ActiumPraetor

Members
  • Content count

    7
  • Joined

  • Last visited

About ActiumPraetor

  1. Gold Spammers Everywhere

    All right, I think I've got something going here... I have a small utility put together that acts as a packet-inspection firewall specifically for game chat. It monitors incoming chat messages, performs some deobfuscation on each message to strip out common methods RMT spambots use to dodge detection, and then regex-filters them. If the message doesn't trip a spam filter, it's handed off to the game client. If it does, it's dropped and the client never receives it. Upstream data from the client is not paid any attention and travels unobstructed. The actual program is tiny (70KB, thus far) but uses a mess of DLLs for Unicode handling/regex and a kernel driver to hook into Windows' networking. Best of all, since it's technically a network tool and not a game hook, it's perfectly within the EULA/TOS to use. (Game Guard doesn't even know it's there, which is hardly surprising given how terrible Game Guard is in practical application at its stated purpose.) I coded it to be encoding-flavor-/language-/message-content-agnostic (or insofar as this is possible, anyway) so it should be able to handle more than just BnS - it should in theory work with any game chat in any language that sends non-encrypted text in ANSI/ASCII, UTF-8, UTF-16LE, or UTF-16BE. So basically it's a network-level, non-game-specific RMT spam eliminator. When I fire up the app in debug mode the RMT spam on my copy of BnS instantly stops (in both faction and party-finder - I haven't checked lobby yet), but normal messages come through fine, and this with only four regex checks. The only adverse thing I've noticed is that I get a lot more of the "joined channel" messages than I normally do - I'll have to check into that further. Also, if I did this correctly, I might be able to add a massive-capacity (read: thousands of entries) blocklist. I'll have to experiment with this to see what can and can't be done in that arena before proclaiming any victories there. It's not even remotely ready for public use yet - it's just a proof-of-concept console app with no user interface - but I am cautiously optimistic. Oh, while I'm thinking about it... Some folks will say filtering out RMT spam at the network level isn't a sound approach because it eliminates the ability to report spammers since the client never even sees the spam. My counterargument is that game companies, especially in the F2P space, often don't care about RMT unless it's so bad that it pisses people off and they start to leave the game as a result. Also, and this is also especially true in F2P gaming, RMTs can create new accounts at least as fast as game staff can ban them, so the overall efficacy of banning spambots is questionable. Stay tuned for more as I develop it...
  2. Gold Spammers Everywhere

    Anyone care to wager on whether the chat system runs through the authentication system for clients? I bet I can inject a chat message without even logging into the game...
  3. Gold Spammers Everywhere

    It works fine in FFXIV, thanks to Guildworks proxying game chat through itself and simply not passing filtered text to the client. Prior to this, RMTers in FFXIV would send their adverts directly to players via the game's person-to-person chat (/tell, in FFXIV's case). That said, Guildworks also allows for some cheating (such as automatically sharing boss spawn locations/times), but the chat filter was worth its weight in digital gold. Most game developers don't want to deal with regular expressions because they have an element of "black magic" to them - regexp matching is a very powerful feature, but it's touchy, computationally expensive (read: slow), easy to mess up or get wrong, hard to debug, and if you screw something up you can really screw something up. In the case of a chat system for a game, a flaky regexp filter could easily break the chat's functionality and hunting down the bugs is a real hassle. (One errant character in an expression could make a chat filter drop 90+% of the chat traffic, for example.)
  4. Gold Spammers Everywhere

    My Guildwork FFXIV settings include the following regexps: (\$|USD).([gG]\s*[iI]\s*[lL]) ([pP]\s*[rR]\s*[iI]\s*[cC]\s*[eE]) ([dD]\s*[eE]\s*[lL]\s*[iI]\s*[vV]\s*[eE]\s*[rR]) ([cC\(]\s*[oO0]\s*[mM]) (000\s*[kK]) It's exceedingly rare for a RMT spamvertisement to make it past those five regexp searches. Modifying to suit pretty much any other game (e.g., changing the "gil" detect to gold/zenni/rupees/whatever) should be trivial.
  5. Gold Spammers Everywhere

    I'm seriously considering firing up my development tools and writing a proxy server for managing the chat issue - if I intercept all traffic used by the game I can pretty easily regexp anything that looks like a chat message and drop it at the proxy, neatly eliminating the RMT chat-spam problem in one fell swoop and simultaneously taking it out of NCsoft's hands. Basically this was what Guildwork did with FFXIV - shoehorn a proxy between the client and the Internet, and regexp-filter everything going through the proxy that is marked as a chat entry. EDIT: A few moments with Wireshark and I can see the chat comes in from 64.25.37.254, at least on my client. If others with the technical capacity can gather IP addresses on what the game is using for what I might be able to get something going.
  6. Gold Spammers Everywhere

    Guildworks for FFXIV had an elegant solution: a regexp-based proxied chat filter that intercepted incoming chat text before the client got it, and screened out anything that matched your regexp set. Having it detect URL components screened out just about every RMT spam that came along. Although Squeenix would ban people for even mentioning using it, it was worth the risk just for the chat filter.
  7. Gold Spammers Everywhere

    The spammers are coming in waves of 30-50 at a time, all using random faceroll-a-keyboard names, and cycling every 5-15 minutes. They're basically completely overwhelming the game's terribly limited method of dealing with them, as by the time you report-and-block them all the next wave comes along and your block list is full. (No modern MMO should ever, ever have a block list with less than one thousand slots in it. Fifty is pointless.) Faction chat is already effectively useless, at least on my server. Here's how to stop this nonsense, but I would be amazed if NCsoft implements this... Have the BnS site generate a persistent GUID during account creation, and hand that to the client during the first login from a given account on each machine that logs into any account with a GUID on the site but no matching GUID on the client. And if a client with a GUID logs into an account with a different GUID, update the account GUID to match so that the newly logged-into account is tagged with the client's GUID. This would make it trivial to identify multiple logins into the same account from multiple machines, and in turn make botnets much more obvious slash detectable via automated means. This should be rather easy to implement with only slight modifications to the existing authentication system. Stopping RMT chat automatically then becomes pretty straightforward. If enough people (say 5% of the total server population at the time) report-and-block the same target, automatically mute them for 24 hours on the first offense. Double the penalty time each time the report-and-ban figures trip the mute. Use the GUID to track accounts across the same machine(s) so RMT crews can't jump machines/accounts and dodge the mute.