Hello,
I’d like to ask something that has been bothering me for a while. How to make an open source multilplayer game? On non-opensource games they have cheats, some choose to fight, some choose not to, but for opensource games, where the server is the player’s machine and he can edit the source of the server, how can I fight cheaters? For example, a player could easily add a small piece of code to gain some benefits.
You could do something kinda xml system where the user would edit it to change the game behavior.
a) you can’t prevent cheats, really… even in closed source games. You can only slow down the proliferation.
b) If the user is running his own server you especially can’t. But I wonder why you’d really care, though. Wouldn’t the other players just get bored of logging into that guy’s server if they get creamed all the time?
It’s the client-side cheating that is much worse. And there’s only so much you can do about it… open source or not.
Yeah, I’ll add the option to the user to change as much options as possible, like Warcraft 3 Maps (not as complex as it, of course). But still, I can’t see a solution to avoid server side cheating. Client side is obvious, hard to implement, ok, but server side in open-source, can’t figure it out.
I don’t get what you really want to do. When the user has the piece of software and runs it locally theres no way that you can avoid that he’ll be able to hack it eventually. On the other hand, if you run the server on some restricted piece of hardware on your own theres no way that somebody else can cheat on that server if you implemented the checks well, even if he’s got the source code of the server. MonkeyZone for example computes all the physics etc. on the server and only that “counts”, additionally theres a way to check the input from the user so that he’ll not input values that are not allowed (e.g. too fast “speed” for vehicles).
@shirkit said:
But still, I can't see a solution to avoid server side cheating.
That's because there is no solution. Not just sort of none but really really none. And really, I still wonder why this is an issue.
Like I said before, if players login to someone's server and they are cheating... then they'll leave and find a different server. What is the impact of cheating in this case?
Doesn’t matter if they can hack the client side data. As long as the server knows how to validate the data coming in and knows what a player can do then it won’t be possible to cheat.
If you don’t want them to cheat then don’t open-source the server.
@squizzle said:
If you don't want them to cheat then don't open-source the server.
Even if its open source, if the server is run by you, who should hack that exact copy of the server software? It can only be bugs. OpenSSL etc etc all are used by banks and companies and they are open source too..
Server side cheating can be made as hard as client side IF game is with full knowledge. Then clients can validate server’s decisions (even if they do it with dellay) and server player cannot get acces to information he shouldn’t have.
But most games are not of this nature.
As normen says, if you run the server, as long as the server is authoritative, you just need good validation. I do plan to implement some kind of checking for changed files and mods. I want users to be able to play each other using mods and for their being an easy way of working out if everyone has the same mods.
@pspeed said:
That's because there is no solution. Not just sort of none but really really none. And really, I still wonder why this is an issue.
Like I said before, if players login to someone's server and they are cheating... then they'll leave and find a different server. What is the impact of cheating in this case?
You are right. I'll think for end-up proccess to allow players to join already started games to minimize this damage. The idea is already written in paper and current implementation allow me to easily do this, let's see if it will work =]
@squizzle said:
Doesn't matter if they can hack the client side data. As long as the server knows how to validate the data coming in and knows what a player can do then it won't be possible to cheat.
If you don't want them to cheat then don't open-source the server.
Well, that's one point I can think of, but as it's written in Java, at maximum I can only obfuscate it.
@normen said:
Even if its open source, if the server is run by you, who should hack that exact copy of the server software? It can only be bugs. OpenSSL etc etc all are used by banks and companies and they are open source too..
Yeah, bugs and server side incoming messages validation are the only cause of hacking from client side.
@Alpedar said:
Server side cheating can be made as hard as client side IF game is with full knowledge. Then clients can validate server's decisions (even if they do it with dellay) and server player cannot get acces to information he shouldn't have.
But most games are not of this nature.
Huuuum, the server can only run if the clients agree that the server is original. That sounds amazing, but I think that this closes to DRM problems, that will make normal non-cheating players to suffer. I prefer to listen to @pspeed and let people leave the server, if they want to. But what I'm going to do is allow players to change game mode, so if they want extra gold, damage, they can get it.
@ancalagon said:
As normen says, if you run the server, as long as the server is authoritative, you just need good validation. I do plan to implement some kind of checking for changed files and mods. I want users to be able to play each other using mods and for their being an easy way of working out if everyone has the same mods.
Warcraft 3 Maps idea implement this, and I shall follow that =]
You could always take the Unreal approach and facilitate cheats as mods. People are less likely to look for exploits if you provide them a mechanism for doing it openly.
Err… I just noticed this was mentioned already. Ignore me