Interesting article about how easy it is to detect that you are botting.
http://iseclab.org/papers/botdetection-article.pdf
http://iseclab.org/papers/botdetection-article.pdf
RebornBuddy Forums
Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
server-side bot detection in massive multiplayer Online Games
- Thread starter floops83
- Start date
ArfDogUser
New Member
- Joined
- Oct 16, 2012
- Messages
- 37
Folks really should scroll down to the section about wow and the waypoint charts of bots vs humans. This post is more valuable than anything else in this sub-forum.
I do wonder if, assuming waypoint repetition pattern is one current method they use, if it opens up some ideas on how to mitigate this using MUCH longer patterns which get replaced very frequently. if this were viable, it would require users to spend substantial time making new patterns, possibly using new cluster densities on /routes and making sure the overall pattern of each zone's new route is substantially changed from the prior. Alternately, just make new routes by eyeball and fly across the dense node areas by eye, across multiple zones where practical.
for this to even have a shot at being viable in terms of time invested in new routes, needs to be done across as many accounts as possible. One thing unknown is how many waypoint repetitions (either in aggregate or per specific waypoint) trigger an account event.
if you assume their waypoint database ignores logouts and just looks at char. movement history, its pretty grim.
Maybe testing to find the waypoint actual geometric deviations which still trigger as same to blizzard would provide ideas on how to randomize waypoints more completely. Users with scripting talents might just have all numeric values in their scripts increased/decreased randomly by an appropriate amount for the map they are on.
I do wonder if, assuming waypoint repetition pattern is one current method they use, if it opens up some ideas on how to mitigate this using MUCH longer patterns which get replaced very frequently. if this were viable, it would require users to spend substantial time making new patterns, possibly using new cluster densities on /routes and making sure the overall pattern of each zone's new route is substantially changed from the prior. Alternately, just make new routes by eyeball and fly across the dense node areas by eye, across multiple zones where practical.
for this to even have a shot at being viable in terms of time invested in new routes, needs to be done across as many accounts as possible. One thing unknown is how many waypoint repetitions (either in aggregate or per specific waypoint) trigger an account event.
if you assume their waypoint database ignores logouts and just looks at char. movement history, its pretty grim.
Maybe testing to find the waypoint actual geometric deviations which still trigger as same to blizzard would provide ideas on how to randomize waypoints more completely. Users with scripting talents might just have all numeric values in their scripts increased/decreased randomly by an appropriate amount for the map they are on.
Last edited:
mastercheem
Member
- Joined
- Apr 14, 2013
- Messages
- 106
Looks like they are tracking gathers really well then, since they move in the same pattern. Gonna have to change it up a bit I guess so they don't do the same thing over and over.
sherlocked
New Member
- Joined
- Apr 26, 2013
- Messages
- 6
Waypoint repetition should be very easy to bypass. I'm fairly new to HB and plugins, and how much power plugins have, but I do have extensive programming background, so all this might be too much for a plugin. All you would need is the plugin to read the next waypoint in the list, then add or subtract a random number between, I'm guessing, 10 to 30 from each XYZ coord. You would never run over the same waypoint again, but you run a slightly higher risk of getting stuck, but with proper black listing, that shouldn't be a problem.
There is another reason why this form of detection will not work for Blizzard. It fails to take into account that many WoW players use addons that send them on a designated route, such as Zygor's Questing addon or Dugi's Questing addon. When I used these addon's I set my mouse to follow the arrow, and I virtually followed the same path every time. A very simple method to confuse Blizzard would be for the Honorbuddy coummunity to develop questing profiles that follow either Zygor, Dugi, or some other well known and widely used questing addon.
For Gathering profiles, since they are flying profiles it is less likely that they will get stuck, and Sherlocked's method would be a great method for randomizing a path in GB2 bot to make it look more like a nonbotting human using the Gatherer addon (which is a legitimate addon that does not break the Blizzard ToS). Simply add or subtract a random number between 10 to 30 to or from each XYZ coord.
HACK vs BOT
OTOH, I am not convinced that this is the method Blizzard is using lately since many of the Ban letters have accused HonorBuddy members of using a "HACK." A "hack" is not built to follow waypoints but to circumvent game mechanics, such as accessing a mailbox through a wall, or using a mount where normal players cannot use it.
THE HONORBUDDY GUNTHER WELLER HACK
When people using Dungeon Buddy port to Stormwind for repairs Honorbuddy takes them to Gunther Weller. The bot will put the toon on a mount while he is still inside the building with this vendor. If someone takes a screenshot, you will likely get reported for using a "HACK."
THE HONORBUDDY TRADE DISTRICT MAILBOX HACK
When people using the AHBot go to the Auction House in the Trade District in Stormwind, the bot will access the mailbox through the wall (next to the closed door that used to be the entrance to the Auction House before Cataclysm). Using the mailbox has a distinctive animation. If someone takes a screenshot of your toon using the mailbox animation while standing against the wall in the Auction House then you will probably get reported for using a "HACK."
POSSIBLE SOLUTION TO RECENT BANS
I think we need to close these "HACKS" and perhaps a few others we have not noticed before we start rewriting all of our profiles.
For Gathering profiles, since they are flying profiles it is less likely that they will get stuck, and Sherlocked's method would be a great method for randomizing a path in GB2 bot to make it look more like a nonbotting human using the Gatherer addon (which is a legitimate addon that does not break the Blizzard ToS). Simply add or subtract a random number between 10 to 30 to or from each XYZ coord.
HACK vs BOT
OTOH, I am not convinced that this is the method Blizzard is using lately since many of the Ban letters have accused HonorBuddy members of using a "HACK." A "hack" is not built to follow waypoints but to circumvent game mechanics, such as accessing a mailbox through a wall, or using a mount where normal players cannot use it.
THE HONORBUDDY GUNTHER WELLER HACK
When people using Dungeon Buddy port to Stormwind for repairs Honorbuddy takes them to Gunther Weller. The bot will put the toon on a mount while he is still inside the building with this vendor. If someone takes a screenshot, you will likely get reported for using a "HACK."
THE HONORBUDDY TRADE DISTRICT MAILBOX HACK
When people using the AHBot go to the Auction House in the Trade District in Stormwind, the bot will access the mailbox through the wall (next to the closed door that used to be the entrance to the Auction House before Cataclysm). Using the mailbox has a distinctive animation. If someone takes a screenshot of your toon using the mailbox animation while standing against the wall in the Auction House then you will probably get reported for using a "HACK."
POSSIBLE SOLUTION TO RECENT BANS
I think we need to close these "HACKS" and perhaps a few others we have not noticed before we start rewriting all of our profiles.
Last edited:
This is something worth looking into.
sherlocked
New Member
- Joined
- Apr 26, 2013
- Messages
- 6
I only use HB to level characters and farm for random achievements, so I don't know how these work for sure, so If I'm wrong, please let me know. Concerning this one, if this is the bug I am thinking of, has been around for years, and not technically a hack. Anyone would be able to do this, if they got as close to the wall as possible, and put the camera right above your char so the wall glitches and disappears. You can then mouse over the mailbox and get the mail icon on your mouse and interact with it. I can't test this right now since I am in my office, but I'll check to see if my hunch is correct when I get home.
The amount of people doing this is probably very slim, and people doing this without using HB is probably neigh unto nil, so it might be a decent way to track HB.
Old Fart
New Member
- Joined
- Feb 6, 2010
- Messages
- 78
I agree with weedblaze a very interesting article.
Im not looking for flames here just a simple discussion on this paper
Looking at the document wholly it is laid bare on how easy it is for this type of behaviour to be monitored/tracked and then simply when it gets to a point, ban, i would guess that could be why some people are getting there accounts back as they can not be 100% sure that it might be human v bot?
Equally if you bot for a few hours and over a long profile then this would slow the inevitable down maybe? I would have a guess that people using X profile times by 200 people who across the servers use it then this would start to show a pattern, this could be saved to then use it against any new material they keep and if the match is there, boom...ban. Private profiles are getting hit as well but they still have repetition and this over an extended period would be exact and thus why they are getting banned as well?
I have been using Lazy raider over the last 2-3 days and nothing yet, im yet to test fishing but i would have a guess that fishing for pools is going to get me a ban after a while?
What do others think about this document?
Cheers,
Old Fart
Im not looking for flames here just a simple discussion on this paper
Looking at the document wholly it is laid bare on how easy it is for this type of behaviour to be monitored/tracked and then simply when it gets to a point, ban, i would guess that could be why some people are getting there accounts back as they can not be 100% sure that it might be human v bot?
Equally if you bot for a few hours and over a long profile then this would slow the inevitable down maybe? I would have a guess that people using X profile times by 200 people who across the servers use it then this would start to show a pattern, this could be saved to then use it against any new material they keep and if the match is there, boom...ban. Private profiles are getting hit as well but they still have repetition and this over an extended period would be exact and thus why they are getting banned as well?
I have been using Lazy raider over the last 2-3 days and nothing yet, im yet to test fishing but i would have a guess that fishing for pools is going to get me a ban after a while?
What do others think about this document?
Cheers,
Old Fart
One of the best discussions here on this forum, and one people could actually do something with. I do agree that blizzard is tracking 'hot spots' (waypoints as said in this article). I think they keep data and compare people who pass waypoints to that. This would mean, that if you are using the same profile over and over, for more than one hour at the time, you will pass the waypoints multiple times. That would explain recent bans ofcourse, and why some people are still happily botting atm. Might explain the 'delayed' bans too, they are gathering information. It feels like the addon gatherer, this way. They are just gathering 'waypoints'
Kronz
New Member
- Joined
- Jan 17, 2012
- Messages
- 497
I read this very carefully, so this just confirms what we already know.
Our routes give us out.
We need three things to stay safe.
1. Better navmesh, so the bot can find its way easier through the game world and calculate even better paths.
2. Truly random generator for the path. Obviously, the way HB randomizes its path always causes all users to take the same randomized path as the next Buddy.
3. Tool that easily creates gathering profiles, preferably by extracting data from public addons available on legit WoW sites, so it will mimic better the behavior of Human players with these mods installed.
Old Fart
New Member
- Joined
- Feb 6, 2010
- Messages
- 78
I would reckon even if you are only botting for an hour or so that over the course of a few weeks then this would still get you. They would simply just compare the data collected on you and eventually get you?
Only way would be to be swapping very very frequently over the characters and profiles used to disguise it but eventually this maybe would give you away eventually?
Equally we do not know (and my opinion is) if they simply just have been doing this for a little then waiting for a time to hit people with bans to get more sales?
Does anyone know or seen if Autoangler has been done in as well, pool fishing would certainly have to have the same thing?
Only way would be to be swapping very very frequently over the characters and profiles used to disguise it but eventually this maybe would give you away eventually?
Equally we do not know (and my opinion is) if they simply just have been doing this for a little then waiting for a time to hit people with bans to get more sales?
Does anyone know or seen if Autoangler has been done in as well, pool fishing would certainly have to have the same thing?
It would. But if you would change profiles as frequently as suggested, I guess it would more likely feel like an co?ncidence. Anyways, it isn't safe to bot for AH, or goldmaking purposes. I think it's more safe to bot a bit here and there in support of own professions. (like I was doing - but I quit botting as soon as the banhammer hit a lot of people - I'm going to lay low for a while now)
I agree with that, I think they have been collecting information and hit people with bans according to sales. And they have hit some major botters, that's why AH-prices are going up atm. Lately there were more people botting, then people playing - can be annoying in LFR/Dungeons/BG's (I don't do it, because *MY OPINION* I find it hardly fair if you 'normal' pvp against a bot...)
I haven't read anything about AutoAngler. But as you said, it would be the same thing. Especially Questing, GB2 and Dungeonbuddy seem to be hit by the hammer... Think it's a mix of reports and behaviour
AknA
Well-Known Member
- Joined
- Feb 11, 2012
- Messages
- 1,794
And that wouldn't help at all.
You would have to change the numbers ALOT more, even if you change it to lets say +/- 30, over a few runs you still have the same pattern, sure it's not exact but if you look at the chart from that article you still move in the same block pattern and would be detected.
buzzerbeater
Well-Known Member
- Joined
- Mar 21, 2011
- Messages
- 5,419
Damn, I was sure this function was already implemented.
Hmm, can't find those posts anymore. (It was around the time so many people got banned in Uldum and therefore the same discussion did occur.)
ArfDogUser
New Member
- Joined
- Oct 16, 2012
- Messages
- 37
test data using new macid's/ip's on accounts would be of interest on the following
1) is a completely clean mac/ip getting quickly banned using kicks' or other public leveling profiles there are numerous reports that imply that parts of these profiles are triggering detection server-side.
2) using gb2 with a new private profile (preferably a very long profile covering a continent or parts of one to avoid repetition), on a clean ID account as above and see whether it is banned,
3) if not, the issue may be putting the time into making very long profiles and using briefly across many accounts before replacing. this would be time-intensive but is only thing I can think of.
4) to think about - is a human player ABLE to click to move while flying on fixed points in 3 coordinates in 3d space the way the bot does? Is this in itself a distinguishing feature?
if a clean account using # 2 gets banned before ever repeating the path (the path can be made obscenely long and varied), then need to see if instant-unban or upheld. if upheld, this presents some other questions about criteria to uphold a ban they use, since there are ban reports of human-played farming tests which presumably trigger node-count flags or something else but which are promptly reversed.
However, more generally speaking, the issue seems to be that after years of benign tolerance of botting in the game, blizzard, for whatever reason, has decided to actually start taking action against bots. I imagine the detection systems have been in place for a while, possibly quite a while, and that the change in use of this data is a result of a policy change by management. It remains to be seen if the intent is to incrementally inhibit the ability of folks to gather-bot and bg bot, or just to goose revenues for a sustained period and later relax the leash, or thirdly possibly some unseen game being played tangential to the legal arena.
Despite persistent claims to the contrary, it seems extremely probable that having dozens of accounts without IP and hardware disguise amongst them is no longer viable. GM's finally seem unleashed and allowed to actively look up and persecute large bot farms based on IP.
Last edited:
Kronz
New Member
- Joined
- Jan 17, 2012
- Messages
- 497
Remember that we also have insane numbers of Buddies these days, and all of their bots randomize things in such a way that in the end all Buddies end up following the same randomized path, forming Bot Trains despite of randomization so Blizzard will still be able to use statistical analysis to determine if you are following one of the known both paths.
Human input should somehow be added into the randomizer, so that for example, you enter a phrase, or just random keystrokes, and then the randomizer will use this when calculating a randomized path, resulting in more diversity and uniqueness.
Old Fart has the point, public profiles are suicide atm, you are not even safe on private ones, I am using my self-made profile atm and I think I found a fairly decent solution of "inevitable end" but still can't bot more then 2 - 3 hours a day for safety reasons.