Trust me, I know how information spreads, and this has spread, go research it for yourself
I'm very familiar with the auction ending earlier than stated bug but I really don't think this is what's causing it.
I'm not saying it's not technically possible, obviously it is. Tons of old online games were plagued with exploits because they didn't preform server side checks before allowing some actions. But for it to happen nowadays would be ALMOST beyond the realm of possibility, especially coming from Blizzard who has some of the best experience with online games and exploits that come with them.
The main difference here between the canceling with the clock was that only affected your own auctions. So I guess it wasn't looked at as a big deal and probably forgotten about during testing. I don't even think it was possible to force an auction to end successfully with a bid by setting your time forward was it? This however would have to run through the server, which would mean it'd be checked (or should be like everything else) and you can't trick that.
It's FAR, MANY TIMES, more likely someone is spinning an semi-intricate hoax than for a company to actually forget this sort of thing all of the sudden, and well if for some reason it is real, then yes this is a huge problem and pretty stupid if missed.
Trust me, I know how information spreads, and this has spread, go research it for yourself
I'm very familiar with the auction ending earlier than stated bug but I really don't think this is what's causing it.
I'm not saying it's not technically possible, obviously it is. Tons of old online games were plagued with exploits because they didn't preform server side checks before allowing some actions. But for it to happen nowadays would be ALMOST beyond the realm of possibility, especially coming from Blizzard who has some of the best experience with online games and exploits that come with them.
The main difference here between the canceling with the clock was that only affected your own auctions. So I guess it wasn't looked at as a big deal and probably forgotten about during testing. I don't even think it was possible to force an auction to end successfully with a bid by setting your time forward was it? This however would have to run through the server, which would mean it'd be checked (or should be like everything else) and you can't trick that.
It's FAR, MANY TIMES, more likely someone is spinning an semi-intricate hoax than for a company to actually forget this sort of thing all of the sudden, and well if for some reason it is real, then yes this is a huge problem and pretty stupid if missed.
I really like you, and what you're saying. I felt the same way about Blizzard for a long time, but the truth is this:
The same checks should have been in place for cancellation bug and weren't. Where was the verification then? It didn't exist. I know it was only affecting 'you' but it wasn't. YES you could cancel auctions once people had bid, it wasn't in the Kripp video but it was in someone elses.
Blizzard have had over a decade to deal with the issue of spam, but they don't/aren't capable. Other popular MMO's have all but eradicated it, Blizz haven't, they even put their foot in it with the currency conversion and making $2.5 per million the lowest, when the current rate is far below that on gold sale sites. EDIT: Thereby still making it profitable for gold spammers to spam.
Blizzard have lied about patching things in the hope that most people will give up trying them. Exploding Palm glitch, anyone? WoW had LOADS of exploits like this in the early months of the game... the thing is that there wasn't a real money investment associated with (most) items.
No game is 100% rock solid, I truly, truly get what you are saying, but the potential is there for Blizz to have overlooked this. As far as I'm concerned, they have.
What I meant by cancel when someone had bid was, force to end the auction, not cancel it, and receive the gold from it. That would have to go through the server. If that was possible and there is actual evidence of it then I'm far more likely to believe this has happened.
I also don't think it's possible to get rid of spam completely. Blizzard just gets it more because WoW is a very popular game people are willing to spend a lot on. It's a bigger target.
You DID report all of this to Blizzard hacks department, right? RIGHT???
Dunno about the other guy, but I know I never do. I never claimed to be a decent human being - I take what I can get from others as well as what I find/discover and keep it to myself. This is regardless of whether or not I use something. (e.g. I would never use something that can get me clearly banned, but it is still fun to see what works and how it works.)
Main reason for this is that I really don't want to be associated with anything "bad" with Blizzard, but also because it is fun to see how long it takes other people to figure stuff out and then on top of that for Blizzard/[Other Company Here] to fix it. Some men just want to watch the world burn, etc. etc.
This however would have to run through the server, which would mean it'd be checked (or should be like everything else) and you can't trick that.
Who's to say they have restrictions in place that prevent you from telling it to process a buyout command on something that only has a bid? Obviously if you try to do this to an item with a buyout, it'll say "Hey, these buyouts don't match." but how can you be sure about that with bids?
Oh, and I like Blizzard, I want to have faith in them just like you do Daemaro, and I usually do. But in the end it is the world against a relatively small group of people. They can't prevent/see everything coming.
What I meant by cancel when someone had bid was, force to end the auction, not cancel it, and receive the gold from it. That would have to go through the server. If that was possible and there is actual evidence of it then I'm far more likely to believe this has happened.
I also don't think it's possible to get rid of spam completely. Blizzard just gets it more because WoW is a very popular game people are willing to spend a lot on. It's a bigger target.
Blizzard barely try. The exact same message posted over and over again for weeks on end? The same spelling and everything? I wrote an entire article on how other MMO's deal with spam and the way Blizzard don't. There is nothing that stops those chat bots from working, and the goal of spam detectors and filters is to make it so it is unprofitable for a company to run bots on their service.
I'm telling you now, if blizzard implemented a half decent spam filter, those bots would be gone in a month, and you'd be lucky to see one spam message a day, instead of the 100+ you can see at the moment.
EDIT: Blizzard if you ever read this post, call me even though you hate my guts for being a douchebag. I will fix your spam filter and you will hate the loss in sales, but your customers would love you... oh... wait, that doesn't sound like a good business decision now, does it? Loss in sales you say!
Or how you just hop on some hacker forum and they are chomping at the bit to show you their paypal accounts and real time AH hacks..... what do they have to gain?
EDIT: Blizzard if you ever read this post, call me even though you hate my guts for being a douchebag. I will fix your spam filter and you will hate the loss in sales, but your customers would love you... oh... wait, that doesn't sound like a good business decision now, does it? Loss in sales you say!
TBH it's hard to take you seriously when you make self-righteous statements like that.
I think you hate them, not them hating you, Bane. At least that's the impression I get from the way you post.
Banning people based on text alone is not a good idea, which is what you seem to be implying to stop spam. I know I've retyped a gold seller's spam to a friend before just because some of them are pretty hilariously bad. (Or just to mess with them a little.) You could say people shouldn't joke about it, but shrug.
I'll admit I didn't read your article on dealing with spam though, and I'll say up front I'm also not really interested. (No offense!)
Answer me - how come you didnt record it? Coz the only reason I cam come up with is you being mentaly hanciapped. So else your laying, else handicapped. Choice is yours.
Yeah, you would think he'd record it, wouldn't you? Especially since he paid for it.
But you know, when you type the way you do, you probably should refrain from calling other people "mentaly hanciapped".
Oh and the Blizzard forums seem on fire the past few days with threads about this, so maybe we'll see a blue post about the matter soon.
Or how you just hop on some hacker forum and they are chomping at the bit to show you their paypal accounts and real time AH hacks..... what do they have to gain?
$10,000 was a minimum figure I extracted from each of the five hackers results with the 'exploit'. only four of them actually showed me some kind of proof of income, but the last one definitely had the method working, but didn't feel comfortable showing me his PayPal (fair enough really).
As for what they have to gain? I paid $50 for them to show me proof that it was working, but without sharing the method. They gain 'internet notoriety' which a lot of them crave, as well as a little bit of cash (not that they were particularly strapped for that). I gained a story. Win/Win.
I think you hate them, not them hating you, Bane. At least that's the impression I get from the way you post.
Banning people based on text alone is not a good idea, which is what you seem to be implying to stop spam. I know I've retyped a gold seller's spam to a friend before just because some of them are pretty hilariously bad. (Or just to mess with them a little.) You could say people shouldn't joke about it, but shrug.
I'll admit I didn't read your article on dealing with spam though, and I'll say up front I'm also not really interested. (No offense!)
None taken!
My way of dealling with spam wasn't an instaban, it was a server side temp-mute and flag, before the message was delivered to clients. It wouldn't even reach people that way, and so you would have nothing to copy There were also several other flags associated with it, for instance they almost always come from accounts with less than x hours played, etc. It can get quite technical extremely easily with little/no overhead
The problem with that is no matter how you change a filter to automatically ban someone it's going to keep happening. For example a lot of bots we get are from emails @126.com, if we banned those, they'd move to another free email service. If we banned or blocked messages with .com, they just add spaces . c o m, if we ban it with spaces they change it to "(dot)com" if we disallow all use of the characters c o m in the first post of an account, they just switch a site to .cn or .ru or somewhere else. If they want to bypass it they can.
I'm also not sure it's very expensive to annoy people compared to how much they make scamming people on WoW or selling gold. That part is speculative though as I've never ran a bot farm.
Anyways sorry for off-topic. Just wanted to talk about how much I hate spam bots.
You can't "fool" the server into thinking anything. Because the server will check it's records first and foremost. Anything you try to do will be delivered to the server, the server will check to see if it's correct, and then send permission to allow it.
That assumes there are no exploitable bugs server side, which is ridiculous. Of course you can "fool" the server, it simply requires finding a hole somewhere. How do you think websites (and their databases) get hacked? Security holes always exist. It could be anything from not sanitizing user input (as is the case with SQL injection) to buffer overflows (i.e., code injection) or more advanced techniques.
Not saying this is the case here or that I know of existing security holes in the Diablo servers, but to say that "You can't "fool" the server into thinking anything. Because the server will check it's records first and foremost." is just silly.
People in the past could buyout items for the bid price in the past using exploitive means. Blizzard did ban people who used this method (not really hard to find if someone used it or not) the method was hotfixed, and is/was no longer able to be done)
However, with fast research, it seems this just popped up again around the web in the last 24 hours, with someone posting how to do it. However, people said they have tried, and it does fail (aka hotfixed) however, thats not to say the person spreading the info is not leaving something out ..ect
Unless someone has 100% video proff of this happening RIGHT now, (and not using old info/video/pictures) there is no reason to think it would work now (as, if you know what they were doing, once its hotfixed, its not something that could happen again... unless blizzard somehow rolledback the hotfix
edit: fixed typos (posting from phone)
I want to add to this real fast. Regardless of what people think of blizzard with Diablo 3 and botters/hackers. They are seriously hitting this harder than most of their gamees. The amount of S&D blizzard is sending out compared is rather interesting, ban waves also seem to be going out more often than other blizzard titles.
Second Update:
Yeah so... what looks to have happend here. Someone posted up the old method today. The site linked in the OP found it, he may have looked into it and did not know that it no longer works, and thought it was real [as in happening right now still] (maybe due to old information from when it did work according to other reports?) but there is nothing out right now showing that this is real (happening this second)
However, it never hurts to throw your min bids to a price where you want it to be sold at (just in case rollbacked hotfix/new method with information left out..ect)... that kind of the point of a min bid anyway =P
I want to add to this real fast. Regardless of what people think of blizzard with Diablo 3 and botters/hackers. They are seriously hitting this harder than most of their gamees. The amount of S&D blizzard is sending out compared is rather interesting, ban waves also seem to be going out more often than other blizzard titles.
They also finally started banning (some, not all) people running automation scripts (not bots) for ZK and AH sniping.
re: your second update - Yeah, I'm not sure if it still works right this moment as I posted on page 1, but I believe it worked in the past week or so still.
Actually with the last patch 1.03b blizzard reseted some of their old hotfixes.
Remember the triple loot bug with monks exploding palm? It was back for one day.
This is the reason why they took down the server the same night again to fix these problems.
Like Molster wrote, the bid - buyout exploit worked before. And it worked on tuesday / wednesday.
Blizzard was fast with banning accounts and with the hotfix and it no longer works. But it did.
Triple loot has never been fixed. It just doesn't give 3 stacks anymore, you still get the extra loot.
Actually with the last patch 1.03b blizzard reseted some of their old hotfixes.
Remember the triple loot bug with monks exploding palm? It was back for one day.
This is the reason why they took down the server the same night again to fix these problems.
Like Molster wrote, the bid - buyout exploit worked before. And it worked on tuesday / wednesday.
Blizzard was fast with banning accounts and with the hotfix and it no longer works. But it did.
When Blizzard originally posted claiming they fixed the loot/stack bug, they only fixed the multiple stacks and not the loot portion. I'm not sure where the rumor started that extra loot no longer dropped, but I can personally assure you I was still getting 2x to 4x loot on packs.
Please note that this was as a monk, I have never been able to get it to work for the other classes as some people have claimed.
When you think Diablo 3 can't get any worse, it can. Blizzard keeps failing and does it hard.
I mean, a few weeks ago I stopped believing that Blizzard had decades of experience in the gaming industry with the fail launch, the many downtimes, the many bugs and how bad the RMAH was implemented. Now I stopped believing that Blizzard actually can make a full working proper game. They should go back to make offline single player games.
So I'm guessing you weren't around for the Diablo 2 launch... or the WoW launch, or every expansion pack. You can only theorize what will go wrong with millions of actual clients logging onto your server, but in order to find and fix bugs / problems, you have to actually have the real thing. Get the fuck over the launch, it was just as bad as every other major mmo like launch, and it's been fixed. It has always happened, and it always will happen.
They didn't work on the game for 10 years, session spoofing was a baseless rumor proven to be false, and if people are being actually banned for using the RMAH they're probably doing something shady. The other stuff you're right though.
All games will have problems with launches though, not saying it hasn't been pretty bad but I don't think its ruined the game. At least not for me.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
I'm very familiar with the auction ending earlier than stated bug but I really don't think this is what's causing it.
I'm not saying it's not technically possible, obviously it is. Tons of old online games were plagued with exploits because they didn't preform server side checks before allowing some actions. But for it to happen nowadays would be ALMOST beyond the realm of possibility, especially coming from Blizzard who has some of the best experience with online games and exploits that come with them.
The main difference here between the canceling with the clock was that only affected your own auctions. So I guess it wasn't looked at as a big deal and probably forgotten about during testing. I don't even think it was possible to force an auction to end successfully with a bid by setting your time forward was it? This however would have to run through the server, which would mean it'd be checked (or should be like everything else) and you can't trick that.
It's FAR, MANY TIMES, more likely someone is spinning an semi-intricate hoax than for a company to actually forget this sort of thing all of the sudden, and well if for some reason it is real, then yes this is a huge problem and pretty stupid if missed.
I really like you, and what you're saying. I felt the same way about Blizzard for a long time, but the truth is this:
The same checks should have been in place for cancellation bug and weren't. Where was the verification then? It didn't exist. I know it was only affecting 'you' but it wasn't. YES you could cancel auctions once people had bid, it wasn't in the Kripp video but it was in someone elses.
Blizzard have had over a decade to deal with the issue of spam, but they don't/aren't capable. Other popular MMO's have all but eradicated it, Blizz haven't, they even put their foot in it with the currency conversion and making $2.5 per million the lowest, when the current rate is far below that on gold sale sites. EDIT: Thereby still making it profitable for gold spammers to spam.
Blizzard have lied about patching things in the hope that most people will give up trying them. Exploding Palm glitch, anyone? WoW had LOADS of exploits like this in the early months of the game... the thing is that there wasn't a real money investment associated with (most) items.
No game is 100% rock solid, I truly, truly get what you are saying, but the potential is there for Blizz to have overlooked this. As far as I'm concerned, they have.
I also don't think it's possible to get rid of spam completely. Blizzard just gets it more because WoW is a very popular game people are willing to spend a lot on. It's a bigger target.
Dunno about the other guy, but I know I never do. I never claimed to be a decent human being - I take what I can get from others as well as what I find/discover and keep it to myself. This is regardless of whether or not I use something. (e.g. I would never use something that can get me clearly banned, but it is still fun to see what works and how it works.)
Main reason for this is that I really don't want to be associated with anything "bad" with Blizzard, but also because it is fun to see how long it takes other people to figure stuff out and then on top of that for Blizzard/[Other Company Here] to fix it. Some men just want to watch the world burn, etc. etc.
Nah, I'm pretty sure that anything besides cancelling your own auctions was a rumor. I believe Bashiok even posted on that.
Who's to say they have restrictions in place that prevent you from telling it to process a buyout command on something that only has a bid? Obviously if you try to do this to an item with a buyout, it'll say "Hey, these buyouts don't match." but how can you be sure about that with bids?
Oh, and I like Blizzard, I want to have faith in them just like you do Daemaro, and I usually do. But in the end it is the world against a relatively small group of people. They can't prevent/see everything coming.
Blizzard barely try. The exact same message posted over and over again for weeks on end? The same spelling and everything? I wrote an entire article on how other MMO's deal with spam and the way Blizzard don't. There is nothing that stops those chat bots from working, and the goal of spam detectors and filters is to make it so it is unprofitable for a company to run bots on their service.
I'm telling you now, if blizzard implemented a half decent spam filter, those bots would be gone in a month, and you'd be lucky to see one spam message a day, instead of the 100+ you can see at the moment.
EDIT: Blizzard if you ever read this post, call me even though you hate my guts for being a douchebag. I will fix your spam filter and you will hate the loss in sales, but your customers would love you... oh... wait, that doesn't sound like a good business decision now, does it? Loss in sales you say!
Or how you just hop on some hacker forum and they are chomping at the bit to show you their paypal accounts and real time AH hacks..... what do they have to gain?
TBH it's hard to take you seriously when you make self-righteous statements like that.
Banning people based on text alone is not a good idea, which is what you seem to be implying to stop spam. I know I've retyped a gold seller's spam to a friend before just because some of them are pretty hilariously bad. (Or just to mess with them a little.) You could say people shouldn't joke about it, but shrug.
I'll admit I didn't read your article on dealing with spam though, and I'll say up front I'm also not really interested. (No offense!)
I didn't get that part either, but I figured it wasn't really important to the AH bug's existance.
Yeah, you would think he'd record it, wouldn't you? Especially since he paid for it.
But you know, when you type the way you do, you probably should refrain from calling other people "mentaly hanciapped".
Oh and the Blizzard forums seem on fire the past few days with threads about this, so maybe we'll see a blue post about the matter soon.
$10,000 was a minimum figure I extracted from each of the five hackers results with the 'exploit'. only four of them actually showed me some kind of proof of income, but the last one definitely had the method working, but didn't feel comfortable showing me his PayPal (fair enough really).
As for what they have to gain? I paid $50 for them to show me proof that it was working, but without sharing the method. They gain 'internet notoriety' which a lot of them crave, as well as a little bit of cash (not that they were particularly strapped for that). I gained a story. Win/Win.
None taken!
My way of dealling with spam wasn't an instaban, it was a server side temp-mute and flag, before the message was delivered to clients. It wouldn't even reach people that way, and so you would have nothing to copy There were also several other flags associated with it, for instance they almost always come from accounts with less than x hours played, etc. It can get quite technical extremely easily with little/no overhead
The problem with that is no matter how you change a filter to automatically ban someone it's going to keep happening. For example a lot of bots we get are from emails @126.com, if we banned those, they'd move to another free email service. If we banned or blocked messages with .com, they just add spaces . c o m, if we ban it with spaces they change it to "(dot)com" if we disallow all use of the characters c o m in the first post of an account, they just switch a site to .cn or .ru or somewhere else. If they want to bypass it they can.
I'm also not sure it's very expensive to annoy people compared to how much they make scamming people on WoW or selling gold. That part is speculative though as I've never ran a bot farm.
Anyways sorry for off-topic. Just wanted to talk about how much I hate spam bots.
I loathe them myself.
P.S. You forgot .c0m
That assumes there are no exploitable bugs server side, which is ridiculous. Of course you can "fool" the server, it simply requires finding a hole somewhere. How do you think websites (and their databases) get hacked? Security holes always exist. It could be anything from not sanitizing user input (as is the case with SQL injection) to buffer overflows (i.e., code injection) or more advanced techniques.
Not saying this is the case here or that I know of existing security holes in the Diablo servers, but to say that "You can't "fool" the server into thinking anything. Because the server will check it's records first and foremost." is just silly.
However, with fast research, it seems this just popped up again around the web in the last 24 hours, with someone posting how to do it. However, people said they have tried, and it does fail (aka hotfixed) however, thats not to say the person spreading the info is not leaving something out ..ect
Unless someone has 100% video proff of this happening RIGHT now, (and not using old info/video/pictures) there is no reason to think it would work now (as, if you know what they were doing, once its hotfixed, its not something that could happen again... unless blizzard somehow rolledback the hotfix
edit: fixed typos (posting from phone)
I want to add to this real fast. Regardless of what people think of blizzard with Diablo 3 and botters/hackers. They are seriously hitting this harder than most of their gamees. The amount of S&D blizzard is sending out compared is rather interesting, ban waves also seem to be going out more often than other blizzard titles.
Second Update:
Yeah so... what looks to have happend here. Someone posted up the old method today. The site linked in the OP found it, he may have looked into it and did not know that it no longer works, and thought it was real [as in happening right now still] (maybe due to old information from when it did work according to other reports?) but there is nothing out right now showing that this is real (happening this second)
However, it never hurts to throw your min bids to a price where you want it to be sold at (just in case rollbacked hotfix/new method with information left out..ect)... that kind of the point of a min bid anyway =P
They also finally started banning (some, not all) people running automation scripts (not bots) for ZK and AH sniping.
re: your second update - Yeah, I'm not sure if it still works right this moment as I posted on page 1, but I believe it worked in the past week or so still.
Triple loot has never been fixed. It just doesn't give 3 stacks anymore, you still get the extra loot.
When Blizzard originally posted claiming they fixed the loot/stack bug, they only fixed the multiple stacks and not the loot portion. I'm not sure where the rumor started that extra loot no longer dropped, but I can personally assure you I was still getting 2x to 4x loot on packs.
Please note that this was as a monk, I have never been able to get it to work for the other classes as some people have claimed.
So I'm guessing you weren't around for the Diablo 2 launch... or the WoW launch, or every expansion pack. You can only theorize what will go wrong with millions of actual clients logging onto your server, but in order to find and fix bugs / problems, you have to actually have the real thing. Get the fuck over the launch, it was just as bad as every other major mmo like launch, and it's been fixed. It has always happened, and it always will happen.
All games will have problems with launches though, not saying it hasn't been pretty bad but I don't think its ruined the game. At least not for me.