[Discussion] Anti Bot

Quote:

Originally Posted by InsomniacPro Because proxies don't hook.

Then send packets differently, include hashes in the footer, change some ids, change the encryption, plenty of solutions.

Quote:

Originally Posted by _DreadNought_ Then send packets differently, include hashes in the footer, change some ids, change the encryption, plenty of solutions.

Let's be honest, how many people here can obviously be capable of that?
Besides the big names around here, not many.

Quote:

Originally Posted by InsomniacPro Because proxies don't hook.

To be fair, most proxies do hook ws2_32.connect in order to re-direct the connections to the proxy.
There's, of course, ways to do this without hooking anything though.

Quote:

Originally Posted by SteveRambo To be fair, most proxies do hook ws2_32.connect in order to re-direct the connections to the proxy. There's, of course, ways to do this without hooking anything though.

My bad, let me correct myself.
Proxies don't need to hook.

Quote:

Originally Posted by InsomniacPro Let's be honest, how many people here can obviously be capable of that? Besides the big names around here, not many.

A couple of the options I named are really easy to accomplish things, if you're serious about creating an Anti-cheat, you have quite simply got to put the time in to learn, not to mention it's awesome fun to achieve ;D

Quote:

Originally Posted by _DreadNought_ Then send packets differently, include hashes in the footer, change some ids, change the encryption, plenty of solutions.

These are all great solutions, but the OP's question was anti-cheat methods server side.
All of these require client editing/hooking or creating a proxy between the client and your server.

Quote:

Originally Posted by _DreadNought_ A couple of the options I named are really easy to accomplish things, if you're serious about creating an Anti-cheat, you have quite simply got to put the time in to learn, not to mention it's awesome fun to achieve ;D

That ^.

Quote:

Originally Posted by Aceking These are all great solutions, but the OP's question was anti-cheat methods server side. All of these require client editing/hooking or creating a proxy between the client and your server.

Server-side solutions are very complexes. Defining patterns (like jump speed and such things) is the best way to do it.

Would this be good?
-Every 5 minutes or more check if player KO > lets say 1200 then give him captcha and if not correctly answered in like 30 seconds disconnect?

It depends how effective your "captcha" system is, any programmer worth his salt who is botting on your server or providing the bot, will be able to just parse your "captcha" from the NPC Dialog if it's sent in plain text. (Although I suppose most programmers aren't interested in a private server anyway)

Plus you need to find the right balance between security and just irritating your players with popups, especially whilst they are XP chaining.

Like it has been said, your very limited with a purely server-sided anti-bot, personally I'd go all out if I ever did an anti-bot again, multi-layered security with redundancies, get around one element of protection straight into another etc.

Quote:

Originally Posted by © Haydz It depends how effective your "captcha" system is, any programmer worth his salt who is botting on your server or providing the bot, will be able to just parse your "captcha" from the NPC Dialog if it's sent in plain text. (Although I suppose most programmers aren't interested in a private server anyway) Plus you need to find the right balance between security and just irritating your players with popups, especially whilst they are XP chaining. Like it has been said, your very limited with a purely server-sided anti-bot, personally I'd go all out if I ever did an anti-bot again, multi-layered security with redundancies, get around one element of protection straight into another etc.

Which is overkill for co private servers.

Quote:

Originally Posted by turk55 Which is overkill for co private servers.

Not overkill, look at AcidCO - How many hackers did they have?

Quote:

Originally Posted by turk55 Which is overkill for co private servers.

In my experience, when it comes to anti-debugging and deterring hackers, there's no such thing as overkill.

What's the point in having a check for a debugger, when that check itself could just be easily NOP'd.

My point is that there aren't many developers left that are playing on a CO private server, so even if you have the simplest anti bot you will prevent most of the cheating players.

Quote:

Originally Posted by turk55 My point is that there aren't many developers left that are playing on a CO private server, so even if you have the simplest anti bot you will prevent most of the cheating players.

Ah yeah, apologies, I thought that was maybe what you meant.

I agree, although I enjoy working with assembly so I would probably go overboard for the exhilaration.