Okay folks, I need some help from the community here to try and break something down for a swath of gamers who are having a hard time with a game, and the way the devs of this game are treating them.
I don’t want to get too into details because I’m not looking for drama but I felt as a game dev it’d be fair to at least share insights on why there is a big issue with hacking at the moment. The devs are essentially saying it’s a moderator problem and they’re not responsible for it.
It’s a multiplayer game run on dedicated servers. Steam subsystem is being used for authentication at the least and it looks like the servers are run on EOS (using Redpoint for cross platforming).
There are currently tons of hackers in the servers who are altering their stats in order to do insane amounts of damage or very fast speed. The community is frustrated. From my experience playing the game, it seems to me that things like damage and speed stats and so on are being directly altered from client-side during gameplay and fed to the servers. It appears that the servers are not controlling damage (at least not to the degree they should be) and by some means clients are having access to this data. I cannot feasibly figure out any reason that, specifically, the actual data being passed to combat (damage for example or hp) is being altered by hackers and on such a massive scale. It does not appear that this is an issue of database manipulation of stats (if those are issues I’d assume they are separate because they are not remotely at the scale that the stat hacking is at). I’ve spoken to a few folks who own some of the unofficial servers and they say that databases themselves appear untouched by the hackers. These issues by the way appear to happen regardless if it’s official or unofficial servers, but the unofficial servers are better moderated and hackers get caught much more quickly.
I cannot see the code myself obviously, but I also cannot see how these attributes are able to be changed during combat, on this scale, unless client-side is doing some form of calculation it should not be doing and this is being passed to server without vetting.
The devs are also claiming that hit detection can only be done client-side, and when I tried to explain how it can be done and verified server-side I was told this is… well, just nonsense.
I am also pretty crap at explaining things like this for folks and I’m also wanting to consider any possibilities, so I’d really appreciate some insight, opinions, what have you from the dev community here. Especially in just explaining how this kind of hacking happens in a nice breakdown that hopefully an average gamer understands because I’m struggling on that end. I could explain my view to another dev, sure, and I think most of us understand how best to avoid this kind of hacking, but breaking it down simply for a gamer is a little more difficult.
Obviously I cannot say FOR SURE what is happening as I do not have the code, but I think a fair assessment of what is likely the problem is fine when the community feels so deeply left in the dark over this.
Quick edit: I tried to explain it to some of the community folks like so and some people got it, but not everyone did and I feel it’s a bit vague.
Normally this is what happens:
Client: “I pushed the attack button”
Server: “Okay, I’m gonna check what your stats are, where you’re located, and who is within range of your attack. So these are your stats, so you’ll do this much damage, and Bob is within range of your attack. I’m going to apply this damage to Bob.”The client only asks to make an attack. The server does all the calculations and determines if it’s possible. Then the server tells the clients what happened.
Instead, we have the clients telling the server what sort of damage to do and the server is just nodding like an idiot and passing that damage onto Bob.