I am trying to reduce the cooldown on the hearthstone and inscription research spell-like effects. I have identified the hearthstone item template and imported the hearthstone spell into spell_dbc. I have set the spell category cooldown to 1 second, but I am experiencing a strange issue. On use, the hearthstone is set to a 30-minute cooldown and not useable during this cooldown, but on logging out and logging back in, the correct cooldown is displayed and the item is useable once the cooldown has expired. I suspect that the client is tracking the cooldown of the hearthstone independently of the server. But I have no clue where to begin looking to fix this. Has anybody successfully made a change to spell cooldowns, and would you be willing to point me in the right direction?
Thank you!
Not a solution to your problem, but I'm pretty sure that what you are experiencing is actually an intended behavior to discourage hacking.
I think what is really going on is your login credentials are being used to create a secret that is then passed into the rest of their program, which is then used as a reference point for debugging.
Because they know the intended behavior of their own game, they can check to see if the results of arguments sent from your machine are within expected parameters.
And because your modifications fall outside of those parameters, what the developers decided to do was to change the cooldown to something sufficiently annoying to detect who keeps on manually logging out and logging back in again.
I studied programming in college, and I'm telling you that if you know enough to change the cooldowns locally, you should try doing something more productive. Either find another game to play at the same time, or just do something completely different from gaming altogether.
Hope somebody double checks what I have said here for accuracy, because I am curious to know if I am correct about my assessment.
The solution is to delete the client cache.
Related
Hoping to get some insight into the behavior I am seeing while trying to use GameLift Matchmaking.
I have my configuration setup as such that it does not require player acceptance, as such:
GameLiftMatchmakingConfiguration:
Type: AWS::GameLift::MatchmakingConfiguration
Properties:
AcceptanceRequired: false
...
When I go to the GameLift console and into the configuration I see that it was correctly set as well that it does not require acceptance.
This is where I am confused, because now I have it working where it places 2 users in PotentialMatchCreated and I get this event from GameLift. Then 30 seconds later, I get more events stating that these placements timed out and searching again.
The configuration documentation states that AcceptanceTimeoutSeconds is only required if AcceptanceRequired is true, which it is not for me.
the acceptance documentation states that you only call this When FlexMatch builds a match, all the matchmaking tickets involved in the proposed match are placed into status REQUIRES_ACCEPTANCE
Which its not, its in PotentialMatchCreated.
So my question is, what do I have to do to confirm a placement once GameLift places 2 users into a match? I am a bit surprised because I thought that the fact that it doesn't have to be accepted would mean that its automatically accepted match.
Also theres very little documentation I found regarding what to do in this situation, given the nature of this service not being as known as others I totally expected that but really hoping someone can help me on what to do next.
Any insight or help is greatly appreciated.
UPDATE1:
Additional information: I do not need to utilize GameLift fleets or builds at all. We have a browser game we are building and just want to utilize the matchmaking feature. So we dont have any game servers or anything like that, its just on our website where they would play the game and use our api's/websockets that puts the matchmaking on the server and notify the client when a match has been found with all the subsequent details.
UPDATE2:
To confirm my suspicions I decided to actually try to use the accept match endpoint and see what happens. Just as the documentation states, you can only accept a match if it requires acceptance. I get an error stating that I cannot accept a match that is not in REQUIRE_ACCEPTANCE state. Guessing this is a bug on AWS's side, I don't see any other endpoints that I can hit for being in state PotentialMatchCreated.
Figured out the issue. It has to do with the FlexModeMatch on the GameLiftMatchmakingConfiguration. For my use case, just needing matchmaking, STANDALONE is the correct implementation because we aren't having GameLift actually create game servers/sessions for us. I had mine using WITH_QUEUE which is why I believe I was having issues. Seemingly working correctly now.
Apologies if this has been asked/solved before. I've done a fair bit of searching but can't seem to find a direct answer to my problem.
I'm still very new to asp/vb coding.
I've created a complex calculator in asp.net using vb.net.
The user fills out a few text boxes with information then clicks the calculate button. The program then accesses an sql 2014 server to collect more information based on information the user has entered, then uses the information to run a few very complex calculations (I don't completely understand the calculations behind it).
It all works fine and is able to give the correct answer, the problem I've found is if there is more than one user accessing the site and they happen to click the calculate button within the same time, whoever clicked the calculate button first gets an error whilst the person who clicked second gets an answer.
I'm not sure if this is to do with how it accesses the sql database for information or if the information is somehow being overridden.
I was hoping this would be a common problem, but can't seem to find anything on it, at least I may not be asking the right question when searching.
Unfortunately for security reasons I'm not able to post any code for it (I'll see if I can get permission) but am hoping that someone has come across something similar and knows a work around. Maybe to have the site wait until the first round of calculations is complete before initiating the second round?
Thanks for your help in advance!
Please make sure that you should not use any shared variable in calculation because shared variables are common for all users. Also check for application variables.
I can understand, but if those public variable's value changed at one place, then after everywhere that variable's value will be new even if you are in middle of some processing.
Is there a way to determine if the request coming to a handler (lets assume the handler responds to get and post) is being performed by a real browser versus a programmatic client?
I already know that it is easy to spoof things like the User Agent and the Referrer, but are there other headers that are more difficult to spoof? Maybe headers that are not commonly available in classes like .net's HttpWebRequest?
The other path that I looked at is maybe using the Encrypted View State to send a value to the browser that gets validated on the server side, though couldn't that value simply be scraped from the previous response and added as a post parameter to the next request?
Any help would be much appreciated,
Cheers,
There is no easy way to differentiate because in the end, a post programitically looks the same to the server as a post by a user from the browser.
As mentioned, captcha's can be used to control posting but are not perfect (as it is very hard but not impossible for a computer to solve them). They also can annoy users.
Another route is only allowing authenticated users to post, but this can also still be done programatically.
If you want to get a good feel for how people are going to try to abuse your site, then you may want to look at http://seleniumhq.org/
This is very similar to the famous Halting Problem in computer science. See some more on the proof, and Alan Turing here: http://webcache.googleusercontent.com/search?q=cache:HZ7CMq6XAGwJ:www-inst.eecs.berkeley.edu/~cs70/fa06/lectures/computability/lec30.ps+alan+turing+infinite+loop+compiler&cd=1&hl=en&ct=clnk&gl=us
The most common way is using captcha's. Of course captcha's have their own issues (users don't really care for them) but they do make it much more difficult to programatically post data. Doesn't really help with GETs though you can force them to solve a captcha before delivering content.
Many ways to do this, like dynamically generated XHR requests that can only be made with human tasks.
Here's a great article on NP-Hard problems. I can see a huge possibility here:
http://www.i-programmer.info/news/112-theory/3896-classic-nintendo-games-are-np-hard.html
One way: You could use some tricky JS to handle tokens on click. So your server issues token-id's to elements on the page during the backend render phase. Log these in a database or data file. Then, when users click around and submit, you can compare the id's sent via the onclick() function. There's plenty of ways around this, but you could apply some heuristics to determine if posts are too fast to be a human or not, that is, even if they scripted the hijacking of the token-ids and auto submitted, you could check that the time between click events appears automated. Signed up for a twitter account lately? They use passive human detection that while not 100% foolproof, it is slower and more difficult to break. Many if not all of the spam accounts there had to be human opened.
Another Way: http://areyouahuman.com/
As long as you are using encrypted methods verifying humanity without crappy CAPTCHA is possible.I mean, don't ignore your headers either. These are complimentary ways.
The key is to have enough complexity to make for an NP-Complete problem in terms of number of ways to solve the total number of problems is extraordinary. http://en.wikipedia.org/wiki/NP-complete
When the day comes when AI can solve multiple complex Human problems on their own, we will have other things to worry about than request tampering.
http://louisville.academia.edu/RomanYampolskiy/Papers/1467394/AI-Complete_AI-Hard_or_AI-Easy_Classification_of_Problems_in_Artificial
Another company doing interesting research is http://www.vouchsafe.com/play-games they actually use games designed to trick the RTT into training the RTT how to be more solvable by only humans!
For some reason we still don't have this feature yet. We can make it work using zip codes, but how about City or State? The Views set of Modules are great and I would love to see Proximity Search options expanded. There are requests for this in the Drupal forums: http://drupal.org/node/489904 but that thread has been stagnant for months. The "fix" is inconsistent and no longer works on my end, using Views and Location series modules. Does anyone know a workaround to this issue? The custom module shown in Drupal forum worked at some point with limitations, but now its no longer displaying any search results. Trying to hit this from any angle -- have the US zipcodes in MySQL database for the former configuration; have Apache SOLR ready to go; even got Spatial SOLR ready to go if that ever picks up. Any help much appreciated.
I think one of the problems is city names are not necessarily unique. (zips are)
You could have the same city in different states.
For states, it's even less reliable because their area can vary a great deal and proximity search around a state would be very unreliable for states which don't have circular shapes.
So the module should have an extra step showing "did you mean.." results in case there are more returned (if possible).
I don't believe there is a workaround, it will require some coding to implement this in views.
I would start in location.views.inc around line #493, adapting the logic for the current zipcode handler. Look for the location_latlon_rough function in location.inc.
May be you have to try geoname module im not sure you should try
http://geonames.edesign.no/node/13
Give a try
Thanks,
Gobi :)
Beside IP blocking and probably using a cookie (if the user changes the IP but doesn't remove the cookie, the new IP is added to the banned list, so the IP has to be changed and the cookie has to be removed together to access the site), is there any tricks one can use to block an annoying user from a website, I know that nothing will work with a savvy user but I'm trying to make it harder for the less savvy ones, any suggestions?
Edit: I already have registration in my website, the point is that this is useless to stop determined users (they can simply create other accounts).
#rifferte,
Actually I'm already building a moderation section where moderators can remove posts and suspend members, also members can report abuse and spam, I'm not trying to make this impossible, simply there's no way to do this, I'm just trying to get rid of the less savvy ones (the majority), and not forever, I'm planning to block them for a certain period of time (probably a couple of days or something like that).
Any overt form of censure on an existing user could lead to the forum equivalent of an arms race. One school of thought pushed on the SO podcasts is to flag the offending user and remove their posts from normal view, but include it when they (the bad user) are looking at the site. That way, they think the community is ignoring them and it makes flaming less fun. If the site isn't trying to stop them but their efforts at flaming are fruitless, they will likely just walk away.
See also this blog by Jeff
One of the best approaches I've ever encountered is the "Tachy goes to Coventry" feature in vBulletin. Adding a user to this list places them on a global ignore list that applies to everyone, except themselves.
So, they continue posting and everything appears normal from their perspective, yet their posts don't disrupt other users. Amazingly, these users rarely seem to figure out what's going on, they're so satisfied with the havoc they think they're wreaking undeterred.
Disruptive users tend to fizzle out very quickly when everyone's ignoring them. Once they give up, you can bulk delete all of their content in one pass that takes relatively little administrative effort.
What sometimes seems to help is to:
Make sure that accounts need to be "mature" before they may post.
A reputation system not unlike stack overflow (Account gone = reputation gone) :)
Use authentication providers like OpenID. It is more work to create multiple accounts that way
The simple fact of the matter is: If someone can do everything after creating an account, the account does not have any extra value. Once an account has some extra value (i.e. someone needs to put some good work in an account to get more privileges) you'll see that abusers will probably go to other websites.
I believe you will be in a constant cat and mouse game if the user has that much time to burn.
Your best bet will be to involve some human element to the site's registration process, to properly research any particular users. Not elegant, but without knowing more about your site there isn't too much more one can say.
Now that the question has been further refined with extra information, I'd like to change my answer.
Problem users in forums site exist because other users feed them.
How about trying an approach where if you identify a problem user, then you silently hide their posts from your site from OTHER users, but not the problem user. The theory is, that the problem user 'thinks' that their post made it through, but since it's actually hidden from all other users, nobody will reply to the problem user, and with any luck, they'll go elsewhere where they're getting feedback.
Can you trust your "good" user base to flag bad/annoying users?
Something like craigslist: if a user is flagged as annoying by a few users, their account is temporarily unable to post for a period of time. If this happens a few times, their account is suspended?
Just a thought.