Maintenance for the week of May 17:
• PC/Mac: NA and EU megaservers for maintenance – May 17, 4:00AM EDT (8:00 UTC) - 12:00PM EDT (16:00 UTC)
• Xbox One: NA and EU megaservers for maintenance – May 17, 4:00AM EDT (8:00 UTC) - 12:00PM EDT (16:00 UTC)
• PlayStation®4: NA and EU megaservers for maintenance – May 17, 4:00AM EDT (8:00 UTC) - 12:00PM EDT (16:00 UTC)
• ESO Store and Account System for maintenance – May 17, 4:00AM EDT (8:00 UTC) - 12:00PM EDT (16:00 UTC)
The Blackwood Chapter and Update 30 are now available for testing on the PTS! Read the full patch notes here: https://forums.elderscrollsonline.com/en/categories/pts/

[Permabans being lifted] ZOS how are we as a community dealing with exploits/hacking?

Nifty2g
Nifty2g
✭✭✭✭✭
✭✭✭✭✭
To bring people up to date
There is currently 3rd party software people are hacking ESO with on PC/MAC. Able to do everything and anything




Taken from: https://forums.elderscrollsonline.com/en/discussion/268253/a-few-facts-about-the-recent-ultimate-exploit-hack/p1
I am writing this to let all the non technical people know about those facts so that we can make more constructive posts instead of just saying ZOS should ban all those people, fix those bugs tmr ect.

Fact 1: Why this is possible to do with ESO?
ESO used something I call client trust model. What this means is that ESO client does most of the calculation and sends the result back to server. The server then accepts the result with little or no validation.

An example flow of client trust (not necessary how ESO does it)

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if player has enough then decrement ultimate point, if not then do nothing
4. tell server player casted ultimate
Server:
1. received player cast ultimate request
2. broadcast to all players that player A has casted ultimate

so what would happen if someone modified the ESO client and removed step 2, 3 on client side?

An example flow of Server trust

Client :
1. Player pressed ultimate key
2. Validate if player has enough ultimate point to cast it
3. if not then do nothing
4. tell server player wants to cast ultimate
Server:
1. received player cast ultimate request
2. validate if player has enough ultimate point to cast it. If not then do nothing.
3. decrement ultimate point for player A and broadcast to all players that player A has casted ultimate

so what if we remove step 2, 3 on client side this time? step 2 on server side will say no because the server has all the information and it can validate if the action is valid

Fact 2: How can it be fixed completely?
Use Server trust implementation. But this would require complete rework of the game code as well as makes server load a lot heavier.

Fact 3: Why is client trust model used instead of server trust?
If server trust is used it means the server will be required to do most of the calculation that the clients are doing right now. Meaning that it should expect at least X times (X is the number of players playing the game) heavier loads. So what used to be 10s lag in PVP you could expect that to multiply by X if they use existing server without upgrade.

Fact 4: Could ZoS just simply detect those people and ban them all?
I will put it simple.. It is hard. Feel free to take a look at maple story which uses similar model. Maple story even used 3 layers of anti-hack engine and still......

Fact 5: What exploits/hacks are possible with ESO?
Anything you saw in Maple story could theoretically be seen in ESO. Examples: god mode, damage modification, infinite resources, god speed, global skill, global gathering, global teleporting ect

Fact 6: What is a potential solution?
Guard ESO with anti hack engine will increase the difficulty of hacking it (not completely prevent but harder to do!) . But at the same time performance will suffer...

I'm quite fond of the ESO community, there are amazing people I have met on this game and plan to keep long friendship with them, however it seems as of late and repeated actions in the past, as a community as a whole the game is slowly destroying itself and finding ways to become even more toxic.

As it is against the rules to name players, we all know who they are just step foot into Cyrodill or look at your Maelstrom Arena scores, why do ZOS allow such things, why are repeated offenders allowed to keep the toxicity in the game and destroy itself. One of these players has been permanently banned before, and you allowed them to come back only to absolutely slap someone in the face who has put in the time and dedication to set themselves a goal and get #1, this applies to @andy.s and @JaceSB

Why are we as a community not allowed to name and shame those players who honestly have no right anymore to belong on this game with repeated exploiting accusations, now even worse how are we still finding ways to fill this game with poison and exploits. ZOS this is on you, you need to actually take action for once, you know who the players are, if we as a community are exploiting because of no consequences there is an issue with the way you are moderating your game. Please fix it before your community turns against you. Set an example of the exploiters/hackers.

And for those who are actually exploiting/hacking, yes this is a game, but to others it is also a hobby you are filling the community with horrible behavior and ruining a great game that is trying to get itself off the training ground and establish itself, ESO is heading in a great direction, but stuff like that is currently happening, ruins it and word gets around very quickly, people spend money on this, invest hours and hours of their time into it to play with their friends or have a challenge.

So to you ZOS, I hope you are doing the right thing, but if this continues to get out of hand, your community is going to lose it's faith and turn against you.
#MOREORBS
  • Buffler
    Buffler
    ✭✭✭✭✭
    Repost vids, send in vids via tickets and dont name players then the thread wont get locked
  • Ch4mpTW
    Ch4mpTW
    ✭✭✭✭✭
    ✭✭✭✭✭
    ZOS_DaryaK wrote: »
    Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

    Lol. You know... I've been wondering something @ZOS_DaryaK that I'd love for you to explain... How does one exactly post a video on the forums of a exploit taking place involving themselves and another player, while managing to censor the other person's name who's exploiting? Lmao. Are you supposed to use censoring software, like the blur effects used to cover-up people's faces or explicit images? Or just have a floating black censor bar over the person's name in the video? I really wanna know.
    Edited by Ch4mpTW on 29 May 2016 16:57
  • LadyNalcarya
    LadyNalcarya
    ✭✭✭✭✭
    ✭✭✭✭✭
    Nifty2g wrote: »
    @ZOS_DaryaK What do we do about Maelstrom Arena, it is a solo instance but the scores clearly show exploitation.

    They've just started with vMA, but who knows if 12 cheaters would cooperate for vMoL?
    Would be quite embarrasing if cheat engine would take worlds 1st hm clear lol.
    Dro-m'Athra Destroyer | Divayth Fyr's Coadjutor | Voice of Reason

    PC/EU
  • Jaronking
    Jaronking
    ✭✭✭✭✭
    Attackopsn wrote: »
    This kind of intentional exploitation and cheating is disgusting. This is the same behavior that ruined diablo on console platforms, such a shame to see players going out of their way to ruin a game.
    Well to be fair their not trying to ruin the game well not all of them some are just trying to get @ZOS to fox their dam game.Can you blame them for that?
  • zerosingularity
    zerosingularity
    ✭✭✭✭
    Nifty2g wrote: »
    ZOS_DaryaK wrote: »
    Thank you for raising this issue, we are investigating this issue. In the meantime, please continue to use the in-game report function to report players who are using any kind of exploit and refrain from posting names or videos showing names on these forums.

    Sorry, but until the players see proof that such things as exploiting and hacking are dealt with appropriately (no 3-day ban crap but perma-ban/character deletion) then naming and shaming of exploiters/hackers will and should still happen.


    Remember, exploiters/hackers have no rights, only the innocent do.

    Looks like we will need a leaderboard reset this next DLC, at this rate.
    597935 on the Sorcerer VMA is the main reason a leaderboard reset is in order. That score is impossible to obtain, to those who don't know Streak One currently #2 his run was 40 minutes and his score is 575102. The person ahead of him has that 597k which means that run was 29minutes. I don't believe that is possible at all unless you are spamming free cost Overload.

    Yeah I just saw that score, and while I am no where near Streak One's skill level, I know full well that 598k score is pure exploit/hack. Hopefully we get some form of real response, one that is not damage control but a real person to person communication on this issue.
    Edited by zerosingularity on 29 May 2016 17:57
    NA-PC

    Kaineth - Stamina Nightblade (Weakest Player Ever!)
    Elena Stormwood - Magicka Sorcerer (vMA no Death 12/21/15 Score 401148)
    Sheila Feyrondas - Magicka Dragonknight Tank (Frost staves are gonna be fun!)

    *Disclaimer* I fail at emotional communication, so assume what I say is NOT meant to be offensive.
  • Jaronking
    Jaronking
    ✭✭✭✭✭
    Attackopsn wrote: »
    Jaronking wrote: »
    Attackopsn wrote: »
    This kind of intentional exploitation and cheating is disgusting. This is the same behavior that ruined diablo on console platforms, such a shame to see players going out of their way to ruin a game.
    Well to be fair their not trying to ruin the game well not all of them some are just trying to get @ZOS to fox their dam game.Can you blame them for that?
    Are you joking? This isn't a bug, and even if it was, exploiting it at the player base's expense is fully malicious and should result indisputably in perma bans
    I never said they shouldn't be banned I actually posted multiple times they should be permabanned.I didn't state it was a bug but we all know ZOS knew nothing about this until we started spreading information which is sad.A lot of people just want them to actually stop stuff from this from happening again that's why their doing it as bad as they are.Its forcing a response and forcing ZOS to make sure this doesn't happen again.
This discussion has been closed.