|
Post by FunkySwerve on Jul 23, 2019 16:52:06 GMT
Hi all, Hope your summer is treating you well.
Last night we pushed an update to address an exploit involving easy access to thousands of canopics, and thereby extreme amounts of XR gear and subraces. In terms of scale, this exploit was worse than any previous in terms of potential effect on the server economy. Fortunately, it was discovered relatively quickly, and stopped. Only two players had utilized it, though around a dozen playernames were affected.
Unfortunately, by the time we had a fix in place, the players in question had already converted many of the canopics to XRs and subraces. This left us in a difficult position because while we have sufficient logs to delete all improperly earned items, that process would require absurd amounts of time, and would impact other players they had traded with. Another alternative wass wiping all toons involved, but that could have left some gear on other toons. Still another option was banning, but we deemed that unduly harsh, despite the immense harm this exploit was doing to the server economy.
In the end, after discussion, we opted to wipe all subraces obtained by the players in question beginning at the time the exploit began, wiping all bank accounts accessed after that point, and deleting some canopics held on characters. That said, we are working to find time-efficient ways to deal with remaining ill-gotten gains, if we determine that there are enough to warrant further action. This may involve wiping out XRs or Subraces purchased with the canopics on a toon-by-toon basis, or simple deletion of remaining canopics.
While we are disinclined to reveal the identities of those involved, we also want to ensure that they do not further obfuscate the situation by trades with other players, which would massively increase the amount of time we would have to spend to undo things, and which would risk losses to innocent third parties. Please refrain from trading XRs or XR subs until I or Sabregirl post here indicating that we are done purging items. We strongly suggest a brief hiatus on all trades while we finish reviewing the situation, though we will do our best to avoid impacting other players.
In other news, I want to apologize for the lack of many recent updates. We are still working hard, when time is available. I can promise that the next area set to be added will release sometime in August.
If anyone has an questions, don't hesitate to ask.
Thanks for your time, Funky
|
|
|
Post by woqued on Jul 23, 2019 18:12:02 GMT
Exploit? depends on the extent and nature of the exploit. Cheat? Singleplayer? sure. Multiplayer? Meh, for real. But getting others involved? Going from 0 respect into disdain territory. Have a nice summer lads & gals.
|
|
|
Post by manuka on Jul 23, 2019 21:01:39 GMT
Wow I'm pretty disappointed that you handled it this way. The exploit is simply opening a portal into limbo p1 and instead of talking to sneedam you attack him. This required massive firepower and skill. He would drop 50c, 3burs and set loot. I maybe gained 20thousand canopics from killing him at a rate of 1000c an hour. First of all this is a tiny amount of caopics for me as I have gathered over 200thousand canopics from soloing limbo at a rate of 100-200c a hour and doing normal limbo runs with people putting in 1000s of hours of farming. That fact that you decided to delete over 10x the loot that I gained from killing sneedam is pretty horrible. This exploit wasn't cheating. Or hacking. I simply used what was in the game. We have been doing many "exploits like this over the last year and they just get patched with no consequences. I have even been told you are alound to do whatever you can ingame. Some of the other exploits are if you go in limbo p2 map2 and gs you can run past it. I believe even sabre and chain link both DMS have done this yet they havnt had her loot deleted? Another one was you could rest in limbo p2 and kill the rest spawns and get their loot. Again no loot was deleted. Another one was back when you could recharge your ring as much as you wanted after killing the spawning stone boss. Then you run around in gas with a cleric eradicating all the black and white salads let it respawn and repeat. I believe the UTs discovered this one. Again no loot was removed. Many more people than just 2 have abused these exploits yet you decide this one which only affected 2 players who were already some of the richest on the server before the exploit.
If you don't want people to use what you put in the game then why were we never told that we cant do these things. I suggest you return all loot taken and put your time and effort into fixing the server and making new content rather that deleting loot that was fair game.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jul 23, 2019 21:16:25 GMT
Really? We are supposed to be crying for you right now? An exploit tipping the economy is pretty severe and you took full advantage of it. Even despite your skill in earning canos the legit way.
Not even a shred of remorse. Wow.
Perhaps you should be satisfied that you didn't get banned. Count your blessings and go use that skill to still be able to gather canos the correct way.
|
|
|
Post by rainbowdash on Jul 23, 2019 21:26:24 GMT
I think Manuka/Prep should get a golden star on top off all the loot refunded... I mean he found a faulty bit in the server and showed it to the admins by spamming redicoulus trades in !bazaarchat. Great community service right there. And they didnt abuse it as much as they could so people ..... get some common sense.
If this was a democracy i'd vote ban for pretty much the reason woki stated above. Sadly the DMs are way more good-hearted than me :/
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jul 23, 2019 21:30:13 GMT
One more note: the 600 canos for an xr wep (instead of the 1000 in guild) is making a whole hell of a lot more sense. Thanks for clearing that up!
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jul 23, 2019 22:04:35 GMT
What an exciting day for me to check the forums again! Don't have a dog in this fight so the outcome here doesn't matter to me at all, but it's worth noting that 'exploits' on HG have always been a grey area.
Server Rules: Outside of blatant hacking, it's never been clear about how exactly to define an exploit - which exploits are 'okay', which ones are 'bad', what the penalty should be if DMs aren't contacted... If you define it as "taking advantage of the game's scripting to do something not intended by the devs that makes the game easier", then most players have been guilty of this for a long time in various shapes and forms. Some 'exploits' in my time that were very common and openly used and shared by many players/DMs (including myself) with zero punishment: - Completing Shed first for the free GM wand (ever wondered why DT guild runs were skipping GM?) - Using Gate in Nessus2 maze for effortless PW farming - Bringing 'port-a-rogue' toons into the final map of Abyss P3's before killing the boss to avoid being locked out ; this is how many low-man parties were able to acquire Abyss P3 sets such as Wraps without wasting a slot on a picker (more relevant in the days before mass multi-boxing) - Hitting triggers in Abyss/Nessus3 while in GS to trigger 'randoms' in a not-so-random fashion - Using Lure Phane to block Asmo Stage 3 spawn, or prevent casters having their autocaster buffs applied - Going backwards in Limbo Map 5 to recharge your ring - Mephistopheles spawning trick - Many, many more
These were all done under the impression that "if it's in the game, then it's allowed" ; some were formally reported, and some weren't. Now obviously on a case-by-case basis this Ssendem killing trick seems pretty dirty in terms of the level of reward per time, though Manuka is indeed correct that it would require a lot of firepower - in fact Raj/Tank tested it a long time ago and IIRC their conclusion was that it was an essentially impossible fight to win, so it was never tested further.
However... IF Manuka's numbers are accurate that he earned ~200k canopics legitimately and only ~20k canopics via this exploit (ie: ~10% of his XRs), then it is definitely a disproportionate punishment to clean out most of his bank and delete significantly more content than he gained from the exploit. Especially in comparison to previous treatment of exploits (not hacks). I would also question how 'economy shifting' it is for the richest player to become 10% richer. With all that said, I also take Funky's point that this was the least cumbersome approach given the complexity of tracking down all the items.
Objectively speaking, banning for this would be way over the top. IIRC neither Werehound nor Matt received bans after using DM powers (stolen in Matt's case) to genuinely hack the game.
|
|
|
Post by FunkySwerve on Jul 24, 2019 0:46:52 GMT
Wow I'm pretty disappointed that you handled it this way. The exploit is simply opening a portal into limbo p1 and instead of talking to sneedam you attack him. This required massive firepower and skill. He would drop 50c, 3burs and set loot. I maybe gained 20thousand canopics from killing him at a rate of 1000c an hour. Incorrect. The actual total is 38,800, just for your part of it. Nevermind BURs, sets, etc. Given how far off your estimate on the number you exploited, I see no reason to lend this number any credence. Never mind that farming at that rate has not been possible for much of the time Limbo has been out, or the fact that there simply were nowhere near that number of XRs or subs in your vaults. Given that the best items remain on your characters, including some top-notch items you traded absurd amounts of canopics for, you have little reason to complain. That decision was deliberate, in order to permit you to continue participating in end-game runs. Don't make me regret it. Setting aside your deeply flawed math, you were misinformed. An easy way to avoid being misinformed is to inquire about whether the activity in question is permitted, as I have stated many times on these forums. You opted not to do so. Similarly, if you didn't think you were doing anything wrong, why keep it a secret? As to some of your examples, all of which pale in comparison to what you were doing, they are actually an excellent example of what you should have done. Take the skipping of the map, for example: people reported it, and we told them we would allow it, because we were going to tinker with spawn rates anyway, and thought that the marginal increase in canopics per hour was acceptable in lieu of taking the dev time to fix the bug and then decrease spawns across the board (speeding run time). Hence, no penalization. Funny how that works. For context, compare your actions and consequences to what got a duper banned in 2007: Thanks to a player suspicious of an overly generous trade, I found another duper last night. His accounts have bee wiped, vaults emptied, and keys banned. The following playernnames were wiped: XXX[Mon Mar 19 16:35:55] >>> ID: raudgers; Name: Mordor Elite Champion; CD Key:QC46GEEQ; IP:82.67.113.245; has logged in. XXX[Wed Feb 14 03:03:26] >>> ID: kebej; Name: Shell Sigers; CD Key:QC47D3MT; IP:82.67.113.245; has logged in. XXX[Sat Feb 17 13:28:46] >>> ID: --kilik--; Name: Anaria Nulien; CD Key:QC47D3MT; IP:82.67.113.245; has logged in. XXX[Sat Mar 3 19:49:00] >>> ID: TGE3; Name: Gena Steel; CD Key:QC47D3MT; IP:82.67.113.245; has logged in. XXX[Mon Mar 5 20:25:35] >>> ID: Kamelott; Name: Terin Derthel; CD Key:QC47D3MT; IP:82.67.113.245; has logged in. XXX[Mon Feb 12 22:29:10] >>> ID: L-E-G-E-N-D-E; Name: Rold Marinsbane; CD Key:QC46GEEQ; IP:82.67.113.245; has logged in. XXX[Wed Feb 21 04:00:36] >>> ID: Matuzalem; Name: Nick Ster; CD Key:QC46GEEQ; IP:82.67.113.245; has logged in. XXX[Tue Feb 27 14:54:26] >>> ID: superpicsou; Name: Méline Oblich; CD Key:QC46GEEQ; IP:82.67.113.245; has logged in. XXX[Sat Feb 17 12:32:15] >>> ID: --nicky_larson--; Name: Vesin Dannel; CD Key:QC47D3MT; IP:82.67.113.245; has logged in. The security breach was related to the last one used by Postal and the McFobs, and has been fixed. unfortunately, the person in question had duped massive quantities of emeralds of experience. Here is just one of his character vaults: [Wed Mar 14 10:07:53] Paul Young, playername: raudgers, key: QC46GEEQ, opened transfer chest with items: Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Book of Races, Fallen Angel, resref: racebk_fallenan;Emerald of Experience, resref: randtr010;Deafening Greaves, resref: rand02107;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010;Emerald of Experience, resref: randtr010; end retrieved items. Because he was distributing these left and right in exchanges for other burs, I was forced to deactivate all emeralds of experience. Apologies to those of you affected by this; duping should no longer be possible at all. Funky The damage they did to the economy over months of duping pales in comparison to what you managed in mere weeks. The metric we always apply is harm to the server. We always try to be judicious in penalizing such behavior, and we have access to much more advanced options than we did back in the day, which is the only reason NOT banning you was even an option. Compared to past consequences, you're barely getting a slap on the wrist. Since you have self-identified, I will go ahead and post logs so people can get a grip on the scale we are talking about. Given that I'm still trying to determine what to do about the rest of the items (and we have UIDs logged, and means to track you, so don't bother trying to hide items - were this not the case I would've temp-banned you while we sorted it out), it would behoove you to stop lying, make fewer excuses, and express more remorse. You have already wasted about 5 hours of my time with this horsecrap, and I have precious little of it to spare to begin with. Redacted logging hereFunky
|
|
|
Post by somes on Jul 24, 2019 0:53:08 GMT
I have partied with Prep, but even if that were not the case, it would still not surprise anyone that I would agree with Poliwhirl here.
I also have not benefited from this as I only have 1 XR race, a handful of XR gear, and it was all from gambling 50 canos.
There's probably hundreds of things I could list here you could do in lowbie levels, including things I already posted in the powertrain thread, that could be considered 'exploits' and I will be honest that the line has truly been blurred. Killing Ssendram in that first map is quite challenging, I only tried it once and never did it again because of the massive and constant damage. The choice to punish these players seems rather arbitrary, especially with the quote Poliwhirl has provided. That should be enough to exonerate Prep and Manuka.
If you no longer want that rule to apply, then change it as soon as possible, but I will probably be sending messages on a daily basis asking if what I am doing is an exploit. There will have to probably be a very specific definition of what an exploit is when it comes to playing a very old game, definitely more specific than "If your character CAN do something, they are welcome to do so."
|
|
|
Post by somes on Jul 24, 2019 1:03:52 GMT
Just to make a clarifying statement. What I mean by the line being blurred is that attacking Sssendram on the first map seems intentional with the way it reacts when you attack it. It's not like the anti-exploit in Rona for example that directly deletes your Skull and fugues you, you basically get into a fight. I can think of things people have been doing for years that would be considered more exploitative than that, while the Sssendram fight seems to be by design.
If the exploit involves removing all difficulty from the Sssendram fight, then I can actually see an argument for punishing Manuka and Prep, but then again, there's the quote from Poliwhirl.
|
|
|
Post by sabregirl on Jul 24, 2019 1:07:42 GMT
The scale of this particular exploit is unprecedented and the damage was such as many of the extra items as possible, within some level of reason, had to be deleted. The last particular exploit of a similar scale as Funky said led to bannings and is the reason you have sapphires of sagacity instead of emeralds of experience. Unfortunately in this case it was whole classes of items, not just one. Subrace tags etc. Quite the mess to clean up. And I might mention all of this wasted quite a bit of my time as well. -S
|
|
|
Post by somes on Jul 24, 2019 1:15:26 GMT
I am not sure if your response was to me Sabre, but let me know if it was not. Are you trying to say to me that it's not about what is actually being done, but the consequences of those actions? What defines an exploit would be the consequences rather than the actual act itself?
|
|
|
Post by FunkySwerve on Jul 24, 2019 1:26:29 GMT
Objectively speaking, banning for this would be way over the top. IIRC neither Werehound nor Matt received bans after using DM powers (stolen in Matt's case) to genuinely hack the game. They were defrocked for abusing dm powers. If you want to compare apples to apples, Werehound illigitimately tampered with (if memory serves) three items to boost his DC. The number of items illicitly gained by just Manuka numbers in the hundreds or thousands, depending on how you count canopics. There is not even a remote resemblance, even if you ignore the difference in time it took to correct. And, to reiterate, Manuka's numbers were not remotely accurate and deeply self-serving (shocking, I know). Funky
|
|
|
Post by FunkySwerve on Jul 24, 2019 1:32:57 GMT
Just to make a clarifying statement. What I mean by the line being blurred is that attacking Sssendram on the first map seems intentional with the way it reacts when you attack it. It's not like the anti-exploit in Rona for example that directly deletes your Skull and fugues you, you basically get into a fight. I can think of things people have been doing for years that would be considered more exploitative than that, while the Sssendram fight seems to be by design. If the exploit involves removing all difficulty from the Sssendram fight, then I can actually see an argument for punishing Manuka and Prep, but then again, there's the quote from Poliwhirl. Sure, if we decide to suspend all common sense. The quote, which is from the server rules, not Poli, does NOT say 'in all circumstances do what you want and you will never suffer any repercussions.' Even if we pretend these were brand new players who are completely unfamiliar with how past exploits have been handled. If the lesson you are taking from this is that they were somehow wronged, you're going to wind up in the same boat someday. If you have any genuine intellectual curiosity about how this action, which is not even punishment so much as an attempt to undo the harm these two caused, compares to prior actions, you don't have to look far to see me saying the same thing about reporting, if we aren't outright banning someone for similar behavior. Though given the lack of remorse I'm definitely feeling more punitive about now. Funky
|
|
|
Post by sabregirl on Jul 24, 2019 1:34:38 GMT
I am not sure if your response was to me Sabre, but let me know if it was not. Are you trying to say to me that it's not about what is actually being done, but the consequences of those actions? What defines an exploit would be the consequences rather than the actual act itself? Sorry posting from my phone It's not what makes something an exploit or not, it's what makes it an actionable, punishable in your words, exploit. It's always better to report an exploit, especially one where you're obtaining the most sought after items in the game in their thousands per hour, over ten times the normal rate. This really isn't rocket science here, clearly this wasn't working as intended and would cause major economic damage to the server. This isn't something that would hit most players ever. Most exploits are patched without consequences because they don't have major impacts. But if you're worried just report the exploit. Had these two done that quickly the bug would have been patched quickly and likely no other items would have gotten caught up in the cleanup. Because this wasn't really punishment, but cleanup. -S
|
|