Exploitation (Warp, Botting, etc.)

[Syamic]

why wait until they have thousands when it only take's 100 or so to f**k up the ecconomy

[KisaiTenshi]

why wait until they have thousands when it only take's 100 or so to f**k up the ecconomy

Probably because it's done as MDE (Mass Data Entry, or Massive Destruction of Evidence), usually it's a "bulk fix" instead of individual bans. Like banning 100's at once is because those 100's all matched the invalid data in their logs.

[PhirePheonix]

i agree with needing some online admins i saw the same named bot/character go on for hours in gridania posting gil sales for real money got so annoying i could not even scroll up my log to read my /tells or my /fc free company chats

[Helli]

I know on my server (Diabolos) the number of bots just totally outweighs the ability to report them all. In just one smallish area, there was 30+ bots. Many were underground most the time just teleporting from node to node. I reported several, but after an hour of filling out cheat reports gave up. I don't want to spend my entire time online just trying to report these bots using the slow, cumbersome tools we have.
Just one GM in the area could have banned them all in less time than it took me to report those I did.

[Verrilee]

I'm curious about why MMOs don't use players anymore. It was a lot of fun being a Guide and although there was a little bit of exploitation, it wasn't bad. Nothing as bad as these hacks and exploits going on now. Of course, guides couldn't suspend/ban people - but we would go observe after receiving a report, and if it was true we could escalate it straight to a GM. Plus we could take care of all the standard issues that came in, like stuck players. It saved a lot of time for the GMs and all it cost the company was a few free subs. And doing player events was FUN!

[Elazu]

Well, the bots successfully destroyed the shard market already.

[CyberDraconian]

By the way, for the teleportation cheat, I think it stems from the fact that, to avoid "rebounding", the position of a character is set client-side, thus making it easy to simply send a "fake" position to the server to teleport to. But yes, as someone mentionned, SE tends to make mass bans every so often rather than a few bans at a time, just like they mentionned they might ban or rollback any character that exploit the unmoving Chimera and Hydra bugs. Back in the FFXI days, they banned about a third of the endgame players for abusing a bug that duplicated gear that went unnoticed by SE for about a year. That was the Great Purges of Final Fantasy XI. SE will definitely ban abusers, but it can take some time.

[Discordia]

The process to exploit the game, the memory and data being sent back to the server is not that difficult as it requires a creative method. Malwares and zero-day exploits are notorious for hijacking clients and the OS. The cheaters do the same. They use Windows zero-day exploits (think of Stuxnet) by injecting their own computer with these malwares that they engineered (or others have) and then "remote in" with another process on the same machine and manipulate the code/data. It's a lot easier than reverse-engineering the actual client as this gets around most client-side security and attacks the OS architecture itself. Part of the problem (or most) of game hacks, especially on the PC side, has to do with Windows shipping full of holes and legacy exploits from god knows when. This makes it so challenging for software developers to secure their products when the OS that it is being installed to is as insecure as leaving a door open in the middle of a crime infested neighborhood.

[KisaiTenshi]

The process to exploit the game, the memory and data being sent back to the server is not that difficult as it requires a creative method. Malwares and zero-day exploits are notorious for hijacking clients and the OS. The cheaters do the same. They use Windows zero-day exploits (think of Stuxnet) by injecting their own computer with these malwares that they engineered (or others have) and then "remote in" with another process on the same machine and manipulate the code/data. It's a lot easier than reverse-engineering the actual client as this gets around most client-side security and attacks the OS architecture itself. Part of the problem (or most) of game hacks, especially on the PC side, has to do with Windows shipping full of holes and legacy exploits from god knows when. This makes it so challenging for software developers to secure their products when the OS that it is being installed to is as insecure as leaving a door open in the middle of a crime infested neighborhood.

Quick fix: Only make a x64bit build that runs on Windows Vista or 7. Though in all seriousness, I think you're off the mark, nothing fancy is going on. The hackers are using off-the-shelf hooking software that I won't name, that creates it's own exe's and most of these EXE's are detected as malware by antivirus software:
Bkav HW32.Stranact.rqso
Comodo Worm.Win32.P2P-Worm.Palevo.fghk
TrendMicro-HouseCall TROJ_GEN.F47V0919
etc

I also wouldn't doubt the people running the bots get their accounts hacked as well.

[Discordia]

I also wouldn't doubt the people running the bots get their accounts hacked as well.

Zero-day exploits are a dime a dozen, I just used Stuxnet as a very famous example, but you can get easy to do on your own (Adobe Flash zero day exploits are probably a better example and everyone and their grandmothers have been able to lift credentials from "drive by" visitors to their sites and inject tons of stuff through Flash Ads, etc)

I agree with your point about bots and hacked accounts, but I'm also convinced that many are victims of malware being planted through hacked websites. There has been several notable gaming sites which had compromised data and had their ad-model hijacked so that they'd deliver trojans unto unsuspecting users. It's becoming increasingly difficult to mitigate these threats and it just boils down to browsing habits and being aware of phishing attempts. What surprised me the most is that SE has yet to say, "Our support team will NEVER ask for your account information as we already have that." I don't know how many people were duped into clicking "support" emails in desperate attempts to fix whatever issues they may be having.