Jump to content
Jedzkie

Suggestion to Prevent BOT

Recommended Posts

Hi! As we've all known, Ragnarok servers are problematic about BOTS since years ago, but how can we prevent this? Well i have a suggestion regarding on that matter. I don't know if this is possible or not, but i think this is the only way we prevent BOT programs to ruin our server.

 

How about implementing a system that checks if the PLAYER/CHARACTER uses the client to login in the game.

 

For example,

 

Run client -> Type Credentials -> Server checks if the user uses the client -> If (NOT) Disconnected from the Server else Login to the Game

 

I just noticed on some servers even there are harmony installed in their system, some players can still run BOTS.

 

Hopefully my suggestion will implement in the future. Thank you.

Share this post


Link to post
Share on other sites

bots can mask everything, that is why they are unstoppable

 

Mask everything? even there are checks like that, bots can still login? O_O

Share this post


Link to post
Share on other sites

 

bots can mask everything, that is why they are unstoppable

 

Mask everything? even there are checks like that, bots can still login? O_O

 

yes, that is why we can't really block them 100% since they came out

Share this post


Link to post
Share on other sites

 

 

bots can mask everything, that is why they are unstoppable

 

Mask everything? even there are checks like that, bots can still login? O_O

 

yes, that is why we can't really block them 100% since they came out

Make some hooks which send a completely unique packet id(over a range like from 0x1000 to 0x1111) with some data, which in return, client should return a data which contains encrypted player's data like IP/Mac and validate it server side.

Can Assure you 99.9% Botters cannot bot because of this system(unless the system is leaked to the experts and they want to REALLY modify the openKore and bot in your server, which is as low as 0.001% Chance)

Share this post


Link to post
Share on other sites

 

 

 

bots can mask everything, that is why they are unstoppable

 

Mask everything? even there are checks like that, bots can still login? O_O

 

yes, that is why we can't really block them 100% since they came out

Make some hooks which send a completely unique packet id(over a range like from 0x1000 to 0x1111) with some data, which in return, client should return a data which contains encrypted player's data like IP/Mac and validate it server side.

Can Assure you 99.9% Botters cannot bot because of this system(unless the system is leaked to the experts and they want to REALLY modify the openKore and bot in your server, which is as low as 0.001% Chance)

Give me!

Share this post


Link to post
Share on other sites

 

 

 

 

bots can mask everything, that is why they are unstoppable

 

Mask everything? even there are checks like that, bots can still login? O_O

 

yes, that is why we can't really block them 100% since they came out

Make some hooks which send a completely unique packet id(over a range like from 0x1000 to 0x1111) with some data, which in return, client should return a data which contains encrypted player's data like IP/Mac and validate it server side.

Can Assure you 99.9% Botters cannot bot because of this system(unless the system is leaked to the experts and they want to REALLY modify the openKore and bot in your server, which is as low as 0.001% Chance)

Give me!

 

LOL!

Share this post


Link to post
Share on other sites

Hi! As we've all known, Ragnarok servers are problematic about BOTS since years ago, but how can we prevent this? Well i have a suggestion regarding on that matter. I don't know if this is possible or not, but i think this is the only way we prevent BOT programs to ruin our server.

 

How about implementing a system that checks if the PLAYER/CHARACTER uses the client to login in the game.

 

For example,

 

Run client -> Type Credentials -> Server checks if the user uses the client -> If (NOT) Disconnected from the Server else Login to the Game

 

I just noticed on some servers even there are harmony installed in their system, some players can still run BOTS.

 

Hopefully my suggestion will implement in the future. Thank you.

 

The biggest mistake of any "anti-bot" feature is saying about that in public, or adding that to the sources without encryption.

Why? Because one of the opencore developers here, at our community, and all "old fags" know them.

 

The only one solution to block bots, it's find a way to make traffic ecnryption. 

(Sure, i'm talking about packet based bots (opencore, other differnt rops plugins).

 

But mostly, players, and i'm sure 90% of the different adminds, don't hear about dll based (loaded via cps.dll) bots with the very easy logic what playing via ragnarok window. 

Share this post


Link to post
Share on other sites

How about add captcha to antibots script


rathena.org/board/topic/98175-recaptcha

it would be demotivational

 

Share this post


Link to post
Share on other sites

How about add captcha to antibots script

 

rathena.org/board/topic/98175-recaptcha

 

it would be demotivational

 

 

still can bot, remember, those links are sended by mes command which are read by openkore, and they can see link, go to that link, and enter captcha. But I agree,it would be demotivational.

Share this post


Link to post
Share on other sites

 

How about add captcha to antibots script

 

rathena.org/board/topic/98175-recaptcha

 

it would be demotivational

 

 

still can bot, remember, those links are sended by mes command which are read by openkore, and they can see link, go to that link, and enter captcha. But I agree,it would be demotivational.

 

Bro, I wanna know how could still be bypassable by bot. reCaptcha is an external captcha. Unless, openkore could create script that answers reCaptcha successfully.

Share this post


Link to post
Share on other sites

There already programs / bots that can answer reCaptcha successfully 100% of the time. All openkore needs to do is borrow that code or hook into those programs. Very easily done for a group of people dedicated to making these bots work.

Share this post


Link to post
Share on other sites

There already programs / bots that can answer reCaptcha successfully 100% of the time. All openkore needs to do is borrow that code or hook into those programs. Very easily done for a group of people dedicated to making these bots work.

If still they dont code, they can do like, if mes appear, they will be alerted by sound on pc, which can help them to see npc chat on openkore, and the npc message will be somethijg like, <LINK> recaptcha link </LINK> and so, making the link visible to openkore, so they can open up that link, enter recaptcha, and continue botting.

Share this post


Link to post
Share on other sites

There already programs / bots that can answer reCaptcha successfully 100% of the time. All openkore needs to do is borrow that code or hook into those programs. Very easily done for a group of people dedicated to making these bots work.

 

Thanks! I'm not aware that reCaptcha is already bypassable. But actually, I cannot find any program you are referring to.

 

 

There already programs / bots that can answer reCaptcha successfully 100% of the time. All openkore needs to do is borrow that code or hook into those programs. Very easily done for a group of people dedicated to making these bots work.

If still they dont code, they can do like, if mes appear, they will be alerted by sound on pc, which can help them to see npc chat on openkore, and the npc message will be somethijg like, <LINK> recaptcha link </LINK> and so, making the link visible to openkore, so they can open up that link, enter recaptcha, and continue botting.

 

But that stops botting if the player is not online. After all, the big use of bot is if the user is not in front of his PC. Hence, majority of the job is done. There could be lots of improvement to that antibot. I believe external captcha is key to prevent these bots.

Edited by Zirius

Share this post


Link to post
Share on other sites
At aegis have a system that leaves the exp and drop 0% if the player does not stop playing, this was done on aegis more for a measure to prevent bots that spend all night picking up items and gaining exp for the character.

 

I posted a little while to be added in hercules this system.
 
 
 

Share this post


Link to post
Share on other sites

I believe there was a client patch released a while ago that disables those messages, since it's in the official client. Coding the 0exp and 0drop wouldn't be that hard to do. Just add it as a permission and change the player's permission until they logout.

Share this post


Link to post
Share on other sites

At aegis have a system that leaves the exp and drop 0% if the player does not stop playing, this was done on aegis more for a measure to prevent bots that spend all night picking up items and gaining exp for the character.

 

I posted a little while to be added in hercules this system.

 

 

 

http://herc.ws/board/topic/2063-stop-message-play/

Maybe its something related to, decreases x% exp and drop rate every x hour, and finally after some hour, it becomes 0% rate

but what's the preventive method for this? player relogs and again goes to 100%? or it resets every 12 midnight or what?

Share this post


Link to post
Share on other sites

Late reply to this, but captcha is a failed solution. There are some many services based in China that you pay less than 1 cent to solve a captcha. You send the image to the service over HTTP POST and it sends back a reply with the solution. Captcha don't work, plain and simple.

 

The best solution against bots do not come in the form of scripts or gimmicky solutions. The best thing you can do is roll out your own packet encryption with a challenge system (sends a question to the client and expects a correct reply) or use a solution already made such as Harmony.

Share this post


Link to post
Share on other sites

The only way you can handle bots is 

1.- Enable packet encryption

2.- Disable proccess attachment into the client (Right now, most common way of botting is by attaching the bot to the client, so it runs through the client, which rendered method 1 useless)

 

P.D.: Pretty delayed reply, but looks like none mentioned point two before :P

Share this post


Link to post
Share on other sites

The only way you can handle bots is 

1.- Enable packet encryption

2.- Disable proccess attachment into the client (Right now, most common way of botting is by attaching the bot to the client, so it runs through the client, which rendered method 1 useless)

 

P.D.: Pretty delayed reply, but looks like none mentioned point two before :P

Regrading #2, I thought OpenKore developed a client that doesn't even hook into the game client? Just sends and receives packets on it's own.

Share this post


Link to post
Share on other sites

 

The only way you can handle bots is 

1.- Enable packet encryption

2.- Disable proccess attachment into the client (Right now, most common way of botting is by attaching the bot to the client, so it runs through the client, which rendered method 1 useless)

 

P.D.: Pretty delayed reply, but looks like none mentioned point two before :P

Regrading #2, I thought OpenKore developed a client that doesn't even hook into the game client? Just sends and receives packets on it's own.

The thing is OpenKore should not, by default, use the encrypted packets your client uses unless you attach the openkore client to your custom client.

Share this post


Link to post
Share on other sites

Yeah, but what if they were to use this: http://herc.ws/board/topic/4912-peek-successor-to-yommys-packet-analyzer/ essentially, this would let them see those encrypted packets would it not, since it's your client they'd be using it on >.> if so, then we pretty much gave them the tools.

 

It's a shame really, such skilled people over there helping out with OpenKore.
 

Edited by GmOcean

Share this post


Link to post
Share on other sites

Kinda late reply but OpenKore works as a client itself, though xkore hooks into the client itself and works through the client (At least as I recall it).

 

Yeah, but what if they were to use this: http://herc.ws/board/topic/4912-peek-successor-to-yommys-packet-analyzer/ essentially, this would let them see those encrypted packets would it not, since it's your client they'd be using it on >.> if so, then we pretty much gave them the tools.

 

It's a shame really, such skilled people over there helping out with OpenKore.
 

 

As far as I know, thats a packet analyzer, it is not a packet key decrypting tool. 

Share this post


Link to post
Share on other sites

Well, the nice openkore Its a beauty, I've used it a lot, and one thing I can tell that if you have some sort of pattern recognizer on your RO, Bots never stop, reload, and they have many things that makes it perfect, so here's where you strike, Look for patterns like, bot never stop, even if you are a high LVLing Human you have to stop, or delays, veeery veeery nice random delays, bot only stops when need HP or SP, so every time stops log HP and SP, every time stands up, check SP and HP, even if the use a "RANDOMIZER" for stand up or sit up It's generated by a software, and becomes repetitive and there is where you catch it. Second, When the bot walks and look for the target, NEVER STOPS, if never stop walking and killing there is another way to catch it, WE as humans have a delay on clicks, one with its own delay, and we send a click for (GO TO X position, one that the server reads) usually on openkore those FIND ROUT are veeeery far away on the map, any way, if I can Log:
 
time between Log in and log out (how often it gets offline,)
 
Record PLAY Hrs, (like, sadistic of how much the players play daily) (Human routines)
 
Record Trades, (this guy trade every day X time to this player [or players] )
 
How many items get daily (you will see, nobody farms that much as a human)
 
With those even IF Openkore makes a veeery new programming of randomize those, you will be able to find any system with Logs Remember, everything responses under an algorithm and always its the same... even "RANDOM"

 

I know it might sound silly but, it's just an Idea

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.