Closed Thread
Page 1 of 5 1 2 3 4 5 LastLast
Results 1 to 15 of 63

Thread: Clone Wars, The Exploit... A sense of normalcy

  1. #1
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    997

    Clone Wars, The Exploit... A sense of normalcy

    At this point, all bulk actions are complete for this event.

    The staff has discussed the next steps and decided to return ADK's, Resource deeds, and self-powered harvester back to tradeable.

    Thank you for your patience as we progressed through this process.

    As always, if you see something, say something. We do not ban based on rumors; we use data, however, sometimes a hint can make it easier to dig a bit deeper and discover data that supports action.

    Also, I'd like to address a misunderstanding about the Eye of Sauron; this system provides data and alerts to humans investigating and making decisions based on their investigations.

    EoS does not do auto-bans. Even if it eventually does come to that, we will always have the CSR team review every action.

    Banning a person is a serious thing impacting players and the community at large. We treat each ban with deep respect. Our automation is not a substitute for the human empathy and intuition required to make each ban decision.

    Our CSR team is governed by our Terms of Service and focused on keeping our community fair, safe, and clean for our combined long-term enjoyment.
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

  2. #2
    Me and others saw something, said something, it was ignored because it was uncomfortable I guess. After all admitting that EoS has a critical bug that had you delete a massive number of legit items from a lot of honest players because it cannot distinguish between legit items and dupes well enough would not have allowed this massive screw up to go through according to your plan.

    You were told to complete it instead of rushing this half-done nonsense, you did not listen to that and it resulted in this issue being handled in one of the worst ways possible. You violated your own #1 rule which is not messing with players for any reason because again it was uncomfortable.

    This has been a complete dumpster fire and undermined a lot of the community's trust in 1.0 being any better.
    Last edited by esmiswg; 08-20-2020 at 05:01 PM.
    Vendor: -3027, -4562 (Gorath, Tatooine)

  3. #3
    Quote Originally Posted by esmiswg View Post
    Me and others saw something, said something, it was ignored because it was uncomfortable I guess. After all admitting that EoS has a critical bug that had you delete a massive number of legit items from a lot of honest players because it cannot distinguish between legit items and dupes well enough would not have allowed this massive screw up to go through according to your plan.

    You were told to complete it instead of rushing this half-done nonsense, you did not listen to that and it resulted in this issue being handled in one of the worst ways possible. You violated your own #1 rule which is not messing with players for any reason because again it was uncomfortable.

    This has been a complete dumpster fire and undermined a lot of the community's trust in 1.0 being any better.
    Exactly this. We have both posted our concerns about this issue in other threads and it has been ignored as far as I can tell. Many players, myself included, have now lost 100% *legit* high end weapons because of this flaw in the EoS. I can't really think of a better way to purge experienced, honest and helpful players from Basilisk than what has happened here. It's bad enough that I lost hundreds of millions of credits on 2 rifles that were justifiably deleted. Considering the sources I can accept that they were questionable and have no complaints. But to also have 2 rifles deleted that were 100% clean and made by a different crafter is really disappointing.

    I totally support cleaning up the player base but this move has had some significant collateral damage to innocent players. It would be great if that was acknowledged and corrected.

    IGN: Mulder-
    LIVE Mall at -210 -5640 Corellia

  4. #4
    Junior Member
    Join Date
    Jan 2018
    Posts
    80
    Good job on all of the hard work fixing this exploit.

    If this had not been sorted until 1.0 it probably wouldve killed the server instead of just wounding it.

    I don't know what can be done to restore faith for those that got seriously jobbed by this whole thing outside of launching the new server when it is ready.
    Drop Off Vendor: Rosey /way 2199 -1074 Corellia

  5. #5
    Senior Member
    Join Date
    Nov 2012
    Posts
    1,811
    So let me get this strait, you guys play on basilisk..... but you don't want to get ****ed over from time to time cause of developmental issues, bugs, cheats, afkbots, ect?

    I think you signed up for the wrong rodeo my dudes. SWGemu has always been pretty clear they don't give a **** about you, your just a tester rat in the maze that you donate to keep going. The end goal is "1.0", whatever that means anymore, and anything till then is the wild west. You can choose to "enjoy" it or find something or somewhere else to play if your not happy with it.

    If your going to put your time in on basilisk, your going to have to accept anything could happen to your stuff at any time for any reason and you got nothing you can do about it. Its a test server not a play server. There are play servers if that is what you were interested in.
    Last edited by hybridtheory; 08-20-2020 at 06:56 PM.
    Waiting for 1.0. One or Two characters. No multiple accounts. No ADK's.

  6. #6
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    997
    Quote Originally Posted by esmiswg View Post
    Me and others saw something, said something, it was ignored because it was uncomfortable I guess. After all admitting that EoS has a critical bug that had you delete a massive number of legit items from a lot of honest players because it cannot distinguish between legit items and dupes well enough would not have allowed this massive screw up to go through according to your plan.

    You were told to complete it instead of rushing this half-done nonsense, you did not listen to that and it resulted in this issue being handled in one of the worst ways possible. You violated your own #1 rule which is not messing with players for any reason because again it was uncomfortable.

    This has been a complete dumpster fire and undermined a lot of the community's trust in 1.0 being any better.
    To be clear I listen, I spent 3 HOURS spot checking the list, every single item I checked, yup either a dupe or the components were duped. Additionally after the fact we have had numerous reports and not one ended up in a "oops". Even the "invisible" ADK's, I fixed those in less than 24 hours.

    You keep bringing up the original vs the dupe like its a flaw in the system. No the approach was by design. I considered "lowest OID is the original item", but then how do you handle components? Oh, this gets slippery...

    Sure we could have said lowest oid tano is the original, whoops, turns out the dupers often returned the clone not the original, the majority of the items found, the low oid object was on... you guessed it.. on a banned account.

    I will not go into detail on how they were doing this, its basic policy to not educate more cheaters on new ideas. That said the way they did it left "remnants" that made it super clear what items where dupes vs items that were factory crate manufactured. Also, they took many perfectly simple to manufacture items and duped them, wall units!!! Are you kidding me how lazy and greedy they were towards the end?

    You keep telling us esmiswg how we're so wrong, and how you're a full-blown developer with deep experience, then join us! We need strong, smart developers willing to dig into the details and debate the solutions, I would be happy to have someone like that looking at the same data and debating what the next best actions are.

    That said, its just not as simple as it looks at first blush, and I have done my best to solve one-off issues as they pop up.

    I appreciate your passion, you clearly care, so do I, doubt it look around, I think I have provided plenty of evidence of my passion around the project's success and our community. But, you're not helping anyone by continuing to question what you don't have all the details on, at some point you have to trust we're doing the best we can with the data and the time allotted.

    PS: I would like to clarify that you're confused about EoS, it's a logging system, the cleanup was a different set of code written specifically to identify dupes and related items using 8 different heruristic and determinsitic algos to target items. If you join the team as a dev I would be happy to walk you through each phase and the inputs and outputs of the system.
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

  7. #7
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    997
    Here's an example (oid obsecured to protect innocents):

    Code:
    281477634065--- 2014-09-23 01:41:25
    281482693252--- 2018-07-27 03:18:20
    281482693252--- 2018-07-27 03:18:20
    281482693252--- 2018-07-27 03:18:20
    281482757327--- 2018-08-11 03:21:48
    281482757327--- 2018-08-11 03:21:48
    281482813956--- 2018-08-24 08:35:25
    281482813960--- 2018-08-24 08:35:25
    281482813971--- 2018-08-24 09:29:13
    281482813971--- 2018-08-24 09:29:13
    281484006053--- 2019-07-05 17:28:23
    281484006053--- 2019-07-05 17:28:23
    281484006064--- 2019-07-05 22:41:36
    281484006064--- 2019-07-05 22:41:36
    281484046240--- 2019-07-17 22:19:37
    281484419128--- 2019-12-07 18:21:37
    281484419201--- 2019-12-07 19:06:59
    281484419204--- 2019-12-07 19:29:35
    281484427699--- 2019-12-10 22:50:50
    281484427827--- 2019-12-11 00:19:35
    281484427829--- 2019-12-11 00:19:35
    281484441933--- 2019-12-16 15:35:16
    281484447399--- 2019-12-18 22:53:24
    281484447400--- 2019-12-18 22:30:54
    281484447452--- 2019-12-19 06:44:46
    281484447454--- 2019-12-19 06:44:46
    281484447603--- 2019-12-19 06:44:46
    281484447604--- 2019-12-19 06:44:46
    281484447606--- 2019-12-19 06:44:46
    281484447617--- 2019-12-19 06:44:46
    281484447618--- 2019-12-19 06:44:46
    281484447620--- 2019-12-19 06:44:46
    281484447883--- 2019-12-19 02:04:04
    281484447887--- 2019-12-19 02:04:04
    281484506978--- 2020-01-08 11:02:49
    281484506981--- 2020-01-08 11:02:49
    281484506982--- 2020-01-08 11:02:49
    281484518662--- 2020-01-12 15:57:01
    281484543639--- 2020-01-20 13:59:28
    281484813477--- 2020-04-20 21:53:50
    281484859231--- 2020-05-04 22:07:22
    281484954595--- 2020-06-01 13:09:06
    281484954595--- 2020-06-01 13:09:06
    281484954609--- 2020-06-01 13:09:06
    This is a legendary, pre-nerf loot drop from 2014, you think those copies should be floating around?

    Which one is the original owner's?

    Guess.. oh you won't like the answer..

    They duped and deleted the ORIGINAL!

    So tell me, how would you have handled that?

    This really was nowhere near as simple as everyone thinks.

    The goals where: (1) Minimalize impact of cheaters on the community; (2) Build tools to detect/act on these items; (3) Cleanup Basilisk for a bit until 1.0; (4) Make it annoying AF for RMT'ers

    I'm sorry if you feel we missed these, but we did our best with volunteer staff and a 8 year old system never designed to handle those goals.
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

  8. #8
    The way I would've handled that particular case, is if a single copy exists outside of a duper's acc, and if it was not sliced by one of the dupers, then it's a legit item, and whatever oid the duper has on their acc is not.

    But that's not the case I'm talking about. I have been specifically trying to explain one really important case that had most of the impact on innocent players and can be clearly distinguished from dupes. I'll try to describe it step by step.

    1. Crafter makes a component schem (say, advanced rifle barrels, or advanced weapon stocks)
    2. Crafter produces a bunch of component crates (compcrate1, compcrate2) from that schem in their factory.
    3. Crafter makes a number of final products from those, say gun1, gun2, gun3. All is fine so far.
    4. Duper asks Crafter for a bunch of components because they're setting up their own WS and making perfect components with all amazings is effort.
    5. Crafter makes a few more crates (compcrate3, compcrate4) of that comp and gives them to the duper.
    6. Duper now dupes compcrate3, compcrate4. Goes on to make dupegun1, dupegun2 etc.
    7. Crafter continues to produce items from the same factory run and compcrate2, possibly a new compcrate5: gun4, gun5
    8. Your tool now flags all items produced with that crafted component no matter where and when they were made. Even gun1, gun2, gun3 get flagged retroactively because the tool apparently does not distinguish once a single component from an entire factory run is duped at any point in time.

    The same goes for stacks of looted components where one of them got duped at a later date.

    Of course the most reasonable way to handle this would have been to just leave things alone. If items never passed through a duper's account, especially if those items are unimportant in every way, like unimpressive weapons, any kind of clothing, resources, etc. You did have the judiciousness to recognize that deleting houses, duped or not, makes no sense at all and creates an undue impact on innocent players. Same goes for the rest.

    The goals where: (1) Minimalize impact of cheaters on the community;
    Unfortunately doing it the way it was done amplified the impact on the community, instead of minimizing it.
    Last edited by esmiswg; 08-21-2020 at 06:47 AM.
    Vendor: -3027, -4562 (Gorath, Tatooine)

  9. #9
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    997
    Only problem with your case is that was pretty much their primary SOP, they would clone components and sucker someone into crafting for them, some of the crafters were quite aware (and are banned) others were innocent.

    I am sorry if this process upset people, we can argue for eons about it, you did not have all the data, nor did you see everything we saw, we're just not going to publish it all, first it's an incredible amount of data, second it would expose perfectly valid players to bad actors.

    We have some RMT credit sellers next on the list, but hopefully that'll go quickly and we can move on, the dupes where so destructive we had to stop it immediately, and move on from there...

    The primary thing moving forward we will have the data on where objects are moving, and as you proposed we can actually remove things only touched by the duper's etc. Sadly as the system was originally designed that just was not an option.

    At this point I want to focus on is 1.0, we need to get our processes in place to engage the community on ideas, content etc, and build out our plan to finish major launch-impacting systems and changes so we can get to the new server.
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

  10. #10
    Dedicated
    Join Date
    Jul 2017
    Posts
    516
    LOOOOOOOOL

    Its funny that people complaining about EOS wiping their ****...are people that were probably aware of what was going on or even involved to a degree.

    You did gods work Lordkator, now lets wipe basilisk all together.

  11. #11
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    997
    Quote Originally Posted by Surrena View Post
    LOOOOOOOOL

    Its funny that people complaining about EOS wiping their ****...are people that were probably aware of what was going on or even involved to a degree.

    You did gods work Lordkator, now lets wipe basilisk all together.
    Front to back as our old friend always said.. front to back...
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

  12. #12
    Quote Originally Posted by lordkator View Post
    Here's an example (oid obsecured to protect innocents):

    Code:
    281477634065--- 2014-09-23 01:41:25
    281482693252--- 2018-07-27 03:18:20
    281482693252--- 2018-07-27 03:18:20
    281482693252--- 2018-07-27 03:18:20
    281482757327--- 2018-08-11 03:21:48
    281482757327--- 2018-08-11 03:21:48
    281482813956--- 2018-08-24 08:35:25
    281482813960--- 2018-08-24 08:35:25
    281482813971--- 2018-08-24 09:29:13
    281482813971--- 2018-08-24 09:29:13
    281484006053--- 2019-07-05 17:28:23
    281484006053--- 2019-07-05 17:28:23
    281484006064--- 2019-07-05 22:41:36
    281484006064--- 2019-07-05 22:41:36
    281484046240--- 2019-07-17 22:19:37
    281484419128--- 2019-12-07 18:21:37
    281484419201--- 2019-12-07 19:06:59
    281484419204--- 2019-12-07 19:29:35
    281484427699--- 2019-12-10 22:50:50
    281484427827--- 2019-12-11 00:19:35
    281484427829--- 2019-12-11 00:19:35
    281484441933--- 2019-12-16 15:35:16
    281484447399--- 2019-12-18 22:53:24
    281484447400--- 2019-12-18 22:30:54
    281484447452--- 2019-12-19 06:44:46
    281484447454--- 2019-12-19 06:44:46
    281484447603--- 2019-12-19 06:44:46
    281484447604--- 2019-12-19 06:44:46
    281484447606--- 2019-12-19 06:44:46
    281484447617--- 2019-12-19 06:44:46
    281484447618--- 2019-12-19 06:44:46
    281484447620--- 2019-12-19 06:44:46
    281484447883--- 2019-12-19 02:04:04
    281484447887--- 2019-12-19 02:04:04
    281484506978--- 2020-01-08 11:02:49
    281484506981--- 2020-01-08 11:02:49
    281484506982--- 2020-01-08 11:02:49
    281484518662--- 2020-01-12 15:57:01
    281484543639--- 2020-01-20 13:59:28
    281484813477--- 2020-04-20 21:53:50
    281484859231--- 2020-05-04 22:07:22
    281484954595--- 2020-06-01 13:09:06
    281484954595--- 2020-06-01 13:09:06
    281484954609--- 2020-06-01 13:09:06
    This is a legendary, pre-nerf loot drop from 2014, you think those copies should be floating around?

    Which one is the original owner's?

    Guess.. oh you won't like the answer..

    They duped and deleted the ORIGINAL!

    So tell me, how would you have handled that?

    This really was nowhere near as simple as everyone thinks.

    The goals where: (1) Minimalize impact of cheaters on the community; (2) Build tools to detect/act on these items; (3) Cleanup Basilisk for a bit until 1.0; (4) Make it annoying AF for RMT'ers

    I'm sorry if you feel we missed these, but we did our best with volunteer staff and a 8 year old system never designed to handle those goals.
    I'm sure answering all these criticisms gets exhausting, but I can't be the only non-coder on these forums who appreciates the window into what you guys do and finds these answers fascinating to read.
    IGNs:
    Wohen: Swordsmen
    Nehow: Chef Fat Pharple Foods [FPF] @ Tatooine -1924 -6549 (-IO-) & Naboo 6100 6309 (NIKA Marketplace)

  13. #13
    Going by the snippet of data you posted, it very much looks like the duping started in late July 2018. I am curious on how the dupes metastasized on Basilisk. If you have the numbers available that is. Around which date did you find the earliest dupes? When was the bulk of the duping done. How many items and components with 'exceptional' 'legendary' lable were used as blueprint?

  14. #14
    Developer
    Join Date
    Sep 2011
    Location
    New York, NY
    Posts
    997
    Quote Originally Posted by Hargath View Post
    Going by the snippet of data you posted, it very much looks like the duping started in late July 2018. I am curious on how the dupes metastasized on Basilisk. If you have the numbers available that is. Around which date did you find the earliest dupes? When was the bulk of the duping done. How many items and components with 'exceptional' 'legendary' lable were used as blueprint?
    There appeared to be several "rounds", I can't go into a lot of details but something "happened" in Dec 2019 where it exploded, people involved just got greedy as can be (and lazy) and that opened up the ability for me to really deeply monitor them. From there I was able to see the patterns and go backward as much as possible to identify even old dupes.

    The "latest" round was based on some weakness in the code, I patched it on Basilisk in June and watched them squirm and create safe houses, trade things to "friends", delete items, it was quite educational. That round left a lot of "evidence" which I was able to use to find the duped items.

    Saldy the older dupe events were not logged as well so all I could do was look at high value items, I did audit all Legendary and Exceptionals, and surprise, found some interesting patterns, which, well.. lead to other bans and people complaining we were blindly banning them and they magically never bothered to come back to support to dicusss (gee I wonder why). As an example if you have to Legendary looted items with same s/n on the same character, do you think that's strange? Or did you think you were just super lucky?

    I can't tell you the details, but maybe this is an interesting peek behind the curtain:

    Code:
    +----------------------------------+----------+
    | test                             | count(*) |
    +----------------------------------+----------+
    | test12,test13,test7              |    29133 |
    | test7,test13                     |     8271 |
    | test13,test7                     |     7452 |
    | test14,test12,test13,test7       |     4185 |
    | test6,test7,test2                |     2660 |
    | test2,test7                      |     2448 |
    | test12,test13,test7,test2        |     2070 |
    | test12,test6,test7,test2         |     2032 |
    | test14,test12,test6,test7        |     1769 |
    | test14,test13,test7              |      690 |
    | test6,test7                      |      425 |
    | test1,test7,test6                |      413 |
    | test12,test6,test7               |      298 |
    | test4,test7,test13               |      263 |
    | test14,test2,test7               |      254 |
    | test7,test1                      |      213 |
    | test14,test12,test6,test7,test2  |      192 |
    | test14,test6,test7,test2         |      173 |
    | test13,test7,test2               |      151 |
    | test14,test12,test13,test7,test2 |      138 |
    | test11,test2,test7               |      138 |
    | test14,test7,test13              |       69 |
    | test2,test7,test6                |       66 |
    | test4,test7,test1                |       66 |
    | test7,test6                      |       61 |
    | test7,test2                      |       60 |
    | test14,test6,test7               |       36 |
    | test14,test7,test6               |       12 |
    | test14,test11,test2,test7        |       11 |
    | test9,test13,test7               |       10 |
    | test13,test7,test14              |       10 |
    | test14,test13,test7,test2        |        7 |
    | test12,test13,test7,test14       |        5 |
    | test4,test7,test6                |        5 |
    | test8,test7                      |        5 |
    | test4,test13,test7               |        5 |
    | test2,test7,test14               |        4 |
    | test14,test4,test7,test13        |        3 |
    | test13,test7,test2,test14        |        2 |
    | test3,test7                      |        2 |
    | test7,test13,test14              |        2 |
    | test14,test4,test13,test7        |        1 |
    | test1,test7                      |        1 |
    | test4,test13,test7,test14        |        1 |
    +----------------------------------+----------+
    There were 8 phases, 14 distinct "reason codes" and the audit went across 500 Million objects.
    LordKator
    Developer

    lordkator@swgemu.com | www.swgemu.com
    SWGEmu is a non-profit, open source community project.
    SWGEmu FAQ | Install SWGEmu | Report Bugs

  15. #15
    Long live the Prototype. Death to the Protoclone.

Closed Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts