In the last week, you would have seen my blog scattered with a lot of posts on a game site called Duels.com. It is a MMPRPG game with a blend of Diablo and WOW. Though I started playing it the regular way, I soon got a little lazy and wrote a script to throw random challenges to everyone. In no time, my experience points were soaring, and I was soon it the top list of duelists.
Hoever, I did inform the developers of the potential exploit, and it has been fixed since then. Though it was a bad move to have released the script it public, it did get a lot of people thinking. A couple of people pinged me on a script, and I realized that the game was not only a Massively Multiplayer Online Role Playing Game. It seemed more like a Multiplayer Online "Script" playing game. This actually meant that scripts would be fighting each other, and idea that i really cool. Writing scripts for the site is simple, and this is a good way for enthusiasts to learn new technology quickly. Many people told me that they were now into learning chicken foot. I was talking to a friend about making the process of issuing challenges quicker. It seemed more like a computer science optimization class. The technical discussions were interesting, and it would be nice to play against scripts, that are getting better all day !
However, here are some issues that script writers may have to watch out against. These points could give away the bots, so watch out. I hope that the developers get a chance to read this, so that they can nail down the cheaters.
A couple of scripts that I was looking at do an XMLHTTPRequest to issue challenges and accept challenges. In the case when a human plays, the browser always sends the referrer page at the minimum for every request. A simple scan of the HTTP log will let the developers know of all the people who have gained experience by scripts
The process of issuing challenges covers a whole lot pages. The scripts don't really go though the different pages. If the developers implement bread crumbs, script will find it difficult. From the time a user starts the process of issuing a challenge, till the challenge is issued, the user gors through many pages. If each page would show up with a hidden input field that has the hash of the previous page, the scripts will have to parse all the different pages, making them slower.
Another option is the use of captchas. The only problem with captchas is that they are not very user friendly, and a player would hate typing in a captcha every time he issues a challenge. As a compromise, if a player is issuing challenge very fast (resembling a bot), an ocassional captcha could pop up.
Let us see how the developers stop the scripts. Till then, lets the war of the scripts continue !!