Top Mud Sites Forum - View Single Post - MUD Anti-cheat

shadowfyr · 05-14-2007, 02:45 PM

To add my two cents in here. The rule where I play is, "No script or client can 'directly' send commands not initiated by someone who is not at the keyboard, *except* for those that only provide information between players. This means someone could "cheat" by doing it anyway, but they will eventually get nailed for it, since someone on the staff, or another player, will notice them doing something, try to talk to them, and find that they are being ignored (and not officially with the ignore command). This is a nuking violation. So is hacking someone's passwords or multi playing, both detectable by which IP is in use at the time and what sort of things they are doing while logged in.

As for trying to munge the data, so people can't trigger off it, I think that seriously stinks, doesn't work in the long run, and just ****es off the people that intend to do things like funnel some things to secondary windows, or do data tracking on their end, which has no direct interaction with the mud itself. Its the equivalent of telling people, "I don't care how clever you are or what you client can do, I don't want you displaying a MMO style inventory sheet on your own computer for the stuff you are wearing!" The obvious question, as with any such intentional derailment, is, "How the hell can you tell, and why the heck should it matter to you how I display that information?" The only answer is invariably, "Well, we want to make it 1% harder for someone that does botting to write their scripts. Umm, OK, and how is that stopping them at all? lol

After all, making the data harder to deal with doesn't solve anything, it just kills legitimate uses in some case, while making the bots AI slightly more complex. In the end, you are still going to have to watch for non-responsive people, who seem to be doing a lot of exping, etc., while never responding to your staffs questions to them. That is the *only* way, short of using a proprietary client, that you can catch them. And the later... isn't much use either. With something like Mushclient, the only difference between an Iron Realms client and Mushclient is figuring out the protocols they came up with to prevent someone using a non IRE client. Some people are fiddling with it and are about... 80% there already. Making the client-server interface more complicated only stops the most limited clients from circumventing things, it still doesn't "prevent" anything, it just makes it take longer to duplicate the protocols. In the end, its still someone at the machine trying to talk to a supposedly active player, who finds they won't respond to anything, that will "catch" people that cheat. If anything, the morons trying to hack the server/characters are *far* easier to detect than someone using the wrong client or running 5000 lines of script that doesn't send one single thing to the mud in a recognizable way that a player couldn't. Its still going to take trying to talk to them to figure out what is really happening.

05-14-2007, 02:45 PM	#11
shadowfyr Senior Member Join Date: Oct 2002 Posts: 310	To add my two cents in here. The rule where I play is, "No script or client can 'directly' send commands not initiated by someone who is not at the keyboard, except for those that only provide information between players. This means someone could "cheat" by doing it anyway, but they will eventually get nailed for it, since someone on the staff, or another player, will notice them doing something, try to talk to them, and find that they are being ignored (and not officially with the ignore command). This is a nuking violation. So is hacking someone's passwords or multi playing, both detectable by which IP is in use at the time and what sort of things they are doing while logged in. As for trying to munge the data, so people can't trigger off it, I think that seriously stinks, doesn't work in the long run, and just ***es off the people that intend to do things like funnel some things to secondary windows, or do data tracking on their end, which has no direct interaction with the mud itself. Its the equivalent of telling people, "I don't care how clever you are or what you client can do, I don't want you displaying a MMO style inventory sheet on your own computer for the stuff you are wearing!" The obvious question, as with any such intentional derailment, is, "How the hell can you tell, and why the heck should it matter to you how I display that information?" The only answer is invariably, "Well, we want to make it 1% harder for someone that does botting to write their scripts. Umm, OK, and how is that stopping them at all? lol After all, making the data harder to deal with doesn't solve anything, it just kills legitimate uses in some case, while making the bots AI slightly more complex. In the end, you are still going to have to watch for non-responsive people, who seem to be doing a lot of exping, etc., while never responding to your staffs questions to them. That is the only* way, short of using a proprietary client, that you can catch them. And the later... isn't much use either. With something like Mushclient, the only difference between an Iron Realms client and Mushclient is figuring out the protocols they came up with to prevent someone using a non IRE client. Some people are fiddling with it and are about... 80% there already. Making the client-server interface more complicated only stops the most limited clients from circumventing things, it still doesn't "prevent" anything, it just makes it take longer to duplicate the protocols. In the end, its still someone at the machine trying to talk to a supposedly active player, who finds they won't respond to anything, that will "catch" people that cheat. If anything, the morons trying to hack the server/characters are far easier to detect than someone using the wrong client or running 5000 lines of script that doesn't send one single thing to the mud in a recognizable way that a player couldn't. Its still going to take trying to talk to them to figure out what is really happening.