Warning : Teleporting bots are back!

Pintobean

My last two cents. Another leg of this event that might be detectable would be at the exchange point with the NPC buying the refined or unrefined materials. Could an account be identified for selling 30,000 in gold worth of materials to an NPC in an hour? I am against auto banning anyone, but a look at accounts with this kind of activity, if possible, might be warranted.

Unless the gold is being duplicated, there should be some point where the rapid accumulation of gold, by one account, by any means, could be flagged.

MercyKilling

Seems all this could be combated better by having an ingame GM or three to act upon reports like this as soon as, or shortly after they are made.

omocho1b16_ESO

I skimmed the first page but didn't see...
how the heck do you report a player? I briefly looked, but couldn't figure it out. I'm pretty big into crafting and this is seriously, seriously starting to irk me. Thanks to the idea of a megaserver they should have implemented the same thing as FFXIV:ARR, instanced nodes. Every player gets their own nodes. Why the hell this isn't a feature of every single MMO with nodes, I have no idea. The only exception I could maybe forgive is Tera because that game had nodes EVERYWHERE.

cheeser123

Sharee wrote: »

That statement does not make any sense. Hacked clients are "sending a load of encrypted data"? Not sending encrypted data proves that your client is legit? How? And what does any of that have to do with authentication? That's just a pure mishmash of words randomly put together.

Instead of trying really hard to read what I said in the worst way possible, try reading it again and assume that it's supposed to make sense. I certainly never said hacked clients were sending loads of anything. I was simply pointing out that:

encryption = sending loads of data
authentication = using some method to verify identity / validity of client

I'm describing an authentication scheme and your response was to mock me and tell me the NSA will decrypt it ... or something to that effect... and that the client could still hack the data before encryption, and thus it will be ineffective. To me, that tells me that you think "cryptographic authentication" means "encrypt the data when it is sent from the client." That's not true. That's why I tried to explain the difference to you.

A cryptographic authentication scheme does NOT aim to encrypt data. The goal is not to hide some data by obfuscating it. The goal is to use crypto methods to securely authenticate that a client is using unadulterated software and is sending valid, non-hacked input (ideally, in a fool-proof way). There are ways, in the abstract, to do this. The only question is whether it could be implemented in a useful way.

However, at no point in time is the goal to encrypt the data being transmitted for the purposes of obfuscating or preventing tampering. You seem to believe that's what I said because you've either deliberately or hastily misunderstood what I said for the purposes of riling up an argument. The goal is to use a cryptographic protocol to authenticate who the user is, what the user is doing, etc. -- not just to encrypt the data that is being sent throughout this process. It's like a challenge-response protocol. When I log in to my bank, all the traffic is encrypted on the wire, that's obvious. That's encryption, that provides security of the data. But it is also authenticated. My bank sends me a secret code (something I chose when I set up my account) so that I know they are who they say they are. Then I send back my secret code (i.e. my password) back. That part of the protocol is not especially cyptographic, but that's the authentication. Combining crypographic methods with that type of authentication scheme, or a more complex one that validates user-side parameters that would indicate hacking, is what I suggested. You seemed to think I was simply suggesting that the client-server communication be encrypted. While that might be a good idea, that is not a deterrent for hacking. You know that, and good for you, but that's not what I said.

I have advanced degrees in math and CS. I worked for DHS for a while. I know about this. I'm glad you have an IT job and you know how SSL works, but please, stop nagging at me endlessly. It's rude. I suggested they use a cryptographic authentication protocol. This type of protocol exists. It is feasible in this case, at least in the abstract. I am sure it would take work to put it in place, and I'm sure some hackers would find a way around it. But that is all I said. Get off my back.

CrimsonThomas

Hackers are already ruining the game and destroying its economy. I don't see myself subscribing for very long if Zenimax allows this to continue in its rampancy.

cheeser123

CrimsonThomas wrote: »

Hackers are already ruining the game and destroying its economy. I don't see myself subscribing for very long if Zenimax allows this to continue in its rampancy.

Of all the issues in game, I think dealing with hackers/bots/etc. is the one thing you have to be generous (but not too generous) with patience. Credit cards being rejected for using Canadian postal codes? That's a problem that should have been fixed before launch. Bots and hackers? That's something they couldn't possible fix 100% before launch. For me, I want to see a swift response, once major bugs (e.g. the vanishing bank inventory) are fixed, that includes serious efforts to identify and stop hackers and botters. This should include very clear expectations to the community -- what can we do that is considered "normal farming" and what is likely to get us pegged as exploiters, hackers, etc. And the mechanics should be modified to make it much easier to follow those rules fairly and still farm at a normal, fair pace, sifting out and clearly identifying the hackers/botters/exploiters/etc.

anghara

At least one thing that was good about GW2 is that nodes exist for each player, and don't disappear for other players when used, so it's not competitive. It wouldn't stop these fools from destroying the economy, but at least it wouldn't screw over everyone else just trying to gather things for themselves.

CrimsonThomas

cheeser123 wrote: »

Of all the issues in game, I think dealing with hackers/bots/etc. is the one thing you have to be generous (but not too generous) with patience. Credit cards being rejected for using Canadian postal codes? That's a problem that should have been fixed before launch. Bots and hackers? That's something they couldn't possible fix 100% before launch. For me, I want to see a swift response, once major bugs (e.g. the vanishing bank inventory ) are fixed, that includes serious efforts to identify and stop hackers and botters. This should include very clear expectations to the community -- what can we do that is considered "normal farming" and what is likely to get us pegged as exploiters, hackers, etc. And the mechanics should be modified to make it much easier to follow those rules fairly and still farm at a normal, fair pace, sifting out and clearly identifying the hackers/botters/exploiters/etc.

I can't stress these points enough. Players losing their paid content is horrendous, as not being able to actually access the game. You're right, those need to be fixed first.

What I am worried of, however, is how the people controlling these teleporting farm bots are going to break the game's economy and progression system. That would break the game for everybody.

Felyae

Have seen it with my own eyes. It's sad that in a 2014 game this kind of exploit is still possible.

homeless36b16_ESO

I don't see what's so hard to understand. It's a lot cheaper to not employ a defense, and to use old and out-dated server technology. Cut costs, and maximize profits. If this wasn't f2p to be, then we'd see something done about it.