Owners, you won't see them hanging out in Town or in populated Spots such as North Thanalan as there are other Methods to grind your Levels.

When they made enough Gil, it's extra $$$ / €€€ for them. This is not just in FFXIV, you'll mostly see it in F2P MMORPG Titles.

[Kosmos992k]

**snip**
The reason it's so "easy" for FFXIV bots to exist is that there's no protection on the game binaries, so players and botters can just drop whatever files they want into the program directory and the game will happily let hook/injections run.
**snip**
The fight against botting requires better self-protections in the software before anything will change.

Agreed, but when the developers can't (or won't) even secure the server-side database against teleportation hacks, sanity check movements, or even enforce basic in-world geometry to prevent 'underground' mining, I can't see them doing anything to protect the executable or integrity of the game client when the database and/or game servers are as open for abuse as they appear to be.

[Lego3400]

You only get a 2 week ban for botting? brb.

But seriously, other subscription based mmos aren't nearly this bad at banning bots quickly. Write some software to auto detect this kind of thing then auto perma ban them. Done.

Actully I see this same kind of post on WoW forums all the time. "Wah I reported bots but they didn't take care of it when I said to, Blizzard loves bots"