first exploit
second exploitit happens when you are giving your players a free bounded +8 gears with having a rubbisher npc (unbounding gears 2k each)
so with doing some math if you kept creating accounts and using that npc to unbound the gears you will end up having a +12 item with only a price of 8k cps instead of 104k cps
solution : remove rubbisher npc or atleast restrict the unbounding to only unbound the +12 gears
it happens when you are allowing players to summon demonbox monsters anywhere but some restricted maps
for example they can spawn it anywhere but not at market/jail/plapla
which happens to be an exploit if you are having special drops depending on map id and not monster id ex. if map id == 50 drop super duper db
solution : limit where to spawn demonbox in postive and not negative way
postive way is spawn it only at certain maps
negative way is to spawn it at any map but not certain maps
solution 2: set your special drops to be switched by monster id/name instead of map id
third exploit
fourth exploitit happens when you set your conditional instructions (if/switchs) to search for substring of names and not comparing the whole string
ex. if name contain "Guard" return attack 999999
ex. if name contain "GM" apply command
solution : search for exact strings ex. Guard1/Guard2 also make sure it have a false player flag , you may also want to have some more restrictions for naming char. (not to contain "[]") but a better solution is to search for player status for being gm/pm/normal player from the db
fifth exploitit happens with poison blade and toxic fog spell , people are able to cast it on bosses (ex. treato and banshee)
solution : set restriction on casting both not to cast them on bosses (assuming that you are using the boss flag right at the monsters db , else you should just add monsters id manually)
sixth exploitit happens when you just don't remove a pop up from player screen , and you forget to put restrictions on when the player can enter the map/quest/use the pop up in general , i use that exploit to enter maps after the events are over
solution : send the pop up and set timer to remove any active pop ups or this pop up
seventh exploitit happens when you manage to give the item first then take the cps depending on a check you made in a previous dialog
solution : for trinity you are having a bool removing method which should be your check , if it returns true for taking the cps/item you can then give what it should be giving
eighth exploiti also want to add that trusting client is a fatal mistake you should never do , with some reversing for the client you can do stuff normal you should not be doing , so building up your logic depending on the client restrictions is a fatal mistake
players got the clients , you got the server , no matter what client send you , you should always check your db
ill be adding more whenever i find more common exploits , thanks for reading , have a great dayit happens when you allow players to cast displacement spells such as dragon whirl , (that other priate skill) on maps like gw , or in general anywhere they could get advantage of
solution : an easy solution is to prevent/restrict using that spell at the coords near/throw the gates , an advanced solution is to have checks on any kind of transportation (including walking/jumping/using such spells) to be restricted at certain coords including gates (which is sure in case of gates mesh indicates that it's closed)
