I'll bite. What is CCP doing about the selling of Bot characters to other bot accounts?

What about my suggestion in the previous thread about adding a bit of text across the profile images of those caught botting. I mean it doesn't have to be permanent, only for the duration of their ban.

So how come the ability to remotely send targetted python code to any connected client is not mentioned/documented anywhere? :P

A few weeks ago I got me a prowler. Sexy ship If i do say so myself. Took it on one of those fancy low sec courier missions. When I got to the station I made myself a safespot for launching.

Sitting there XXXK away from the station was mortifying. Nothing but courier bots to be seen. Names like 39r6yfhebv, oqei7rg-9f8 etc etc. No pirates in the system because the courier bots carry no valuable loot. Level 4 quality 20 agent in lolsec just giving out loyalty points by the zillions to bots. This was not for SOE but I can see why their probe market is crappy these days.

Anyway, on the big thread from the old forums, they had not said much about, or rather said nothing about courier bots. so here are my questions:

1. Is CCP aware of the courier bot situation?
2. Is there a plausible fix for this?
3. Do you think the agent quality changes will help ebb the flow of these bastards?

Thanks.

I would very much prefer to see this thread be used to report on the impact being made by CCP against botting. Basically, just like Ninjaspud's old thread in which he was giving us intel on what the botting community is up to and how much they're squirming to the will of those that want to ban them for good.

Don't know if you ever answered this durring fanfests posts or if it got 'missed' but will we have the option such as blizzard gives to use our Iphones etc rather then give you extra $$ for an authenticator?

Also who punched your avatar Sreegs.. damned.. i can't tell if he has a broken jaw.. or if he's trying to blow rasberry's..

Ok, here's a ridiculously better question. Why are courier bots in low sec being rampantly ignored?
Here's an example: http://eve-kill.net/?a=system_detail&sys_id=2560 and some more specific km whoring example http://kb.pleaseignore.com/?a=system_detail&sys_id=2560
(You need to copy and paste the URLs above because it seems somebody broke the url handler for the redirect and html entified the ampersands like a boss).


Having that many haulers being killed in a system is EXTREMELY abnormal. A large chunk is NPC corps and their cargo contains mission items.

I actually like that botter tag across your picture like the most wanted, i think it would be funny.......i still would not mind some looking into if stuff like synergy isbox and pwnboxer are legal to use :)

In reply to what is being said in some of the bots/macro forums.

Mostly its people who use these bots saying that threads like these are fail and that we do not understand how they are helping the economics of the game and that eve would fail if the use of bots was stopped.

I'm not sure what the guide lines are for actually mentioning the names of these bots so I will go ahead anyway and I am sure CCP will let me know if it is not allowed :)

Roidripper is no longer available for download.

The last ETA was a few days.

The admin/dev of the program called Daredevil comes across quite confident that nothing that is done will stop bots.

As for the TinyMiners forums, other then people saying how great it is not much on there to be honest.

EvE-Bot forum, again not much being said there either.

The general feel appears to be that CCP does not care about botters and that so long as you find a quiet area you will never be bothered.

What many of these people who use bots do not realise is that they all require you to run eve in a certain way, i.e windowed mode, certain general and graphic settings, having your in game windows configured in a certain way etc etc.

I imagine that all these settings are recorded somewhere and accessible to CCP.

Also I must say I love the idea that if you are caught botting that a overlay will appear on your avatar for the duration of your ban so people will know what a loser you are :)

I has looking at the "hello world" example of eve client code injection, and to me it look like you are deploying the python compiler/parser with the eve client. Is there any reason why you don't deploy you python scripts as intermediate bytecode, and remove the parser/compiler from the deployed version of your python system?

While it's not impossible to write bots in python bytecode it would be a lot more time consuming.

Is there a status update on the "Report Bot" functionality and feedback processes? Has the process been created but the software modifications necessary haven't been made yet? Is the process still being created?

I wasn't having a go and I apologise if my post came across that way.

I know how difficult of a job it is to stop these guys and I hope that in the coming months you give these guys a damn good spanking :)

Good stuff :) thats what i like to hear. By the way if they do get banned from being used maybe ccp could incorporate the function of positioning clients in one screen or multiple screens in a certain grid like these programs do thats the most usefull function for them in my opinion.

Screegs --

Would you be able to elaborate on your views of the cons of the bot flagging of profile images?

*
Haulers getting killed no, but I've seen the types of systems he's talking about. Non stop haulers, back and forth from a mission hub, fail fit with nothing but mission items. And I mean non stop, if you kill the ship, they continue on in a pod, they just keep coming and going, knowing (well, if there was a person there they would know) that there is a gate camp -right there-. Go to the systems and watch them, get a player or two to sit there and kill them and just watch them keep going. You don't need metrics or complicated software to see that there's nobody behind the controls. That's why players are frustrated after all this time.

I do feel like you guys are finally picking up the ball on botting, and as I understand it, you haven't been in charge of this specific area for long, but previous statements by CCP, and then what players construe as a clear lack of action has left you in a tight spot. People don't and won't trust you unless they see results and clear action. Do us a favor though, you say that it may take some time for massive results to become evident. Show us these. In a month or two come back and point to that system and say "see? We found the program that was running courier bots and close that one", show us the figures on how many bots have been banned, how many programs aren't working. PLEASE show me that and tell us all how wrong we were! I know you can't give details and specifics, but until the players see this, we will continue to be skeptical.



*Full quote https://forums.eveonline...sts&m=8839#post8839

Another fun topic of discussion bots in null and the russians knowlingly recruiting them.

Heres a screenshot from a forum where it was being done
http://i.imgur.com/YrglP.png
(Mind you I removed all styling from the page and it's only the content visible :P)

This one in particular is a renter alliance of xxdeath

Not sure I understand this comment, are you saying that it's possible that running multiple clients would be frowned upon at some point?

@ CCP Sreegs

Can you please update your first post with link to the main botting thread on old forum so that ppl have direct link on history of this problem...

What client side implementations are you striving for? Where do you plan on fixing the "the holes"?

Why not undertake current systems in use EG: punkbuster, VAC. What plans do you have for MACRO type bots EG: Mouse tracing etc? (Why is not not possible to implement "monitors" akin to what browser analytics use? Essentially take a fingerprint of actions and movements taken?

I see the largest problem as the client side python injections...as people can upload their own scripts to program their own AI.

What sort of security features are there for packet transfers?

Granted there will always be exploits, but to reiterate whats the overall plan?

In the security panel, something was mentioned about besides attacking bots directly(which is good), to alter content.

ie. If the current pve content (watching three bars turn red while orbiting) or staring at lasers punch rocks for hours is whats giving people a reason to bot, that it was something worth looking into.

any comments on this?

I think some people probably bot because of how repetitive certain pve activities can be.

Bot war report: Jita price trends.

Minerals: rather stable. Actually as some bots increase mineral supply, and others, via "earning" isk eventually increase mineral demand, we may not see much effect here.

Ice: Some upward movement in isotope prices. These moved up about 10% a week ago, then stabilized at the new level.

PLEX: Bot accounts consume PLEX, but the price has only dropped a tiny amount in the last week.

Implants: I checked attribute implants. Basics (+3) have increased a bit, others have been stable.

Overall the effect on the market has been tiny. All I'm seeing could easily just be normal market noise. To date the idea that bots are needed to make the EVE economy work is not supported by market data at any level.

CCP Sreegs: Some courier bots run on trial accounts with virtually untrained pilots. A ban of such an account seems like it would not be a deterrence, even if you upped it all the way to a one strike perma-ban. The botter can easily start a new trial. Any ideas on what would be a deterrent to these botters? All I can think of is isk removal from whatever account collects the isk.

Maybe I am reading too much into that reply but of the three most important bot categories you list only two.

What about plain process injection/hooking (whether this is done via InnerSpace or otherwise)?

Both (combat) mission bots I am currently aware of hook into the EVE client via InnerSpace - and if I were concerned about the health of the game that's the group of bots I would be most worried about.

Missions running bots would be pretty painful to construct based on an OCR system & hardening the EVE client against Python injections looks like a relatively straight-forward task.

(( start rant:

and I don't understand why this hasn't been fixed long ago - not like some guy calling himself "Abuser" did make CCP look like a fool in 2008 by publishing decompiled client code, pointing out the security risks of Python injections and asking "Why not to add client-side routines to detect bots?"



yes, Ladies & Gentlemen, that was April 2008 - almost to the day 3 years ago.

edit: according to CCP's favorite persona non grata the "previous sourcecode leak" took place in 2006 and was accompanied by the release of a Python-injection based mining bot. I am too lazy to verify this as almost all Google results seem to reference the 2008 leak.

))

Mining bots & ratting bots will always create some customer outcry because they operate in plain sight and compete with human players over scarce resources - but for the same reasons they are easy to detect and it is relatively easy for players to take action against them.

Mission running bots compete in a much less obvious manner with human players (overall inflation, ISK/LP ratio, prices of meta 1-4 modules) and their interaction with other players is usually limited to bumping into each other at the station undock (+ the occasional ninja salvager).

One system can only support so many mining or ratting bots - but one agent can support any number of mission running bots (and I don't believe dynamic agent quality will ever be implemented in a fashion that is harsh enough to change this qualitatively).

Hooking into the EVE client process allows for extremely sophisticated bots, is currently used for the most dangerous bots (imo) and is relatively hard to prevent without really invasive anti-botting tools (don't know about the EVE specifics but I have a rough idea how malware usually achieves its goal of hooking into system processes) - yet it is the one thing your reply doesn't even mention at all.

(disclaimer: I don't know InnerSpace well enough to be 100% certain that it doesn't use Python injection internally but I don't see any reason why it should have to)


we'll read about the specifics a few weeks later on the forums frequented by bot authors, anyways.

How do you feel about the tactics used by that guy (can't recall the name) in the previous thread, viz doing a few basic checks to see whether they're complying with the laws in their local jurisdiction with respect to business registration, taxes and so forth.

Setting the local tax authorities on the bot sellers would be an extremely effective way of interdicting or restricting their operations, with the additional benefit of providing much satisfaction to those of your customers who do pay their taxes and wish that everyone else shared the joy of the experience with them. Assuming that CCP Hf is itself all up to date in this respect, it seems like there would be no down side to ******* with these guys in this way.

EDIT: Time spent arguing with the inland revenue and the customs and excise people (dunno what they're like in the US and Iceland, but in the UK, the Customs guys can be really mean. Can you say "no presumption of innocence"?) is time not spent updating their bot code.

There are a few ways that you can be 'hacked' from a pure 100% programming/security Point of view.

1. You give your username and password to some one else - This can be through phishing mail or whatever.. but your at fault for not double checking where you where putting your details into.
2. Keyloggers, Trojans, Virus's etc etc - Again where oh where have you been that you shouldn't have been and why oh why ain't your virus software up to date?
3. Brute force attack - Ok this is technically not your fault, sorry those who think it is but it's not.. a brute force attack simply runs through both a dictionary attack followed by random number and random letter attacks.. starting at the lower limit of the number set by the person running the BF attack (typically 4 - 6 characters) and ending at the largest (typically 10 - 12) however these attacks typically become rather obvious and should be noticed by the server side protection software.. I mean if you can't get your password right after the 50th time somethings up right?
4. Security leak at the Opposit end - This means a Leak at CCP's end in this case.. and honestly it's not exacty unheard of with CCP now is it? (Sorry Screegs no offense meant) CCP has had it's bad sheep, we have had Dev's who break rules to help people in game, we have obviously had Dev's who leaked entire source code releases.. and there is always the chance a dev could steal the authentication database.. or that CCP itself could be hacked or whatever.


Now there are a few ways to protect against hacking:

1. Change your password every few weeks/months - This means that your password isn't always the same and can stop those who tend to wait a time to use the data they have mined off you.
2. Make your password more complicated - this means using a mixture of UPPERCASE, lowercase and numeric characters, eg E424b8A7g9 <---- this would be an example of a randomly generated password that is not the easiest to hack, the reason being that it has all 3 of the items listed.. if eve supported non alpha/numeric characters i'd even suggest adding thoses ie #24A43%32nn13 etc.
3. Add an extra layer of authentication to the account:- in the form of a randomly generated number sequence that changes based on time/date etc where the serial number is tied into your account at the server level.. This is better known as an Authenticator and most already know how they work.. not only do you enter your user name and password but you also enter a number generated by the keychain fob or the iphone app etc with out this you can't authenticate.
4. The most basic one.. Keep your damned virus software up to date. Even the free software antivirus packages are good for basic protection AVG, Microsofts programs etc all can pick up most of the common trojans, paid antivirus tends to include a better overall protection package.
5. as with your virus protection keep your OS updated. - You may not realise it but Microsoft and Apple don't release all those 'updates' just to make your bandwidth cry. They are put out to address security issues and other bugs in the software.. with out them you are leaving your system open to attacks.

Now I could go on but lets face it CCP has a long ass list up on all of this.. but it's a reminder that not all 'hacks' are based on the end user.. some are just well.. bad luck.

i think you should keep it up.

also, can we get this thread stickied please? i would hate for it to drop off the front page and end up buried

So, do you guys still want me to continue updating you all on the activities of the bot forums? I'm not gonna lie, it was fun.

I might have to make my own thread though...up to you, Sreegs.

CCP Sreegs referenced your thread at the top of this new one, so I think that means you are invited to post bot war reports here. Im posting my market survey info here (looking for effects on the market from bot bans).

Edit: Also, Sreegs is referencing the bots by name, so I do not think you need to hide them, unless you want to.
CCP Sreegs: Maybe this thread needs:

Links to all the security related dev blogs added to your initial post (the original unholy rage, your phishing blog, the protect your accounts blog, etc)
To be made sticky.

Why being so harsh in botting?

Why not just releasing official bots that allows people to AFK mining,ratting , courier missioning, doing PI and market?

They are just very likely to be "bot works" with the technology in New Aden.

And also, it is weird to allow people to have a repetitive action for long (legally, not using macros). Either mechanically or manually by other players, the repetitive actions should be able to exist. It is a basic requirement for a real game and people are not paying to be a wool-factory worker.

Damn CCP Sreegs, you are being vary active on the forum, more so then others. How are you able to do this between researching bots/malware and CCP related work.

Will isk obtained from killing, harassing, ransoming, or even being paid to go away from a high activity system be subject to deletion if it turns out the residents of that system were violating the game EULA to allow such a high level of activity?

TL/DR:
I want to harass easy targets to earn isk, if they are bots do I lose my isk?

Also, is there any way to send you beer or food as a token of appreciation for the work you are doing when it finally fixes this game?