New server Security...

[Armo2]

Well I have just finished my server and I want to try to make it as secure as possible so that it would be really hard to bot, hack and dupe.

So far I have only done a few things..

1) I made it to where you have to put a code into the game when you first start

2) No duel clienting

3) Storage Passwords

4)E-Mail change password on CP

So I was wondering if anyone knew any bots or dupes that are possible... Because I would like to test them on my server before I open it to the public.. Thanks so much

[Guest]

sadly, bots are always possible, no matter what you do

but just a warning, don't you think all those measures are going to annoy your players a bit?

[Aris]

i personally wouldn't find the entering number thing when opening the client annoying tbh. its not a very effective anti bot tool tho...

disabling anti dual clienting is easy also if you know how to and you can find lots of guides using google...

tip: look at bot/hacker forums like openkore and koaxia regularly. it helps millions.

[Anti-Static Foam Cleaner]

Man, I can't stand the Epilepsy Warning on Valkyrie(Basically you need to click "agree" every time client starts) and you want me to enter CAPTCHA?

[Armo2]

Listen it is not to hard to enter a simple 3 number code. I was wondering if it would be possible to make it to where you can still chat/Trade/PM without entering the code so if the don;t want to they Don't HAVE to just wondering lol

[Artariko]

I dont know any =P and this is my 100th Post

[asdfqwerty123]

1) I made it to where you have to put a code into the game when you first start
keep

2) No duel clienting
keep

3) Storage Passwords
remove

4)E-Mail change password on CP
keep

If someone else is on their account, a storage password is like a lock on a safe next to a pile of cash.
Most people keep their best gears equiped and zeny on-person. 
It's pointless, most people would make it the same as their regular password anyway. 
The only thing that does is cause a lot of grief for you when 30% of the players forget their storage password.

[Shinae]

I wouldn't make so tight security. Rule breakers have their ways to go past all security. And too tight security may scare away some players.

Botting and Multiclienting you can make secure by getting good and active GM team that deals with them and having a good report system for players if they suspect anything.

And like Zairik said players will forget their storage password. It's not really much real use. And usually it's gear that you wear that counts.

[Hutchy]

Why does everyone hate dual-clienting so much? O_o

[Guest]

Why does everyone hate dual-clienting so much? O_o

because it means that i can get one character that can kill monsters very efficiently, then just leech a thousand other characters till theirs no end

[Hutchy]

Ohhh, makes sense. I used to do that to my boyfriend's character after his computer fried, didn't want to level without him XD

[Guest]

Ohhh, makes sense. I used to do that to my boyfriend's character after his computer fried, didn't want to level without him XD

xD i hate leeching to be honest, RO is suppose to be a MMORPG, with emphasis on massively multiplayer

[Shinae]

Multi-client kind a kills some aspects of game. Less partying. I don't like heal and buff slaves. I don't personally like using slaves and many times I choose not to, so it makes me suffer in PvP and WoE if I don't use them. Also I hate having endowers to make my level faster etc.

I hope there would be more servers that don't allow it. Currently almost all servers allow it.

[Hutchy]

Ohhh, makes sense. I used to do that to my boyfriend's character after his computer fried, didn't want to level without him XD

xD i hate leeching to be honest, RO is suppose to be a MMORPG, with emphasis on massively multiplayer

Well yes, but I sure as hell wasn't about to level alone and leave him in the dust because his computer kicked the bucket.

[cheesestix]

In terms of botting, other people have already covered it. If you have a good bot hunter and you educate your players on how to detect and report bots, then it shouldn't be too hard to keep it under control.

For duping, I've heard it happens most often during lag. Anyway, it's hard to prevent it from happening, but there is a new system that can make it easy to find duped items. It's a system where every non-stackable item is assigned a unique serial number. Therefore, if you find any repeats in serial, you'll know that it's duped. It also makes it easy to track items, such as in cases when a player is hacked. But, it's not officially supported by eAthena for reasons I won't dwell into.

For hacking, there are usually two possible cases. A person who is actually hacked, or a person who shared their account and it got stolen.

For the hacking scenario, there are a few ways that it can happen. One common way is done by either something called bruteforce, which is a program that tries every combination of letters/numbers in a password field until they get the right one. Possible ways to prevent this is to make sure your player's account ID is exposed as little as possible. For instance, you might want to advise your players to use a different forum name/character names from their account ID. If the hacker doesn't know a players account ID, it makes it extremely difficult for them to hack. Also, temporarily blocking an account after a successive number of failed logins can also help.

Another common hacking incident is taking advantage of an exploit. This can be something in a custom script that wasn't properly checked, or a Control Panel with vulnerabilities. It's important to choose which control panel to use carefully. From what I've heard, ROCP has some issues, which is why our server switched from it. I'm not going to say which CP is safe, because it's hard to say really, but I would suggest you read up on other people's experiences with them.

As for stolen accounts... that's extremely hard to prevent. No matter how high you set your server's security, you're going to run into a bunch of people reporting "hacked accounts" which are really just stolen accounts. In my case, our server's official stance is that we won't deal with accounts that were stolen because the player shared their password... but we still do it anyway =/