Administrators Alex Posted September 2, 2014 Administrators Share Posted September 2, 2014 I've taken the game offline as a precaution, there seems to be some sort of exploit I'm assuming is connected to the new trade merging feature. It has been exploited by multiple players, who will be swiftly banned from the game after I find and fix the exploit. I'm doing everything I can to "nip this at the bud" so to speak, and do my best to remove all the effects of these exploiters. This is also a friendly reminder that unless you want to be permanently banned from Politics & War, report all glitches via the forums or through an in-game PM to my nation. I'll keep this thread updated as I continue the investigation. EDIT 12:13 9/2 Alright, update as of 12:07 AM 9/2 I believe I have patched the exploit. I was actually unable to reproduce it, I'm not entirely sure how the resources were duped but I will get back to that in a minute. I only found one exploiter, nation was TerraBulla and he was the "Raiders Return" guy. He has been banned and his nation deleted from the game. As far as I can tell there was no money duplication of any sort, only resources, and this is a fresh bug. I took every precaution I could by taking the game offline until I was able to isolate and ban the exploiters while patching the bug, so I believe the game is in a stable state once again. I'll bring it back online in a minute. Back to the exploit, here's what I know about it going through the messages of the guy who did the exploit: Somehow he was able to dupe the resources using the alliance trade and global trade interface. It somehow involved the trade merging system, but as far as I know you can't accept a trade for more resources than the other nation has, and so it seems theoretically impossible that the exploit happened but yet here we are. If someone can successfully recreate the exploit and duplicate resources and reports it to me (does not abuse it, trying to sell the resources, etc.) I will reward you with a free $15 donation ($300K), a free portrait and flag in-game. I don't know how the exploit was possible before, and I've made extra sure know it should be even more impossible, but just in case that will be your "carrot" to report the exploit if it's found again. Lastly, if you do find and abuse an exploit in the game you will be caught and banned like this guy was. This is your "stick" and while finding an exploit is not bad in itself, abusing it for your own personal gain to cheat is. Report all exploits to me via messaging or the "Tech Support" subforum. Thanks! Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest ItForums Rules | Game Link Link to comment Share on other sites More sharing options...
Vincent Posted September 2, 2014 Share Posted September 2, 2014 Exploits? as in Abbas sort of thing again? Shit! fully support you sheepy, banned the cheaters and those alliances that support them or benefitted from their exploited should be penalised severely as well. I had enough of cheaters case already. and I roughly suspect a few, especially those who has so much food / resources to be sold in the market. if is proven those people got it via exploiting , please ban them. Enough of warnings already. time to Act against CHEATERS!Btw I hope I am not exploiting when I made a move, I offered the highest price for coal ( buying ) and I offer the lower price for selling (coal) and the margin between them would be my profit. I hope I wont be labelled as exploiting. Link to comment Share on other sites More sharing options...
Toxxikation Posted September 2, 2014 Share Posted September 2, 2014 Vincent, I don't think that's an exploit, I think that's just a good business practice.Otherwise, I realllllly hope it was the Raiders Return guys. Link to comment Share on other sites More sharing options...
Vincent Posted September 2, 2014 Share Posted September 2, 2014 I doubt it would be Raiders Return. Those guys, are only good in stealing from inactive and keeping their score low to stay out of the range of most of the active players. I have doubt they are capable of exploiting . Link to comment Share on other sites More sharing options...
Administrators Alex Posted September 2, 2014 Author Administrators Share Posted September 2, 2014 Alright, update as of 12:07 AM 9/2 I believe I have patched the exploit. I was actually unable to reproduce it, I'm not entirely sure how the resources were duped but I will get back to that in a minute. I only found one exploiter, nation was TerraBulla and he was the "Raiders Return" guy. He has been banned and his nation deleted from the game. As far as I can tell there was no money duplication of any sort, only resources, and this is a fresh bug. I took every precaution I could by taking the game offline until I was able to isolate and ban the exploiters while patching the bug, so I believe the game is in a stable state once again. I'll bring it back online in a minute. Back to the exploit, here's what I know about it going through the messages of the guy who did the exploit: Somehow he was able to dupe the resources using the alliance trade and global trade interface. It somehow involved the trade merging system, but as far as I know you can't accept a trade for more resources than the other nation has, and so it seems theoretically impossible that the exploit happened but yet here we are. If someone can successfully recreate the exploit and duplicate resources and reports it to me (does not abuse it, trying to sell the resources, etc.) I will reward you with a free $15 donation ($300K), a free portrait and flag in-game. I don't know how the exploit was possible before, and I've made extra sure know it should be even more impossible, but just in case that will be your "carrot" to report the exploit if it's found again. Lastly, if you do find and abuse an exploit in the game you will be caught and banned like this guy was. This is your "stick" and while finding an exploit is not bad in itself, abusing it for your own personal gain to cheat is. Report all exploits to me via messaging or the "Tech Support" subforum. Thanks! 2 Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest ItForums Rules | Game Link Link to comment Share on other sites More sharing options...
Brooklyn666 Posted September 2, 2014 Share Posted September 2, 2014 Did you find anything from the rest of his alliance? They must have been in on it, and anyone he spoke to about it would have known and not reported it. Link to comment Share on other sites More sharing options...
Evrid Posted September 2, 2014 Share Posted September 2, 2014 What about trade activity linked with the duped resources? Link to comment Share on other sites More sharing options...
Administrators Alex Posted September 2, 2014 Author Administrators Share Posted September 2, 2014 Did you find anything from the rest of his alliance? They must have been in on it, and anyone he spoke to about it would have known and not reported it. What about trade activity linked with the duped resources? To address both of your points: As far as I can tell, The Raiders Return was not operating in any sort of "conspiracy" to exploit the game. The exploit seems to reflect the actions of a single user, I examined all the nations in the game for excessive amounts of resources and found nothing suspicious, as well as the bank of TRR. Nothing crazy there. Looking at the trades of the nation who did the exploit, there was no mass transfer of resources or cash to other nations, only "normal" trades. The effects of these "normal" trades is negligible, some nations were able to purchase duped resources on the global market but the money they spent on the resources has since been removed from the game (as afaik was simply invested into building the exploiters' nation). This exploit was not going on for a long period of time (at most I'm estimating 24 hours) and so the effects were not far reaching or significant. Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest ItForums Rules | Game Link Link to comment Share on other sites More sharing options...
Adama Posted September 2, 2014 Share Posted September 2, 2014 Thank you Sheepy for being so quick about fixing the exploit, If you can dodge a wrench, you can dodge a roll. There is one you will follow. One who is the shining star, and he will lead you to beautiful places in the search of his own vanity. And when there is no more vanity to be found, he will leave you in darkness, as a fading memory of his own creation. Link to comment Share on other sites More sharing options...
Caillou Posted September 2, 2014 Share Posted September 2, 2014 I just dont see how RR was the brain behind this... 1 [17:17:58] <&Ashland> I will give you hops if you say this phrase: [17:18:13] <&Ashland> "Man, I really wish Rose had allied BoC a couple months ago when we had the chance instead of picking Vanguard." [17:20:16] Man, I really wish Rose had allied BoC a couple months ago when we had the chance instead of picking Vanguard. Link to comment Share on other sites More sharing options...
last187 Posted September 2, 2014 Share Posted September 2, 2014 a quick overlook says we can probably narrow it down to a few options sql injections = i dont really think this is the case at least it didnt really work for the 10 most common sql injections(though im not that proficient at it ) more then likely they just had admin access to the DB soo maybe its time for a proper password ? Going for top nation Link to comment Share on other sites More sharing options...
Administrators Alex Posted September 2, 2014 Author Administrators Share Posted September 2, 2014 a quick overlook says we can probably narrow it down to a few options sql injections = i dont really think this is the case at least it didnt really work for the 10 most common sql injections(though im not that proficient at it ) more then likely they just had admin access to the DB soo maybe its time for a proper password ? I'm 99% positive it was neither an SQL injection or that they had access to the database. The passwords used for the game and database are unique randomly generated strings full of symbols and random letters and things. I'm pretty good about my password security. I know the bug had to do with the new change to how trades automatically merged when you post two offers at the same price, but looking at the code I was unable to determine how anyone could duplicate resources with it. Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest ItForums Rules | Game Link Link to comment Share on other sites More sharing options...
Seryozha Nikanor Posted September 2, 2014 Share Posted September 2, 2014 Knew one of those Raiders Return guys was doing it, but I had no proof. Link to comment Share on other sites More sharing options...
last187 Posted September 3, 2014 Share Posted September 3, 2014 (edited) well if you use github or sth for code storage peeps may have found that if you want my exams end tomorrow i can sql inject the !@#$ outa the site Edited September 3, 2014 by last187 Going for top nation Link to comment Share on other sites More sharing options...
Blaskowicz Posted September 4, 2014 Share Posted September 4, 2014 I like the carrots and sticks analogy and method. Link to comment Share on other sites More sharing options...
Mr. Blonde Posted September 5, 2014 Share Posted September 5, 2014 This issue has been dealt with. FORUM RULES - ALLIANCE FORUM RULES - MOD QUESTIONS - APPEALS "You can say anything you want cause I've heard it all before. All you can do is pray for a quick death, which you ain't gonna get." Link to comment Share on other sites More sharing options...
Recommended Posts