Southperry.net
pineapple... this is ridiclious - Printable Version

+- Southperry.net (https://www.southperry.net)
+-- Forum: Maplestory (https://www.southperry.net/forumdisplay.php?fid=15)
+--- Forum: Maplestory Discussion (https://www.southperry.net/forumdisplay.php?fid=31)
+--- Thread: pineapple... this is ridiclious (/showthread.php?tid=15814)

Pages: 1 2 3


pineapple... this is ridiclious - LittlePrincess - 2009-09-01

Deviant Wrote:Ah. Must be bad on your server, I never see any script kiddies around Khaini very often anymore, and these DC hackers arent exactly bannable as its hard to catch them in the act.

It's not hard to catch them in the act when you have all the info.
1. Write a little piece of code to scan game activity (they already have this that's why we get auto-banned).
2. Have it check for number of trade requests per second, chat requests per second, wispers per second, etc, etc.
3. Have it report every character that is 50x more than the average of all chacters.
4. Ta-Da! You caught them, now just type in their IGNs/account names into the baned file.


pineapple... this is ridiclious - Deviant - 2009-09-01

LittlePrincess Wrote:It's not hard to catch them in the act when you have all the info.
1. Write a little piece of code to scan game activity (they already have this that's why we get auto-banned).
2. Have it check for number of trade requests per second, chat requests per second, wispers per second, etc, etc.
3. Have it report every character that is 50x more than the average of all chacters.
4. Ta-Da! You caught them, now just type in their IGNs/account names into the baned file.

The GMs dont script whatsoever, thats still on the programming/developing side, GMs just use existing tools made for them.
Not saying its not easy, just not their job.


pineapple... this is ridiclious - skyseeker90 - 2009-09-02

well the only other viable solution i can think of for ur situation is to get someone else to piss off the hacker enough so that he'll forget about u, or u can do it urself on a diff char.


pineapple... this is ridiclious - Typhoon - 2009-09-03

fyi, it was 'patched' this past server check. but i've heard from merchants that someone's found a bypass again, so it'll be like another week and you'll see it again >_<


pineapple... this is ridiclious - Deviant - 2009-09-03

TheTyphoon Wrote:fyi, it was 'patched' this past server check. but i've heard from merchants that someone's found a bypass again, so it'll be like another week and you'll see it again >_<

Like all mainstream hacks it will come up on and off, hopefully they'll find something long term to make it harder to bypass, as long as the people who make the hacks dont leak them to the script kiddies then its not a problem, but those people who actually make them wont be stopped long term, not by a long shot. Script kiddies are the real problem here, Nexon themselves has said they cant stop all hacking in the game, they just want it down to a controllable level, and if you look at how it is now compared to how this game has been in the past, we're nearly there.


pineapple... this is ridiclious - DumbApples - 2009-09-03

Fight fire with fire.D/C him on another character,and you'll be freed from being D/Ced on your main.


pineapple... this is ridiclious - ThatWasMyKil - 2009-09-03

DumbApples Wrote:Fight fire with fire.D/C him on another character,and you'll be freed from being D/Ced on your main.

Wouldn't want to sink to their level. also its against the ToS


pineapple... this is ridiclious - blackincal - 2009-09-03

TheTyphoon Wrote:fyi, it was 'patched' this past server check. but i've heard from merchants that someone's found a bypass again, so it'll be like another week and you'll see it again >_<

Yes, that's correct, to avoid CPU/Memory and DataBase usage most part of security is made at client side, as soon they release new by-pass (to break into hackshield protection), Nexon game servers are no longer aware of the problem, they will keep doing their work: sending messages, update your screen, etc.

It's an expensive solution totally server side, that will depend on their network polices to prevent, filtering and drops those harm packets before it reaches his destiny: our client making us D/C-Lag.

Note that what happens, in short is:
1 - D/C-Lag hacker send massive amount of information to nexon game servers;
2 - Nexon game servers do they normal work and:
a) ask if you accept whispers;
b) show you the private message if you accept;

By "normal work" it means all went "fine" from client to server, it bypassed client side protection.

Even blocking whispers, the problem is on item 2.a:
game server is asking you "yes" or "no" all the time hacker is sending spam D/C-Lag hack. Knocking on your client several times asking for a decision (show the message or tell the sender you don't accept), and it will lock other normal client-server communication.

It's a server side problem:
hacks are using the game server, already connected to your client to D/C-Lag you.

That's why its expensive because it need to change network routers/switch, hire expertise company to analyse packets creating filters, it can't be a database solution (the easy one like I described before) because its high access on database.


pineapple... this is ridiclious - Takebacker - 2009-09-03

Deviant Wrote:Like all mainstream hacks it will come up on and off

Not necessarily true. The only reason this hack exists is because there's a packet editor going around right now. (don't know if that was fixed this SC, but...) Mainstream hacks don't go into that in and out phase much anymore. Simple ones like these might, but god mode, no delay...those don't have any real chance of coming back.


pineapple... this is ridiclious - LittlePrincess - 2009-09-03

Deviant Wrote:The GMs dont script whatsoever, thats still on the programming/developing side, GMs just use existing tools made for them.
Not saying its not easy, just not their job.

I don't recall saying it was a GM job. Are you accusing me of saying stuff I didn't say?

It's Nexon's job. (duh) And it's not like I really care what title they give the person they assign that particular task to either. Infact I would be happer if they just did the work and didn't have titles becuase that would be less time spent on useless tasks and more time spent on useful tasks.


pineapple... this is ridiclious - Mega - 2009-09-03

Report to Nexon,try to get their main's IGN so they get what they deserve


pineapple... this is ridiclious - Stereo - 2009-09-03

blackincal Wrote:Even blocking whispers, the problem is on item 2.a:
game server is asking you "yes" or "no" all the time hacker is sending spam D/C-Lag hack. Knocking on your client several times asking for a decision (show the message or tell the sender you don't accept), and it will lock other normal client-server communication.

So store those game settings (chat/invites) server side, and when the player opens the menu, retrieve them from the server, when the player accepts it, send them back. Stop it at the server if the player's options say so, don't even forward it.


Or just increment a little "whispers sent" / "invites sent" every time they do it, and if someone's pushing in more than, say... 100 in a minute. Give them a 1 hour tempban. Don't rely on the client's flood control to prevent people from flooding; if the server is being flooded, give them a short ban.



pineapple... this is ridiclious - blackincal - 2009-09-03

Stereo Wrote:So store those game settings (chat/invites) server side, and when the player opens the menu, retrieve them from the server, when the player accepts it, send them back. Stop it at the server if the player's options say so, don't even forward it.


Or just increment a little "whispers sent" / "invites sent" every time they do it, and if someone's pushing in more than, say... 100 in a minute. Give them a 1 hour tempban. Don't rely on the client's flood control to prevent people from flooding; if the server is being flooded, give them a short ban.

Like I explained before:
 Spoiler

Server side database solution is not good, it will create massive amounts of read/write and memory and CPU usage at game servers, even if you put some protection like: max requests/seconds, still create lots of CPU usage and memory allocation, resources already allocated deal w/ currently game problems. In other words, more stuff at database, more physical space to allocate, more disk usage, more checkups at server code, raising the complexity, it can drop server performance and affect game play.

Taking care of this problem at network/routers side is more complex, but better : blocking those harm packets before reach server is the best solution for both sides (client-server) (in my opinion).


pineapple... this is ridiclious - Typhoon - 2009-09-03

Takebacker Wrote:but god mode, no delay...those don't have any real chance of coming back.

actually.. god mode is back as well. someone was using it the other night.. dont ask me why, since they were just using spam hack via whisp on me.. there wasnt a real reason to have to come to me to do it, but they didnt take damage from spawns and anego.


pineapple... this is ridiclious - ctblack - 2009-09-04

Unless the chat/whisper spam is peer to peer without the need to go thru the server, then just put in a limit on number of times (1 per second would do it) per second a chat/whisper can be send to any player.


pineapple... this is ridiclious - LittlePrincess - 2009-09-04

ctblack Wrote:Unless the chat/whisper spam is peer to peer without the need to go thru the server, then just put in a limit on number of times (1 per second would do it) per second a chat/whisper can be send to any player.

This is the perfect solution. If you ask more than say 10 times in one second then the server should disconect them. Big Grin (And give some wild error like Error code -25789465.)


pineapple... this is ridiclious - Stereo - 2009-09-04

blackincal Wrote:Server side database solution is not good, it will create massive amounts of read/write and memory and CPU usage at game servers, even if you put some protection like: max requests/seconds, still create lots of CPU usage and memory allocation, resources already allocated deal w/ currently game problems.

How do all those things compare to what a normal player does? Every time you hit a target, it sends your targets to the server, the server looks them up, subtracts some hp, checks if they died and sends their new HP back. I'm not 100% sure what the fastest anyone does this is but I suspect it's the Bowmaster's 500/minute Hurricane arrows.

Not only does this require receiving each of those packets and looking up the monster HP, it requires server side damage calculation (players sending packets containing how much damage they do = recipe for abuse - MS synchronizes the RNG to the server about every second, so visible damage closely approximates actual damage dealt unless you lag, but client damage does not determine damage done) which has to take into account the player's stats, all their buffs, etc. meaning more db lookups. Any way you put it, it's going to be more complicated than reading a boolean from their "receive_whispers" table.

If they can do the monster damage then they can put whispers server side too.

There's no viable way to stop outgoing whispers at the client - any client can be compromised, it's simply not possible to have 100% security of what it sends to the server. Forwarding the packets on without checking whether the client is accepting them encourages abuse - if you can send packets at your max up-stream, and they have to acknowledge them all, then it's relatively easy to force-D/C someone. If Nexon fixes chat spam on their side, then "d/c hackers" will stop using this technique and the server load based on whispers will drop anyway, which is good for everyone.