27 replies to this topic

[ManDaisy]

The fastest way to kill a game is to have bad hack security.

Most of the game killing hacks take form in:

1) Cash for Gold spam bots,
2) Godmode client side hacks
3) Item success/ XP gain packet spoofs
4) Ai play / grind bots

5) No clip, hide inside walls/ underfloors crap
6) lag teleporting toggling

I want to devs to take as much concern in ways to prevent hacking as to developing the game. Even if you do make a great game it wont mean anything at all if someone decides to release a "hack" that all the little kitties decide to download and ruin things for everyone. All it takes is one person, to upload whatever and then everyone has it.

My only suggestion is to make things server side calculated as much as possible so things such as "cheat engine" cant interfere and to disable the registering of keyboard and mouse hooks for bot programs.

Really if you want anyone to take any online game seriously, especially any persistant online game, it has to be 100% hack proof.

Edited by ManDaisy, 01 January 2012 - 04:45 PM.

[Pht]

Nothing is 100% hack proof, and expecting that of the developers is not fair.

I'm certain they'll make a concerted effort to obfusticate and secure the game, because as a F2P online persistent gaming model, they know they would lose money hand over fist if hacking/cheating was a big problem.

The F2P model in this setup needs people to be happy and coming back again and again in order to make money. It's harder to find a bigger incentive than someone's cash flow!

[karish]

many a good game has been trashed with the Ch&@ gold farmers / account hackers

[Dragorath]

Come on. Account hackers, seriously? How do you want to prevent it when people use passwords like 1234????

[Seth]

If we get updates fairly often, which seems to be the plan, then the devs can address security and game exploit issues quickly.

Edited by Seth, 02 January 2012 - 09:56 AM.

[Aegis Kleais]

The secondary fault of a F2P market is that once these hacks are out, unlike MW4, where getting "banned" was something you could get youself around, even if banning IS finite, you can simply create another new account (and use your hacks to give you the needed bonuses to offset a new account) and continue your imbecillery.

Sad to say, increased hacking has been one of the core reasons as to why I've quit games before.

I'm not sure what PGI could do to combat this.

[Kezran Vrass]

cant we just have these ppl killed

[Firefly]

I will echo the "no game is 100% hack proof. I'm a game developer myself. I don't know a developer out there who wants their game hacked - everyone I've ever met tries their hardest to make games safe from hackers, and they take cheaters, hackers and exploiters seriously. Having worked in Customer Support investigating my fair share of cheaters and malcontents and farmers, I feel like I've learned a thing or two that I'm going to share now.

There are, however (not to pick a fight with Dragorath), methods of making sure passwords are secure. Require a certain amount of characters: capital letters, lowercase, punctuation, certain minimal-required characters, cannot resemble the log-in, etc. These are becoming more and more common. Unfortunately it also tells password-breakers what to look for. I saw a really ingenious system one time, it was basically a flash application for the log-in and password. I can't remember the game-name, Crimson something? The application had randomly-placed letters and numbers. The order would change each time. This largely was designed to prevent macro programmes from automatically logging people in and out (thus preventing large amounts of gold-spammers/farmers, which run on scripts).

The crypto-key device is also good. Bioware uses it for SWTOR, voluntarily. I didn't buy the security key, instead I downloaded it to my mobile phone. Now I must enter my password, and then get a code from my phone before I can play.

FYI: gold-spammers are usually free trials, and they run on scripts. Sending one a whisper is useless, because the Chinese labour-camp prisoner operating sixty computers at once isn't sitting at any of them. Instead he's bouncing back and forth bringing up new accounts each time one gets banned. Avoiding free accounts also helps cut down on cheaters and farmers. Requiring registration verification helps cut down - as in, you get an email, you open your email, click the link and activate the account before being allowed to use it for the first time. Some people also swear by credit card requirements, even if the game is free - this is dumb because a lot of gold-spammers/sellers/farmers use stolen credit card numbers. These can be found online in the hundreds of thousands each week.

[Agent CraZy DiP]

Dragorath, on 02 January 2012 - 09:36 AM, said:

Come on. Account hackers, seriously? How do you want to prevent it when people use passwords like 1234????

That's the same password as my luggage!

[HeroicTofu]

Because I haven't actually seen it...I can't say it doesn't exist...but as a method to help put a stop to bots, use something like KeyCAPTCHA everytime you log into the game. I specify KeyCAPTCHA because it's helped stopped bots from breaking into my forums compared to the regular CAPTCHA system built into SMF. I'm sure the -vast- majority of us could care less if we had to login using a CAPTCHA system because it would at the most, slow down our login process by about 15 seconds... After which we all know we're going to be playing for hours at a time! I know I will be.

You could take it to the extent that after...say, 15 minutes of login, in between a match/skirmish/whateeverithappenstobecalled, it throws one more CAPTCHA in for good measure and then it won't bug you at all until you logout and log back in again. I know, personally, would never, ever mind having CAPTCHAs built in if it meant a relatively bot free experience .

As far as people hacking the game... The only way I could see that happening it is ...if the server somehow verified key files when you load the game and the game auto-shuts down if it detects any changes once the game has started. Anything locally stored on the computer (including anti-hack software) will be at risk no matter what. But if the anti-hack software ran independent of your computer as an instance from logging into the game, maybe that could have more success. Basically... have it load into a small amount of memory on your computer upon login that has nothing stored in your harddrive itself... And have it randomize elements or something every time you login to the game.

This could all be very well farfetched and I'm mostly thinking out loud but there's gotta be better ways to stop all but the most determined of hackers.

[Pvt Dancer]

Well, the game is probably going to be roughly modeled off of World of Tanks. It is a free game, so you can't stop them that way. But... you can't transfer money between accounts. You can't spend real money to buy game money. THis puts a dent into plat farmers... because there is no market... the only thing of interest is building up the accout itself and selling it, which takes /way/ to much work and effort, specially if you have to be active in the match to actually gain anything.

I have yet to see anyone hack it or run at least run hacks. Remember, the half-life code was open source, and that same code is what helped create Day of Defeat and Counter-Strike... and that code is still being run for Modern War. That is why those hacks never really went away. The worse thing I have heard of in WoTs is to DL 'hit box skins' so you know where to shoot. But nothing helps you actually hit better and the skins... well, you can learn that over time and from experience... more of a short-cut than cheat really.

The thing you have to look for is how easy the engin is for hacking, and if previous games had bad issues with it.

[Sym]

I would have to agree with you Pvt.

Non transfer between accounts, no market, and not being able to use real money to buy game money.
Some good points that I hope get implemented in to MWO.

I've known about the skin mods, but I wouldn't actually call them a hack...as they do not mean you WILL crit. Now the reveal map hack that show everyone where everyone is, now that's a hack.

Either way, I can not wait for beta

[FinnMcKool]

OK , Im gonna tell you all a secret ; They are working as hard if not harder on the hacks thing.
How do I know? I know, just trust me, Ive been around the block a few times.





How about a hot coca ?

[Dlardrageth]

ManDaisy, on 01 January 2012 - 04:42 PM, said:

The fastest way to kill a game is to have bad hack security.

Most of the game killing hacks take form in:

1) Cash for Gold spam bots,

Not a "hack" per say going by common definitions. Also with a player-based reporting system and the liberal use of account/IP bans something you can handle. In particular if you do not allow for direct player-to-player transactions but make all of these go through an intermediary (ComStar?), aka the game company. Makes it rather hard for the RMT crowd to make a quick buck.

Quote

2) Godmode client side hacks

Comes mainly down to what is stored client- and what server-side. Could become an issue when the wrong call there is made early on. I could reference WoT's "hitbox skins" as one example, where a borderline exploit was declared legit by the game company (Yeah, hilarious, isn't it?) because they didn't want or couldn't do the major re-coding to fix that.

Quote

3) Item success/ XP gain packet spoofs

As with most packet-related matters it could be handled by forceful disconnects. If the server notes too many packet losses/hiccups over the duration of a match, he could kick you. I know, pretty tough on those who don't have a good/stable internet connection, but you can hold neither PGI nor your fellow players responsible for that, can you? I'm confident PGI will do the best they can to provide good connectivity on their side, but as some... people... will try to use packet loss and lag-inducing to gain in-game advantages, I'd rather have more people being kicked than MWO becoming a cheat- and exploit-fest. Also, a liberal use of the banhammer I support here as well.

Quote

4) Ai play / grind bots

Report and ban function. If you declare botting specifically a violation of the terms of use in the EULA, you can permaban those easily. Only downside to this of course being that you actually need human resources to do the "good work". And that preferably around the clock to cover all timezones.

Quote

5) No clip, hide inside walls/ underfloors crap

That's actually less than a hack but more of a sloppy coding/graphics issue. In a perfect world where no game ever has any bugs that shouldn't ever happen. I'm aware some games were/are rather notorious for that. Others weren't/aren't though. So it can be done.

Quote

6) lag teleporting toggling

Same as point 3 really. There are methods to force/foster packet losses and/or lag spikes, many of us have seen it happen in past games probably. You cannot really hide how "erratically" your connection behaves in these case. Having both the server automatically plus eventually a team of PGI employees looking for/into stuff like that might be a good countermeasure. And if one client keeps repeatedly acting up, there's always the ban option. Or at least vigilant monitoring by a GM/PGI hit squad. Won't be kept a secret for long, as most people using these hacks are also notorious braggarts. What point would it be to "tweak" the game to make you "uber" if you can't profit from that by swinging your (thus artifically enlarged) E-Peen around?

Quote

I want to devs to take as much concern in ways to prevent hacking as to developing the game. Even if you do make a great game it wont mean anything at all if someone decides to release a "hack" that all the little kitties decide to download and ruin things for everyone. All it takes is one person, to upload whatever and then everyone has it.

Yep, and in some countries that can actually land you in jail these days, if the company decides to press charges. Heck, actually, if PGI decides to go bigger into international dislocation (servers, offices, "regional" support teams), they can even level lawsuits in several countries. Would your average "hacker" not just love it to have an APB hanging over his head potentially every time he wants to travel on vacation?

Quote

Really if you want anyone to take any online game seriously, especially any persistant online game, it has to be 100% hack proof.

There is no 100%. Period. That is the reason why you still have a need for actual human beings being in customer support/online security functions. Sooner or later a human will come up with a way to mainpulate something to get an "illegal" advantage. Best way to counter that is another human (or your side) to counteract that. It's a bit like the classical arms race, but unfortunately some game companies/distributors didn't quite get it and thus their games became infamous for cheats/exploits/hacks. Those who invested properly in human resources to keep any eye on things usually have less issues IMO.

[Black Sunder]

Pvt Dancer, on 11 February 2012 - 06:01 AM, said:

You can't spend real money to buy game money.

Not true, you can convert gold to silver at a rate of 1 gold to 400 silver.

[MaddMaxx]

Best defense, although not perfect is to have the Server check the Client files for authenticity when loaded. If a file that will be used in the game has been modified at the Client end, De-Sync occurs, client side .exe crashes. No play for them.

Now some files can be modified and not seen by the Server as modded but most have minimal impact (depending on who you ask of course) so no system is 100%.

Best bet is to keep as much DATA Sever side as possible. The more the merrier. Without Modding being allowed then very little actual game based code need be Client based. Hell, keep it ALL Sever side, in a Client Profile, save for Maps, Skins and a Launch .exe.

Edited by MaddMaxx, 13 February 2012 - 11:03 AM.

[crazy jake]

Not a programmer myself, so I don't know the difficulties in making a game "hack-proof".

Gold spammers I can ignore, but a persn using a hack or computer for targeting is the worst player, how can anyone have fun that way?

Let me give you an example, I was playing MW:LL once and I ran around a corner with my new 50 ton mech(forgot the type) a 30 - 40 ton mech head-shots me and downs me with one hit. I thought, wow that was lucky, after the second and third time that happened got a little mad, or course. Then I was running around in armor (elemental), I saw the guy that one-shoted me, and starting running towards him, as soon as I got 1000 Meters away, he hit me with either a gauss rifle or other long range weapon. Now at 1000 Meters I was a pixel to him, jumping up and down, no way someone is that good.

Needless to say I don't play that game anymore.

[DeerSpotter]

ManDaisy, on 01 January 2012 - 04:42 PM, said:

The fastest way to kill a game is to have bad hack security.

Most of the game killing hacks take form in:

1) Cash for Gold spam bots,
2) Godmode client side hacks
3) Item success/ XP gain packet spoofs
4) Ai play / grind bots

5) No clip, hide inside walls/ underfloors crap
6) lag teleporting toggling

I want to devs to take as much concern in ways to prevent hacking as to developing the game. Even if you do make a great game it wont mean anything at all if someone decides to release a "hack" that all the little kitties decide to download and ruin things for everyone. All it takes is one person, to upload whatever and then everyone has it.

My only suggestion is to make things server side calculated as much as possible so things such as "cheat engine" cant interfere and to disable the registering of keyboard and mouse hooks for bot programs.

Really if you want anyone to take any online game seriously, especially any persistant online game, it has to be 100% hack proof.

How about make every player do the NDA, If he is caught cheating you sue him plain and simple. This makes the game worthy of good players only. No one will risk to hack.

[Riin Suul]

DeerSpotter, on 10 September 2012 - 02:35 PM, said:

How about make every player do the NDA, If he is caught cheating you sue him plain and simple. This makes the game worthy of good players only. No one will risk to hack.

1) n-n-necro post! holy crap this is an ancient necro!

2)that doesn't even make sense. this is a free to play game. anyone can make 50 accounts, give different info for all of them, and hack on all of them, and guess what - the info for all of them would be fake, no real way to track them down. and as others have said, since no trading cash between accounts is possible, accounts have no real money value for hackers.

Edited by Riin Suul, 10 September 2012 - 04:08 PM.

[Bansheedragon75]

ManDaisy, on 01 January 2012 - 04:42 PM, said:

The fastest way to kill a game is to have bad hack security.

Most of the game killing hacks take form in:

1) Cash for Gold spam bots,

I want to point out this one specifically.
I can say with absolute certainty that you will not see any of those in this game.
Why you say?
Because there is no player driven economy, there is no way to transfer ingame money or items of any sort between players.
As such I dont see a problem with "gold"(C-bills in this gace) farmers since there is nothing to be gained from it,

And there is no reason for anyone to steal your account, if you want to play the game is free to play, you dont even have to buy the game to play.

As for players cheating and trying to "hack" the game for their own personal gains, that is going to be difficult.
Hacking the game client is pointless, since almost everything is done server side.

Mech fittings are done server side, so you cant hack the client to change your mech to carry more weapons or armor.
Even firing a weapon ingame requires authorization from the server before the shot is actually fired.

No system is 100% hack proof, thats just impossible.
Sooner or later someone will find a way around the protection thats put up
But I know the devs here take hacking and cheating very seriously and are doing everything they can to make is as difficult as possible to do so.