North Thanalan Botting

[repoe]

something about this thread for immediate action on reports filed screams medieval mob mentality

[Zfz]

Also there are a lot of automated questing bots. Yes they exist. They teleport (not the in-game teleport, actual teleport hacks letting them drop in on any designated location, i.e. in front of mobs, kill mob, then drop in front of the quest NPC to hand in the quest) everywhere and do quests and the hand-ins. They usually appear late night and come in groups of 3~4 of the same job.

Perhaps in ten or twenty more years when communications are by default encrypted with a very strong encryption that changes dynamically and still give us virtually no communications delay, the problem of bots and teleport hacks can be solved...

[Moonleg]

If they only watch one player at a time they're doing it wrong.

Recognize a bot's movement pattern is relatively simple; simple enough that you could easily watch several characters at once to see if they constantly follow a set path with no deviation.

[IzzyData]

You only get a 2 week ban for botting? brb.

But seriously, other subscription based mmos aren't nearly this bad at banning bots quickly. Write some software to auto detect this kind of thing then auto perma ban them. Done.

[KisaiTenshi]

You only get a 2 week ban for botting? brb.

But seriously, other subscription based mmos aren't nearly this bad at banning bots quickly. Write some software to auto detect this kind of thing then auto perma ban them. Done.

I take it you've never researched what exactly botting entails.

I've been "taking notes" on what bots do for years. The bots for FFXIV utilize the same software "DPS parsers" do, and hook into the "add ons" API so it gives them access to almost as much stuff as the developers do. The reason it's so "easy" for FFXIV bots to exist is that there's no protection on the game binaries, so players and botters can just drop whatever files they want into the program directory and the game will happily let hook/injections run. This is how most if not -ALL- unauthorized addons work in any game, it's also how protection software gets "patched out" by having the C/C++ runtime patched to hide itself.

The dumbest bots, are the ones that use a certain open-source utility to just copy-paste text into the game and spam relentlessly. They have no feedback loop, so they don't actually know what's going on in the game, unless the pixel-hunting aspect of it recognizes a dialog box. This is generally what RMT's use on throw-away accounts.

The fight against botting requires better self-protections in the software before anything will change. Because a 2 week ban means nothing to a throw-away account.

[IzzyData]

The bots for FFXIV utilize the same software "DPS parsers" do, and hook into the "add ons" API so it gives them access to almost as much stuff as the developers do. The reason it's so "easy" for FFXIV bots to exist is that there's no protection on the game binaries,

I don't see how that is relevant although I wouldn't mind them making parsers be recognized as 3rd party alteration and ban them too as long as they add in an official dps meter.

What they should do is create a separate system to watch for patterns in player behavior that could be determine as a bot. Or if they are never going to make player addons a thing then severely limit the unused addons api so that you can only do a limited number of things.

[KisaiTenshi]

I don't see how that is relevant although I wouldn't mind them making parsers be recognized as 3rd party alteration and ban them too as long as they add in an official dps meter.

What they should do is create a separate system to watch for patterns in player behavior that could be determine as a bot. Or if they are never going to make player addons a thing then severely limit the unused addons api so that you can only do a limited number of things.

The problem here is that it's impossible for SE to know the difference between an unauthorized add-on and legitimate one. Since there are no authorized ones, right -now- they could just outright ban anyone using an addon and that will ban everyone with a DPS parser, no matter how they were using it.

As for "patterns"... they could look for people who are solo in content that should be impossible (Eg Extreme Primals) if they want to nab people who are cheating for the sake of cheating. A lot of what cheating players do is ALSO quite lazy.

Agreed, but when the developers can't (or won't) even secure the server-side database against teleportation hacks, sanity check movements, or even enforce basic in-world geometry to prevent 'underground' mining, I can't see them doing anything to protect the executable or integrity of the game client when the database and/or game servers are as open for abuse as they appear to be.

I just want to mention that there is a bit of a misunderstanding about what is going on. In FFXIV V1.0, SE encrypted the Login server but not the Gameplay Server, at most they compressed some packets. In V2.0 they reused this mechanism, so "not securing the database" isn't what is going on, rather it's they are fabricating/editing extra packets. There are cheat tools that are readily available that hack memory and packets. "Teleporting" happens because the game client and server send a "where am I" packet several times every second, and the server does NOT go "no you're not there" rather it just accepts it. A lot of MMORPG network traffic is no different.

As I mentioned elsewhere, the server isn't aware of the world geometry, all the collision detection is on the game client. So teleporting bots are simply getting a list of the gathering nodes straight out of the network stream, teleporting to them (many of the bots at ARR V2.0 release literately dropped out of the sky, because they were teleporting to the actual node location) and they end up "underneath" the ground by setting the Z location to whatever Z coordinate would put them under the node but still let the game client see it within reach.

A lot of "fixes" require validating every action, which immensely slows down the server and it's capacity, which increases the amount of network traffic. So unless we want much smaller maps I don't see these things happening in real time. Rather mass-data-entry systems could check player velocities and locations and anything that is more than 0.1% out of normal gets flagged. Like there is absolutely no excuse for bots being "underground", the server is being told by the bots they are under the map, an out of bounds checker could scan every player on the server in seconds against the actual map's geometry and ban the accounts instantly... if there was a will to do it.

[Kosmos992k]

A lot of "fixes" require validating every action, which immensely slows down the server and it's capacity, which increases the amount of network traffic. So unless we want much smaller maps I don't see these things happening in real time. Rather mass-data-entry systems could check player velocities and locations and anything that is more than 0.1% out of normal gets flagged. Like there is absolutely no excuse for bots being "underground", the server is being told by the bots they are under the map, an out of bounds checker could scan every player on the server in seconds against the actual map's geometry and ban the accounts instantly... if there was a will to do it.

Thats the kind of thing that I am talking about, except performing some real-time sanity checking should be possible, the client already does it for every invisible wall players encounter. One thing I have to say though about the other information you gave about the hacks essentially editing, or reconstructing data packets en-route to the server. There is zero excuse for allowing that to occur.

The communication between the game and client should be secure enough that without some decent effort it's not possible to perform live packet modification. Hell, even if the encryption is hacked and the key reversed, we have sufficiently frequent patches to allow the encryption scheme to morph each time, as well as changing the keys. Not securing the communication between client and server is a pretty horrible data security failure.

From a database point of view, the coordinate system should have validation rules on the coordinates themselves, to do exactly what you stated. I also agree that the player movement and teleportation commands could and should be validated off-line by a system that has no impact on the game servers. As you say, violations detected there should result in account suspension. Hell, every reported bot/cheat should be put through that ringer at least, to facilitate faster/more accurate detection.

I'm not familiar with other MMO's and how they do their thing, but in the world of corporate databases, systems, networks and data security, the lack of security and integrity in the data seen here would be inexcusable.

[Kosmos992k]

**snip**
The reason it's so "easy" for FFXIV bots to exist is that there's no protection on the game binaries, so players and botters can just drop whatever files they want into the program directory and the game will happily let hook/injections run.
**snip**
The fight against botting requires better self-protections in the software before anything will change.

Agreed, but when the developers can't (or won't) even secure the server-side database against teleportation hacks, sanity check movements, or even enforce basic in-world geometry to prevent 'underground' mining, I can't see them doing anything to protect the executable or integrity of the game client when the database and/or game servers are as open for abuse as they appear to be.

[Lego3400]

You only get a 2 week ban for botting? brb.

But seriously, other subscription based mmos aren't nearly this bad at banning bots quickly. Write some software to auto detect this kind of thing then auto perma ban them. Done.

Actully I see this same kind of post on WoW forums all the time. "Wah I reported bots but they didn't take care of it when I said to, Blizzard loves bots"