Game cheating prevention

For discussions about game development that does not fit in any of the other topics.
Post Reply
Zykal
Posts: 31
Joined: Thu Nov 29, 2012 4:38 am

Game cheating prevention

Post by Zykal »

I've been working on a game on and off for a while. I've been looking into security/cheating issues a bit. I've already made everything server side, so that the client is just for displaying data and inputs.

One of the things I noticed some other games having where action timers, so you can only do an action every 5 seconds. If you try to do an action again it gives you an error, like your timer is not up yet. How are they doing this server side. I thought maybe making a time stamp whenever you do an action and then before the next action could be performed X time had to pass. So it'd take the 2 time stamps and compare them and if 5 seconds had passed it'd be good to go.

I'm basically trying to prevent multiple tabs, and people sending requests to do different tasks, that shouldn't be able to happen.

Thanks!
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Game cheating prevention

Post by Jackolantern »

You are pretty much on to it. If you are going to have a timer counting down, the animated timer in the client's browser is only for the users' convenience. You actually have a timestamp in the database and when another action is attempted, you compare the current time to the timestamp + minimum time to repeat the action or perform the next action. If the current time is less, than the user has tried to do something tricky, so prevent them from doing it. It can be tempting to punish them for trying to mess around with your game, but since the web is so open it could just be curious playing around. The best thing to do is just prevent it and move on.

This is the mindset you need to have to prevent cheating: the entire state must be on the server, where it cannot be tampered with by the player. Everything going on in the browser is just to give the player help with understanding what that state on the server is so they can send effective input to the server's state to keep playing.

Keep in mind this is cheating. Things like trying to get around a timer by attempting to go into the Javascript console and change the value I would call cheating. These are just tinkering to see if they can find any little places where maybe you leaned too heavily on the client-side so they can bend the rules a little bit. You have to protect against these but personally I would choose to go easier on them. Just stop them and move on. Then there are actual hacking methods that fall more neatly into normal website security. This includes things like preventing SQL injection, cross-site scripting attacks, session fixation, DOS attacks, etc. These are security issues for all dynamic websites and if you catch people do things like this, ban them immediately. These aren't people trying to bend the rules a bit or poke around with what is available to them. These are people trying to destroy your game. This is just my own personal distinction, however.
The indelible lord of tl;dr
Zykal
Posts: 31
Joined: Thu Nov 29, 2012 4:38 am

Re: Game cheating prevention

Post by Zykal »

Good to know I was on the right track.

I'm not going to ban people for poking around. I think I've tried at least simple tricks in every game to see if they work.

Now the hacking, that's different for sure.


Thanks
Post Reply

Return to “General Development”