Fight spam / bot checks / suspensions / oh my (in General)

AdminNightStrike December 11 2010 4:30 PM EST


So I've done some digging through the "rapid fighting" code now that I've cleaned out the pre-fight section of the fight.tcl page. A big issue that people face is that they get a warning for fighting too fast, wait a little bit, fight again, and then see that they somehow missed a bot check. There's a lot going on behind the scenes here that isn't readily apparent.

The very first thing the fight page does, despite my aforementioned changes, is check to see if you are in a fight. It does NOT run the bot check first, which would prevent this issue (and obviously that opens up other problems, otherwise this post wouldn't exist.) The second thing is to check to see if you have an outstanding bot check.

Now, that first thing is unfortunately very complicated, and can result in the user seeing the warning page with no recourse for how to answer the bot check. The warning page hints at this, but offers no solution except to hope for the best.

The "am I in a fight?" check gets more complicated, because it is a processing chain that also checks to see if you have already been suspended for fighting too fast. Here's where things get interesting.

If the user has already been suspended, we first check to see if there's a bot check waiting. If so, display the bot check, and if you pass, hit the fight page again (which will probably increase your spam count). If you haven't yet been suspended, we check to see if you should be with this last hit of the fight page. If this hit triggers a suspension, you are suspended, but **the fight still goes through**. This means you won't see that you've been suspended until the NEXT time that you hit Fight.

Is this starting to explain why we see so many weird results? Like, clicking Fight for the first time in 5 minutes and getting the suspension page? Or clicking Fight, taking a long time to answer a bot check, then getting suspended?

Further, if all of that passes, and you just get the warning page that tells you that you might be suspended soon, and you are currently in a bot check there's no way to get to the bot check before it expires.

Now, I'm explaining all of this to 1) show just how complicated some of this stuff can get, and how completely unintuitive the logic pathways can be (mostly because of IntoExile's recent retarded post), and 2) to help give some guidance on the fight suspension annoyances. At least understanding what is going on behind the scenes will make it less bewildering when you get a suspension out of nowhere, or a failed bot check when none appeared.

I will try to address the issue, of course. It's just exceedingly complex, and difficult to rip logic out and rewrite it.

Pwned December 11 2010 4:34 PM EST

mostly because of IntoExile's recent retarded post


Pwned December 11 2010 4:42 PM EST

This makes sense to me. Might be hard for people not accustomed to code but its easy to follow.

MissingNo December 11 2010 4:45 PM EST

Why not simply remove the warning / penalty for fighting too fast? I've never really understood its function anyway.

Demigod December 11 2010 5:04 PM EST

Why not simply remove the warning / penalty for fighting too fast? I've never really understood its function anyway.

Hopefully the necessity of it is one of the things he's looking into, as I question the need for it as well. It seems that server lag and bot monitoring aren't key reasons for it anymore.

AdminQBnovice [Cult of the Valaraukar] December 12 2010 12:15 AM EST

I'm up to twenty minutes suspension and have 70 BA left that I'm just going to leave behind because I'm falling asleep and could wait

AdminNightStrike December 12 2010 10:02 AM EST

Without the control in place, any user can easily DOS our server.

MissingNo December 12 2010 10:32 AM EST

.... I don't think this game is that big that we have to ever worry about DoS attacks. There are lots of browser games in the world, and none of them that I have played have this particular safeguard.

AdminNightStrike December 12 2010 10:40 AM EST

Without the safeguard in place, nothing is stopping you from holding down the enter key and submitting page requests 20 to 30 times a second. Nothing is stopping you from submitting a fight request to your entire fightlist with one click via a trivially rudimetary script. There's a host of things that people WILL do that would be bad. We cannot rely on the user base to always "do the right thing." CB has proven time and again that given an inch, a foot will disappear.

Kefeck [Demonic Serenity] December 12 2010 10:42 AM EST

Is the constantly refreshing in chat one of those things?

Admindudemus [jabberwocky] December 12 2010 11:29 AM EST

when in that sequence does it check for a comatose opponent? it would seem that this would happen first just to decrease the other calculations that would then be unneeded but from my experience that doesn't seem to be the case as you can get a bot check on comatose i believe.

AdminNightStrike December 12 2010 11:35 AM EST

One of what things?

AdminTal Destra [C and S Forgery Lmtd.] December 12 2010 11:37 AM EST

Is the constantly refreshing in chat one of those things?

i believe he's talking about taking CB down

AdminNightStrike December 12 2010 11:43 AM EST

I haven't seen that happen. That's much slower, though, than what could be done via a simple browser and the Fight page.

Admindudemus [jabberwocky] December 12 2010 12:01 PM EST

hehe, just hit fight when my opponents were comatose until i got a bot check so it must come later in the sequence. does the check for available ba also come later?

it does seem like at least some of the issues could be well avoided by checking for available ba first and second checking for a comatose opponent or vice versa.

Admindudemus [jabberwocky] December 12 2010 12:46 PM EST

i guess with the out of ba it still wouldn't protect against a dos attack unless you did something like disable the fight link until a ba refresh occurs or the user buys ba.

the same would likely hold true for the comatose after more thought, unless you disabled the fight link for a minute or somesuch.

Demigod December 12 2010 1:59 PM EST

Without the control in place, any user can easily DOS our server.

The cure is worse than the disease. Couldn't you just set it so that the penalty is a standard 1 minute? Or better yet, still pull up the "You're fighting too quickly" page but not penalize at all? The latter would stop someone from holding down enter or running a script that does the same thing. While it would be easy for someone to code around, it's not like we have an imminent threat of DoS or DDoS attacks.

And if that argument doesn't work, how about this:
C'moooooooooooooooon! Give it a shot. Pretty please?

AdminNightStrike January 23 2011 3:21 PM EST


Here's the order:

fighting too quickly
already suspended from bot check
bot check random challenge
enough ba
opponent id is valid
minions exist
tournament stuff
comatose opponent
remaining opponent checks
some random thing I don't understand
heal cost

AdminNightStrike January 23 2011 3:21 PM EST


That's easily exploitable.

AdminNightStrike January 23 2011 4:23 PM EST

Update here:
This thread is closed to new posts. However, you are welcome to reference it from a new thread; link this with the html <a href="/bboard/q-and-a-fetch-msg.tcl?msg_id=0038cQ">Fight spam / bot checks / suspensions / oh my</a>