Welcome, Guest. Please login or register.
March 29, 2024, 02:19:57 AM

Login with username, password and session length

Search:     Advanced search
we're back, baby
*
Home Help Search Login Register
f13.net  |  f13.net General Forums  |  The Gaming Graveyard  |  Game Design/Development  |  Topic: How to handle a dupe cheat in game 0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: How to handle a dupe cheat in game  (Read 7926 times)
Psychochild
Developers
Posts: 30

Near Death Studios


WWW
on: September 21, 2004, 07:01:51 PM

Unfortunately, Meridian 59 had a dupe cheat that was being abused by some of the players.  I thought some people here might find it interesting to see how another game handles a dupe cheat, especially given the recent SWG discussions.

It started at the beginning of August, when we banned an officer of a notorious guild for abusing a cheat that allowed him to travel faster than normal.  Needless to say, he wasn't very happy about this.  We heard that he was plotting to get his revenge on us for catching him cheating.

About a week after this, we started noticing that members of this guild had rather sizable increases in wealth.  We may not be able to create pretty graphs to post on our website, but we do have tools to monitor and adjust the economy.  It seemed unusual that there was a sudden spike in income in this select group of players, although there was a possible explanation for this.  The guild was very well organized and could have earned the cash legitimately.  They did make a point of flaunting their wealth in front of other people, creating the perception of a problem within the player population.  We kept an eye on things and used all the investigation tools at our disposal.

Finally, one of the people on the inside decided to rat out his guildmates.  He told us how the bug looked to him, and from that we were able to put together how the dupe worked.  It was an interesting cheat that took advantage of an assumption the server made about how the client acts.  By using a memory editor, the cheaters were able to trick the client into offering the same item twice.  The server assumed the client couldn't do this.  ("The client is in the hands of the enemy," indeed.)  It was a few lines of code to check for this in the game script.

Afterwards, we did a patch on the server-side only, invisible to the players.  We detected the cheat and logged the occurrences.  However, we did something sneaky: we didn't stop the cheat immediately.  Instead, we defined a flag that would allow us to disable the cheat when we chose to.  All the while we were detecting the cheat and watched people abuse it.  We then did a money cap: any money over a certain amount was reduced down to a specific value.  (We limited players to 1 million shillings on hand and 3 million shillings in the bank.  A very large sum of money in M59.)  Sure enough, the cheaters duped again to get back the cash they had "lost", and we recorded it.  All during this time no one knew that we could detect the cheat, and a people abusing the cheat could still do it.

It may seem a bit unusual not to stop a cheat as soon as possible, but it is important to get rid of cheaters in the game.  To paraphrase an idea from Jessica Mulligan's recent book, "It's not important to detect every cheat, rather it is important to detect every cheater."  We tolerated the existence of the bug for a little while in order to catch the major perpetrators that abused this bug.

On Saturday, the hammer came down.  We set the flag to disable the cheat, then went through the logs to find entries pointing to the use of this cheat.  We then banned every account that had used this cheat.  We then went through the billing records and banned every account linked to the cheating accounts through billing information.  All told, we banned about 49 accounts, which is roughly 5% of our total population.  We do not tolerate cheaters in our game.

I made a post about it that you can read at http://forums.neardeathstudios.com/showthread.php?s=&threadid=1168.  You'll notice that I invite anyone who lost legitimate money to gmail (in-game mail) our "Help" account and we will review their losses, and potentially reimburse them.  There were probably a dozen or so innocent people wrongly affected by the money cap, but we are working to restore what they lost.

In the span of about 6 weeks, we were able to find out about this cheat, detect it, ban some cheaters, stop the cheat, then give personal attention to players that were adversely affected by our actions.  It probably would have taken less if I hadn't been out traveling for 2 of those weeks.  Yes, Meridian 59 is a small game that makes it easier to do all this, but that's my point.  I've been on here and previous incarnations of this community ranting about how smaller games are better than the larger games.  The smaller games may not have the resources to hire someone full-time to say pretty words in the official forums, but we do take our games very seriously.  We may not come onto forums like this to stroke your ego.  But, we do have the personal interaction with our players that help us find bugs faster and help people that have been affected by cheaters.  We don't have people that teleport you into space because you're inconvenient.

Of course, it's not all sunshine and roses.  People got angry because they saw there was a problem and thought we weren't doing anything about it.  We couldn't show our hand too early, otherwise the cheaters might not be detected.  We had to endure a fair amount of mud slinging in order to wait out the cheaters.  A bit of trust can go a long way.

Anyway, we've just completed the new graphical client and are working to improve that.  We're also working on a free content patch for the players that are still around after the bannings. ;)  The game still has a lot of life in it.  Imagine: A highly-balanced PvP game with committed developers that fix bugs quickly and work hard to ban cheaters.

Have fun,

Brian 'Psychochild' Green
Former Developer, Meridian 59  http://www.meridian59.com/
Blog: http://psychochild.org/
SirBruce
Terracotta Army
Posts: 2551


WWW
Reply #1 on: September 21, 2004, 08:55:47 PM

Good job. One of the things I always stressed during my UNIX sysadmin days is the important of monitoring.  All the security in the world does you no good if you don't have systems in place to tell you when, and how, it is breached.

The only thing I'd do differently, as I said before, is give people a chance to stop cheating by telling them you've identified the exploit, but then leaving the hole open for people to continue to do it.  But, I have a forgiving nature, which is perhaps one of my faults.  I don't doubt that most of the cheaters you banned really were bad people; I just worry about the few who just made a mistake once and would otherwise behave if they felt like the system actually worked.

Bruce
Roac
Terracotta Army
Posts: 3338


Reply #2 on: September 21, 2004, 10:40:16 PM

We were doing that on a MUD nearly a decade ago; hear about cheat, log cheat, ban cheaters, shutdown cheat.  You did the right thing, but what amazes me is that it's given by you as though this is an innovation - and worse, that for the MMOG industry, it really is.

-Roac
King of Ravens

"Young people who pretend to be wise to the ways of the world are mostly just cynics. Cynicism masquerades as wisdom, but it is the farthest thing from it. Because cynics don't learn anything. Because cynicism is a self-imposed blindness, a rejection of the world because we are afraid it will hurt us or disappoint us." -SC
Psychochild
Developers
Posts: 30

Near Death Studios


WWW
Reply #3 on: September 21, 2004, 11:26:35 PM

Quote from: SirBruce
The only thing I'd do differently, as I said before, is give people a chance to stop cheating by telling them you've identified the exploit, but then leaving the hole open for people to continue to do it.

The problem is that the people that would take advantage of this are the same people that would cheat and take advantage of the game in other ways.  Cheaters make the game NOT FUN.  Plus, this exploit required use of a memory editor; this wasn't something someone accidentally stumbled upon.  The cheaters were malicious, and the game is better off without them.

Quote from: Roac
[W]hat amazes me is that it's given by you as though this is an innovation - and worse, that for the MMOG industry, it really is.

It wasn't my intention to give it as an innovation.  We've been using this strategy for quote a few years now, so it's hardly new to us.  I'm presenting this as a success story which is all too uncommon in this industry for obvious reasons.  I also wanted to give a concrete example to show how smaller games handle this better than larger games.  We have the personal connections and are able to take the time to handle any people inconvenienced by this problem.  This is something you don't get in the larger games.

I may not be known for giving out warm fuzzies on forums, but my team is nothing if we aren't fair.  We care about our game; it's more than just a cash cow to us.

Have fun,

Brian 'Psychochild' Green
Former Developer, Meridian 59  http://www.meridian59.com/
Blog: http://psychochild.org/
Alkiera
Terracotta Army
Posts: 1556

The best part of SWG was the easy account cancellation process.


Reply #4 on: September 21, 2004, 11:56:14 PM

Psychochild, I agree that smaller games definately have the potential to be better.  There are many benefits to the dev/player ratio you have, for one thing, and the sense of community that you can have on a lower population server is a good thing, too.  Congrats on banning some punks, too.

I'm curious how well a 'big' small game would work out...  Limit server populations to a couple/few hundred players(simul logins, not total), and put a GM/CSR/Events person in charge of each...  If your game turns out well, you can add more servers, just like any other game.  Creation of new content would actually be worth _more_ in this format, I think, because more people can experience it simultaneously, without the 'fake' feeling one gets from instancing.  I also think world-impacting events would work out better on smaller servers, and any given player's 'community' would be a larger percentage of the total server population.  Accountability would go up some, as you interact with a larger percentage of the server.  With a ratio of 1:1500 or so, I think the GM-types would be more likely to recognize troublemakers too, than with the current server-roving GM system which seems popular.

All in all, I think it's a win-win.  The only issue I can see is what happens when whole guilds come and go, or the situation where Joe gets his friend to play, but Joe's server is 'full'...  perhaps something like FFXI's system to grant a key to let your friends in.  There's also the matter of paying all those GMs, since current companies seem to minimize GM/support staff to just beyond the 'God help you if you have a problem' level.  (Actually curious about CoH...  Has anyone ever needed to call a CSR?  How long did it take to get a response?  Was the system useful, or dumb, like other games?)

--
Alkiera

"[I could] become the world's preeminent MMO class action attorney.  I could be the lawyer EVEN AMBULANCE CHASERS LAUGH AT. " --Triforcer

Welcome to the internet. You have the right to remain silent. Anything you say can and will be used as evidence against you in a character assassination on Slashdot.
Dark_MadMax
Terracotta Army
Posts: 405


Reply #5 on: September 22, 2004, 01:06:39 AM

There is more elegant solution to prevent dupes and , which is much more important imho,  balance economy and resources. - Put a progressive tax on any amount of resources over the cap.

For example if say 100k is average amount of money devs intend characters to have . If player has over 100k in bank he starts paying a tax hourly from the amount of money he has in a bank.

Tax % is progressive - more money player has in the bank , more % he pays . For example it could be

100 -200k - 3%
200-500k -6%
500k-1 mill - 10%
..
over 20 mill - 50%

Even if somebody manage to amass totally ridicolous amount of money (usually it involves duping) -it wont matter for long term economy .

Bank account for player should be shared by all characters on the account -its serves to a lot of good things ,but in application to this system it would serve as preventive measure against " banking mules" - characters created solely to evade tax.


     Now thats for individual players. For guilds there should be separate- guild bank account , serving as a stash for whole guild, war chest , structure maintenance ,etc. - with different tax limits scaling according to amout of characters in guild ( 1 mill for person could be excessive ,but for 1000 person guild it could be pocket change) .

I saw this kind of system in WoP and it really works well - if you dupe 100 millions for example, you pay aprox 25 mill in taxes a day ,and after bug is fixed your millions don't overinflate overall economy.

- Serves as intelligent money sink to regulate economics and prevent abusing and exploits.


I saw this kind of system in WoP and it really works well - if you dupe 100 millions for example, you pay aprox 25 mill in taxes a day ,and after bug is fixed your millions don't overinflate overall economy.

- Serves as intelligent money sink to regulate economics and prevent abusing and exploits.



 Thats what I mean "exploit proof by design" -  assume exploits will happend and have your system designed to recover without major consequences .  "Aggressive bans" will never truly work on a massive scale. It is doable when 5% of your player base is 50 players ,but when it is 5 000? or 50 000? .
Roac
Terracotta Army
Posts: 3338


Reply #6 on: September 22, 2004, 07:43:22 AM

Quote
I'm presenting this as a success story which is all too uncommon in this industry for obvious reasons.


Right; my point is that it shouldn't be uncommon.  It was routine with me and a bunch of vols on a system cobbled together by college kids, and I'd expect pros to be able to one up us with ease.  You look to be playing ball with cheaters - good.  Wish others would.

-Roac
King of Ravens

"Young people who pretend to be wise to the ways of the world are mostly just cynics. Cynicism masquerades as wisdom, but it is the farthest thing from it. Because cynics don't learn anything. Because cynicism is a self-imposed blindness, a rejection of the world because we are afraid it will hurt us or disappoint us." -SC
Shannow
Terracotta Army
Posts: 3703


Reply #7 on: September 22, 2004, 10:30:59 AM

Gotta say it takes guys to ban 5% of your playerbase like that. Good for you.

I wonder Bruce what you feel about CRS's policy of not publically acknowledging cheaters apart from telling people that they do deal with them. Do you feel that they are simply trying to coverup the situation from the general playerbase or that this is the most effective way to deal with them.

Someone liked something? Who the fuzzy fuck was this heretic? You don't come to this website and enjoy something. Fuck that. ~ The Walrus
SirBruce
Terracotta Army
Posts: 2551


WWW
Reply #8 on: September 22, 2004, 11:42:58 AM

I honestly couldn't say what their motive is.  I'm not involved in that sort of low-level policy discussion.  I don't think "cover up" is the right phrase, but perhaps they are simply trying to avoid the additional community management that would be required dealing with the reaction to any cheater being discovered, which can be far greater than the actual damage the cheater did in-game.  Like not holding a press conference for every burglar who breaks into a house, not to conceal how many houses are being broken into, but so as to not panic every homeowner into thinking they need to buy new locks.

Anyway, I do agree that even if you give cheaters a second chance, a larger number of them will cheat again anyway.  But my point is you can catch them just as easily the next time, and eventually ban them after 2 or 3 strikes or some system weighted depending on the severity of their offense.  But based on my personal ISP security experience, I've known otherwise good, paying customers who nevertheless intentionally or unintentionally violated policy once, and once they were caught and the rules were explained to them and they knew someone was watching, they were never a problem again.

Bruce
WayAbvPar
Moderator
Posts: 19268


Reply #9 on: September 22, 2004, 01:07:30 PM

Quote
On Saturday, the hammer came down. We set the flag to disable the cheat, then went through the logs to find entries pointing to the use of this cheat. We then banned every account that had used this cheat. We then went through the billing records and banned every account linked to the cheating accounts through billing information. All told, we banned about 49 accounts, which is roughly 5% of our total population. We do not tolerate cheaters in our game.


That is exactly how I would like to see every game handle this situation. Kudos.

When speaking of the MMOG industry, the glass may be half full, but it's full of urine. HaemishM

Always wear clean underwear because you never know when a Tory Government is going to fuck you.- Ironwood

Libertarians make fun of everyone because they can't see beyond the event horizons of their own assholes Surlyboi
Azhrarn
Terracotta Army
Posts: 114


WWW
Reply #10 on: September 23, 2004, 12:56:57 AM

Quote from: Alkiera
Has anyone ever needed to call a CSR?  How long did it take to get a response?  Was the system useful, or dumb, like other games?)

CoH uses a ticket system, and the 3 times or so I've used it (for stuck missions that couldn't be completed), I had about a 15 minute response time.

Now Ryzom on the other hand, those GMs just rock. :D

I came here to be drugged, electrocuted, and probed.  Not insulted! - H.S.
HaemishM
Staff Emeritus
Posts: 42628

the Confederate flag underneath the stone in my class ring


WWW
Reply #11 on: September 23, 2004, 09:27:31 AM

Quote from: Psychochild
On Saturday, the hammer came down.  We set the flag to disable the cheat, then went through the logs to find entries pointing to the use of this cheat.  We then banned every account that had used this cheat.  We then went through the billing records and banned every account linked to the cheating accounts through billing information.  All told, we banned about 49 accounts, which is roughly 5% of our total population.  We do not tolerate cheaters in our game.
'

BRA-FUCKING-VO.

Seriously. I completely and utterly tip my cap to you for having the balls to do this kind of thing, despite the 5% loss of revenue. If most of the "big" MMOG's, especially Everquest, had taken this kind of stance in the olden days, when they would have lost maybe 1% revenue or less, MMOG's might not suck quite as bad as they do these days.

schild
Administrator
Posts: 60345


WWW
Reply #12 on: September 23, 2004, 09:40:19 AM

Quote from: HaemishM
If most of the "big" MMOG's, especially Everquest, had taken this kind of stance in the olden days, when they would have lost maybe 1% revenue or less, MMOG's might not suck quite as bad as they do these days.


You're cute. I like that.

Psychochild, yes, good move on banning them. Bastards they are, bring no good they will.
sinij
Terracotta Army
Posts: 2597


WWW
Reply #13 on: October 12, 2004, 10:50:47 PM

Now imagine that 5% of your player base is 10K+ people that bring you in 13$/mo. Would you throw away 1.5 mil a year?

Eternity is a very long time, especially towards the end.
Alkiera
Terracotta Army
Posts: 1556

The best part of SWG was the easy account cancellation process.


Reply #14 on: October 12, 2004, 11:14:41 PM

Quote from: sinij
Now imagine that 5% of your player base is 10K+ people that bring you in 13$/mo. Would you throw away 1.5 mil a year?


$1.5 million is a pittance compared to the $30 million I'm already making... not to mention the effects banning exploiters is likely to have on retention rates and resubscriptions.

Really, the situation is only a concern if you're just barely making it.  A Mythic guy stated they really needed 50k? subscribers to make money on DAoC...  if you're just barely breaking even, banning 5% is a big deal.  If you're losing money big time(Horizons) or wearing hats made of money(EQ) then it doesn't matter much one way or the other as far as your bottom line...  the side effects, on the other hand, are what you watch.

--
Alkiera

"[I could] become the world's preeminent MMO class action attorney.  I could be the lawyer EVEN AMBULANCE CHASERS LAUGH AT. " --Triforcer

Welcome to the internet. You have the right to remain silent. Anything you say can and will be used as evidence against you in a character assassination on Slashdot.
sinij
Terracotta Army
Posts: 2597


WWW
Reply #15 on: October 28, 2004, 08:25:01 PM

I don't think you understand how most corporate businesses run - its all about showing most revenue on your next report.  I don't think any publicly owned mmorpg business could afford intentionally throw away 5% without any solid facts pointing toward it generating more money in the future. Can you put a number to ‘effects banning exploiters’ and can you be confident that it will at least break even with existing stream of revenue coming from that 5%? If not I'm afraid you stuck with punishing select few (less .5%) and just stopping exploits.

Eternity is a very long time, especially towards the end.
Pages: [1] Go Up Print 
f13.net  |  f13.net General Forums  |  The Gaming Graveyard  |  Game Design/Development  |  Topic: How to handle a dupe cheat in game  
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC