Guild Wars 2

(1/2)

I attemped this earlier and was crucified because I had a link to a locked thread. This is similar to the framework that I have laid out for another game. It is on place on a few servers (private servers) and seems to work well.

Everyone keeps mentioning IP blocking as THE solution to the botting problem. It is NOT the answer. A proxy is painfully easy to enable (in some case, as easy as running a freely downloaded program) so IP blocks are useless. Although locking out other regions from playing on the geographical region designated (i.e. blocking Asia from playing on the North American region) may help in the slightest bit, it will end up hurting many others. This might include those traveling on busy, vacationing, visiting family/friends, and any other reason that would require one to be outside his/her home region. It begs the question, “then how do we solve it hot shot?”

Mapping.

Each map will be broken up into roughly even tiles. Since I have two Sylvari, we will use Caledon Forest as my example zone. Let’s say that Caledon Forest is 20×14 tiles for the rest of this article. With the map broken into tiles, a very simple script basically logs a player while in a map. Each kill made(1pt) , every item looted(1pt), every material harvested(2pt), every bit of mail sent(5pt) is logged. Any character reported for botting should receive a bonus to the points earned (say +1pt to all the actions above per 2-3 reports). The zone will handle all the data from each character. Every X seconds, the top 10 in each tile is moved over to a top-suspects zone log. Every Y minutes, the top 20 from the zone are moved to a global log. All logging will be done by account id (since it makes easier to spot those character hopping to hit events). Any character with X amount of events or Y minutes/hours within highly specific regions (say, a 2×2 area), it can safely be assumed to be a bot. Obviously, to prevent the ‘slaughter of innocents’, either of those values needs to be suitably high to avoid innocents being banhammered. To further protect legitimate players, certain tiles could be marked as “hot spots”. Such tiles could need double/triple the points accumulated and/or time spent to flag the character. With a bot sitting in plain view of players, the “report a bot” feature comes into play (which will eventually launch the bot’s point score past the danger threshold). When a character is identified as a bot, the suspension is handed out and the account locked until the owner goes through customer service. This serves to limit damage done by stolen accounts, let the account owner know that their account was compromised, and remove those bots from the game for small periods in a highly automated fashion. Removing the need for constant human intervention allows for a much more rapid bot destruction.

For example, let’s say BobtheBot on his ranger (with required bear pet) is farming in Caledon Forest (specifically tile 2,4). As BobtheBot’s activities continue in this one tile, a counter is logging the number of activities. After a few hours, it’s clear that BobtheBot is… A BOT. He has spent the last few hours in a single tile (and/or it’s adjacent tiles). He killed 20-30 mobs (20-30pts) per minute, each dropping an average of 2 items (20-30pts), and sent one spam email every five seconds (60pts). Every minute, BobtheBot was earning 100-120pts. That is roughly 6000 – 7200 pts per hour. Within 2 hours, BobtheBot has hit the points earned threshold. His account is flagged for suspension and lockdown. This will knock out the bot for the remainder of the day and possibly returning ownership of the account to the REAL Bob (if it was indeed stolen). If BobtheBot returns to repeat the process, he will last another 2-3h farming, then his account will be banned. Since everything was logged, all the accounts that BobtheBot emailed loot to are also logged and flagged. By logging and flagging the loot drop point accounts, entire networks can be locked down quickly.

-Hate

(2/2)

Recapping in a short(ish) fashion:

• Log activity and apply point scores to every action
  – 1pt Kill
  – 1pt Looting a Corpse
  – 2pt Per Node Harvested
  – 5pt Per Mail Sent
• Every X seconds, the top 10 in each tile are moved to a zone wide “top suspects” list.
  – And then every Y minutes, the top 20 from each zone are put into a global list for the server.
  – Furthermore, each time a player appears in the list, his/her position is notated. (i.e. BobtheBot 2,3,2,2,5,4)
  – These logs can be used to manually process suspensions or automate based on count.
• If characters hits X amount of “points” or spends Y amount of time within a certain tile (or set of tiles, say 2×2 or 3×3), the player is considered to be a bot automatically.
  – Exceptions include tiles marked hot spots (i.e. Cursed Shore holy triangle)
  – The limit would be suitably high, making it unlikely that a player would normally hit it.
• Any accounts suspended automatically or manually through this system also have account locked, requiring a call to customer service.
  – This helps mitigate the damage of stolen accounts.
  – Since all mail is logged on a basic level, networks of bots and gold farmers can be more quickly identified and marked. This can vastly improve the delay in taking down entire groups of them.
• Repeat activity after the initial 24h suspension result in a huge suspension (72h or week) and/or banhammering.

As stated above, a similar system was written for an emulator community. Some of the servers are actually using a system of similar design, but tailored to accomodate their specific gameplay mechanics.

Please don’t give me another infraction for this. I am only trying to help.

-Hate

It’s a pretty nice system actually by assigning the point and limit on the total points earned within certain period of time. It’s obviously quite hard to implement since the overhead of the data is just huge. The good thing about the system is if it’s implemented everything goes automatically.

I just think ANet won’t have the extra resource / man power to do those implementation and customer calls. The current reporting system is pretty handy and will kept them busy for quite some time.

Nice idea though.

Thanks for the reply.

Actually, that’s the point of the “every X <time reference>” section. This culls the data in semi-regular intervals to prevent the logs from becoming more space consuming than the game itself.

I also understand that the customer service calls are going to seem a bit overwhelming, but one has to consider that these are generally compromised accounts or purchased for the intent of bot farming. Neither of which need to be active. The compromised accounts should only be disabled temporarily (24h) and would let Anet, as well as the account owner, know that the account has been compromised.

-Hate

I like this solution. I’ve been thinking about different ways to solve the botting problem. If you add points from being reported for botting the resulting list will be even more accurate.

One idea I’ve been thinking about is to actually add a captcha question to the bot detection process. If you accumulate enough points, a captcha will pop up when the following are met:
1. You are not in combat.
2. You have been active in the last 5 seconds.

You will not be able to interact with the game before the captcha has been answered. If the captcha is not answered within 5 minutes, the player will be logged out and auto reported. If you want to login again, you will have to answer the captcha.

This would not make it impossible to bot, but large scale bot operations will need constant monitoring to answer captchas. The point system can still be used for manual banning.

Considering I sent a bug report now two weeks ago for a piece of armour I lost (it was gem store bought stuff) due to a bug in the inventory, and haven’t even gotten an automatic message back yet, I think overwhelming and just ignored would go hand in hand now.

Hello,

Thank you for your feedback, it’s appreciated. We will forward your ideas to our teams.

We are taking such issues very seriously, and it’s one of our top priorities at the moment. Our team is working very hard to find the best way to solve this.

Thank you for your understanding & patience.