Guild Wars 2

Ongoing Problem: People who are farming events / resources who appear to be ‘botting’ or running macros to benefit from performing in game actions while not being there.

Existing Solution: In game report function was implemented and drops were drastically reduced. (Most bots I ran into just had their auto attack on, and thus werent looting anything, but were farming karma, exp by getting what little auto attacks they managed to work in).

New Problem Created: Now, after an hour of moving all around a map and events, we now are maxing our karma gains, and mats and other items drop percentages seems to have gone considerably down, penalizing active, moving players.

*New Solution suggested: * Put existing drop percentages back in place but take the “Report a player” for botting a step further. If a player is reported for botting, have a random x/y box show up asking the player to confirm the player is actively at their machine.

To take it a step further, just as many forums have a “Type in the skewed lettering you see”, have them have to “type” back a randomly generated set of characters to validate they are in fact at their pc, otherwise, their character dies., and then they are logged off with a x – timer preventing logon. (Logging them off alone, would just result in a macro to log them back on possibly)

tldr: To fix botting, put old drop percentages back in place but take the “Report a player” for botting a step further. If a player is reported for botting, have a random x/y box show up asking the player to confirm the player is actively at their machine by typing in a random string of characters. If they fail, their character dies, and then they are logged off with a 5-10 minute timer before they can log on. Once a player has been reported, and fails the test, have this box show up every 15 minutes as a penalty to that player’s account for x # of days until they continue to pass the test and prove it isnt being used as a botting account.

This also makes it more automated to handle botters, outside of upfront coding/testing/implementation, and hopefully decreases the amount of staffing time it takes to look into botting claims.

This can be totally abused. People could just spam reports so others will be busy to answer the Quiz then fighting. Some people like to be mean

A solution could be that if a character is reported by several accounts the game will automatically disable any automatic attack on that character with a cooldown timer of 15 min for not being able to re-automatize any skill

I dislike anything put in the hands of others, esp. players. Also this is a rather lackluster non-inspiring sollution … I would suggest searching for F4-RM on the suggestion forum (or clicking this link: https://forum-en.gw2archive.eu/forum/game/suggestions/F4-RM-the-anti-bot-Golem-combatting-bots-with-bots ) … and express your support for this feature, that essentially does the same thing, but doesn’t give controll to people (that could use this to report players in PvP, WvW or even just in the world – to force a captcha on them), and it also gives the opportunity to confront the ‘detected’ players with an enjoyable DE, instead of an immersion breaking Captcha pop-up.

Arghore.8340:

I dislike anything put in the hands of others, esp. players. Also this is a rather lackluster non-inspiring sollution … I would suggest searching for F4-RM on the suggestion forum (or clicking this link: https://forum-en.gw2archive.eu/forum/game/suggestions/F4-RM-the-anti-bot-Golem-combatting-bots-with-bots ) … and express your support for this feature, that essentially does the same thing, but doesn’t give controll to people (that could use this to report players in PvP, WvW or even just in the world – to force a captcha on them), and it also gives the opportunity to confront the ‘detected’ players with an enjoyable DE, instead of an immersion breaking Captcha pop-up.

OP is stressing simplicity and realism. You are right in that both of these features does essentially the same thing – except that the F4-RM bot will have a limited list of questions and therefor answers, and once learned and taught the bots will be homefree.

The Captcha may be annoying from time to time, but just implement a limit. You can only be “reported” in this way every so often, and only if a sufficient number of players trigger it in a relevant time window.

AKA minimum of 5 reports in a 10 minute window.

Once reported, Captcha appears as OP describes, but cannot re-activate for another 15 minutes.

Prophet,

I like the basic idea. Here are my concerns:

- Abuse. Griefers would go nuts with this, burying legit users in pop-ups.
- Drawback of Captcha: I generally have to refresh it at least a few times before I get something that doesn’t look like a indecipherable splotch to me.

Possible solutions:

- If X number of reports result in a positive response, the reporter is flagged for investigation and booted.
- Allow Captcha refresh, and give a more generous response time.

@Lord-Jaguar, F4-RM is described not to just offer questions, but a whole list of possible tests which can all be designed with hard to program responses from a computer. And even in multiple choice questions using a random location (a, b, c, d) for the right answer will make it considderably harder to accomplish for a computer, as it will have to actually identify the location of the answer to then click in the right location, as opposed to (this answer is known, it’s in ‘this’ location, click there), but even that can be hard as the computer would still have to identify which question is being asked…

Also, F4-RM specifically comes with the instructions to add & replenish tests, to combat the ‘the sollutions are known’ issue that can arrise from these kinds of test. Still though, nothing is preventing Anet to actually add a couple of Captcha’s as a ‘test’, i personally dislike them, as they can be harder to solve for a human than a computer. Especially if one considders the ever increasing (commercial) efforts to make ‘scan to text’ software, and ofcourse the use of these captchas in all sorts of forums, and thus the ever continued battle of hackers to bypass them.

Not a bad idea, having a little test for reported botters, however: A lot of bots, to me at least, look like they have hacked clients as well. Those that can teleport to random mobs without a skill being used look to me like a custom client that can send out modified location packets to the server. It would only be a matter of time that these same clients could return an automatic pass to whatever is being asked of them, or at the least being able to programmatically determine the correct answer, instead of having to find it on screen.

I think first a way to thwart hacked clients is necessary. Then see what needs done about it after that.

I agree that ‘captcha’ can be difficult to read, but there are alternatives. As to someone saying it can be abused, I wholeheartedly disagree. If you are in a dungeon, they can kick you if they really wanted to…so no point there. If your doing an event, and people did it maliciously, it’s only going to trigger once, and if you make the timer long enough, most events could be wrapped up in time for you to legitimately finish and resolve the validation.

As to your other concerns, You wouldn’t have 15 confirmation screens to validate as it would only pop once at a time, and only each time the report threshold is triggered.

It isn’t hard to program in an image vs text, so that the text cant be used for “OCR” or optical character recognition, thus, eliminating concerns of ‘memorization’.

Once multi-factor authentication is working, it will diminish probably 90% of new hacked accounts. And hacked accounts will be an issue indefinitely. It’s not even an issue anymore of going to ‘adult/pirated software sites’.

Rather, (coming from someone who’s spent years in IT,) I see people get drive by key loggers and viruses, from looking up pictures of Salamanders on Google Images and clicking on one of the pictures, and before you know it, our virus alert pops up that they have a trojan. Then it pops up and says the have a keylogger. Then it immediately pops up and reports 5 trojans, spyware, and malware, all within seconds. Many users don’t even know they are infected.

Every day I read of a new exploit being found in a browser, so hacked accounts, just as stolen passwords and credit card information will be an issue for as long as humans exist.

Whatever power you give to players, it will be abused, no doubt.

I support this mechanism for handling bots.

I know an automated solution is being looked for here….but i think the best option would be a GM who covers several servers…and can actually be in game to check bots and ban them. With the huge sales of the game, can ANet not afford this?