Sign in to follow this  
Anund

Rampant cheating on WU

Recommended Posts

Desolation's anticheat actually worked quite well. We certainly didn't make public everything we saw being done.

 

The problem is that cheats will continue to evolve just as quickly as anti-cheats are created to counter them so there will always be a fluid balance between cheats and anti-cheats.

 

Of course the anti-cheat didn't protect against the stack overflow hack that someone developed nor the invisible player hack however it will with time.

 

Share this post


Link to post
Share on other sites

Nappy not sure what that stack overflow was, but it was only one instance correct? Did not repeat after bringing back up?

 

Also sadly anti cheat working and doing a good job, has to apply 1 thing that makes it sad. You really can't release anti cheat to the public, you just can't. If you release it public  then the cheaters see exactly what you are doing and it makes it easy for them to work around it. You guys did a good job, it is sad you can't share that info, but the reality is it needs to remain private.

  • Like 1

Share this post


Link to post
Share on other sites
20 hours ago, Xyp said:

Nappy not sure what that stack overflow was, but it was only one instance correct? Did not repeat after bringing back up?

 

I have received reports of it happening on two other servers (both the invisible player and the stack overflow usually completed together).

Share this post


Link to post
Share on other sites

WU Developers / Rolf should just make it so client side modifications can be disabled by server setting. If mod support isn't installed on a server, client side mods won't work (intentionally disabled).

This should clean up the abuse of mods for advantages that are unintended and allow people to have their custom servers the way they want them. I will be running a mod-free PVP server so things mentioned in this post won't happen, but that can only be so if my suggestion is taken into consideration and implemented post-haste.

Share this post


Link to post
Share on other sites
15 hours ago, Roushi said:

WU Developers / Rolf should just make it so client side modifications can be disabled by server setting. If mod support isn't installed on a server, client side mods won't work (intentionally disabled).

This should clean up the abuse of mods for advantages that are unintended and allow people to have their custom servers the way they want them. I will be running a mod-free PVP server so things mentioned in this post won't happen, but that can only be so if my suggestion is taken into consideration and implemented post-haste.

 

Even though your server will be mod-free, it cant prevent client-side modifications such as unlimited compass or belt.

Share this post


Link to post
Share on other sites
2 hours ago, MootRed said:

 

Even though your server will be mod-free, it cant prevent client-side modifications such as unlimited compass or belt.

 

People can create mods for the servers that override certain aspects of a player's client

Share this post


Link to post
Share on other sites
3 hours ago, Huntar said:

 

People can create mods for the servers that override certain aspects of a player's client

 

And other people can just as easily override the override, given enough observational data. :rolleyes: Literally, the weak link is that data has to be communicated over the network, and any data that's sent over the network can easily be forged if you know what you need to send.

  • Like 2

Share this post


Link to post
Share on other sites
3 hours ago, Jberg said:

 

And other people can just as easily override the override, given enough observational data. :rolleyes: Literally, the weak link is that data has to be communicated over the network, and any data that's sent over the network can easily be forged if you know what you need to send.

 

Agreed. What's really needed is a complete, end-to-end approach. Secure client, secure communication, secure server.

Share this post


Link to post
Share on other sites
16 hours ago, Nappy said:

 

Agreed. What's really needed is a complete, end-to-end approach. Secure client, secure communication, secure server.

 

Don't forget secure computer. And secure player. Put gunmen behind every one of them and shoot on sight of any cheat tools :P

 

There is no such thing as secure client unless you control the hardware it runs on. Even stuff like TPM can be trivially defeated if you run things inside a VM.

 

Huge companies spend millions (and possibly billions) to fight cheating in online games. Warden, VAC, PunkBuster... And all those only lead into a cat-and-mouse game. Cheaters find new ways around them, developers figure out a way to detect it and ban people. Repeat ad nauseam.

 

The real answer would be to design your game from the ground without trusting the client. Don't give the client any information that the players shouldn't have. Validate all actions on the server. And more importantly don't base your gameplay on long mindless grinds that can be trivially automated.

Edited by bdew
  • Like 1

Share this post


Link to post
Share on other sites
16 hours ago, bdew said:

 

Don't forget secure computer. And secure player. Put gunmen behind every one of them and shoot on sight of any cheat tools :P

 

There is no such thing as secure client unless you control the hardware it runs on. Even stuff like TPM can be trivially defeated if you run things inside a VM.

 

Huge companies spend millions (and possibly billions) to fight cheating in online games. Warden, VAC, PunkBuster... And all those only lead into a cat-and-mouse game. Cheaters find new ways around them, developers figure out a way to detect it and ban people. Repeat ad nauseam.

 

The real answer would be to design your game from the ground without trusting the client. Don't give the client any information that the players shouldn't have. Validate all actions on the server. And more importantly don't base your gameplay on long mindless grinds that can be trivially automated.

 

Soooo... we're going back to playing text games?

Share this post


Link to post
Share on other sites
10 hours ago, Klaa said:

 

Soooo... we're going back to playing text games?

 

Not necessary. A somewhat good example of a game designed along those ideas is Haven and Hearth. The client is open source, any kind of modification allowed. The devs actively look at what people do with the client and change their game design where needed.

 

Ultimately it's a tradeoff. For some people the integrity of the game is the most important thing ever, others want a fun game and couldn't care less. There is probably some kind of sweet spot on those scales where most players would be happy.

 

Another scale would be how much money they are willing to pay for that integrity, as resources of developers are limited. e.g. Blizzard can spend millions on Warden and sending lawyers to deal with the most prominent cheat providers. For them its a drip in the sea since they have >5M subs that pay 15$/mo each. For Rolf that has 1000x less players, investing so much in anticheat measures would be completely unrealistic. I mean nobody is going to pay $15000 sub to play a cheat free game.

 

 

  • Like 2

Share this post


Link to post
Share on other sites
On 7/18/2016 at 1:49 AM, bdew said:

 

Don't forget secure computer. And secure player. Put gunmen behind every one of them and shoot on sight of any cheat tools :P

 

There is no such thing as secure client unless you control the hardware it runs on. Even stuff like TPM can be trivially defeated if you run things inside a VM.

 

Huge companies spend millions (and possibly billions) to fight cheating in online games. Warden, VAC, PunkBuster... And all those only lead into a cat-and-mouse game. Cheaters find new ways around them, developers figure out a way to detect it and ban people. Repeat ad nauseam.

 

The real answer would be to design your game from the ground without trusting the client. Don't give the client any information that the players shouldn't have. Validate all actions on the server. And more importantly don't base your gameplay on long mindless grinds that can be trivially automated.

 

This is what SourceMod on CSS does, It help's quite a bit when detecting X-Ray. I could see this being replicated with WU, Don't send the client any information about the cave layer until there in range of a cave tunnel, Not just because "there within local". 

  • Like 1

Share this post


Link to post
Share on other sites

Well, the alternate is to source good players. If a server is being abused, since nobody can seem to figure out how to avoid client mods, most people use a password to protect it and only play with individuals they know won't be jerks. Maybe it's just daydreaming to think that there can ever be the kind of honor in gaming that there use to be in the 90's. Now it is all just about one-upping the opposition with any means possible which makes gaming = not fun. I suppose there remains those of us who still function on our word. If a server says no cheating or no abuse, those who seek to do so know there are others servers that don't mind and should utilize those instead of knowingly tormenting others. That requires more good people in the world, which requires humans to be good in the first place. Trying to move mountains.

 

I suppose I will just function on the word though; haha... living on the Honor system in an entirely dishonorable world. It will become apparent if someone is abusing advantages not normally given to regular unmodified clients and that person will be asked to cease or perhaps banned if it is abusive to others. If their actions don't really constitute anything but making the game somewhat more convenient, that isn't really too much of an issue as long as it isn't utilized in PVP to give an advantage, that is where it is wrong. Let's face it, normal WO can be insanely grindy and some things are not even possible because of how the normal game plays (the way I am building my shrines and map, for example, would be impossible in WO without ARCH powers). Besides, it is kind of difficult to force someone to make their own 99QL toolbelt (which is really nothing more than a hotkey - quick bar) when there is no sense of a normal market or community on servers that have an average of less than 10 players.

 

By the way, if blocking or disabling client-side modification (Or even bit-checking/file checking to prevent file-moded clients from joining server until they disabled them or use original, vanilla files) was a hard coded server setting, they couldn't modify it without shutting down the server and restarting it, just like the database files. It is read-only. I would like to see this explored, instead of disregarded. We want solutions, not obfuscation.

Edited by Roushi

Share this post


Link to post
Share on other sites

in my opinion, another way is to find out what "cheat" folks are using and change the game so everyone can benefit equally. I also think people generally only cheat because of bad game design choices.

Share this post


Link to post
Share on other sites
3 hours ago, joedobo said:

in my opinion, another way is to find out what "cheat" folks are using and change the game so everyone can benefit equally. I also think people generally only cheat because of bad game design choices.

 

yeah give everyone bear mods

Share this post


Link to post
Share on other sites
57 minutes ago, Huntar said:

 

yeah give everyone bear mods

 

FdpaaGR.png

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, joedobo said:

in my opinion, another way is to find out what "cheat" folks are using and change the game so everyone can benefit equally. I also think people generally only cheat because of bad game design choices.

 

yeah

 

lets allow everyone to see where all veins are, turn off trees, highlight everything all the time, have an active minimap that displays the position of veins, prominent trees if you choose, players, and animals also with everyone having a permanently free 90ql toolbelt, instant compass among other things.

 

pathetic people need to cheat with this stuff though, especially in a game such as Wurm where the skill ceiling is extremely low and the only variance is numbers, position, and if its a 1v1, how many exploits you know or if the enemy is bugged or not.

Edited by Propheteer

Share this post


Link to post
Share on other sites

you guys all want bear mods i still have source code and stuff

Share this post


Link to post
Share on other sites

Its true...Idle hands are the devil's playground. Some people have to much time on their hands to play honestly....Here I was thinking about renting a server but I think I'll stay in offline mode. I don't want to be bothered with all this. Never realized that this was an issue until this post. Then again I have only been on a couple servers with no problem (about 24hrs total). I surely don't want to come home from work, jump on my server and see players bickering among themselves about people cheating or whatnot. I deal with peoples problems daily, I don't want to come home and do it for people I can't see face to face lol.

 

This is how I feel about all this....If you can't do it in WO it should not be allowed on an WU server. Period. It doesn't matter if you bought the game or if it was gifted to you. Wurm Unlimited servers represent Wurm Online in a way. Knowingly allowing these types of mods on your server can affect the next generation of Wurm Online players. They can come into Wurm Online expecting things that players from pre wurm unlimited never thought of. (Hell we were happy with just sleep bonus lol).... 10x action speed....0.25 farming speed etc. Killing a troll solo when you never fought at all. Personally I would of never made the server settings editable. Keep them the same as Wurm Online and leave it at that. It just makes it harder for Wurm Online in the long run. I want to see Wurm Online in another 10 years. I dont want to see WU replace it.

 

 

Share this post


Link to post
Share on other sites

All of these listed are basically publicly accessible, Wyvern PvP isn't any less fun for it. When I first realized everyone was turning off trees etc I was pretty annoyed but meh it's not really a big deal.

 

Haven't seen any evidence of any mods that are worse than the public known ones so far, nobody cheating to get uniques instantly or anything. Most people on this server are fairly reasonable when it comes to this sort of stuff, not too many trolls. So there's not much of a problem since Wyvern is pretty much the only relevant server.

Edited by MightySheep

Share this post


Link to post
Share on other sites

#checkclients [<name> [true]]- sends a message to all clients that they should relaunch if they run an old client version.
 if <name> is specified then just send a message to the specified player to get a list of loaded classes.

 

working or not?

 

edit: nvm mods have no classes ;)

Edited by Eject

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this