I run a web-based, turn-based strategy game (I hesitate to call it an MMORPG as people always complain when I do). It is against the rules to own multiple accounts on the game, but of course, nobody ever bothers with rules on free games...
I wrote a script to try and go through the user database and pick out people with multiple accounts. The problem is it''s far from perfect... it works like this:
- checks any active (played in last week) accounts that have the same password (exact matches only cos they''re encrypted)
- outputs a list, with each set of matched accounts, with their IP address and email address they signed up with, and how recently they last played
I then have to go through this list myself and try to use human intelligence to work out which ones are multiplaying, and which are innocent. I''ve had a fair few complaints that I''ve unfairly deleted people''s accounts, to the extent it got me a bad review at one point. People are constantly talking about how their brother players on their computer, etc...
What do people think? Is there anyway to improve on this system? Or are there any existing methodologies out there? (Couldn''t find any with a few google searches) Also, balancing policy enforcement vs fun is proving to be difficult. I don''t want to burn people who are innocent, but I don''t want the game to be turned into an open arena for abuse by cheaters. Where to draw the line...
Spotting multiple account cheaters
Author
Hi
I run a web-based, turn-based strategy game (I hesitate to call it an MMORPG as people always complain when I do). It is against the rules to own multiple accounts on the game, but of course, nobody ever bothers with rules on free games...
I wrote a script to try and go through the user database and pick out people with multiple accounts. The problem is it''s far from perfect... it works like this:
- checks any active (played in last week) accounts that have the same password (exact matches only cos they''re encrypted)
- outputs a list, with each set of matched accounts, with their IP address and email address they signed up with, and how recently they last played
I then have to go through this list myself and try to use human intelligence to work out which ones are multiplaying, and which are innocent. I''ve had a fair few complaints that I''ve unfairly deleted people''s accounts, to the extent it got me a bad review at one point. People are constantly talking about how their brother players on their computer, etc...
What do people think? Is there anyway to improve on this system? Or are there any existing methodologies out there? (Couldn''t find any with a few google searches) Also, balancing policy enforcement vs fun is proving to be difficult. I don''t want to burn people who are innocent, but I don''t want the game to be turned into an open arena for abuse by cheaters. Where to draw the line...
I run a web-based, turn-based strategy game (I hesitate to call it an MMORPG as people always complain when I do). It is against the rules to own multiple accounts on the game, but of course, nobody ever bothers with rules on free games...
I wrote a script to try and go through the user database and pick out people with multiple accounts. The problem is it''s far from perfect... it works like this:
- checks any active (played in last week) accounts that have the same password (exact matches only cos they''re encrypted)
- outputs a list, with each set of matched accounts, with their IP address and email address they signed up with, and how recently they last played
I then have to go through this list myself and try to use human intelligence to work out which ones are multiplaying, and which are innocent. I''ve had a fair few complaints that I''ve unfairly deleted people''s accounts, to the extent it got me a bad review at one point. People are constantly talking about how their brother players on their computer, etc...
What do people think? Is there anyway to improve on this system? Or are there any existing methodologies out there? (Couldn''t find any with a few google searches) Also, balancing policy enforcement vs fun is proving to be difficult. I don''t want to burn people who are innocent, but I don''t want the game to be turned into an open arena for abuse by cheaters. Where to draw the line...
Well, when they register their account, you should allow check for double mail addresses. That will prevent them at least once to create a double account.
At that point, you should register their IP address,email address and time into an extra table. Next time they register, you insert that entry again into the database, only with a different timestamp and probably a different email address. For example:
I register on 14:03:12 using email address fake@fake.com from IP 10.202.100.25. Registration failed here, double mail address
I register on 14:05:01 using email address pie@fake.com from IP 10.202.100.25. Registration successfull.
So, now I have 2 accounts, 1 from fake@fake.com and 1 from pie@fake.com. You could execute once a week an admin query to retrieve data from the registration table. Let the script check for double IP addresses within short time span(Say, 7 days) and ofcourse, for double email addresses. If an email address is used double, you can mark that IP address as hot, and look up any registration from that IP. If they are in close time span, you can mark those accounts as double and temporarily disable them. Don''t delete them, do that after you contacted the owner. Show a message "You account has been suspended, reason: You are suspected to have multiple accounts. To resolve the problem, contact the server administrator".
Toolmaker
My site
/* -Earth is 98% full. Please delete anybody you can.*/
At that point, you should register their IP address,email address and time into an extra table. Next time they register, you insert that entry again into the database, only with a different timestamp and probably a different email address. For example:
I register on 14:03:12 using email address fake@fake.com from IP 10.202.100.25. Registration failed here, double mail address
I register on 14:05:01 using email address pie@fake.com from IP 10.202.100.25. Registration successfull.
So, now I have 2 accounts, 1 from fake@fake.com and 1 from pie@fake.com. You could execute once a week an admin query to retrieve data from the registration table. Let the script check for double IP addresses within short time span(Say, 7 days) and ofcourse, for double email addresses. If an email address is used double, you can mark that IP address as hot, and look up any registration from that IP. If they are in close time span, you can mark those accounts as double and temporarily disable them. Don''t delete them, do that after you contacted the owner. Show a message "You account has been suspended, reason: You are suspected to have multiple accounts. To resolve the problem, contact the server administrator".
Toolmaker
My site
/* -Earth is 98% full. Please delete anybody you can.*/
Author
Thanks for your reply
The server already disallows registration from the same email address, so that''s not a problem. Suspending instead of deleting sounds like a good idea though - why didn''t I think of that!
The server already disallows registration from the same email address, so that''s not a problem. Suspending instead of deleting sounds like a good idea though - why didn''t I think of that!
Disallow hotmail, yahoo, and any other non-isp mail service you can find.
Require a unique mail address for every account, and ensure it''s valid.
Log the IP address of every player, and if any two players match, watch them. Presumably, if its not legal to have more than one account, its because it results in knowing something oyur not supposed to (cheating!). If you see that happen, suspend the accounts. both of them.
Require a unique mail address for every account, and ensure it''s valid.
Log the IP address of every player, and if any two players match, watch them. Presumably, if its not legal to have more than one account, its because it results in knowing something oyur not supposed to (cheating!). If you see that happen, suspend the accounts. both of them.
quote:Original post by C-Junkie
Disallow hotmail, yahoo, and any other non-isp mail service you can find.
How about the people that don''t have an ISP email address or don''t wish to use that one? I use my hotmail exclusively for this kind of purposes since I don''t want to receive spam because of some online service I subscribed to. And then there are the kids that have a hotmail only because their parents use the ISP address.
Disallowing those addresses would cost him members, and lots of it.
Toolmaker
My site
/* -Earth is 98% full. Please delete anybody you can.*/
Do you log the times the user plays? In that case you could use that as an additional indicator of whether it is a double account or not. If they are playing/have played at the same time it could be an indication that it is in fact not a double account.
you could ask them specific details, like their hoem phone number. or credit card details
since it;s a free game, you can't give them a unique ID when the purchase the game...
however, to get a copy of the game, they'd have to supply a mail account, then you can link that mail address with a unique encrypted ID, all in the player account. It would be a lot of hassle for them to download the game twice, just to have two different accounts in the game. Besides, you can always check if there is a previous install of the game, and overwrite the old install with teh new, thus removing the previous account. They can still use a single account on multiple machines, if you prompt them before installing the game on the new machine.
[edited by - oliii on April 15, 2004 12:41:16 PM]
since it;s a free game, you can't give them a unique ID when the purchase the game...
however, to get a copy of the game, they'd have to supply a mail account, then you can link that mail address with a unique encrypted ID, all in the player account. It would be a lot of hassle for them to download the game twice, just to have two different accounts in the game. Besides, you can always check if there is a previous install of the game, and overwrite the old install with teh new, thus removing the previous account. They can still use a single account on multiple machines, if you prompt them before installing the game on the new machine.
[edited by - oliii on April 15, 2004 12:41:16 PM]
Author
The game is Tiraen (www.tiraen.com) - it''s not an application, it''s completely web-based.
I''ve made it so now accounts are suspended instead of deleted, which probably makes the players feel better. So I got my first email today from someone whose account was suspended, and they say they play at school on the same computer... but the problem is, if I just take everyone at their word, I might as well just not bother at all.
The reason they''re not allowed multiple accounts is because they can then use their ''spare'' accounts to help out their main one, or carry out kamikaze attacks on other players with throwaway accounts.
About checking what time they''ve played - yeah I do that. I figure that cheaters are more likely to play their accounts one after the other (i.e. in a small time frame), whereas accounts that have been played with a good few hours between are probably really different people - but again, it''s hard to tell.
I suppose at the end of the day you only have limited information, on a limited budget, so there''s not a whole lot you can do. :/
I''ve made it so now accounts are suspended instead of deleted, which probably makes the players feel better. So I got my first email today from someone whose account was suspended, and they say they play at school on the same computer... but the problem is, if I just take everyone at their word, I might as well just not bother at all.
The reason they''re not allowed multiple accounts is because they can then use their ''spare'' accounts to help out their main one, or carry out kamikaze attacks on other players with throwaway accounts.
About checking what time they''ve played - yeah I do that. I figure that cheaters are more likely to play their accounts one after the other (i.e. in a small time frame), whereas accounts that have been played with a good few hours between are probably really different people - but again, it''s hard to tell.
I suppose at the end of the day you only have limited information, on a limited budget, so there''s not a whole lot you can do. :/
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
