Anti-Bot System - Feedback Request

[Adposatnr]

Vanguard, Battleye, FACEIT Client Anti-cheat, EAC—all these are kernel-level, and each would block 100% of commercial tibia bots available for OTS.

vanguard corrupted my windows files once during bluescreen aint touching anything that got anti cheat on a kernel level anymore

 

[Night Wolf]

I still suprised server owner prefer 400 afk players over 100 active players

If I might share more about my experience, I have done what Gesior suggested here.

I had the following setup (that was before tibia implemented auto loot)

• Log that collects delta time between pickups (both first pickup - calculated from the time the guy clicked on the corpse to the time he triggered the onMove. Then the delta to consecutive pickups from the same corpse
• Log that collects delta time between being hit and recovering hp, I also took a few other metrics like Soul, HP, HP% etc.
• Log that collects delta time between a monter appearing in the screen and being hit

From those delta times, I calculated not only the reaction (avg/median) but also the consistency (stdev). For larger periods I could also calculate avg/median and stdev of the previous results to check the consistency of the consistency.

Then I had a few talkactions to individually (and manually) test someone, those talkactions were very simple and would trigger a reaction for the cases mentioned above:

• /testhp player, life%: would set a store to turn the player immortal and then reduce his HP to life%. This would trigger autoheal automatically and I'd confront the guy with the evidence (video cam)
• /testmob player, range: would create a mob with infinite HP and that doesn't deal damage for 1s in "range" distance from the player. If the mob was attacked I'd get a report with the reaction time of the target

So if I had a suspicion, I'd test the guy and get evidence. The report from the data was nearly 99.95% accurate. I only had the cam + talkactions so I could show evidence to other folks. Usually when you banned a guild leader several people would appear saying the guy was legit and I'm the GM that is trying to help the rival guild, so best to have evidence in case you need to justify anything.

As you might have imagined, we banned EVERY SINGLE BOTTER, and honestly it did not took more than a week.
As a result, my game went from 100 players to 20 players. Several guilds quit after their friends got banned; The 20 remaining were always complaining the game was "too empty" and even newcomers would check online list as a synthom of a dying server.

This made my server die within 2 months, even advertising wasn't enough to bring more legit people to replace the banned botters. I kept the server online for 2 more years, worked on updates and published in FB group. Some people would check weekly for the updates and asked me to do a "reset" and allow botters this time, but I never did. 2 yers later I got tired of paying and gave the project to a friend.

 

[kay]

It would be good for preventing macro rune makers that inflate the economy. (which is the biggest chunk by far of the bot/macro problem).

Not really. It only takes minimal will and effort to get rid of the most of those macros that run for hours fully afk (without any alarms or watching the screen). Since they have absolutely no protection, such macros always operate solely on the assumption that they will never be checked or tested in any way, because they fail in every other case. The use of such invasive methods against them is therefore completely unnecessary. It's a lazy "solution" that usually only shows that you lack proper ideas or willingness to deal with anything a lil more advanced.

So if I had a suspicion, I'd test the guy and get evidence. The report from the data was nearly 99.95% accurate. I only had the cam + talkactions so I could show evidence to other folks. Usually when you banned a guild leader several people would appear saying the guy was legit and I'm the GM that is trying to help the rival guild, so best to have evidence in case you need to justify anything.

One of the cardinal rules of fighting cheaters must be that you will not explain to them how they got caught, because it is like telling them how not to get caught. A cheater should never know at which point they failed and should be always left clueless.

Also, the reason why your server died is not because you supposedly got rid of botters, but probably because you first allowed them to bot (or it targeted a group of players that had only been taught to bot on other servers before yours), which got rid of the actual players, and then you banned the botters when there was nobody else. If you want to run a successful bot-free server, you have to target it only for the players who truly want to play such a server since the very beginning, and fully reject the idea that a chater is also a player. That means no half measures, no exceptions, no explanations, no negotiation. You don't care if they quit, they are not your players and they never were. From this perspective, you always had those 20 players only, and that's the problem.

 

[Ezzz]

Vanguard, Battleye, FACEIT Client Anti-cheat, EAC—all these are kernel-level, and each would block 100% of commercial tibia bots available for OTS.

Only Vanguard and FACEIT are Kernel Level anti-cheats though.

 

[Bloodbringer]

Not really. It only takes minimal will and effort to get rid of those macros that run for hours fully afk (without any alarms or watching the screen). Since they have absolutely no protection, such macros always operate solely on the assumption that they will never be checked or tested in any way, because they fail in every other case. The use of such invasive methods against them is therefore completely unnecessary. It's a lazy "solution" which only shows that you will most likely lack proper ideas when it comes to dealing with anything a lil more complicated.

Captcha is almost 100% effective and requires zero manual effort. You are suggesting these players to be manually checked and calling that easier?
I just saw someone post in their discord stating they love the new verification system because it helps get rid of cheaters, even though it is super disruptive (you are teleported, walk to a place then need to answer a math question). I can only see legit players actually approving disruptive measures and getting good impressions from it, not the opposite.

In fact I remember I ran a very simple macro to afk rune making in Tibiantis and did not get caught, I am sure a captcha system would have stopped me lol.

 

[kay]

You are suggesting these players to be manually checked and calling that easier?

Nop, I'm suggesting that you still need to check your players for many other possible cheats regardless. And for any more sophisticated inspecting method (or manual check) those macros would be falling before everything else anyway. So there's no such dilemma, unless you limit fighting cheaters ONLY to those primitive macros left to run fully-afk all days.

I just saw someone post in their discord stating they love the new verification system because it helps get rid of cheaters, even though it is super disruptive (you are teleported, walk to a place then need to answer a math question). I can only see legit players actually approving disruptive measures and getting good impressions from it, not the opposite.

Some players might not be aware enough to realize that those measures are not necessary and/or flawless, which is exactly why they will be happy with them, but it doesn't disprove my point.

In fact I remember I ran a very simple macro to afk rune making in Tibiantis and did not get caught, I am sure a captcha system would have stopped me lol.

Sorry, it's nothing but an anecdotal evidence, and like with any anecdotal evidence, it's a clear attempt to discredit the adversary only by taking advantage of the fact that it cannot be verified.

Anyway, captcha in Tibia is a lazy and invasive method to counter only the most primitive cheat, i.e. a tasker that runs for hours fully afk. It would be enough for a cheater to watch their screen once in a while or set up a very basic sound alarm on pixel change - and it will do literally nothing to them. It's kinda like cip sending gamemasters to stop bots, when every bot had an option to pause on gamemaster's approach (and gamemasters were disallowed to take action then). Sure, they could ban those who forgot to turn it on, but that's about it.

You're saying that captcha is more effective - in the sense that you potentially test every player, and not just some like a gamemaster would - yes, that's right. But it happens at the cost of also potentially annoying every player, while it's still not touching the core issue and it remains just as easy to bypass. A sieve with holes this big can possibly be used as additional check, one of many layers, and that's fine (again, if it only wasn't so intrusive to legit players), but you cannot rely on it so much as you suggest. And it doesn't really matter how good that captcha is, it's still going to be at least this easy to bypass, because it goes against another cardinal rule: a cheater should never know when they are tested.

By the way, it's not those basic macros that inflate the rune market the most. It's multi-clienting. Of course, these two can go together, but it's the multi-clienting that is responsible for boosting production capabilities to enormous proportions.

 

[frankfarmer]

All this captcha-stuff could potentially be used for is if it's sent manually to a player that looks suspicious by a game master and used as a tool to see how fast it's solved and/or the reaction is from that player in particular that looks suspicious. Otherwise all it would otherwise do if fully automatic is hurting the majority of the player base..

 

[Night Wolf]

One of the cardinal rules of fighting cheaters must be that you will not explain to them how they got caught, because it is like telling them how not to get caught. A cheater should never know at which point they failed and should be always left clueless.

Also, the reason why your server died is not because you supposedly got rid of botters, but probably because you first allowed them to bot (or it targeted a group of players that had only been taught to bot on other servers before yours), which got rid of the actual players, and then you banned the botters when there was nobody else. If you want to run a successful bot-free server, you have to target it only for the players who truly want to play such a server since the very beginning, and fully reject the idea that a chater is also a player. That means no half measures, no exceptions, no explanations, no negotiation. You don't care if they quit, they are not your players and they never were. From this perspective, you always had those 20 players only, and that's the problem.

I guess you misunderstood my comment, I wasn't telling them how the rules of detection worked, I was just giving them evidence they were using cheat. Those are completely different things. My system was a machine learning algorithm that would be retrained on a weekly basis to learn to identify the curves that separate true players from macro players, so even I didn't know the rules until the retrain is done. Because we had past data of people getting caught we could update the weights and retrain with a more precise info every time.
Thing is, bots are very very consistent and I was checking both consistency of actions as well as the consistency of consistency. Even you do random actions at random interval, your randomness consistency will be higher than a regular player.

Since long before opening we advertised the server would enforce a 0 botting rule, people were getting deleted on the first weeks of the server. I guess they just were used to always hear these promises and thought they would get away if they didn't used afk bots.