Discussion: Zero Tolerance RMT Tells and Spam
By
Agent_Kendt,
Posted on: 2007-08-07 13:34 in News, Events and Announcement Discussion
Oddly enough I always get them whenever "They" start advertising free 14 day trials, long before I-9 I was getting them, everytime they advertise a 14 day free trial I get them.
Perhaps they could do something like this:
The trials that are given out by current subscribers (the ones we can go get generated for a friend) have full access to the game.
Ones given away on MMORPG and such have limited access. No trading, no tells (or maybe a restriction on number of tells per minute), and such.
Basically MMORPG is the reason we're getting these since only when they've had these things through MMORPG.com have I gotten spam...
Ok I got my first one of these last week around 10:00 pm CST.
It was just one and all I did was ignore it, I did not send in a petition or anything.
I found it no more annoying than the other in game tells I get like team?, lft?, and the ever popular can I join your team?.
Dont get me wrong Im not saying these are ok I just want to know if I am in the minority with getting these.
Are people getting multiple ones right after the other?
Legal Action?
Against what? Annoying the customer base?
-I went looking to answer my own question and that answer is Yes!- Plaintiff's Attorney in Player-IGE Lawsuit Speaks to the Escapist -the link there Hernandez v IGE goes into more depth.
Quite the endeavor!
Personally, I remember this stuff back in the days of playing MUDS like Dragonrealms/Gemstone (when it was still free), more then seven years ago, this was happening. Perhaps it is something so unique, that, as that lawyerman said, customer advocates and the like aren't even really aware of it.
I have to give Kudos to Ebay for not allowing this type of 'selling', and quite frankly am surprised that they made such a decision.
The only reason CoH has been relatively free of such spam (even though the 'leveling your character to 50 for a fee has been around for awhile) is because there has been no 'loot', except for Hami's.
NOW though...we're starting to feel the pain that other games have been dealing with for many years.
Unfortunatly, the real fact is that if we don't take the time to petition, (even if it is a pain in the behind) there isn't much they can do, and even THEN, they have to treat these 'spammers' with the same policy they would you or me in determining to ban or not to ban.
Either that takes a couple days to determine,
OR
There are far more spammers being reported then we are aware of, and thus perhaps creating a back-log to sort through, if you will.
OR
Some third, other thing...
I'm kinda rambling about it, will have to keep an eye on that IGE lawsuit though.. I guess I'm strangly used to this sort of thing, though I've never liked it, I'm over the outrage of it.
I report them, as I always have in any other game, and move on...
...just wait til they start using the mailing system! 
Okay, moving on...
Good luck to those guys with their lawsuit, but I doubt much of anything will happen, being one, those guys bringing the suit are doing it out of pocket, two, the people they are suing have their own legal team, and wording in their own terms of services that are there as a way to cover their behinds. Imagine it as a Hami raid, but with only 8 people, we all know how it's going to end. Besides I imagine once X amount of dollars are spent, and nothing is being accomplished the lawyer in this case will cut his losses, and bail. Let me put it in perspective for you, as to how big this is, and how much money these people have: one of the smaller businesses, not gonna say who, because I imagine it's against rules to post names in posts, but they boast over 30, 000 customers, and at $15 a pop(minimum purchase) daily that would be $450,000, this particular company has been around for a few years. Given these numbers, which is just a rough estimate for one day's worth of business, and little to no cost adverstising, these people have more than enough money to fight this. That's just from in-game currency sales alone, I haven't even touched the Pay to level services they offer, which varies from game to game, but isn't cheap. This is just an example based off a small company, so imagine how much money the company that's the defendant in said suit has.
"You aren't the sharpest tool in the shed, but you are a tool nonetheless."-American Demon.
[ QUOTE ]
There is also the MMORPG.com free trials right now.
[/ QUOTE ]
= Summary =
This week's spamming problem is, in my opinion, a direct result of a security breach at MMORPG.com. As GM efforts may not be enough, NCSoft should consider suspending the free trial promotion with MMORPG.com until the security situation is rectified.
= Observations =
* MMORPG.com is giving free trials away to anyone who simply registers on their site.
* MMORPG.com displays a CAPTCHA (anti-bot image of distorted letters) in an attempt to prevent automated registration.
* The CATPCHA is the weakest I've ever seen, consisting of non-distorted #000000 black characters on a non-black background. (Example: FP6ML) Although the background makes the characters difficult for humans to read, computers see numbers, not colors, and #000000 black is easily distinguished from numbers that are not #000000 black. I see no competent attempt to defeat automatic edge recognition or segmentation.
* As an exercise, I wrote a simple program to isolate the #000000 pixels, changing all other pixels to #FFFFFF white. (Result: FP6ML) This turned out to be unnecessary, as optical character recognition programs already do this themselves, by adjusting the binarization threshold to 0%.
* The crummy open-source OCR program I use reads the unedited CAPTCHA (the one with all the colors intact, not the one I edited to black and white) as "F.PbML". When I tweak the program's filter to recognize only numerals and capital letters, the CAPTCHA is toast: "FP6ML". In total, it took me twenty minutes to defeat MMORPG.com's CAPTCHA, using only an open-source general-purpose character recognition program.
* The spammers have two accounts, hero-sideand villain-side account, simultaneously on several (and quite possibly all) live servers. The spammers appear to be creating new accounts as fast as the old accounts get banned.
= Conclusion =
The spammers are likely to have cracked the weak security of mmorpg.com, as I have demonstrated it is easy to do. The spammers are likely to be generating automated free trial requests around the clock as fast as they can be banned, so additional efforts beyond the GMs' work are needed.
= Recommendations =
My recommendation for NCSoft is to vet the security of their promotional partners more carefully to prevent automated signups. Further, NCSoft should immediately suspend any promotion whose security has been compromised, as MMORPG.com's appears to have been.
My recommendation for MMORPG.com is to switch to reCAPTCHA. The reCAPTCHA project provides strong CAPTCHA images for free, as a public service. reCAPTCHA images are composed of two challenge words: one known word, to prevent automated registrations, and one unknown word, taken from a scanned book that automated character recognition failed to read. Thus, reCAPTCHA provides security and helps to digitize classic books at the same time. reCAPTCHA is also, in my human opinion, quite a bit easier on the eyes, and easier for a human to solve, than MMORPG's current CAPTCHA.
The reCAPTCHA project's website is at recaptcha.net.
EDIT: To reflect the spammer is reportedly affecting several servers, not just Virtue.
This is getting much worse, not better by any means. This morning, on Virtue, I logged in to get a quickie Warburg mission done before heading to work. During the < 1/2 hour of gameplay (Warburg + Black Market), I got 3 tells from this pkpk character, all seemed to be in some non-English font (gibberish and numbers to me).
I've gotten tells from him before (all petitioned) but they were far more sporadic and merely an annoyance, versus the real detriment to my enjoyment that he created today.
Global = Hedgefund (or some derivation thereof)
[ QUOTE ]
the people they are suing have their own legal team, and wording in their own terms of services that are there as a way to cover their behinds.
[/ QUOTE ]
It isn't people who have used the service that are suing - it's the people who are having their entertainment messed with by a company that is violating a game's EULA themselves.
A company isn't protected one bit by having a ToS agreement if they are harassing people that are not using their service.
Orc&Pie No.53230 There is an orc, and somehow, he got a pie. And you are hungry.
www.repeat-offenders.net
Negaduck: I see you found the crumb. I knew you'd never notice the huge flag.
I got a tell while I was on Infinity. I was running a mish...
I was in the middle of a nice sized mob of Hellions
I ate dirt.
@MrsAlphaOne
Member of the [url="http://www.guildportal.com/Guild.aspx?GuildID=171543&TabID=1451954"]RIMC[/url]
[url="http://www.freewebs.com/mrsalphaone"]DA![/url]
[color=red]Official Beer Wench of PWNZ[/color] Arc 452196 When Madness Reigns over Reason. Play it and PM me your constructive criticism on what I can tweak before Oct 20th. <3 U all
Raiden1 said:
[ QUOTE ]
Good luck to those guys with their lawsuit, but I doubt much of anything will happen, being one, those guys bringing the suit are doing it out of pocket, two, the people they are suing have their own legal team, and wording in their own terms of services that are there as a way to cover their behinds. Imagine it as a Hami raid, but with only 8 people, we all know how it's going to end. Besides I imagine once X amount of dollars are spent, and nothing is being accomplished the lawyer in this case will cut his losses, and bail. Let me put it in perspective for you, as to how big this is, and how much money these people have: one of the smaller businesses, not gonna say who, because I imagine it's against rules to post names in posts, but they boast over 30, 000 customers, and at $15 a pop(minimum purchase) daily that would be $450,000, this particular company has been around for a few years. Given these numbers, which is just a rough estimate for one day's worth of business, and little to no cost adverstising, these people have more than enough money to fight this. That's just from in-game currency sales alone, I haven't even touched the Pay to level services they offer, which varies from game to game, but isn't cheap. This is just an example based off a small company, so imagine how much money the company that's the defendant in said suit has.
[/ QUOTE ]
Leech said
[ QUOTE ]
It isn't people who have used the service that are suing - it's the people who are having their entertainment messed with by a company that is violating a game's EULA themselves.
[u]A company isn't protected one bit by having a ToS agreement if they are harassing people that are not using their service.[u]
[/ QUOTE ]
What I bolded is the real issue...
Basically, you have a company, (IGE) or at least its representatives, going into a game (CoH, Wow) and in essense 'advertising' their service to ANOTHER COMPANIES CUSTOMERS by using that other companies own product to do it, no less.
The game gets nothing out of this 'backdoor' marketing, in fact, they proclaim 'Zero Tolerance', and now their customers are p*ssed-off and demanding that this junk stop.
THEY DON'T PAY TO BE MARKETED TO BY A THIRD PARTY. THEY PAY TO PLAY THE GAME.
There is some serious issue with having another comany use your existing customer base for their personal 'call list' as it were.
They don't call you on the phone, they dont' spam you with email, they send 'tells' in a game..but it's the same thing.
Sure, we all know companies like IGE have oodles of cash, and probaby a team of lawyers (so does 'Blizzard', 'WotC', etc, I imagine, if they decided to get serious and step into the ring)...but IGE is violating another companies Terms of Agreement when they seek to advertise their service to ANOTHER companies customers, and 'ruin their gaming experience' as it were.
The more I think about it, the more surprised I am that this hasn't come to serious legal ramifications before now.
"The times they are a-changin'"
Well I for one am glad for the ZT stance. I haven't gotten any of this spam yet, but it's only a matter of time.
Zero Tolerance is great. When combined with action that is effective in actually combating the problem.
Frankly I just don't see the Powers That Be in CoH/CoV actually being able to combat this problem in an effective manner.
Every time I get one of these tells I /ignore AND /gignore the spammer AND I report it. I usually get another tell FROM THE SAME PERSON within just a few minutes. After I've ignored AND gignored the spammer.
These people are programmers and they can't even program the Global friends or Global ignore list to work. So I have Zero Confidence they'll be able to do anything effective against RMT spammers.
[ QUOTE ]
Zero Tolerance is great. When combined with action that is effective in actually combating the problem.
Frankly I just don't see the Powers That Be in CoH/CoV actually being able to combat this problem in an effective manner.
Every time I get one of these tells I /ignore AND /gignore the spammer AND I report it. I usually get another tell FROM THE SAME PERSON within just a few minutes. After I've ignored AND gignored the spammer.
These people are programmers and they can't even program the Global friends or Global ignore list to work. So I have Zero Confidence they'll be able to do anything effective against RMT spammers.
[/ QUOTE ]
That has never happened to me. Chances are they are on another account that has a lower case L in place of an I, or something similar.
Also, they can't just ban any account reported - they have ot investigate that it is a violation, and since there are also people reporting bugged missions or other issues, it can take some time. To expect instant resolution is a little unreasonable. You wouldn't want someone to report you, or a friend, just to get them banned, would you? It has to be reviewed so we avoid banning innocent players.
The only real step they could do would be to add a new /reportRMT command that has a dedicated staff to review and process the bans, which would alleviate the regular GMs from having to do that, but would require additional staff, which costs more money...
Happened to me, again, last night, around 11p (EST). Only this time it was in Korean (I think).
Hrm. . .Zero Tolerance. . .sounds like a good toon name. . .
I've petitioned the same global account three times in the last three days on three different servers, three different characters. How do I know this? The little message pops up that I'm already ignoring such and such global. From what I'm hearing in-game, I'm not the only one to have this same thing happen. Whatever is being done isn't being done fast enough.
Bad enough to be pestered by the farmers and PLers... I don't need this added annoyance forcing me to play on /hide when I don't want to.
Here's a nice thought for the Devs... look into changing the way global ignore works. It would be so much more effective if you ignore someone's global account, and it ignores all their characters without clogging up your normal /ignore list. Or else, remove/increase the limits. I can tell you right now, if this continues, the limits currently in place will NOT be sufficient to ignore all these accounts and characters.
"A good Defender is the battle hardened Corpsman who will kill a Nazi with a tongue depressor while putting a splint on your leg, then hand you a fresh clip of ammo." ~Jock_Thompson
Repeat Offenders, TNT Profile, My little hero
Are other peeps getting bombarded with this? It only happens occassionaly to me (the gold farmers that is). I think about once a month.
If it's really becoming a problem then it seems to me that the devs are really trying to push them out. Getting a mysterious tell once a month isn't that big a problem to me.
Is it more prevalent on other servers? I'm exclusively on Triumph so my CoX world doesn't exist beyond it.
[ QUOTE ]
On a tangent: It IS possible to team with high level players as an extreme lowbie and not PL. PLing, to my mind, is standing around doing nothing. I actually get in there and *FIGHT.* As long as I stay close to my mentor and make good use of my temp and vet powers, I tend to survive for a while. Good RP, good fun, and yes, maybe I'll grab a couple levels. But I don't do it to level. I do it to have *fun.* 
Debt is just a way to earn more influence legally, after all.
Suicidal blappers rule!
[/ QUOTE ]
I have a level 12 Arch/EM who lives in PI. My SG has a clump of people at level 42ish that I have no character near there. They have no characters near my little blaster. When I want to play her, or they want to play theirs, I SK up and we start rolling. I could probably level faster by focusing her on more level appropriate stuff, but the RP with those guys is fantastic (there's a scrapper who looks and acts very similar, so there's a fun "little sister" vibe) and I hate soloing. I could PuG, but its more fun to play with my friends.
As long as everybody fights and is getting the rewards they desired (xp, inf, prestige, debt reduction) that is good enough for me.
powexec_toggle_off Tangent
I petition every time, I don't know what else I should be doing. It is infrequent enough for me that it could be ignorable, but I am concerned about the trend toward in-game property having RL value. I'd rather not have to pay taxes on my Luck of the Gambler +Recharge, or Miracle unique.
Altoholism isn't a problem, its a calling.
60+ characters, 5 years, 3 50's.
[ QUOTE ]
Are other peeps getting bombarded with this? It only happens occassionaly to me (the gold farmers that is). I think about once a month.
If it's really becoming a problem then it seems to me that the devs are really trying to push them out. Getting a mysterious tell once a month isn't that big a problem to me.
Is it more prevalent on other servers? I'm exclusively on Triumph so my CoX world doesn't exist beyond it.
[/ QUOTE ]
yes, other people are getting bombarded with this- last nite- I had 3 tells (2 from Pk and one from some1 i cant remember)
I have a feeling that this is going to be a fact of life that we gamers are going to have to put up with.
/e sigh
"I don't wonda what Rose is like in RL, I just imagine she is a catgurl an' wish I could cyb0r wit her. "
- the legendary J-man
Silence!!! I kill you!
As far as I'm concerned, the word "bombarded" is not hyperbole. I get /tells from that pkpk RMT/PL-ing site all too often.
So, whether it's because of technical or legal roadblocks, I don't know, but the "Zero Tolerance Policy" has no teeth whatsoever. I get constant spam from two sites (pkpk more than the other) so NCSoft HAS to know these are a problem.
Global = Hedgefund (or some derivation thereof)
[ QUOTE ]
[ QUOTE ]
There is also the MMORPG.com free trials right now.
[/ QUOTE ]
= Summary =
This week's spamming problem is, in my opinion, a direct result of a security breach at MMORPG.com. As GM efforts may not be enough, NCSoft should consider suspending the free trial promotion with MMORPG.com until the security situation is rectified.
= Observations =
* MMORPG.com is giving free trials away to anyone who simply registers on their site.
* MMORPG.com displays a CAPTCHA (anti-bot image of distorted letters) in an attempt to prevent automated registration.
* The CATPCHA is the weakest I've ever seen, consisting of non-distorted #000000 black characters on a non-black background. (Example: FP6ML) Although the background makes the characters difficult for humans to read, computers see numbers, not colors, and #000000 black is easily distinguished from numbers that are not #000000 black. I see no competent attempt to defeat automatic edge recognition or segmentation.
* As an exercise, I wrote a simple program to isolate the #000000 pixels, changing all other pixels to #FFFFFF white. (Result: FP6ML) This turned out to be unnecessary, as optical character recognition programs already do this themselves, by adjusting the binarization threshold to 0%.
* The crummy open-source OCR program I use reads the unedited CAPTCHA (the one with all the colors intact, not the one I edited to black and white) as "F.PbML". When I tweak the program's filter to recognize only numerals and capital letters, the CAPTCHA is toast: "FP6ML". In total, it took me twenty minutes to defeat MMORPG.com's CAPTCHA, using only an open-source general-purpose character recognition program.
* The spammers have two accounts, hero-sideand villain-side account, simultaneously on several (and quite possibly all) live servers. The spammers appear to be creating new accounts as fast as the old accounts get banned.
= Conclusion =
The spammers are likely to have cracked the weak security of mmorpg.com, as I have demonstrated it is easy to do. The spammers are likely to be generating automated free trial requests around the clock as fast as they can be banned, so additional efforts beyond the GMs' work are needed.
= Recommendations =
My recommendation for NCSoft is to vet the security of their promotional partners more carefully to prevent automated signups. Further, NCSoft should immediately suspend any promotion whose security has been compromised, as MMORPG.com's appears to have been.
My recommendation for MMORPG.com is to switch to reCAPTCHA. The reCAPTCHA project provides strong CAPTCHA images for free, as a public service. reCAPTCHA images are composed of two challenge words: one known word, to prevent automated registrations, and one unknown word, taken from a scanned book that automated character recognition failed to read. Thus, reCAPTCHA provides security and helps to digitize classic books at the same time. reCAPTCHA is also, in my human opinion, quite a bit easier on the eyes, and easier for a human to solve, than MMORPG's current CAPTCHA.
The reCAPTCHA project's website is at recaptcha.net.
EDIT: To reflect the spammer is reportedly affecting several servers, not just Virtue.
[/ QUOTE ]
Just want to reiterate this because it seems to have 100% brainpower behind it, and a healthy quotient of Win. Please listen to what Rigel is saying.
I love new players. I love free trials for real people. I don't want them to be a swinging door for abusers.
"Null is as much an argument "for removing the cottage rule" as the moon being round is for buying tennis shoes." -Memphis Bill
I say, use their email addresses and wander the internet subscribing to every service you can find, especially pr0n sites and dating services.
See how much they appreciate being annoyed.
Here are a few:
ssejob@gmail.com
ssegamescrm@gmail.com
service@ssegames.com
ssegames@hotmail.com
ssegames_cs@hotmail.com
pkpkgcs@gmail.com
ownyo@hotmail.com
support@ownyo.com
I'm even getting them now. Within the last 2 days, I have gotten 6 solicitations from the same pkp person. During one set of missions last night he must have spammed every member of the team at least twice. One person on the team decided to spam it back until it either went to /hide or logged off.
"Sorry bucko, but CoH and CoV are the same game." -BackAlleyBrawler
"Silly villain, CoX is for Heroes!" -Saicho
well that pkpkg site is interesting. I tried a tracert just to see where the site actually is, and the results come back as unreachable after I bounce off of 218.30.25.202
My wife and I were off yesterday so logged in for about 6 hours. In that time, we were each getting AT LEAST 6-8 an hour. Virtue server
Okay . . . it's getting a weee bit outta control now.
[ QUOTE ]
well that pkpkg site is interesting. I tried a tracert just to see where the site actually is, and the results come back as unreachable after I bounce off of 218.30.25.202
[/ QUOTE ]
I thought we weren't supposed to give the URLs of the RMT sites. But since somebody popped that cherry days ago and Lighthouse hasn't objected ...
I'm getting close to "zero tolerance for game companies that don't shut down easily stopped cheaters."
In addition to quoting the lowest price I've seen yet for infamy on one of these RMT sites (although it has gone up since Friday), the company that's spamming me at least once an hour for the last five days also advertises on their web page that for $255 and some change, they will level any level 1 character on any server to level 50 for you. The FAQ on there says that you can't play your chararacter while they're power-leveling it, because their teams of players will be playing it 24x7 for 10 or 11 days.
Lighthouse, come on now. Now, I don't care whether they're doing it from Thailand (where the IP address resolves to) or from some proxy server somewhere; how hard is it for the servers to notice that someone not from Thailand has been logged in from Thailand for the last 48 straight hours? And if they are using a proxy address, how hard is it to spot that the same IP address, or narrow range of IP addresses, has been logged into large numbers of characters simultaneously continuously for the last five days?
Frankly, I'm rapidly coming to the conclusion that either NCsoft doesn't even have an anti-fraud department, or their anti-fraud department is completely incompetent. It should have been trivially easy to shut these people down in a lot less time than it has already taken.
[ QUOTE ]
Not enough if NCSoft closes their accounts. They just open new globals. I've ignored several globals from the same website.
We need NCSoft to actually target their websites.
www.ssegames.com which is Shinestar Co, Ltd
www.pkpkg.com
OwnYo.com -COH Infamy Trading Center
They won't go away til NCSoft's legal dept. threatens to sue their sites.
I've been getting these harassment tells since July 20th.
Petitions are doing no good whatsoever.
[/ QUOTE ]QFT!
I have gotten up to 2 adds a day since early July, and I have petitioned every one, but to no avail.
I hope legal action is taken soon