Why NCSoft will NEVER listen to any of these "bot solution/suggestion" threads

[mrGoodkat]

This is not a thread hating on NCSoft, this is to all of the players who are angry NCSoft isn't more public, responsive, or less vague about this bot situation.

A. NCSoft will never use a solution provided by a forum post, especially a popular one

• If the fix was made public botters would find a way to work around the fix.
  • If they did a timing check to see if a user has the same consistent reaction speeds the bots could either use Fuzzy Logic or constraint based random timing to appear inconsistent enough to be human, it's not that hard.
• If the botters could not work around the fix they would then find a way to exploit it to do more harm to the community than good.
  • e.g. if NCSoft added a "report bot" button easily accesable mid-match the botters would most likely add a line in thier scripts to auto report every opponent they face during or right after the match. Suspended bots can be replaced, falsly suspended customers might quit and never return.

B. A real Solution will be far more complex than anything listed in the forums, and it will never be publicly announced or documented out of fear of the above points.

• As listed with the points posted above any simple solution can be worked around or exploited, the solution NCSoft needs would have to be impossible to reverse engineer. There would have to be a detection system advanced enough to where the botters couldn't exploit or workaround it. If they took a simple solution 100% of the time it will do far more harm than good.

C. NCSoft is most likely already working on a solution and is not going to start from scratch because some random Joe came up with an awesome idea they could summarize in 2 minutes on a forum post. I'm sorry, it's just not gonna happen, there is way to much sprint work and PO work involved to undo weeks of progress for something they picked up off a forum. 

D. A solution is going to take a lot of time, even more so since the game is F2P and most bot's can be replaced in less than a day. 

[wolftonrei]

Preach it. Not only that but i imagine any F2P will have it's resources stretched as they do not have a guaranteed amount of income. It's a fine line that has to be walked because as we would like the bot problem to be fixed it would most likely come at the cost of taking resources away from working on any future patches. The only way i can think of to genuinely stop bots would be to take any incentive to do so. Make soul stones bound to your account or character, or just removing any access to them in pvp.

[wolftonrei]

Though to add on to the report system in the middle of a match as mentioned, what they could implement is looking at how many times some one gets reported for botting. A player can only be reported once per other player, and the target of reporting has a list of names for whoever reported them as well as the time when the incident occurred. That way if a bot or player abuses the system by trying to break the report system it is obvious as it will show who spammed the report, and even if it was done so that the name would be different every report there would still be a time frame as to when it happened. A report system is feasible. All that needs to be done is the rules and system cover any base that can be abused.

[Kure]

In cases regarding discovering which characters are bots this is very true, but not everything regarding fighting gold sellers requires the secrecy. For example, removing soul stones is a feasible suggestion. One MMO managed to flush out bots by basically making progress easy enough that buying gold was worthless.

 

May as well throw in my idea. The main reason it's so dang difficult to fight gold sellers is your fourth point, the endless supply of bots. So, cut off the supply.

1. Add a cap on the number of people per a server. Once that cap is reached, no more character may be created on that server. Once the cap is reached for all servers, create a new starter server.
2. Allow characters to freely move between servers, but have this require time and a verification of it not being a bot. 
3. Temporarily quarantine all servers. This is done by making the markets limited to individual servers. Once the bot problems of servers slow down considerably, allow them to join in the cross-server market again. This quarantine will be painful, but it prevents far worse problems that come with gold sellers.
4. Starter servers are what allows the game's population to continue growing. Each starter server will be quarantined until it is deemed ready to join. Once it is, the players will be merged into other servers. 

Like you said, a solution is hopefully being worked on. Still, it's fun to come up with this stuff and you never know if you don't give it a shot.

[sth60493]

I agree with your points but bots would never abuse the reporting system for one reason: clientele.  They need players in game to buy gold from them and they cant do that if everyone is rage quitting. 

[mrGoodkat]

7 hours ago, sth60493 said:

I agree with your points but bots would never abuse the reporting system for one reason: clientele.  They need players in game to buy gold from them and they cant do that if everyone is rage quitting. 

It would be more of a MAD deterrent more than anything, it's not what will happen, but a possibility that can't be ignored by the devs.

[ViolenceUndone]

The problem is, YOU are the one that doesn't know how bots work to begin with.  Now, I know we're not supposed to tell people how to bot, and I'm leaving out the resources where people could learn more, and just giving a simple technical overview so people stop having all of these misconceptions.

 

First, the most common way to do start hacking is by modifying memory values on your local machine, often using a certain well-known program.  The simplest usage of this is a speedhack where you change the client's run speed value up to a certain point where the server still sees your movements as valid (because you might have had packet loss where it missed some updates from the client which explains why you've moved further than it thinks you should have).  It's pretty simple to add an extra check to see if a user has been consistently moving more than their run speed should have allowed, or to have the client start sending their current speed in addition to the position update.  Yes, the botters could then start modifying their outgoing packets to turn the run speed back down, but it would wipe out the first wave of speedhackers.  Analysis could be done realtime or deferred/offloaded via logging to track down the people who clearly aren't moving at the correct speeds.

 

As I mentioned, the next step comes in modifying network packets.  Basically, they intercept the outgoing traffic and change values, or resend past packets again.  For instance, they'll capture the packet that's sent when you interact with a vault NPC, then they can just resend it later even when they're nowhere near the vault NPC, and voila, the vault pops up.  Another use is rapidly spamming skills constantly regardless of what the client says the cooldown is because then they don't have to track cooldowns.  This is actually extremely easy to fix by adding some packet integrity bits or by just double-checking if the action being requested is actually valid.  The first thing you learn when doing any programming that will have a separate client is that you never trust the client.  You always do integrity checks on the server.  Otherwise you'd be able to tell any random banking website that you're a certain person and start accessing their funds.  In the case of skill spamming, you can detect clients that are flooding the server with invalid skill requests.

 

The final step to the polished bots that you see running in the arena or farming in the world comes from a combination of the two previous methods, with the addition of scripting.  The scripts define behaviors for the bot (patrol coordinates, allowed distance to stray from patrol path to attack a mob, attack rotations, etc.).  These often use their own custom programs rather than that certain well-known one that I mentioned earlier.  These also read memory values such as HP, location, distance to target, etc.  They can detect characters and mobs that you can't even see (NPCs under the ground that pop up when you walk by) or target (assassins/summoners in stealth), and they can modify the memory values and/or outgoing packets that change which direction they're looking to track them (that's why you'll see rooted/dead bots spinning to keep looking at you).  Once again, all of these things can be detected via analysis.  Even if a person is farming a particular spot, they'll never run the patrol as routinely as a bot, even with random perturbations added to make it less perfect.  Always turning while rooted (or especially dead) is easy to detect.  If I'm seeing it while fighting them, then the server has seen it too, and it can be detected.  Simple aimbots are detected in FPS games in a similar fashion, where it's determined that the user's aim is just way too good to possibly be human (perfect lock-on with 0 degree angle between a ray to the center of the head and the aim vector that never deviates), and these are what the bots are using to aim at their targets in this game as well.  More complex aimbots add some variance via random jitter, but it can still be shown that while deviating slightly, the trend is that it's still too perfect.  These complex aimbots are caught all the time in other games, and there's no reason the simple aimbots being used by bots in this game can't be detected.

 

We know that NCSoft banned a bunch of people for exploiting a certain dungeon well after the fact because they had done analysis on logs to determine who was abusing the exploit (probably by seeing the end-boss kills without first killing the other bosses).  If they can do this, then they have the logs they need to track down bot behaviors as well.  If they are only logging certain events, they can increase the verbosity of their logging.  Overall, though, the things that make bots work are all detectable, and some of them are pretty low hanging fruit that could be fixed pretty quickly.  Honestly, I'm shocked the game made it to the US without them being fixed considering they were already a problem in other regions.

 

Ever wondered why your ping went up in arenas after zen beans came out and the bots swarmed there?  They're most likely flooding the servers with all sorts of extra packets since the bots are doing things way faster than people can and are triggering more updates.  Ever wondered why they've said they're aware of the bots but not the high latency and especially packet loss that so many people are experiencing only on certain instanced servers (most notably the PvP arena which is where ping matters the most)?  Once again, it's probably because of the bots flooding the servers, and they'd have to admit that by not fixing the bots, they're causing more problems for us.

 

You keep posting in everybody's threads about bots telling people that they don't understand how complex the problem is.  You need to realize that you don't understand how SIMPLE the problem is.  Bots and hacks are things that have been dealt with for the last 20 years (I remember aimbots in Quake 1) and the technology behind them really has not changed much.  Other companies have come up with extremely thorough solutions to the problem and the only thing preventing NCSoft from fixing it is a lack of effort.  That is unacceptable no matter how many times you try to tell people that it should be expected.  They shouldn't have to change the scope of a development sprint because this should have already been flagged as a critical issue and put into every single sprint for the last year or so.  Plus, for a game like this, every sprint should have plenty of bug fix and production support (as in, developers allocated for working on issues that are flagged by the support team) time allocated which would allow for finding and fixing issues like this.  That's also assuming they're following any agile-like methodology where they'd have "sprints" and not just a "throw more bodies at issues until they eventually go away" sort of plan.

 

Source: I'm a senior developer with experience in server- and client-side coding, Unreal Engine (which BNS uses), and other game development technologies.  A large part of my current job is capturing and analyzing data on a large scale.

[LiquidRev]

A. You are probably right. But they should at least acknowledge it. Not the first time a developer ignored a problem *Looks at Trion*. Hell just say "We are looking into it"

B. Most likely, but also be aware that suggestions coming from a community that cares

BOTH C & D.

Quote

NCSoft is already working on a solution? It will take time?

Now I am convinced you have no idea what you are talking about.

 

NCSoft has been releasing F2P and P2P MMO's for over decade.  A game in-which its popularity was derived from PVP; now has more bots than actual players.

 

Everyone knows that a MMO upon release will have gold spammers and bots. There has been two major content releases, and the situation with bots have gotten worst not better. This should be an absolute priority for NCSoft and a team souly dedicated to resolving the issue if they haven't done so already.

 

You talk about 2 week sprint cycles like you know what they are in the game development world. Those do not exist. You have deadline dates. You will hit those no matter how many hours you have to put in. They are losing more players then they are gaining because of the bot issue. Players can't even stream pvp matches because 9/10 it is a bot.

 

I truly don't think you understand how bad this situation is for this game. NCSoft was caught flat footed, their priorities are all kinds of messed up, and they continue to deliver new content in pieces as if that will somehow keep players from leaving.

 

For a company to have this many years of experience in the industry and to have this bad of and issue with bots and spammers is an absolute embarrassment. You can feed all the excuses or logic you want, but with each passing day it gets worst.

 

 

You'll have to excuse me for being blunt, as I now have to go delete the gold spam from my private messages!

[Somnolence]

Logging everything will take too much space and processing time, its far simpler to check not what bots DO, but WHY, e.g. RMT.

All gold farming bots are farming gold, and sending it away to mules/buyers, while running around with garbage gear no real players use, like non-evolvalbe wheel weapons.

When gold is transferred to non-account character with mail or market - ban both accounts. Bonus if receiver is a gold buyer. 

[Jamein]

Basically, the reason they won't use a solution posted from the forum is because 99% of the forum solutions for anything in this game are *cricket*ing retarded.

[mrGoodkat]

On 3/4/2016 at 8:23 PM, ViolenceUndone said:

The problem is, YOU are the one that doesn't know how bots work to begin with.  Now, I know we're not supposed to tell people how to bot, and I'm leaving out the resources where people could learn more, and just giving a simple technical overview so people stop having all of these misconceptions.

You must be a Senior dev for a start up then, or an Indie company because your view point is sad and your attacks are petty. If all you can do it list off stuff I could find on a quake or CS forum from the late 90's-early 2000's then I'm not impressed. If you truly are a senior dev, which I extremely doubt, you must have just been promoted because your logging solution is a performance joke and I feel bad for your next yearly review with ideas like that. The server- client- stuff you said is also stuff I had learned in a beginners networking class years ago, and if you actually made any network engines yourself instead of jumping into pre-made engines like you probably have you would know that this isn't a "simple" solution. Of course any game should do all integrity based logic on the server side, anyone should know this. I doubt you are even a network engineer, or even in the game industry. The tactics you posted are all the simplest ways to bot/hack that have been solved for years before you posted that diatribe, and anyone could find the information you so generously gave us with 5 minutes of google searching.

The solution isn't simple or there wouldn't be a bot problem in essentially every MMO on the market, get over yourself and go back to your PC FPS golden era tactics that your joke of a company lets you get away with. I'm not here to argue with every idiot who thinks they know shit, I don't even get why you posted here other than to start an argument I have no interest in continuing.

Why are you going through my post history? That's a bit creepy, and to clarify I copy-pastad a block to a guy who posted the same topic twice under different titles. Enjoy going through my personal history though, didn't know I was that important to you.

Oh and congratulations on dropping the "Agile Methodology" buzzwords, proves to me you know so much!!!

Source: Who the *cricket* posts a source like this? Damn this is arrogant

[mrGoodkat]

On 3/4/2016 at 9:02 PM, LiquidRev said:

Nothing here is worth quoting, just giving you the notification.

Any half decent game company transitioned over to Agile methodology long ago. If you work for a company that doesn't I suggest you get out as you are probably being over worked, paid shit, and stressed for deadlines that could be managed better through proper iterations.

Companies that still make packaged games I can understand being on a more watered down scrum style, but there is no reason an MMO developer shouldn't be agile, if NCSoft isn't then yeah... they need to get their shit together

Also when did i say 2-week sprints, most companies I've provided work for use 3-week sprints, most mobile games use 2-week and I've even seen 2 web/mobile game companies use 1-week releases which was nuts.

[Zooks]

18 minutes ago, mrGoodkat said:

Any half decent game company transitioned over to Agile methodology long ago. If you work for a company that doesn't I suggest you get out as you are probably being over worked, paid shit, and stressed for deadlines that could be managed better through proper iterations.

Companies that still make packaged games I can understand being on a more watered down scrum style, but there is no reason an MMO developer shouldn't be agile, if NCSoft isn't then yeah... they need to get their shit togehttps://youtu.be/jl17CYYSzUw?t=1m34sther

Also when did i say 2-week sprints, most companies I've provided work for use 3-week sprints, most mobile games use 2-week and I've even seen 2 web/mobile game companies use 1-week releases which was nuts.

 

The team we have here is a glorified localization team. There's nothing "agile" about it. They bring up problems and suggestions to Korea, and if Korea can be bothered by it, we might get a fix for the issue. This is how it's been for every single NCSoft KR -> NA/EU port. 

[ViolenceUndone]

27 minutes ago, mrGoodkat said:

1. You must be a Senior dev for a start up then, or an Indie company because your view point is sad and your attacks are petty.

2. If all you can do it list off stuff I could find on a quake or CS forum from the late 90's-early 2000's then I'm not impressed. If you truly are a senior dev, which I extremely doubt, you must have just been promoted because your logging solution is a performance joke and I feel bad for your next yearly review with ideas like that.

3. The server- client- stuff you said is also stuff I had learned in a beginners networking class years ago, and if you actually made any network engines yourself instead of jumping into pre-made engines like you probably have you would know that this isn't a "simple" solution. Of course any game should do all integrity based logic on the server side, anyone should know this.

4. I doubt you are even a network engineer, or even in the game industry.

5. The tactics you posted are all the simplest ways to bot/hack that have been solved for years before you posted that diatribe, and anyone could find the information you so generously gave us with 5 minutes of google searching.

5. The solution isn't simple or there wouldn't be a bot problem in essentially every MMO on the market, get over yourself and go back to your PC FPS golden era tactics that your joke of a company lets you get away with. I'm not here to argue with every idiot who thinks they know shit, I don't even get why you posted here other than to start an argument I have no interest in continuing.

6. Why are you going through my post history? That's a bit creepy, and to clarify I copy-pastad a block to a guy who posted the same topic twice under different titles. Enjoy going through my personal history though, didn't know I was that important to you.

Good luck and post on. I'm done reading this thread, I made my point with the initial post. 

7. Oh and congratulations on dropping the "Agile Methodology" buzzwords, proves to me you know so much!!!

1. Actually I'm a senior dev for a multi-billion dollar corporation.

2. Logging and analysis can be offloaded, as I said.  This means you're not tying up the game servers, so there's no performance impact other than a small amount of IO to actually write the log to disk, which is trivial.  They're already logging a lot of information as we know from their recent banwave of Ogong exploiters, so they already have the overhead available.

3. And yet, if you do some simple searches on the internet, these are exactly what the current hacks are using since they even explain HOW their hacks work.  People are abusing packet resends because they're NOT doing the server-side checks I mentioned.

4. I never claimed either one of these.  I said I have experience with these things because I started doing game development back in college and I've been working with UE as a hobby since the UDK came out (and now the full UE4).

5. Here's where you're a broken record.  A lot of the problems ARE easy.  Considering the guys who made the hacks even say how their hacks and GameGuard bypasses work, it's even easier.

6. I didn't have to go through your history.  I kept running into your bleating in the threads that I was reading.  Narcissist, much?

7. You're the one that mentioned sprints.  I was only pointing out that it's unlikely that they're actually following sprints based on what we've seen from them, and that even if they are, this should be a top priority and other things should get pushed back.

[mrGoodkat]

18 minutes ago, ViolenceUndone said:

 

6. I didn't have to go through your history.  I kept running into your bleating in the threads that I was reading.  Narcissist, much?

2 threads and then I made this post afterwards? and it was like 1 paragraph on those posts. If anything you have a problem with people speaking out, or a self-confidence issue if you think that is narcissism.

" Actually I'm a senior dev for a multi-billion dollar corporation." If anything you are the narcissist lol. Who cares? 

[ViolenceUndone]

5 minutes ago, mrGoodkat said:

2 threads and then I made this post afterwards? and it was like 1 paragraph on those posts. If anything you have a problem with people speaking out, or a self-confidence issue if you think that is narcissism.

" Actually I'm a senior dev for a multi-billion dollar corporation." If anything you are the narcissist lol. Who cares? 

You're the one that questioned my credentials.  Repeatedly.  And yes, I have a problem with people speaking out...when they're spreading misinformation and giving NCSoft an excuse for doing a terrible job of fixing what is currently a completely broken bot situation.

[mrGoodkat]

8 minutes ago, ViolenceUndone said:

You're the one that questioned my credentials.  Repeatedly.  And yes, I have a problem with people speaking out...when they're spreading misinformation and giving NCSoft an excuse for doing a terrible job of fixing what is currently a completely broken bot situation.

Excuse? lol I told people to stop posting fixes when they won't bother listening, which is what you just did. Get over yourself bud, you aren't a hero or a smart programmer. 

You just have an issue with me not calling them incompetent villains and guess what? I'm not going to. Nearly every mmo on the market has a bot problem and I doubt you can come up with a simple solution. Go on with your life and realize you aren't important and honestly are doing nothing other than butting into a topic simply because you didn't like that I posted on another topic with similar information.

[Amraith]

Greetings everyone,

 

Just a friendly reminder to keep things civil, discuss topics, not the posters.

 

Regards,

 

Team Blade & Soul.

[princode]

Just shut up..ncsoft staff insteading of replying here go fix your game

[Kure]

Well, so much for keeping things civil. Just a side note, please keep in mind that the people you usually see on forums who work for the game are probably customer service. I don't have a high and mighty position as a developer, security advisor or some such thing (though hopefully that may change), but I do work in customer service. The guy you see behind a counter when you are checking out of the store has zero say in company policy. His/her job is to deal with you. Sure, complain all you want. The guy behind the counter might even agree. But have the decency to not make the situation any uglier than it already is.

[rocnogu]

On 2.03.2016 г. at 11:44 PM, mrGoodkat said:

 

thats why have good games and  bad games . nc soft cant make a good game .they wipe servers on few years and start new .becouse they cant fix nothing . never .
iv see other private servers much better from nc soft but not so popular and i play them .
for instance , lineage 2 had all the time game master online. who can see and check some of the bot reports and ban the acc for ever .
which u will be surprised how efficiency and fast is .
saying "we can't fix it cuz ..... " its just an excuse on a incompetent people. and that's why i say nc sux . and i will ever do . i play nc soft games for fun few weeks or months and then just move on . i never pay and i will never do . 
i just dont pay for a crap .

[Vynnx]

NcSoft needs to put pple in game actively playing, finding bots and banning accounts /ip. While writing code to identify bots you have to implement a short term solution, just having a small team banning gold spammers and area bot will make the game more playable and send out a strong enough threat eto stop pple of even using bots. 

[Kure]

@Vynnx: I assume this is already being done to some degree. Unfortunately, it's also the kind of thing we won't be told about since methods made public are easiest to work around. Unfortunately, thinking this alone would threaten gold sellers into submission is far too optimistic. Consider this. Gold sellers have bots farming arena, farming gold, spamming chat, levelling, spamming mail. This is on all servers. The problem is bots are an unlimited resource. The game's a boat on the ocean full of holes. Bailing water is important, but no matter how fast we bail the boat's going to sink unless it gets the holes patched up.

 

@rocnogu: You already mentioned the reason why private servers have a much easier time with bots. They aren't nearly as populated as the actual games. This means there's less of a market to attract gold sellers and less of a crowd to hide behind. Comparing bot problems of a private server to an official server is worse than apples to oranges.

[Vynnx]

Some methods should be made public.. you have to give your player base an indication that things being worked on. Like I said, have a face actively playing the game and bannin botz while more serious things are being worked on.. youll never 100% get rid of bots but by just making things too much of hassle you will see a decrease.. as long as there is enough of a decrease where most casual wont even notice the bots.. thats fine. But man, playing pvp and being paird against a destro bot for every single game... wtf

[Takaia]

Many software can check and close process of pc for optimize it,Ncsoft can made same thing with gameguard...we all know for play game is better have few active process in windows bcs many process stress alot Gpu and Cpu.

Game guard can check active process and kill the game everytime find some strange process.

The true is there have many way for fix bots problem just Ncsoft dont care ,is always money problem :D