| there's a surprisingly large amount of low hanging fruit before you even bother going to ML. i've worked with a few asian MMO publishers, and before you dive into full on ML or start sending users' clipboard contents and bank website window captures to notoriously shitty and useless korean anticheat companies, there are some very big things you can do: - count gains, portal entries, dungeon entries, etc, then sort descending. players that are gaining experience 24 hours a day, or gold 24 hours a day are rarely, if ever, legitimate. - even if this does not entirely get rid of gold farmers, it causes interesting points where they are suspicious of whatever software they are using, rather than suspicious of the inhuman fact that they have not stopped attacking for 84 hours straight - one lazy thing i've seen take down massive (warehouse-scale) gold farming bot operations is having the game send out broadcast discovery packets. these large scale operations are usually piles of optiplexes or similar on a flat network, and a discovery packet will be noticed by every other device running your game on the network. instant breaking through a different VPN per device, linking all accounts together. - trace currency, and on top of that, trace timings. often, bots will do something like "farm until inventory full" and then transit back to trade it off, then return to the same map with incredibly tight timing. the biggest problem you will have is that asian mmo companies don't give a fuck about anything other than their cash shop, and just slap on the cheapest, worst, most insecure malicious and privacy violating rootkit anticheat they can find as a bandaid while the underlying game code is incredibly vulnerable. writing a sql query is too much effort to care, same with having human review. |