• Advertisement
Sign in to follow this  

Dealing with Accounts in a Free MMO game

This topic is 4337 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi, I'm not sure if this topic has been dealt with here before, but a design problem i'm having is that: if you make an MMO game, or any game where your account has cumulative progress, and is free to play - how can you deal with the following problems? * What stops a player registering lots of accounts in order to gain an advantage in a game where you can easily accumulate wealth by, say mining, and then coalescing the funds to one player account? * What stops a player who is banned for some offense (cheating, offensive language, whatever) re-registering a different account and doing the same thing again? You don't need any in-game achievement to start cheating! Are these problems that must be dealt with by careful moderation and vigilance? Use this thread to talk about other problems faced by MMO designers that don't charge for accounts. (Something I don't believe in, but annoyingly solve some problems)

Share this post


Link to post
Share on other sites
Advertisement
The first thing I would do is tie accounts to a single IP. I know people can spoof fake IPs, but this will atleast cut back on the majority of people who would register multiple accounts and the like.

Share this post


Link to post
Share on other sites
Quote:
Original post by Hidden Asbestos
* What stops a player registering lots of accounts in order to gain an advantage in a game where you can easily accumulate wealth by, say mining, and then coalescing the funds to one player account?

In our game we require a valid email address that has a verification link that the person must click before they can get an account. We haven't yet but we could refuse to accept addresses that come from systems that easily allow new email accounts ( yahoo, hotmail, etc ).


Quote:

* What stops a player who is banned for some offense (cheating, offensive language, whatever) re-registering a different account and doing the same thing again? You don't need any in-game achievement to start cheating!

We track the IP of the players so that is one method ( although with dynamic IP is't not really a good one ). We also try to have a intelligent server to prevent as much cheating as we can.


Quote:

Are these problems that must be dealt with by careful moderation and vigilance?


No matter what you do you will need this.

Share this post


Link to post
Share on other sites
Quote:
Original post by Hidden Asbestos
* What stops a player registering lots of accounts in order to gain an advantage in a game where you can easily accumulate wealth by, say mining, and then coalescing the funds to one player account?


Well, what's wrong with having multiple accounts? If I can handle it, then I should be able to do it.

If your game design is such that you can "easily" accumulate wealth simply by playing more than one character at a time, then I'd say there's a weakness in the game design, and you should not put "police" (moderators) into the game tasked with hunting down your players and punishing them - nip it at the bud and design the game so playing multiple characters at a time doesn't give you such an easy advantage.

Share this post


Link to post
Share on other sites
Quote:
Original post by RDragon1
If your game design is such that you can "easily" accumulate wealth simply by playing more than one character at a time, then I'd say there's a weakness in the game design.
This is true, and definitely something that I would aim to avoid. The skill system of 'EVE Online' has been very inspirational when it comes to my design thinking - the idea that wealth is useless without the skill to utilise it. As skill is inherently non-transferable then you would gain a less obvious advantage to registering 20 rookies, compared to training one pro character.

I guess the problem of macro-able behaviour that would lead to problems is something that, as you say, should be fixed at the design stage.

Thanks. I'm still have that paranoid feeling that i'm missing something though!

Share this post


Link to post
Share on other sites
Tieing to IP address doesn't work.
Tieing to e-mail address doesn't work.
Tieing to Ethernet card Mac address sometimes works.

The only two things that work are:
1) Charging for accounts.
2) Constant community vigilance.

Ideally, you do both in conjunction.

If you don't want to have your own people "on" this all the time, you have to build robust community self-moderation tools, and then track that those tools aren't in turn used for griefing...

Share this post


Link to post
Share on other sites
hplus0603, yes, quite agree. The methods mentioned here are ways to help you. There is no sure fire way and constant vigilance is your best bet. We've included ways for players to easily send in petitions to GMs and record chat logs ( that cannot be faked ) that we can review at a later date. Also all GM commands are monitored and stored so we can make sure GM abuse does not occur.

Share this post


Link to post
Share on other sites
In the world beyond the rainbow you will have a game design that will either render macros obsolete by providing only non-macroable content, or integrate the ultragrind processes into your regular game experience and provide tools to the player to automate them.
Heck, why limit the player to a few characters? Give him a whole brood of characters to play! Simultaneously! While one of the bunch is out adventuring, all the others are slaving away automatically, working in the player-owned sweatshop, producing low grade healing potions or cheap immitation swords.
Sounds silly? Maybe, but if you have a solid game (and some flexibility when it comes to hours you want played per week) with actual content then you won´t have any trouble keeping your players.

To specifically address your points:

- charging for accounts is the AO here. If you don´t want to charge, still use credit cards for verification.

- good logging and monitoring

that´s it. but most people won´t mind if you charge them.

Share this post


Link to post
Share on other sites
Quote:
Original post by Hidden Asbestos
* What stops a player registering lots of accounts in order to gain an advantage in a game where you can easily accumulate wealth by, say mining, and then coalescing the funds to one player account?


Well, my last MMO was UO, but isn't this called "having a mule" ?

Share this post


Link to post
Share on other sites
Quote:
we could refuse to accept addresses that come from systems that easily allow new email accounts ( yahoo, hotmail, etc )


That does not seem like a reasonable solution to me. I understand the intent, but a lot of people use such an account as their primary account and such people should not be banned. Especially because such services often provide better features (more storage, searching, etc) than many local ISP and university accounts.

It's unfortunate that we can't distinguish the two for our good intentions, but that is a symptom of the anonymity created by the internet.

Share this post


Link to post
Share on other sites
Quote:
Original post by janoside
That does not seem like a reasonable solution to me. I understand the intent, but a lot of people use such an account as their primary account and such people should not be banned. Especially because such services often provide better features (more storage, searching, etc) than many local ISP and university accounts.


The same can be said for requiring a credit card ( even for just validation ). Not all people have a credit card. Even if something like yahoo is their primary that infers that they have a secondary which would be accepted. Again, like I said, it's one possible method that I know some games have used ( mostly web based ones ). Again it's not a method that we use but it could be a solution if you notice that a lot of cheaters are using a particular email provider. Even a temporary restriction on those emails might be enough to make a greifer/hacker/cheater loose interest.

Share this post


Link to post
Share on other sites
One addition i've recently made to secure account registration is to implement a CAPTCHA system. This will hopefully make it a little bit trickier for anyone who wants to write a bot to register half of the dictionary as accounts. I don't expect it to be infallible though as nothing really is when dealing with Internet games - as the Wikipedia entry says a sweatshop could circumvent this protection - but the more protection I add the better I feel about the security of my system.

EDIT: Fixed URL.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
The hoarding of resources can easily be avoided through proper game mechanics, such as having an alternate NPC resource vendor or some other game mechanic which takes away the incentive to hoard in the first place. For the cheating or bad language, the suggestions given so far are good ones.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:

still use credit cards for verification.



I assume that your game is free because you want players. IMO - I would never give my credit card out for verification purposes ever. I would assume you would have a hard time getting a player base with that strategy.

Share this post


Link to post
Share on other sites
There's an elegant game design way to solve this: removes NPC buyers. People will need to get inventive to grab some money, because if everyone mines says, charcoal, the charcoal price will suddenly drop, and mining charcoal will not be viable anymore.

Share this post


Link to post
Share on other sites
Well, I would use a serial key that comes with the game. Allow X amount of account or characters with that serial key and if they cheat or abuse the system block that key. Have the player create a log-in that is tied to that key so they can use it from any computer. There are a lot of ways to get the job done, it just depends on how protected you want it to become.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
correct me if Im mistaken, but wouldnt a player with an existing connection to a game server be disconnected if they change IP mid-game. if thats the case just allow for a certain # of socket connections you need to play your game(connection to lobby server, game server, etc) and dissalow any extra connections from the address.

Share this post


Link to post
Share on other sites
Charging money for Accounts or some key to an account?
Don't know if this works or not, just giving you some ideas. But charging money for account can greatly reduce duplicated accounts.

Share this post


Link to post
Share on other sites
Quote:
Original post by lightblade
Charging money for Accounts or some key to an account?
Don't know if this works or not, just giving you some ideas. But charging money for account can greatly reduce duplicated accounts.


Kinda defeats the purpose of "free", doesnt it?

Share this post


Link to post
Share on other sites
Guest Anonymous Poster

Its a matter of making it sufficiently hard to cheat (you wont ever eliminate all).

Have the usual server based confirmation to thwart the usual modified client cheats. And have some kind of frequent client patching to make security hacks harder (protecting the MAC/IP check stuff).

Make the game mechanics not reward 'Mules' any more than the same hours played with one Char (dont give each char excessive froo starter resources/rewards).
Have some kind of taxation system make it prohibitive/unworkable for a player to have too many extra Characters/Accounts (ie- on UO people got extra accounts to beat house ownership limits to facilitate their Housing speculation businesses).

Possibly make real identification required for account registration. Credit card
number with no charge or only a nominal charge ????


A well spelled out EULA that clearly states what behavior wont be tolerated and defines specifics about banning and multiple accounts, etc... (this actually does disuades some people). Have the EULA visible/check off every time the user logs on.



Share this post


Link to post
Share on other sites
Easy solution. (well, what i use.....)

First, remove all static ip adresses. (grab the first 'segment' of the host name (everything before the first dot), and block any that that don't contain any numbers)

ie. For Random.com, random doesn't contain numbers so its static, so block it.
For be71.skynet.com, be71 contains numbers, so its dynamic, so you let it in.

You then remove the first segment of the host name, and look only at the remaining part. (dynamic ip's change the first segment, rarely anything else).

next, look up a list of "banned" hostmasks. (this makes most bans stick, unless they use a proxy.)

In the case of a proxy (this is for web based stuff), you check to see if it will accept connections on port 80, 8080, ect. (i'd get another computer to portscan anybody coming in, start off with the major ports, then scan as many other random ports as you have time for.)

If they do, then block it, and add that range to the block list. (Its a proxy, RUN!)

Then you check for more then one user with the same ip, ect. (enforce a one range, one account policy. and when you ban a range, ban every account that falls in those ranges.)

Then you have moderators, with a nice shiny "Ban" button.

[lol]

Few people ever get to the moderation stage.

(as another thing you can do, per account, require email activation. not foolproof, just annoying. esp if you ban free/unknown email hosts).

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement