Posts by TheJoker

Wow. I hate it. OGame does not need new bells and whistles, it needs balance, and this is going in the exact opposite direction.

The release of the player classes, and particularly the discoverer, were a disaster. Yes, they are fine now, but the initial Discoverer implementation introduced a brand new way to getting significant amounts of resources with very little risk, completely disrupting the economy. It was also incredibly easy to build bots for, so we saw the rise of giant bot controlled accounts, that can't be acted on now, since Gameforge isn't interested in or isn't capable of detecting them, and many of them have transitioned back into human control.

I was hoping to say "Well, at least it can be turned off via a Server Setting when they realize it's a bad idea", but that's not even the case. If you look at the Server Settings, there's nothing to control turning it on or off.

I am incredibly concerned that with the advent of the mobile app, it's going to increase the number of bots in the game, which is one of the biggest problems OGame has. I am happy to go into detail, but not in a public forum.

It feels like GF wants to turn OGame into a "traditional" mobile game, ala Clan Wars (I think that's a mobile game, I don't play any). I think the most hardcore OGame players play it because it's NOT one of those games.

As Gameforge adds these types of features, without addressing bigger problems like "How do make players always feel like they have a change to become the #1 in a universe, incentivizing them to keep playing", and thus preventing Unis from dying off, they will bring in more players but drive away their most loyal players.

Tomorrow the PTS universes are going to be updated to 9.0.0-beta5, which (to me at least) is the first public preview of the update.

April 26: Version 9.0.0-beta5 (PTS only)

There is no changelog yet, but with the previous major version updates, Gameforge has fundamentally changed the way OGame is played, either greatly improving or ruining it, depending on your view. The biggest example of this was the Discoverer Class, and the introduction of a brand new major source of income, completely out of balance with regular fleeters or miners.

So, with the new release coming out, what might we see? Nothing is too wacky of an idea.

I saw the Superuser cluster post, but that's never going to happen. I didn't think it was worth responding to.

It's a huge amount of development work that GF won't want to spend, plus incredibly confusing for players, and you will utterly fail to balance across universes with different specs.

This proposal requires minimal development effort, and limited specs. It's clear at any point in time when specs you are playing, with fast growth for small accounts and slow growth for the largest ones, so they converge.

As a follow up I forgot to mention, I don't think the cluster should be created all at the same time. Instead, I would expect the Cygnus universe to be created, then Belinda a few months later (and rebalanced at that time), with Atlas last.

This suggestion tries to ensure universes stay relatively balanced in terms of points, as well as maintain a maintain a healthy player pool for an extended period.

For the purposes of this example, imagine a cluster of three universes with the following specs (names taken from the recent .org exodus universes)

Universe Atlas - 2x Eco, 3x Fleet, 3 Galaxies, 50% Deut consumption, 70% DF, DiDF 10%, must stay out of VM for 24h after emerging

Universe Belinda - 4x Eco, 3x Fleet, 7 Galaxies, 50% DF

Universe Cygnus - 6x Eco, 12x Research, 3x Fleet, 7 Galaxies, 30% DF, No ACS

Looking at these specs, it is clear that Atlas is a very aggressive universe, designed for fleeting, and Cygnus is a very passive universe, good for mining. However, they all have the same War Fleet speed, so while each may have different play styles, fleet timings would be identical across each.

Every 3-6 months, these universes would be rebalanced via a forced merge process. Imagine if all the accounts across all three universes were ranked by points, and then the top third merged into Atlas, the middle third to Belinda, and the bottom third to Cygnus.

Additionally, during the merge periods, players would always be given the option to move up to a stronger universe, so if one member of an alliance is going to be moved, the rest of the alliance could follow and stick together.

Per this logic, Atlas should almost always contain the strongest, most aggressive accounts, Belinda the middle tier, and Cygnus the "newbie" accounts.

Each of these three universes would still be available for direct registration, in case players want to start in "easy", "medium", or "hard" mode.

Because Atlas is so aggressive, I expect players to be hit there, and the player pool would decrease, but it would always be refilled by the strongest players from Belinda.

On the other hand, because the strongest players are constantly being removed from Cygnus, it becomes a "safe" place for players to learn how to play the game, without being forced to play a universe where the top players have hundreds of thousands of points.

Duplicate account rules would still apply in all of these universes. Players may have one account in each of the universes, but should two of them be merged into the same universe, they may only play one of them.

Nah, not cool to post a hit and hide your fleet. Can't have it both ways.

Pink, mad props to you, for taking hits like a champ.

I'm sure it hurts, but you'll be able to build back, I'm sure of it.

Quote from GaIactus

Quote from dmented

...

Nice hit again, this universe is becoming interesting

Funny how things get interesting when some of the "Uniquely" built and played accounts go away.

As for "whose fleet" that is, it's Mike's fleet. He built it originally, handed it over to me at one point to care for, and it's only fair he takes it back. I learned almost all I know about fleeting from him.

All's y'all that like to snipe on the board, let me know when you build up fleet as fast as he did.

One thing that people won't realize about this hit is how much trust there was within our HOT team to make this happen.

I trust Mike 100%, and this beauty is what can happen when we are all working towards one goal.

Great hit man, amazing profits. Keep it up!

When I first read this post, I was sympathetic. OGame is a war game, and you can play it however you want (within the rules), but it helps nobody if you’re a jerk, and prevent others from growing.

in this situation, you are being the jerk. You seem to have an expectation that everyone will leave you alone, and when anyone shows any interest, you become incredibly hostile, in the form of MD’s, spam multi day attacks, and abusive messages.

It’s one thing to probe someone back when they probe you. If someone is actively hunting you with a mobile, popping their moon overnight makes sense. Myself, I have certainly had IPM parties where I’ve launched 10k+ ipms at a moon I wanted to pop looking for a fleet.

Going haywire when someone settles in your system, and starts looking for profit makes you the bad guy. I’m 100% with Deperado and crew here.

You made your bed, now you must lay in it. However, I hope you allow me to give you some advice.

1. Stop holding the grudge. You messed up, continuing to be pissed at players that are stronger than you won’t help.

2. Lay low, and don’t give them a reason to keep trying to knock you down a peg. Don’t spam their overview with attacks, don’t pop their moons, don’t IPM their defense. Reasonable probing is fine, and if you find a profitable hit, it seems very reasonable to take it, even against them. They won’t hold a grudge forever if you don’t.

3. Play defensively. Learn to properly protect the red on your colonies. If you suspect your defense is going to be destroyed, don’t build defense, and build mines/facilities/research/ships instead. Keep your ships in the air where they can’t be hit. People in this game generally only care about attacks for profit. Stop giving people a reason to attack for reasons other than profit, and don’t set yourself up for profitable hits.

A few final thoughts: I, nor likely anyone in HOT, will take a headhunt from you on anyone you have complained about in this thread. Not because I’m friends with any of them, or I don’t want to recycle their fleets, but because I don’t want to encourage players with poor sportsmanship/manners into thinking they can always bring in a bigger fish to save them. I doubt anyone else will help you either, given the full story.

And buddies

Quote from Johnny Cash

Quote from TheJoker

They moved to graveyard. Who knows where they'll end up.

You sure? I checked coords, it shows banned?

I believe the way the graveyard script works is it bans the account to make sure nobody can log in and change anything, then copies all the contents into the graveyard server. The original account is then deleted, and only the graveyard copy is available. I'm guessing those accounts will be deleted in 5 or so days.

They moved to graveyard. Who knows where they'll end up.

So long! I hope you end up somewhere nice, and eventually get the same experience as others who grew their accounts the same way you did. You deserve it!

General George , it would be lovely if some a "off the shelf" solution exists, but I assure you it does not. I no longer work on an anti bot team, but I am still friends with them. There are no "pay a license fee, install software, and suddenly all the bots will stand out" software. It is dramatically different from simple ddos's or script kiddies, you need individuals to do more detailed analysis with the context of OGame.

If you want to see a closer comparison, find some blog posts where people analyze malware samples, decompile them, and post how they work. What GF needs is not that intense, but that type of thinking, where a popular bot is investigated and understood how it ticks.

Cavabien Sorry, but you just caught one of my pet peeves. You don't just "throw machine learning" at a problem and it magically goes away. For this particular situation, you don't need machine learning, you just need investigative skills, and to look for identifiers.

nanogram You are right, I'm sure writing the "make sure they have metal mine 3" code took barely any time at all. However, you are missing all the other parts of the software development lifecycle.

* Figuring out an appropriate threshold to avoid impacting legitimate users (why not MM 1? Why not MM 10? Why not a combination?)

* Writing the code

* Testing the code in a variety of environments

* Deploying the code (any any other changes made around the same time) to hundreds of individual ogame servers.

You may say "Well, you can skip some of that, it's a simple change!", but in software, no changes are that simple. I know a guy who took down the api of one of the largest sites on the internet for ~15 minutes with a "simple one line change" to fix a security issue. I personally have taken down my team's system with a "perfectly safe change", and then fixed it with a one line change. When you act in software without thinking, you take on a huge risk that can have dire financial consequences, and it's not worth your job to do it fast, it's far better to do it right.

Quote from General George

TheJoker

Whilst I agree with some of what you have said, there is one point I disagree with. All companies need to protect themselves against Viruses and DoS attacks etc. But that doesn't mean they employ experts to write some anti-virus software - No, they buy it from somebody else already expert in the field. The same is true of most forms of protection from spam/virus/DOS/Bot - Buy it from the experts in the field. There are many game publishers out there doing exactly this. There is nothing stopping GF from adopting a similar strategy, and across all their games, the cost could be easilty distributed and thus minimized.

And guess what - Their reputation might not be complete TRASH then.

It's not rocket science - Instead, it is science that has been around for decades. Of course it is an ongoig battle between hacker/bot and security provider. Which is exactly why companies don't do it themselves - they buy software/hardware/services from the companies setup to fight this battle for them.

Display More

DDoS and botting are very different, have very different goals by the malicious parties, and need to be handled very separately.

In a DDoS, the attacker is trying to spend as few resources as possible to generate a large amount of load on the system, denying legitimate users access. They tend to be unsophisticated and "standard" regardless of target, and Cloudflare or other CDN / protection companies are definitely better qualified to solve it.

Botting is different. Someone has spent a significant amount of time understanding exactly how the game ticks, and how to mimic a real human. The goal is to minimize the load on the server and not stand out. This is not something a standard firewall / abuse detection system can catch. There are no big companies with turnkey solutions to say "this is coming from a real browser" that cannot be gamed by a bot developer who plays the game.

You also suggested "Well, it works for video game companies". Yes, Call of Duty and others do often share anti cheat software, but the huge difference is that for desktop games, the client has much more control over the system. The game client can investigate its own memory, look for cheating processes, and report back. OGame can't do that. It runs in a browser, actually many different browsers, and the javascript or "client" code doesn't matter, it's simple enough that bot owners don't need it, they can pretend to be a real browser.

Besides that, Anti-cheat systems can backfire for desktop games, banning legitimate players and actively damaging users machines. They aren't a silver bullet.

The only way OGame will get its botting situation in check is the actually invest in working on it. It doesn't generate revenue, and suits hate to invest in anything that doesn't generate revenue, but long term creates a much more healthy environment for the game.

It's so cute watching people here argue about "There should be a captcha!" or "There should be X" to stop bots. It is similar thinking to when I initially started working with anti botting measures at my job. What you are describing is a game of cat and mouse, where GF makes a change, botter's respond, and everything goes back and forth forever. This will never work long term, there will always be people willing to pay for captchas to be solved, or easy ways for bot authors to find ways around the countermeasures.

Why will it not work long term? Because the cost to Gameforge is incredibly high, while the cost to botters is incredibly low. GF has to pay developers to write the changes, test the changes in a variety of environments, roll out the changes, etc, while botters just have to make minor tweaks. If GF messes up an update, it affects all their legitimate users, if botters mess up an update, enough probably still functions that their customers fleets are safe.

The only scalable approach to bots is to look for behaviours that clearly distinguish them from legitimate players, including behaviours that are not visible to other players or perhaps GOs. Then, silently create a list of all those accounts. Ideally, you find distinct behaviours from a few different types of bots at the same time and track them separately. Once you've collected several days worth of data, and verified enough to be 100% confident the accounts are bots, you ban them all at once.75

Moving forward from that, you keep looking for unique behaviours, build up new lists, and only ban bot accounts in batches every 2-3 months.

Why so infrequently? If you ban a bot immediately when you recognize them, you reveal how you are recognizing them to the bot owner. You ban in batches, all at the same time, and bot owners have to guess how you found them. They change a few things with their bot, and maybe fix the identifier you found, but they only know if they "fixed" it every couple months.

The other part of making this plan work is to take away most bot investigation responsibilities from GOs. Don't let volunteers know what signals you're looking for, what accounts will be banned in the ban wave. Some of the behaviors are probably not visible to GOs, and they don't have the tools to investigate them, but also GOs are volunteers, who may be working with bot authors. With employees, you at least know much more about the person and can take legal action if they are botters, volunteers can disappear into the wind.

Over a year ago I ended up in a Discord chat with a couple of botters. They wanted to use us as bait to take down someone they hated, and I assume then turn on us. In this chat, they told us what bot they used, how they used it, etc, I assume maybe to get some sort of referral bonus. I ended up gathering a list of their account swarm, and submitted it as a ticket, offering to provide any additional details they needed from the discord logs.

The GO replied 4h later that they were looking into it. 30 minutes after the GO reply, the botters had scrubbed their messages from the chat. I am wary of that coincidence.

I then reached out directly to GF, and was able to get in touch with someone. With their blessing, I investigated the bot software (I'm a software engineer with an anti-scripting background) and identified several tell tale signs that that a bot was controlling an account. Most of these signals were ones that other players in the universe couldn't notice, and GO's probably can't investigate, but could be detected with software and server access.

I sent a report of these findings, and have not heard anything back. The bot accounts I submitted have been renamed several times since, I suspect some have changed hands, and a few of them have been banned, but I don't have enough proof that any GO could act on. Overall, I've lost my faith that GF is willing to dedicate the necessary amount of resources to put a stop to them.

Thank you to (most) GOs for the thankless work you do, and I appreciate that you are doing what you can, but you're hopelessly outmatched and undergunned for the progress players really hope to see.

And no, I will not be posting that report publicly, nor naming any software. If anyone at GF sees this and is interested in such work, I'm happy to continue if I get a better understanding of how much effort you're able to expend from your side towards this problem.

Quote from Allucien

I mean, if anyones going to get a push its going to be more of the accounts taht have already recieved it, plus despite all that, how can it be cheating if the attackers are a few billion points below lmao

Good point. This hit wasn't arranged, but even if it was, all three of our accounts are lower rank, pushing rule doesn't apply.

Back2Black is probably either the defender or someone associated with them. Super suspicious to create an account just for this, but not for the point jump they are so concerned about. Board mods could confirm, but we will never know.

I appreciate Allucien and all the Closed folks chiming in here. We had our differences and rivalry for a long time, but despite the bickering I think there was a general understanding both sides were honorable players. I wish we could get back to those days, pre v7 and giant accounts materializing out of thin air, and continue that rivalry, but I consider Cygnus a lost cause. See you in another Uni!