Hello MCC! I just wanted to write a quick suggestion. NOTE FOR STAFF: Please read the replies! I've mentioned more ways we could combat bots, etc! These are simple suggestions but I feel like they're a necessity. It feels like once every week or so, there's some new sort of chatbot. I understand MCC has "captcha" on login BUT, it is extremely flawed! The "captcha" is only upon login of a NEW account. ONLY ONE TIME! So, if a human was able to login to each bot, do the captcha, then load it into the bot, it will circumvent the entire point of a captcha. Not only can a human just easily defeat the captcha, bots can too with ease! Bot softwares are equipped with "plugins" or "modules" to automatically solve these captchas! MCC needs to fix this. It will only get worse with time if nothing is done, and nobody wants to see 100 bots flooding chat and the auction house, etc. Picture the potential these bots have with manipulating the market if they were to auto-mine or something. I know if a fix is implemented, such as a better captcha, it's only a matter of time till someone figures out a way to solve it with minimal effort, but something needs to be put in place to deter these people. Another suggestion I could add is regex matching of repeated messages. This could be beneficial to combat Group Spam AND bots. I can go into more detail if you'd like. --------------------------------------------------------------------------------- Now, In the event that bots do get onto the server, and start flooding, staff should be equipped with tools to quickly eliminate this problem, so players don't have to deal with it. My proposal is: Clear chat command - Simple, easy, and effective solution to not only bots. It does what is says, clears chat (probably by filling chat with empty characters) Lock Chat / AH - Locking chat would stop the bots in their very place! Maybe there could be a system where when someone sends a message while chat is locked, it logs it so staff can quickly pick out which are bots, and who aren't. Also, locking the auction house is just an idea, do I think it'll get implemented? Probably not, but it's still an idea. These bots move faster then any staff member can. They could be putting thousands of items up by the time staff removes just merely 10 items. This concludes my suggestions. Thank you!
I agree, captcha to prevent bot attacks is not a very good solution. There are many ways to bypass such prevention methods. Regex matching would not work well in MCC's situation. The bot attacks use dozens of different messages, as well as variables. I think clear chat would simply be stupid, I prefer reading funny messages over blank characters being spammed. Best fix would be chat lock, but even then there are alternatives like tpa spam, aswell as a few others.
I personally dont think that the spam is funny at all tbh. It's just distasteful and feels like it's 2012 all over again. And yes, regex matching could potentially work if it compares multiple factors. Such as repetitive word spam, detection of messages with something like "[999], [9eFskFa]" etc. Now for the other command spam, the captcha could potentially work. Let's say everytime you logged in from a new IP, you get flagged, and get a captcha. This would work in a sense that all bots are "proxied". Now what if there was a new captcha implementation, I have a few ideas, not gonna discuss publicly, but I'd message to staff directly. It would be detrimental to these bots. If you take the fun out of it for the person behind the attack, they'll most likely just stop.
You bring up the topic of taking the fun out of boting. Utilizing matching protocols for eliminating spam would just cause it to be more interesting for the attacker. It would not be hard to add more variables, and eliminate repetitions. That is why I stated that rm wouldn't work on mcc. I'm assuming when you say that all the potential bots are proxied you mean that they would be put on some sort of log list, where staff could ban all at once. If this is what you mean, this is a ridiculous idea. A lot of players are dynamic, this would put them on this list, thus getting them false banned. Sure, captchas are useful to prevent minor attacks, but if the person knows what they are doing, they because next to useless. I still strongly believe the only simple, but effective way to stop these attacks would simply be chat lock for the public + persistent chat for staff (meaning they can still see the messages).
No. By proxied, I mean that all of the bots are using proxies, that avoid VPN detection, and mask the attacker. It would not just auto-ban. That would make no sense whatsoever. It would be implemented with a new captcha, like I stated. The captcha wouldn't be intrusive to players with dynamic IPs. The captcha could also have ASN/ISP matching. If a player connects with the same ASN, IP range, or ISP, the captcha won't display. And for the locked messages, I've mentioned the "persistent chat".
staff chat?!!? who mentioned that? "AI" also, perm-muting isn't efficient enough when they have to mute one by one. Please dont trash my thread.
good features but you're on MCC so it won't happen. I've seen this on other servers where you can ban/mute x amount of users who use a specific text message which would be also extremely effective in stopping bot attacks but honestly, this should be on the lower end of the priority list with all the issues MCC has. For Example for the command I mentioned: Bot: Join cool.server.hi Bot2: Join cool.server.hi Bot3: Join cool.server.hi Staff Member: /groupban Join cool.server.hi
Hey! I like the idea with /groupban (common message), but there is one main problem. Most of the time the bots end the messages with a number (Ex. hahaha [101], hahaha [102]) for the amount of messages sent. In this case group ban wouldn't work if it is searching for the SAME message. However, if there is a way for group ban to ban alike messages, then it would work. I could see it being a feature, but there would also is a risk of false bans using the command. The risk of false bans can have a situation like this: system detects one word alike in the group ban command and false bans a message of someone else putting something in chat while the bot attacks are going.
the entire process of spotting, and dismantling the attack would be under 3 mins total. I'd rather chat be locked then see stupid spam fill my entire screen.
The command still works? It just bans a specific phrase and assuming they don't have some random symbols in it it will still ban the phrase. EX: Bot232 hi 23232 bot239 hi 428492 bot23492 hi 38298392 /groupban hi
A chat locking feature has been suggested to the Owners and we are right now just waiting for it to be implemented. They have also been working on the bot issue but I'm not aware of the progress. We wouldn't be adding a command which disables some phrases, as it's quite easy to bypass it and the bots could be using multiple messages. It becomes faster to issue mutes like we do right now, instead of starting to adapt the filter.
Still, using the command would require staff to type the message. That message could be much longer than a username, thus taking more time. And the message would have to also be long enough so that there aren't any accidental bans if someone says something similar. Since bot clients can be made to say multiple different messages, I don't see much use in a message-based system.
I've never seen bots type in 100 different messages so it would still be effective and you guys still false mute/ban users who imitate spam bots so I don't really see the difference. And also the command doesn't require you to type the entire message, it requires you to type a part of it (accurate enough to ban the bots). And to remind you, this isn't some random scratched up idea, big servers use this command to deal with spam bots effectively if they don't already have a good anti-bot plugin.
Idk these bots do be typing different message tho… from this one example I don’t think there’s a specific enough phrase that they would be able to use. In addition the people who are botting have Tailored the messages for MCC in specific so i’m sure they’ll be reading this forum to bypass any changes they make as well.
I mean I understand what you’re talking about but bots don’t seem to be that big of a problem lol usually if /chatreport gets nothing out of it, the #support in the discord mcc will. Yes it could help, but I don’t see how it can change that much
