Sign in to follow this  
rackham

bot protection

Recommended Posts

Hello everyone! I wanted to know, is there any way to prevent bots playing games through web browsers. Ive seen the bejewled bots and others, playing match 3 type game with ease, but can this be prevented in any way? Thanks

Share this post


Link to post
Share on other sites
No easy and reliable programmatic solution exists. In particular in a browser game, your abilitites are limited, but reverse engineering is a thousand times easier than in a "binary" game.

The safest way to prevent botting is to make botting non-rewarding or at least less rewarding, which is much harder than it sounds. For example, you could rate-limit successes in some way, such as that only 3 wins (arbitrary number) per day count for your ranking. Of course this will also punish people who win more often legitimately.
Also, you could make it so more than 10 wins per hour (arbitrary number) trigger a security alarm which causes a moderator to review the logs in respect to your user ID and your wins. If it turns out you've been playing 28 hours straight without losing one game, they'll ban you.

None of these measures are 100% safe and are likely to catch a legitimate player who is just doing exceptionally well every now and then. Bashing someone innocent is probably as bad or even worse for your business as not punishing a cheater, so this is a two-edged sword.

Server-side timestamping may help if the bot writer is stupid. No human will make the optimal move in less than 0.1 seconds every single time. However, bot writers are not necessarily stupid and may insert random delays which will make this kind of check fail. The bots might be written to NOT make the best possible move every now and then, too.

Random events or human interaction may help, but are by no means safe. There exist bots that work all day unattended, but will play a sound (or some other notification) when someone (probably a moderator) is talking to you, so you can reply and thus "prove" that you're not a bot.

One notable example of a game implementing random events to cut down on botting in a rather successful manner was Runescape.

Share this post


Link to post
Share on other sites
As I recall, the random events in Runescape were unsuccessful at stopping bots for long.
I remember seeing dozens of obvious bots completing random events without a hitch.

In the end, they decided to eliminate trading. So it's essentially a single-player game with a chatroom now, but at least there aren't many bots.

Share this post


Link to post
Share on other sites
Quote:
Original post by phresnel
In this respect: Turing test.

Lol, that's what i was thinking. If these bot makers can make a bot so good that a human can't tell it apart from a real player then these bots must be intelligent! Now it's only a matter of time before they form Skynet [grin]

@Storyyeller: Yeah, i saw a lot of bots in Runescape when i used to play it. I would see a group of about 10 players chopping down trees and they would just keep chopping down the same trees and waiting for them to re-grow. Of course, they could have just been incredibly bored and stupid humans.
While it is quite obvious to a human, it may be impossible for another computer to detect a bot in all cases.

Share this post


Link to post
Share on other sites
Quote:
Original post by XTAL256
Quote:
Original post by phresnel
In this respect: Turing test.

Lol, that's what i was thinking. If these bot makers can make a bot so good that a human can't tell it apart from a real player then these bots must be intelligent! Now it's only a matter of time before they form Skynet [grin]


Hehe. But note that a captcha is already a mild form of turing test.

Share this post


Link to post
Share on other sites
Quote:
As I recall, the random events in Runescape were unsuccessful at stopping bots for long.
I remember seeing dozens of obvious bots completing random events without a hitch.
In the end no, intermittently for a while yes. The obvious problem is that bot writers will soon implement workarounds for the easier "click on one spot on request" challenges.

The maze event did much better, even more so as the walls were stippled semi-transparent which would make it harder for simple bots to "see" them (the bots that grabbed a screencopy). Unluckily, this also made them harder to see for humans, and total failure for someone with even slightly limited vision.
However, the problem is that while you are bashing innocent users, the more advanced bots later didn't grab screencopies, but instead emulated the whole client, which was easy enough, as a Java decompiler would give you the more or less readable source code (there were some heavy obfuscation attempts later on, don't know how successful these were). Now, a bot that emulates the whole client obviously knows the topology of the maze and thus doesn't need to guess for long...

Quote:
Quote:
In this respect: Turing test.

Lol, that's what i was thinking. If these bot makers can make a bot so good that a human can't tell it apart from a real player then these bots must be intelligent!
Yeah well, the problem is that they never do the turing test. A human does the turing test, which he will obviously pass.
A dozen bots will run on the same machine unattended for hours, and when human interaction is needed (e.g. someone sends a tell), the respective bot prompts for interaction.
So, after the Turing test was passed, all you can tell for sure is that the person has for example been harvesting in the same area for 6 hours, which isn't conclusive evidence for a ban. Many legitimate players do the same thing.

Share this post


Link to post
Share on other sites
Quote:
Original post by samoth
...but instead emulated the whole client, which was easy enough, as a Java decompiler would give you the more or less readable source code (there were some heavy obfuscation attempts later on, don't know how successful these were). Now, a bot that emulates the whole client obviously knows the topology of the maze and thus doesn't need to guess for long.

The real question is why anyone would even bother? For fun? Just 'cos they're bored? You can't make money from it unless they sell their services to pathetic gamers who are willing to pay money to have a quest completed for them or something (although that does happen in WOW).

Share this post


Link to post
Share on other sites
Depending on the situations, bots arent always a "bad thing." For example, if your game is pay to play, you get money from those botters. If your game is an MMO bots can lower the price of items (due to high quantities) which allows new players to catch up to older players. The only downside to bots that I can think of is the fact they can sell game related things like items, loot, or currency for real world money (i.e: IGE).

Back on topic: The best/only way to decrease (because you wont ever stop) the amount of bots is to add things like captcha's or lowering the value of repetitiveness (3 wins for 100%, +3 wins for 90%, etc.)

Share this post


Link to post
Share on other sites
Quote:
Original post by XTAL256
The real question is why anyone would even bother? For fun? Just 'cos they're bored? You can't make money from it unless they sell their services to pathetic gamers who are willing to pay money to have a quest completed for them or something (although that does happen in WOW).


Apparently, there really are a lot of sad people out there, even to the extent that it is a big buisness.

Quote:
Original post by phear-
Depending on the situations, bots arent always a "bad thing." For example, if your game is pay to play, you get money from those botters. If your game is an MMO bots can lower the price of items (due to high quantities) which allows new players to catch up to older players. The only downside to bots that I can think of is the fact they can sell game related things like items, loot, or currency for real world money (i.e: IGE).


Here are the downsides of bots that I can think of at the moment

Real World Item Trading, the bane of every MMORPG. (Well except for the ones that are based around legal RWIT but that's another story)

Hordes of low level clones everywhere is visually unattractive, as well as damaging to the community. It can cause real players to get fed up and leave if they think that humans are in the minority.

It distorts the economy. Real players who try to engage in the same activities have to compete for resources and accept fire sale prices for their products. Far from making it easier for beginners to catch up, it often makes it much harder.

Having unusual concentrations of people in a single spot burdens the servers.

It distorts skill levels and makes highscores and rankings meaningless.

Share this post


Link to post
Share on other sites
Intresting answers! As an answer for captcha based solutuion, can maybe literal questions work, as ive seen online ie what is the color of this page / the sky / sand etc...?

The answer basically is, people with enough time can make a bot to emulate human behaviour for any type of game (weather browser based or otherwise) unless that bot is wholly asked to perform an action that computers are not very good at, like complicated natural language processing or something.

Hmmm, there is a solution to every problem, what's this one?!

Share this post


Link to post
Share on other sites
Quote:
Original post by XTAL256
The real question is why anyone would even bother? For fun? Just 'cos they're bored? You can't make money from it unless they sell their services to pathetic gamers who are willing to pay money to have a quest completed for them or something (although that does happen in WOW).
I've never done it myself, so numbers may be inaccurate, but in principle, it looks somewhat like this:
You sell 1000 [whatever] on Ebay for 10 dollars. You can make 1000 [whatever] in about one hour, but it is rather boring and will take your attention.

Actually you'd prefer watching porn or playing basketball in the back yard all day and still get paid, preferrably more than 10 dollars per hour.

So, how to solve this problem? You can run a sweatshop in China (or Mexico, or...) where people will work a whole day for 5 dollars, but this comes with some logistic burdens. You have to find them (and have to talk a language they understand), you have to swing the whip, and you still have to pay them. On top of that, it's illegal.
Or, you can run a dozen bots on your PC at home all day. When the computer makes "beep beep", you have to stop playing basketball and answer whoever is talking to you. If an account gets banned, you make another. If your IP gets banned, you reboot the DSL modem.

So... you now get 12x1000 [whatever] per hour which Ebay translates to 120 dollars per hour. Not bad for watching porn and playing basketball. :-)

Share this post


Link to post
Share on other sites
Quote:
Original post by rackham
Hmmm, there is a solution to every problem, what's this one?!

Yes, but then that solution becomes a problem for the bot makers, a problem which they too will eventually solve. It's just a big cycle, a tug-of-war between good and evil (maybe i'm being a tad dramatic [smile]).

@samoth: Yes, think i'm smart enough to realise that making money for sitting around all day is a good thing [smile], the hard part is getting people to actually pay you money for your service. There are, as i mentioned before, some people who are actually willing to pay real money for game points/money/whatever. And there are even sweatshop places that you speak of, where people get paid to do what the bots do. But to go so far as to emulate the entire client to cheat the system just seems like it wouldn't pay off. It seems like far too much work.
Anyway, that's just my 2 cents.

[Edited by - XTAL256 on June 7, 2009 2:55:24 AM]

Share this post


Link to post
Share on other sites
Quote:
Original post by XTAL256
the hard part is getting people to actually pay you money for your service. There are, as i mentioned before, some people who are actually willing to pay real money for game points/money/whatever.
Ah, but "some" is an entirely wrong assumption. This is a huge market (much bigger than one can probably imagine), as most of the teens and young adults who used to play these games 5-10 years ago now have jobs which give them more money than free time.
Most people with a serious job can't afford to play 6 hours in the evening to get some levels or some special item, or the gold to buy those items. They do have 50-100 dollars that they can easily spare, though. And sure enough, even though they don't want to invest in the time to do the grind, they still want to have all the good items and the levels.
Unluckily, as has been stated before, this is not without consequences for the game's economy.

Quote:
It seems like far too much work.
Well, most of it is already there. You have the client, and it's written in Java. Unless some hefty obfuscation is done (which they did later on in RS), you run it through a Java decompiler and have more or less readable source code 2 minutes later. Then all you have to do is to add a few functions here and there that will do certain things automatically.

For example, you would add a line to the function that updates the scenegraph (or game state) to check when a harvest node changes from "empty" to "full" and send a "grab it" command.
This takes maybe 2-3 afternoons of work alltogether, and it is more reliable than looking for certain pixel colours on the screen, and harder to detect than to run AutoClicker.exe to similate mouse clicks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this