Game cheating prevention

For discussions about game development that does not fit in any of the other topics.

Game cheating prevention

Postby Zykal » Wed Aug 23, 2017 10:36 pm

I've been working on a game on and off for a while. I've been looking into security/cheating issues a bit. I've already made everything server side, so that the client is just for displaying data and inputs.

One of the things I noticed some other games having where action timers, so you can only do an action every 5 seconds. If you try to do an action again it gives you an error, like your timer is not up yet. How are they doing this server side. I thought maybe making a time stamp whenever you do an action and then before the next action could be performed X time had to pass. So it'd take the 2 time stamps and compare them and if 5 seconds had passed it'd be good to go.

I'm basically trying to prevent multiple tabs, and people sending requests to do different tasks, that shouldn't be able to happen.

Thanks!
Zykal
 
Posts: 31
Joined: Wed Nov 28, 2012 11:38 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Game cheating prevention

Postby Jackolantern » Fri Aug 25, 2017 11:43 pm

You are pretty much on to it. If you are going to have a timer counting down, the animated timer in the client's browser is only for the users' convenience. You actually have a timestamp in the database and when another action is attempted, you compare the current time to the timestamp + minimum time to repeat the action or perform the next action. If the current time is less, than the user has tried to do something tricky, so prevent them from doing it. It can be tempting to punish them for trying to mess around with your game, but since the web is so open it could just be curious playing around. The best thing to do is just prevent it and move on.

This is the mindset you need to have to prevent cheating: the entire state must be on the server, where it cannot be tampered with by the player. Everything going on in the browser is just to give the player help with understanding what that state on the server is so they can send effective input to the server's state to keep playing.

Keep in mind this is cheating. Things like trying to get around a timer by attempting to go into the Javascript console and change the value I would call cheating. These are just tinkering to see if they can find any little places where maybe you leaned too heavily on the client-side so they can bend the rules a little bit. You have to protect against these but personally I would choose to go easier on them. Just stop them and move on. Then there are actual hacking methods that fall more neatly into normal website security. This includes things like preventing SQL injection, cross-site scripting attacks, session fixation, DOS attacks, etc. These are security issues for all dynamic websites and if you catch people do things like this, ban them immediately. These aren't people trying to bend the rules a bit or poke around with what is available to them. These are people trying to destroy your game. This is just my own personal distinction, however.
The indelible lord of tl;dr
User avatar
Jackolantern
 
Posts: 10634
Joined: Wed Jul 01, 2009 6:00 pm
Location: Houston, TX
Has thanked: 20 times
Been thanked: 73 times
Blog: View Blog (1)

Re: Game cheating prevention

Postby Zykal » Sat Aug 26, 2017 8:51 pm

Good to know I was on the right track.

I'm not going to ban people for poking around. I think I've tried at least simple tricks in every game to see if they work.

Now the hacking, that's different for sure.


Thanks
Zykal
 
Posts: 31
Joined: Wed Nov 28, 2012 11:38 pm
Has thanked: 0 time
Been thanked: 0 time


Return to General Development

Who is online

Users browsing this forum: No registered users and 1 guest

x