These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
Previous page12
 

RMT & Bots

First post
Author
Previous Topic Next Topic
Soldarius
Dreddit
Test Alliance Please Ignore
#21 - 2012-10-08 23:40:16 UTC
Lord Amaterasu wrote:
Just like Guantanamo eh.Blink


Fixed it for you.

http://youtu.be/YVkUvmDQ3HY
Vincent Athena
Photosynth
#22 - 2012-10-08 23:43:41 UTC
CCP Stillman wrote:

I did a 40 minutes presentation about our work this Saturday in EVE Vegas. I don't know if the stream was recorded, but look for that. I might turn it into a dev blog at a later date.

But you're right, we can't discuss our methods. Just the results.

Please do. There is a basic flaw in CCP's current war on Bots: New players do not know about it. Old Dev blogs are buried. New players do not go to eve Vegas, or fanfest. The only way they find out about CCP's efforts are word of mouth (which given the average reliability of the typical eve player, they may not believe) or by trying botting and getting banned.

CCP Stillman, you need continuous, persistent and visible deterrence to botting, visible by all players, even new ones. They should be deterred from even looking for botting software, even once. Bot writers will happily take money from naive players who think they can bot, and laugh all the way to the bank. The only way to stop that is to insure new players know the consequences. If the bot writers stop getting new customers, they will go do something else. With no eve bots being written, it will become much harder to bot.

Continuous, persistent and visible deterrence.

Know a Frozen fan? Check this out

Frozen fanfiction
Vertisce Soritenshi
The Scope
Gallente Federation
#23 - 2012-10-08 23:56:42 UTC
Roll Sizzle Beef wrote:
Speaker for TheDead wrote:
Yes, and with a fifty thousand transactions a day, I'm sure they have lots of people trying to figure out who's doing what....Roll


Because automation cant flag amounts and repetition for further human scrutiny.

I work with an SQL server that has millions of transactions per day going through it. Guess what I get to do all day long...that's right! Query **** loads upon **** loads of transactions looking for mistakes, duplications, commonalities...believe me. It's all in there and a lot easier to access than you might think. I would imagine that CCP's database is similar to the one I work with. It wouldn't be too hard to find transactions that have commonalities in size and with certain players within certain timeframes.

I would go on but I play EVE to get away from work.

Bounties for all! https://forums.eveonline.com/default.aspx?g=posts&m=2279821#post2279821
Bhock
Garoun Investment Bank
Gallente Federation
#24 - 2012-10-09 01:03:32 UTC
Vertisce Soritenshi wrote:
.....

Datamining and query optimization are not such common skills anymore (or I wouldn't make such money doing it). It's too old-school for kids, and requires a certain way of thinking.

As stated, checking millions of records a day is nothing with the current computing power. We don't run calculators anymore, and bot-hunting can always be running on last-days backup, on a separate system, not to burden the live databases.

I would have helped on this, but as Vertisce, I play EvE to forget about work.

Still I am sure that with some anonymization of account data, it could be opened to a secured out-of-CCP base of trusted "inspectors". I'm sure CCP could recruit good hunters in the player base Twisted Some good ideas could come back to CCP (players mindset is often more twisted than devs).

Thanks CCP and Team Security for hunting them for us... makes the game much better each time a bot disappears (without sound, in space)
Vera Algaert
Republic University
Minmatar Republic
#25 - 2012-10-09 06:31:40 UTC  |  Edited by: Vera Algaert
Christy D Floyd wrote:
How can CCP know if Joe Blow sells his isk to some random person? They dont thus they cant enforce it or am I completely wrong about this? Do they have a camera recording everything every eve player is doing everyday? Do they have mind readers on staff? If they dont know its happening how can they enforce it?

they can't (shocker).

CCP can look for patterns left by organized, large-scale RMT operations.

But without mindreaders they will never be able to do anything about the type of "casual" RMT ("WTB Planetside 2 beta key (ISK)", "Quitting EVE and selling my main for $300 broprice", "Bored of GW2 and selling my account for ISK", ...) that seems to pervade just about every EVE alliance/community (whether large or small) I have ever been part of.

These transactions are one-time only/very rare and don't leave any unusual patterns in-game - a player who quits the game might conceivably gift his main to a friend in his corp, randomly sending a few billion ISK to an alliance mate is nothing unusual (as long as it doesn't happen too often) and the only damning records left by such transactions tend to be on private alliance forums, OOG chat logs, ... which means their authenticity cannot be verified by GMs even if somebody was willing to break the blue code.

The ban on RMT is unenforceable.

.
CCP Gargant
C C P
C C P Alliance
#26 - 2012-10-09 10:09:00 UTC
I cleaned up the first few posts of this thread as they contributed nothing to the discussion and simply served to derail the thread.

Onwards!

CCP Gargant | EVE Universe esports Coordinator
Chribba
Otherworld Enterprises
Otherworld Empire
#27 - 2012-10-09 10:19:41 UTC
CCP Stillman wrote:
Lors Dornick wrote:
Actually, there's several ways for CCP (Sreegs and Posse) to detect bots and RMT.

But they would be fools if they actually said anything about how.

They have hit hard, and they continue to create tears (find 'em, they are lovely).

But if you have any experience within infosec (and hacking/botting mmorpgs is related) you know that we don't do PR.

Actually, I'd like to see the videoblog of Guard trying to force Sreegs to do a dev blog ...

It might score high on youtube (fight section).

I did a 40 minutes presentation about our work this Saturday in EVE Vegas. I don't know if the stream was recorded, but look for that. I might turn it into a dev blog at a later date.

But you're right, we can't discuss our methods. Just the results.

I saw the EN24 writeup about that presentation and I would love to see it. And I know you guys work towards banning and such but sometimes it feels just exausting seeing the same bots months and months you know.

One of my bigger concerns atm is spambots, which use has grown a lot over the past year (I'm trying to put together a bigger analysis of spambots from my own data) - they are only becoming a bigger and bigger problem, can you shed any light at all if this is being looked at in any way at all?

Seeing the same spambot, spamming 24/7 every 75s even 2 months after its first report... just makes me wonder.

/c

★★★ Secure 3rd party service ★★★

Visit my in-game channel 'Holy Veldspar'

Twitter @ChribbaVeldspar
Drs Tesla
Nocturnal Synergy
#28 - 2012-10-09 10:22:40 UTC
CCP Has their ways and with all that's on their plate...only so much they can do.

*posting in a thread with chribba :)
Lors Dornick
Kallisti Industries
#29 - 2012-10-09 13:32:05 UTC
CCP Stillman wrote:

I did a 40 minutes presentation about our work this Saturday in EVE Vegas. I don't know if the stream was recorded, but look for that. I might turn it into a dev blog at a later date.

But you're right, we can't discuss our methods. Just the results.


Couldn't find the presentation on the tubes (but some good writeups like from Low Sec Lifestyle).

Since you obviously have prepared (and performed) that presentation, would it be possible to recreate it as a Dev (Video) Blog?

CCP Greyscale: As to starbases, we agree it's pretty terrible, but we don't want to delay the entire release just for this one factor.
Lin-Young Borovskova
Doomheim
#30 - 2012-10-09 13:53:19 UTC  |  Edited by: Lin-Young Borovskova
Chribba wrote:
I saw the EN24 writeup about that presentation and I would love to see it. And I know you guys work towards banning and such but sometimes it feels just exausting seeing the same bots months and months you know.

One of my bigger concerns atm is spambots, which use has grown a lot over the past year (I'm trying to put together a bigger analysis of spambots from my own data) - they are only becoming a bigger and bigger problem, can you shed any light at all if this is being looked at in any way at all?

Seeing the same spambot, spamming 24/7 every 75s even 2 months after its first report... just makes me wonder.

/c



Agree on this concern. Spambots might or might not be easy to spot but those come from somewhere and are so obvious I can barely understand why apparently nothing is done against.
And that "somewhere" might as well be the start point to find new intelligent bots for other activities in game, like spam target with whatever at the point you crash and get killed without any evidence of what happened (yes this happens), crash gates, overload nodes without any evidence of large fleets running 20 systems around and lots of other funky stuff, missions FW bots etc etc.

A lot of people must realise how gigantic "bots" market and activities is, they simply imagine bot is the ship depleting rocks because a couple idiots said so (idiots or boters themselves?), might actually just be the top of the iceberg and actually represent a tiny percentage of real bots (that are nothing else but cracks) affecting the game much more that the real afk dude in his mackinaw reading some book and didn't noticed his cargo is full for half an hour.

Now I can safely ask my self how many exploiting faction warfare are nothing but real boters, at each and single new milk cow you find in eve you can be sure when you notice it or someone talks about it, it makes months or weeks some other dudes not saying a single word, never posting here with their real IG char, are already exploiting it to the ground and making hundreds billions of profits.

Market bots, simply these ones hurt 500% more players in game than any called mining bot often being a single guy doing this activity while doing some other thing at the same time.
But it's so much easy to say "hey he didn't answer me therefore is a bot because I SAID SO". Idiots have always the same arguments, empty ones based on assumptions and they would kill half of the planet based on their assumptions, that's why they are so dangerous for this game and should never be taken seriously by any one starting by CCP.

brb
Destiny Corrupted
Deadly Viper Kitten Mitten Sewing Company
Senpai's Afterschool Anime and Gaming Club
#31 - 2012-10-09 14:06:22 UTC  |  Edited by: Destiny Corrupted
The truth is that CCP can't do anything against botters who even remotely know what they're doing. Make your own script, add random factors to click delays and screen coordinates, disguise the process, and you're done. It doesn't touch the game, it doesn't touch the memory, it doesn't inject code. Just a clicker script that's about as illegitimate as your mouse drivers. Aside from running downright trojan-like software that monitors memory usage and logs all input, or simply opening up a chat with a suspect and asking him "psssst, bro, you bottin'?" there's absolutely nothing they can do. Of course this only applies to slow-paced activities like mining and ratting. Detecting market order modification spam is much easier since no human can possibly refresh two orders a second for hours on end.

I've known people who did this for years and weren't touched once. I've also known people who used "public" bots or other "tools" who were busted pretty quickly, for obvious reasons. It obviously doesn't take a whole lot of effort to browse botting forums and then bust people who are using stuff you can decompile or detect when it starts screwing with server code.

Oh, and I should add that there are a lot of bots. A lot a lot a lot. I'd estimate somewhere in the vicinity of 15-20% of the average daily player count.

I wrote some true EVE stories! And no, they're not of the generic "my 0.0 alliance had lots of 0.0 fleets and took a lot of 0.0 space" sort. Check them out here:

https://truestories.eveonline.com/users/2074-destiny-corrupted
Destination SkillQueue
Doomheim
#32 - 2012-10-09 14:16:32 UTC
Destiny Corrupted wrote:
The truth is that CCP can't do anything against botters who even remotely know what they're doing. Make your own script, add random factors to click delays and screen coordinates, disguise the process, and you're done. It doesn't touch the game, it doesn't touch the memory, it doesn't inject code. Just a clicker script that's about as illegitimate as your mouse drivers. Aside from running downright trojan-like software that monitors memory usage and logs all input, or simply opening up a chat with a suspect and asking him "psssst, bro, you bottin'?" there's absolutely nothing they can do. Of course this only applies to slow-paced activities like mining and ratting. Detecting market order modification spam is much easier since no human can possibly refresh two orders a second for hours on end.

I've known people who did this for years and weren't touched once. I've also known people who used "public" bots or other "tools" who were busted pretty quickly, for obvious reasons. It obviously doesn't take a whole lot of effort to browse botting forums and then bust people who are using stuff you can decompile or detect when it starts screwing with server code.


Thanks for the advice on how to best break the TOS and avoid CCP detection. Big smile
baltec1
Bat Country
Pandemic Horde
#33 - 2012-10-09 14:20:57 UTC
CCP Stillman wrote:
Lors Dornick wrote:
Actually, there's several ways for CCP (Sreegs and Posse) to detect bots and RMT.

But they would be fools if they actually said anything about how.

They have hit hard, and they continue to create tears (find 'em, they are lovely).

But if you have any experience within infosec (and hacking/botting mmorpgs is related) you know that we don't do PR.

Actually, I'd like to see the videoblog of Guard trying to force Sreegs to do a dev blog ...

It might score high on youtube (fight section).

I did a 40 minutes presentation about our work this Saturday in EVE Vegas. I don't know if the stream was recorded, but look for that. I might turn it into a dev blog at a later date.

But you're right, we can't discuss our methods. Just the results.

I hope you have plenty of graphs in that blog.
Destiny Corrupted
Deadly Viper Kitten Mitten Sewing Company
Senpai's Afterschool Anime and Gaming Club
#34 - 2012-10-09 14:23:56 UTC
Destination SkillQueue wrote:
Destiny Corrupted wrote:
The truth is that CCP can't do anything against botters who even remotely know what they're doing. Make your own script, add random factors to click delays and screen coordinates, disguise the process, and you're done. It doesn't touch the game, it doesn't touch the memory, it doesn't inject code. Just a clicker script that's about as illegitimate as your mouse drivers. Aside from running downright trojan-like software that monitors memory usage and logs all input, or simply opening up a chat with a suspect and asking him "psssst, bro, you bottin'?" there's absolutely nothing they can do. Of course this only applies to slow-paced activities like mining and ratting. Detecting market order modification spam is much easier since no human can possibly refresh two orders a second for hours on end.

I've known people who did this for years and weren't touched once. I've also known people who used "public" bots or other "tools" who were busted pretty quickly, for obvious reasons. It obviously doesn't take a whole lot of effort to browse botting forums and then bust people who are using stuff you can decompile or detect when it starts screwing with server code.


Thanks for the advice on how to best break the TOS and avoid CCP detection. Big smile

It's not exactly top-secret, classified Pentagon information. Like I said, anyone who knows what he's doing will already go undetected, and people who don't know what they're doing will just get their stuff from botting forums.

I wrote some true EVE stories! And no, they're not of the generic "my 0.0 alliance had lots of 0.0 fleets and took a lot of 0.0 space" sort. Check them out here:

https://truestories.eveonline.com/users/2074-destiny-corrupted
Reticle
Sight Picture
#35 - 2012-10-09 14:31:58 UTC
OP is stupid.

RMT is real money for ISK. In order for the RMT'ers to get money, they have to sell to the public. If they sell to the public, then...

The rest should be obvious.
Lin-Young Borovskova
Doomheim
#36 - 2012-10-09 14:45:50 UTC
Reticle wrote:
OP is stupid.

RMT is real money for ISK. In order for the RMT'ers to get money, they have to sell to the public. If they sell to the public, then...

The rest should be obvious.


If it's that obvious then why so many accounts sub with untraceable payment methods?

Do you realise you can get a fake mail address, create an eve account and sub with pay pal account on another fake mail account?
How many of these do you think CCP really has the time or manpower to take care of?

And finally, if there's such a persistence from some players talking about RMT and bots it's probably, I really mean probably, because it's not that obvious you actually think?


brb
Syss7
SniggWaffe
WAFFLES.
#37 - 2012-10-09 19:37:21 UTC
CCP Stillman wrote:
[

But you're right, we can't discuss our methods. Just the results.


Bomb Drones
Ptraci
3 R Corporation
#38 - 2012-10-10 13:05:36 UTC
Destiny Corrupted wrote:
The truth is that CCP can't do anything against botters who even remotely know what they're doing.


While I agree that botting activities can be obfuscated, the end goal of botting is the same. Maximizing ISK with a minimum of effort, while funneling that ISK for nefarious uses. There are many ways of catching a botter/RMTer other than just looking at the account. You can follow the money backwards, too. I'm sure CCP has a budget for "buying" isk from RMT sites, and then figuring out where it came from.
Doddy
Excidium.
#39 - 2012-10-10 13:10:26 UTC
Speaker for TheDead wrote:
Vertisce Soritenshi wrote:
Christy D Floyd wrote:
They dont thus they cant enforce it or am I completely wrong about this?


Yes you are completely wrong. Every transaction made in the game is recorded in a database. I don't know what they use...likely SQL or something but it's there and they can easily access it.


Yes, and with a fifty thousand transactions a day, I'm sure they have lots of people trying to figure out who's doing what....Roll


Believe it or not they can automate too. Its cheating i know ....
Previous page12