Jump to content

Why Credit Spam is ACTUALLY out of control - A.K.A. Spammers For Dummies

Loomi

By Loomi
in General Discussion

 Share

Recommended Posts

Loomi

Loomi

Posted
Posted (edited)

Because people insist on creating new spam threads everyday doing nothing but complaining, and complaining about all the wrong things and providing zero solutions. Sure, it is annoying, but most people have no idea how hard it is to actually control those persons bent on circumventing the rules to profit from ill-gotten gains.

 

*****THIS IS NOT A THREAD TO BLINDLY VENT AND COMPLAIN. Read the post, and then provide feedback pertaining to the content within*****

 

So here it is: Why Credit Spam is ACTUALLY out of control - And what people ACTUALLY need to focus on

 

(For those who frequent the forums, yes this is a repost of my post from a spam thread earlier this week)

 

I have always been the first to come to Biowares defense when it comes to matters beyond their control (which IP spoofing spammers most definitely are), but even I must admit it has gotten out of control as of late.

 

As an IT and network engineer, I thoroughly understand the measures that it takes for these spammers to operate, and why they are so hard to mitigate. Here is what happens:

 

1. Spammers hide and fake their IPs via IP spoofing techniques routed through numerous ISPs, data nodes, and infected client machines (more on that later)

2. Spammers create a script that automates the registration process of new F2P accounts by the dozens, if not hundreds.

3. They then level one character far enough to reach the fleet (in some cases not even that far) and use another script that records every keystroke and mouse click.

4. They use this recording as a template to multibox as many accounts as they can without being detected by the in-game bot detection (YES there is already script in the game to detect these people. That is why you will find many messages you see include strange spellings, phrasing, symbols, spaces, etc. Code gets updated, spammers change their messages accordingly to circumvent it)

5. These accounts become their "spam" accounts. Basically throwaway accounts that they don't care if they get disabled, because there is nothing of value on them, and they have another hundred to choose from. Once one becomes inaccessible, the program logs into the next one that has already been prepped and continues spamming.

6. Once an IP ban (probably the most effective BanHammer there is) has been issued by Bioware, they simply change their IP and continue with business as usual with another account

 

At this point you are wondering, "What about all the credits they are offering?" Well, those credits are nowhere near their "front" accounts. Ideally they would want to keep their livelihood as far away from their questionable actions, so these accounts are further hidden by additional IP spoofing, and quite possibly multiple computers. They are masters at farming, using numerous techniques such as automated lockbox picking, automated mob looting, phishing scams, malware info spiders, and yes, keyloggers.

 

When you visit their sites, there is no telling what you are opening your computer up to in terms of viruses, malware, keyloggers, etc. Some more sophisticated viruses in general use by hackers (not just Swtor hackers, but all hackers in general) implant a hidden process in your computer, allowing the hacker to piggyback on your network to hide their true location and actions. For all Bioware knows, Johnny Everymans IP address is being associated with this ingame questionable behavior. It's coming from his location, so it must be him.

 

Now all of this goes back to "What can Bioware do to deter this behavior?" Well, since spammers are so good at covering their tracks, it is painstakingly difficult to trace these people all the way back through the smoke and mirrors to the person or persons pulling the strings.

 

Out of curiosity, since I, myself, have not created a new account since Beta, I decided to make a new one just to see how easy it was. The results shocked me! What I found was:

1. At no point in the thirty seconds it took to create a new account and login with it was I ever required to prove that I was not, in fact, a bot.

2. No Captcha was required to validate that I was a person.

3. No confirmation email was sent to prove I had one

4. No email address was even asked for (something that nearly any service nowadays requires)

 

What does this have to do with spamming? By resolving even ONE of these registration issues, Bioware can effectively put an end to much of the automated procedures spammers rely on to carry on day-to-day harassment.

 

Captcha (and more effectively ReCaptcha) already provides an Optical Character Recognition checkpoint that some of the best OCR algorithms cannot decrypt nearly as effectively as the human mind.

 

Most email services require a Captcha to register. Requiring an email to register for a new ToR account would help two-fold, since not only would that allow BW to leave the Captcha requirement to the email provider, but it would then give BW an additional layer of information to hold up against someone trying to create numerous accounts using the same email address.

 

While people say "If people stopped buying, they would stop selling", I ask them this: "Don't they say the same thing about drugs?" Credit spammers will never entirely go away, no matter how much you use the BanHammer. There are very simple steps that can be implemented that can make these people work even harder to do what they are doing.

 

 

Suggestions that do not address the topic of this thread, and are reactive, NOT preventative:

1. Putting someone on fleet to monitor chat - There are 140 chat logs across all servers and planets to monitor at any given time, and this does nothing to PREVENT the spam, only mitigate it.

2. Updating spam detection code in-game - As stated above THERE ALREADY IS detection code, and it is constantly being updated. Again, this is a mitigation tactic and can be easily circumvented as stated above.

3. Disabling General Chat or creating a new Chat Tab - This does not prevent anything, and defeats the purpose of why most people play MMOs: To be social. Disabling an integral part of the MMO experience is not a solution, it is a burden, and a burden most people will not make.

 

 

**I know it is long, but please read it all. I tried to be as ambiguous about specific methods as not to encourage others to participate, but detailed enough to get the general population to understand exactly what Bioware and other game developers are up against. I hope this opens peoples eyes to the true problems affecting our daily play.

Edited by Loomi
Link to comment
Share on other sites
  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Anaesha

Anaesha

Posted
Posted

Sadly they get a market because people are either

 

A; Lazy and don't want to do the work to get credits

or

B: Resort to buying from these people because they are bad at making money in games and can't afford to buy the items they want off the GTN.

 

Both are applicable but I'm leaning more towards B as the most likely reason given how much people try to sell things for in the GTN. Some prices are fair others you see them and you have a What the hell are they thinking moment. :(

Link to comment
Share on other sites
Loomi

Loomi

Posted
  • Author
Posted (edited)
Credit Spammers are here because people pay them for credits.

 

They should go after the buyers, like the police do the johns.

 

^Didn't read the post

 

You can be banned if caught buying credits. I have heard of people being banned, and a previous guildie had to create a new account because he got caught and his account banned.

Edited by Loomi
Link to comment
Share on other sites
Daewan

Daewan

Posted
Posted

I have played other games where goldfarmers really are a major problem. Here they are just a major annoyance. Part of that is the ease of leveling, and the market here is different. (To date, no goldfarmer in SWTOR has ever sent me a tell offering to buy or rent my character, so no - these spammers are not the worst, not by a longshot.)

 

I do feel that BioWare could do more to control them - I also had no idea that an email address was not required to create a free account. That's ridiculous. However, I do appreciate that BioWare has made efforts to combat the issue. I feel that players don't give them enough credit for the work they have done, and don't realize just how horrible it would really be if BioWare did nothing at all.

 

Still, I hope BioWare continues and increases their efforts.

Link to comment
Share on other sites
Sidicous

Sidicous

Posted
Posted

Buyers and sellers. Go after both with an icepick, chainsaw, Uzi, rough rope, pitchforks, and torches BW!!!

 

 

Just 2 days ago on Ebon Hawk some lazy player was bragging on DK Gen about buying credits and using them for a Flagship as "she" could not be expected to farm creds. I reported the conversation and time location, etc. Hope they not only suspend "her" but take the ship and ALL her creds too!!!

 

As a playerbase WE all need to report every seller and BUYER. There's more of us than them...well, currently, if it continues then buyers and sellers will be all that's left pretty much. Report everyone that refers to buying, report every spammer. If the spammers can up their attacks, let's fight back as a united playerbase!

Link to comment
Share on other sites
Malastare

Malastare

Posted
Posted
Some very valid points. Seems like BW should take note, as these surely can't be as hard to implement as what they're doing now to fight the spam.

 

Bioware is already aware of these things. Pretty much anyone running a large service like this knows about these behaviors.

 

However, OP has valid points. The only balance to them is the fact that ReCaptcha and email verification aren't as high of a hurdle as they appear.

 

Creating a hundred accounts with a ReCaptcha is only moderately longer than scripting them up. Even if a bot account is only online for an hour before its squashed they can still be made much much faster than they are removed. Its more of a hassle, and that's an improvement, but its not really a significant level. ReCaptchas are really best when dealing with problems caused by huge volumes of requests, such as brute-forcing passwords.

 

Email is even less of a barrier. I run my own personal email server and I can create a hundred unique email addresses in about 10 seconds. Anyone running a large botnet can do the same, and they can perform similar tricks to hide its location and nature.

Link to comment
Share on other sites
Celise

Celise

Posted
Posted (edited)

in the past several days i have reported on at least 12 different characters posting the same garbage in private messages usually every other hour. that was going for several days. i frankly cant see what bw can really do to stop it really. i mean i want the ability to turn off the private messages feature as i have no use for it. but its being used to post these crap messages along.

 

too bad a few rotten apples that never fallen off the tree has to resort to such means that other players have to react to limit their own quality of life experience to the service they asked for. again not alot that bw can do about and the ignore feature is utterly useless.

 

i hope that bw can find a solution to this problem, because right now i am mildly concerned by it, but not reached the stage of getting irritated yet.

Edited by Celise
Link to comment
Share on other sites
Loomi

Loomi

Posted
  • Author
Posted
in the past several days i have reported on at least 12 different characters posting the same garbage in private messages usually every other hour. that was going for several days. i frankly cant see what bw can really do to stop it really. i mean i want the ability to turn off the private messages feature as i have no use for it. but its being used to post these crap messages along.

 

too bad a few rotten apples that never fallen off the tree has to resort to such means that other players have to react to limit their own quality of life experience to the service they asked for. again not alot that bw can do about and the ignore feature is utterly useless.

 

i hope that bw can find a solution to this problem, because right now i am mildly concerned by it, but not reached the stage of getting irritated yet.

 

Did you even read the post? This isn't about you venting your frustrations, it is about providing context to why it occurs, and possible solutions.

Link to comment
Share on other sites
Kadin

Kadin

Posted
Posted

Hey Loomi, I replied to your post when you originally posted it in the other thread and I'll do it again here. It's a solid post that now hopefully BW has read. The issues you highlighted with how easy it is to create a new account or very solid points and ones that need to be addressed asap.

 

At first I was like, 'oh man another thread' but then I realized it was one that deserved its own. Well done, BW listen to this guy please.

Link to comment
Share on other sites
Heat-Wave

Heat-Wave

Posted
Posted
Did you even read the post? This isn't about you venting your frustrations, it is about providing context to why it occurs, and possible solutions.

 

Simple solution...

 

It would take one person watching fleet chat across the servers to put a heck of a dent in this...

 

They aren't playing the game, they are watching chat...

 

The spams are obvious, the fact that the web sites are in the spams tells me that they don't even have basic protections in place and clearly don't care...

 

Log in to fleet, in 15 seconds you'll see a spam, or I do anyway... this is not complex...

Link to comment
Share on other sites
Loomi

Loomi

Posted
  • Author
Posted
Simple solution...

It would take one person watching fleet chat across the servers to put a heck of a dent in this...

They aren't playing the game, they are watching chat...

 

That seems a very reactive approach that would take far more effort than a proactive approach such as fixing the ease at which those accounts can be made.

 

The spams are obvious, the fact that the web sites are in the spams tells me that they don't even have basic protections in place and clearly don't care... Log in to fleet, in 15 seconds you'll see a spam, or I do anyway... this is not complex...

 

As stated in point 4 - There is detection code in the game as evidenced by the chopped up and constantly variable nature of General Chat messages. The whispers are just a new method they are employing and Bioware has stated they are currently in the process of putting a stop to it (though honestly the website in the whispers lately appears to be an entirely new site that hasn't been coded into the detection rules - Yet)

Link to comment
Share on other sites
Loomi

Loomi

Posted
  • Author
Posted
How about placing GMs to stay online for a while during the day? Maybe 2 at certain times of the day, in each server.. could be a shot to see the results... Idk.

 

Again, that does not solve anything. It is just a reaction to the underlying problem of account creation.

Link to comment
Share on other sites
OddballEasyEight

OddballEasyEight

Posted
Posted

I think that BW are focusing their efforts on finding the "bank" characters that these goldsellers are using to store the credits on rather than taking down or stopping the farmers and spammers.

 

Because letting the spammers and farmers do their thing a while also means that BW has time to track the creditflow from those accounts to wherever it ends up and then take down the whole operation instead of concentrating on the "dealer on the corner" so to speak.

 

It's kind of how the FBI operate to take down organised crime.

They don't go after the low-level thugs on the street. They follow the moneytrail to map the entire organisation and then take it all down in one go.

Link to comment
Share on other sites
TUXs

TUXs

Posted
Posted
Simple solution...

 

It would take one person watching fleet chat across the servers to put a heck of a dent in this...

 

They aren't playing the game, they are watching chat...

 

The spams are obvious, the fact that the web sites are in the spams tells me that they don't even have basic protections in place and clearly don't care...

 

Log in to fleet, in 15 seconds you'll see a spam, or I do anyway... this is not complex...

 

Agreed!!! This is exactly the real solution is. It's so simple, even an intern could do it.

Link to comment
Share on other sites
Halinalle

Halinalle

Posted
Posted
While not a complete solution this would provide a QoL solution in game.

 

If BW allowed real addons filtering out these spammers would be easy enough. Addons like ESO, WoW.

 

Are you saying that you would add new rules to these filter addons as soon as spammers figure out the new way to bypass the filter?

 

Yeah, that's why filtering in chat doesn't work.

Link to comment
Share on other sites
Xhelis

Xhelis

Posted
Posted
Are you saying that you would add new rules to these filter addons as soon as spammers figure out the new way to bypass the filter?

 

Yeah, that's why filtering in chat doesn't work.

 

right now we have no filtering. anything would be better than what we have now. Having an addon to filter chat would make life much easier.

Link to comment
Share on other sites
Halinalle

Halinalle

Posted
Posted (edited)
right now we have no filtering. anything would be better than what we have now. Having an addon to filter chat would make life much easier.

 

You can get rid of Gen chat, whispers/tells/PMs or whatever you like to call them. It's all in chat settings.

 

And yes, there's filtering in chat.

Edited by Halinalle
Link to comment
Share on other sites
Loomi

Loomi

Posted
  • Author
Posted
You can get rid of Gen chat, whispers/tells/PMs or whatever you like to call them. It's all in chat settings.

 

And yes, there's filtering in chat.

 

Indeed, there is filtering.

 

But disabling Chat is not a solution, it's a burden. You should not have to lose an integral part of the social part of MMOs just because of people abusing the system.

Link to comment
Share on other sites
TUXs

TUXs

Posted
Posted
I think that BW are focusing their efforts on finding the "bank" characters that these goldsellers are using to store the credits on rather than taking down or stopping the farmers and spammers.
The bank characters aren't the issue...the spammers are. I honestly don't give a flip if someone sells or buys credits, it's the SPAM that's driving me nuts. They need to pay someone to sit and monitor chat and reports of spam. It's the easiest, cheapest and quickest way to stop it.
Link to comment
Share on other sites
Loomi

Loomi

Posted
  • Author
Posted
The bank characters aren't the issue...the spammers are. I honestly don't give a flip if someone sells or buys credits, it's the SPAM that's driving me nuts. They need to pay someone to sit and monitor chat and reports of spam. It's the easiest, cheapest and quickest way to stop it.

 

No, it most certainly is NOT. Paying someone to monitor 22 servers, both Imperial and Republic, as well as all 21 planets, both Imperial and Republic, and 44 Fleets is a logistical NIGHTMARE. That is 130 separate chat logs to monitor 24/7. You would need at least 3 people just to monitor a fraction of them for an entire 24 hour cycle.

 

For each person they pay to split up the workload then further increases the cost.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.