Is it possible to find out GM activity?
ArinZ
I use to play some online browser games... like ogame, travian,
tribalwars and so on...
You know that many scripts have been made to improve the game
functions for these sites... You can easily find them on
userscripts.org...
Unfortunately those games rules do not allow the use of these
scripts... Maybe it depends on the money they loss because of the
scripts functions are equivalent to those they sell with additional
"premium packets"... I think that's the reason why many of us have
created scripts in order to bypass the payment...
Anyway... there are some sort of "bot" -activated by the game
controllers- that is capable of root out the users with active
scripts... And they BAN those players from the game...
It's all very regular, and absolutely legal...
But my question is: how can a bot [probably a script himself] managed
from the game owners, seek out, recognize, distinguish and mark as bad
some grease scripts from others [as NOT all the scripts should be
forbidden] and how it works?
Thank you all for answering...
Joachim Ott
> But my question is: how can a bot [probably a script himself] managed
> from the game owners, seek out, recognize, distinguish and mark as bad
> some grease scripts from others [as NOT all the scripts should be
> forbidden] and how it works?
settings" (of course without putting out such a message). You should
see something in the network traffic when you log on to that service
(try tcpdump or ethereal etc). You need some accounts you could burn.
esquifit
[...]
> But my question is: how can a bot [probably a script himself] managed
> from the game owners, seek out, recognize, distinguish and mark as bad
> some grease scripts from others [as NOT all the scripts should be
> forbidden] and how it works?
A page can detect scripts accessing *javascript* variables or
functions defined in the page:
window.__defineGetter__('foo', trap);
function trap() { /*do something*/ }
This is unlikely to happen with generic scripts, which usually only
manipulate the *DOM* and do not mess with the javascript of the page.
In other terms, if a script explicitly takes an action directly
accessing a global variable or function in the page, chances are high
that there is some 'criminal energy' spent in the attempt, and the
page owner may choose to deny the service on finding this.
Tom W. Most
modification of the DOM, and can do so without much difficulty -- events
get fired whenever elements are inserted or removed. However, it may be
possible to take some actions -- clicking on buttons, submitting forms
in ways that make it difficult to detect as scripted.
--Tom
esquifit
> This needs clarification. A web page owner certainly can detect
> modification of the DOM, and can do so without much difficulty -- events
> get fired whenever elements are inserted or removed. However, it may be
> possible to take some actions -- clicking on buttons, submitting forms
> in ways that make it difficult to detect as scripted.
Of course.
I just suggested a pragmatic (euphemism for "error prone") approach
for detecting client side tampering with the page. The original
question was how could a site tell 'innocuous' scripts from 'bad'
ones. My guess was:
1) a general purpose script, that is, one which runs in multiple sites
and should not be blocked, is *likely* to be of the kind of those
which hide some ads, insert search fields or toggle the display of
some page sections, etc., in short DOM manipulations.
2) a script which deliberately attempts to trick a single site,
specifically a game site or one which makes heavy use of javascript,
would *most probably* mess directly with functions and global
variables in the page
These assumptions are purely heuristic/speculative. You are absolutely
right in that DOM manipulations can be detected by the page owner, but
a change in the DOM does not necessarily mean a violation of the game
conditions.