Redesign the cheating prevention system

Currently, one cheating prevention(ignoring other preventions) is simply not allowing someone to pulse keys if the keycount is over a certain kps?

This is easily avoided by not typing any further for a period of time, before pulsing. The flaw here would be that the whatpulse client simply takes the entire length of time into consideration, and not specific intervals.
A person could easily cheat a few million keys within a minute, and then wait it out until the kps averages down to an acceptable number before pulsing to the server, therefore bypassing this weak prevention method.

Rather than to monitor the kps over the entire length of time, I suggest a new method of detection is put into place, whereby the kps is counted in time intervals(possibly hours or minutes). This would be a more foolproof method of detecting cheaters.

The monitored time intervals would then have a keycount limit (eg 1000 keys max per min, or something high)
The client could then monitor the incoming keys per minute, and each time the key limit is breached, an infraction is marked agaisnt the user.

Eg, A cheater decides to hack 1mil keys into his client, and with bots and such he achieves it over a period of 10 mins. He would then leave his computer idle so that his kps averages out to look legit when he pulses to the server.

The current client would then pass it off without suspicion, and the only way that cheater would be caught is if other users monitored him regularly, or if he slipped up somewhere and made a mistake.

So, with my idea into place, as he bots his 1mil keys, the client goes through the interval checks, monitoring individual minutes. During the 5 minutes he is botting, each of those minutes breach the limit because there is an amazing 200k keys a minute. Each minute that has a breach in the kps limit would mark up an infraction. (Note these infractions would not be visible to the user)
When he finally pulses his keys, information would be sent to the server regarding the number of infractions done in the pulse.

Users with high numbers of infractions could them be banned accordingly, rather than to have users waste their time looking through user profiles for high key counts.

Meh, I think my idea is badly worded in this post, but at least I’m trying to improve whatpulse… oh well, if I was unclear of anything, please ask. Or if the idea is unable to be implemented, just say so straight away.

My Possible rebuttal to this idea would be complaints of extra CPU usage. Ye Gods, i’ve lost a minute percentage of my CPU power. Small to some, but others may complain.

The other issue is that this essentially only solves the issue in relation to high KPS. What if a cheater sets up a bot that regularly types characters over a long period of time. Theres nothing to say that they cant keep up a high KPS this way, but the WhatPulse Client would not detect this.

This would then bring in the idea of time based checks, such as people typing for days straight would be noted and suspended. But this would be rather hard to code and manage. How do you determine how long is too long? If you set a hard limit, then the cheaters will sit on it. Set the limit too low however, and real users will be affected.

Heuristics based detection is possible, but that is an area that a) i have not much knowledge of, and b) of the small part I do know, it is processor intensive, and hard to code!

The fact is that we cannot detect ALL cheating that takes place. However, I do agree that this is an interesting way of handing things. If you were to have it check once per hour, or heck, even once per day, that would help to detect the hardcore cheaters, and those are the ones that interest me the most.

The idea of many of these anti-cheat measures is to help reduce the number of cheaters, and also to help us tell who is cheating and who is simply pulsing from multiple computers. All we need is something fairly light to take care of that.

Checking intervals isn’t going to fix anything. How hard is it going to be to have a program output a number of keystrokes just under the limit? If someone is lame enough to cheat this, they are lame enough to do that.

Sure, we can increase security and reduce cheating more and more. But at some point, the security we could install into the program will turn the simple keystroke counter into a program that eats away half your system resources. Where do we draw the lines?

In my opinion, cheating can never be 100% stopped, but we can put in place efforts that significantly reduce users’ abilities to cheat. I think that’s the best we can do without having to produce a system drain.

And also ways to point them out more (whether it was intentional or not, miles and Profiles are great at catching out cheaters).

What we seem to need though is a more active anti-cheat group since everyone seems very busy and no one is getting removed now-days…

Agreed, however, X-Kal. Nice to have you back!

bows

There is also the whole issue of implementing the new anti-cheat program that’ll take time. Wasted & PF’ll have to do that bit.

Whatever mechanism you build in the program can be easely circumvented.

You only need a network monitor(linux router will suffice, less /dev/eth0) and filter out all network traffic.

Figure out what the whatpulse program sends out, write a little program dat sends that exact bulk of code and response fromt he server, and that sends the specific info up to the server.
Have the program go in a loop and you can be up to a zillion zillion keystrokes in a few minutes.

The only safe bet is server side protection, counting an average keystrokes per day.

What would be a safe bet for whatpulse:

Take averages from all users: total keystrokes / (days they are member - time since last pulse) = the average keystrokes they have per day.

Add up all averages / number of members = average keystrokes per day for a normal person

By doing this calculation by all members you get a reliable statistic which you can use to check against cheating.

If anyone breaks the statistical average per day by his last 3 pulses raise a red flag and keep the user monitored to see if it’s a good typist, or a cheater.

but building in a checking mechanism in the program is pure folly. Cheaters don’t need the program.

Michael

[quote=Tsunim]Whatever mechanism you build in the program can be easely circumvented.

You only need a network monitor(linux router will suffice, less /dev/eth0) and filter out all network traffic.

Figure out what the whatpulse program sends out, write a little program dat sends that exact bulk of code and response fromt he server, and that sends the specific info up to the server.
Have the program go in a loop and you can be up to a zillion zillion keystrokes in a few minutes.

The only safe bet is server side protection, counting an average keystrokes per day.

What would be a safe bet for whatpulse:

Take averages from all users: total keystrokes / (days they are member - time since last pulse) = the average keystrokes they have per day.

Add up all averages / number of members = average keystrokes per day for a normal person

By doing this calculation by all members you get a reliable statistic which you can use to check against cheating.

If anyone breaks the statistical average per day by his last 3 pulses raise a red flag and keep the user monitored to see if it’s a good typist, or a cheater.

but building in a checking mechanism in the program is pure folly. Cheaters don’t need the program.

Michael[/quote]

and that’s what the token is for?

Exactly!

There’s already quite a few anti-cheat protections in place, and I’m pretty sure the obvious ones have been caught.

Copying the whatpulse files to different places won’t work, since the tokens can only be used once. Changing the data files around to show for higher key counts is going to be very difficult, since it’s encrypted now. There’s already a KPS limit in place right now, and it doesn’t require any formulas that show average KPS per day for the rest of the users.

I’d say we’ve got a pretty good system in place without the need for invasive security measures

http://whatpulse.org/stats/users/113285/normal/

there should be somthing that doesnt allow you to have big pulses and big kbps amount, like that guy,

4 2007/07/04 04:19:48 8,123,523 2,001,536 0.00 3.63 0.89

its freaking impossible to do that without cheating or sharing acc, both illegal

PS: didnt post the full url, cuz i cant just registred

Well, actually a link need to be posted here:

http://forums.whatpulse.org/showthread.php?t=1878&page=3

But this is ok

I try to pulse only when my count gets to about 100,000; Simply because it’s nicer than the error message saying ‘cannot connect to server’ showing up every time I click or type without internet, if I’ve gone over my 1,000 keys or 20,000 clicks. That’s why I bumped it up to an insane amount. Adding anything that sends out to the server ‘I’m here, I have this many keys’ every hour or whatnot seems very much like that, and would: a) Cause unnecessary server strain, and b) cause hassle to people on laptops or on dial-up. (non-permanent internet connections) c) People with automatic dial-out will get angry. (more dialup problems! :-P)

While in theory it sounds good, it’s not going to work.

There’s another much easier way to get the keys, and it’s fast, too. All you need is two computers. First you pulse from one of the computers. So, if you now use some kind of cheat on this computer, you will be able to have unlimited KPS… That really needs to be fixed because it’s really simple. I found this out when i pulsed from my laptop and then a few minutes later from my other computer, then the KPS was 15. I don’t know for how long it would work, if it even stops, but it needs to be fixed.

There is no limit on KPS with different profiles, because that’s annoying.

What do you mean by saying it’s annoying? :S

Well, let’s say you have a desktop and a laptop. You have, for example, 25,336,524 keys on your desktop. If you were to pulse that, and had 10million keys on your laptop it would be forever before you would be aloud to pulse again.

Yeah, you’re right.
It’s easy to cheat in that way, tho. =/

So what is the current cheating protection? Based on KPS?

I think that the MAX KPS should be around 6 or so. I type around 105 Words Per Minute and that is pretty fast, or atleast I am told. I am doing a guestimate and I would say I type like 4 or 5 KPS. Don’t forget space counts as a KPS.

Anybody that goes past 6 or so KPS should have a 30 second delay before anymore keystrokes are counted to their profile.