Code [aCis 401]MathQuiz Simple Anti-Botting action.

'Baggos' · April 4, 2023

Hello everyone!
Below is a simple MathQuiz where every x number of monsters the player kills, a window appears(if the MathQuizTaskManager is running) asking them to write an even number.
If they answer correctly to the 1st question, the next step will ask for the addition of two random numbers between 1 and 10.

The following mod does not provide high protection against bots, it is simply an action that will reduce the number of bots on the server to those who are not familiar enough to bypass it.

How it works?

After a specific number of monsters (set in the XML file), the QuizTaskManager will start running. For example, if this number is 10 minutes, and a player reaches the required number of kills (set in the XML file) within that time period, an HTML window will appear. (Ex. If you kill 10 monsters, in the next 15 minutes a HTML window appears, unless if that time passed but you're in town).
If the QuizTaskManager starts running but the player moves to a town/village, the QuizTask will stop running and the killsCount goes 0.
Once the HTML is displayed, the player can continue to kill monsters and do whatever he wants without affecting his gameplay. The required number of monsters will not continue to increase if the player does not complete the Quiz. If the quiz is not completed, the player will either be transported to town or disconnected, depending on your XML file settings.
In the XML file, you will find the settings to set the values you want for the time Quiz Task needs to run, how many monsters the player needs to kill, the time they have to answer, what the punishment is, and how many attempts they can have.
Locate the Even number:
It will display a pair of numbers consisting of an even and an odd number. They will have to type the even number that will be given to player randomly each time.
If the player doesn't answer within the required time or answers incorrectly after x attempts, depending on the punishment you have defined in the XML file, the appropriate action will be taken in 5 seconds.
Easy to apply into your sources.

Code review: https://pastebin.com/71hEjgdu
download patch diff: https://mega.nz/file/JjgWUAQS#vRyGA6Spn6UJcjiQGfh1gY47yoPuOFZlcUKgs0KWQy4

Edited April 4, 2023 by 'Baggos'

Trance · April 4, 2023

What if you introduce a Google Captcha verification system that would be better against Adrenaline.

Game client opens server's website.
On the server's website, the player would be prompted to complete a Google Captcha challenge.
Once the player successfully completes the Captcha, the server would receive a confirmation and send an authorization back to the game server, allowing the player to continue playing without any disruption.

Edited April 4, 2023 by Trance

'Baggos' · April 5, 2023

1 hour ago, Trance said:

There are various factors that may prevent a user who uses the code from integrating Google Captcha to work properly with their server, considering that it requires a process to create an API and use it on their side.

I was thinking of something different, perhaps sending a PM directly to the player with a 3-digit random number(nothing to do with Google, a PM directly from the server) where the player would have to type it once they receive the number in the PM to complete the specific quiz.
I don't think Adrenaline has the ability to read PMs and type the number that the player will receive in the PM.

Maybe in the coming days, I will look into this further.

Trance · April 5, 2023

26 minutes ago, 'Baggos' said:

There are various factors that may prevent a user who uses the code from integrating Google Captcha to work properly with their server, considering that it requires a process to create an API and use it on their side.

I was thinking of something different, perhaps sending a PM directly to the player with a 3-digit random number(nothing to do with Google, a PM directly from the server) where the player would have to type it once they receive the number in the PM to complete the specific quiz.
I don't think Adrenaline has the ability to read PMs and type the number that the player will receive in the PM.

Maybe in the coming days, I will look into this further.

The integration of Google Captcha (or any other captcha) will be implemented within the website.

By the way, if you're interested in developing an algorithm to monitor players' actions, this could serve as a starting point:
P.S. You may incorporate a variation of +/- 10 points for the coordinates.

package gold.lineage2.beta;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.logging.Level;
import java.util.logging.Logger;

import gold.lineage2.Config;
import gold.lineage2.commons.database.DatabaseFactory;

/**
 * Validates and stores player coordinates in a database.
 * @author Trance
 */
public class CoordinateQueue
{
	private static final Logger LOGGER = Logger.getLogger(CoordinateQueue.class.getName());
	private final BlockingQueue<CoordinateRequest> queue = new LinkedBlockingQueue<>();
	private final Thread validationThread;
	
	/**
	 * Creates a new thread that continuously retrieves CoordinateRequest objects from a queue,
	 * and then validates and stores the player coordinates contained in the request.
	 * The validation process is performed by calling the validateAndStorePlayerCoordinates method.
	 * If an InterruptedException is thrown during the validation, the thread logs a warning message and sets its interrupt status.
	 */
	public CoordinateQueue()
	{
		validationThread = new Thread(() ->
		{
			while (true)
			{
				try
				{
					CoordinateRequest request = queue.take();
					validateAndStorePlayerCoordinates(request.getPlayerName(), request.getX(), request.getY(), request.getZ());
				}
				catch (InterruptedException e)
				{
					LOGGER.log(Level.WARNING, "Validation thread was interrupted", e);
					break;
				}
			}
		});
		// A daemon thread is a background thread that is used to support the main program but doesn't prevent it from ending.
		validationThread.setDaemon(true);
		// Starting a new thread.
		validationThread.start();
	}
	
	/**
	 * Adds a new CoordinateRequest object to the queue with the provided playerName, x, y, and z values.
	 * @param playerName
	 * @param x
	 * @param y
	 * @param z
	 */
	public void addRequest(String playerName, int x, int y, int z)
	{
		queue.add(new CoordinateRequest(playerName, x, y, z));
	}
	
	/**
	 * Interrupts the validation thread to shut it down.
	 */
	public void shutdown()
	{
		validationThread.interrupt();
	}
	
	/**
	 * Stores the player's name and the three coordinates (x, y, z)
	 */
	private static class CoordinateRequest
	{
		private final String playerName;
		private final int x;
		private final int y;
		private final int z;
		
		public CoordinateRequest(String playerName, int x, int y, int z)
		{
			this.playerName = playerName;
			this.x = x;
			this.y = y;
			this.z = z;
		}
		
		public String getPlayerName()
		{
			return playerName;
		}
		
		public int getX()
		{
			return x;
		}
		
		public int getY()
		{
			return y;
		}
		
		public int getZ()
		{
			return z;
		}
	}
	
	/**
	 * Records and validates the coordinate data of a player.
	 * If there is a previous visit, the number of visits is incremented by 1.
	 * If there isn't a previous visit, a new record is inserted into the database.
	 * @param playerName
	 * @param x
	 * @param y
	 * @param z
	 */
	private void validateAndStorePlayerCoordinates(String playerName, int x, int y, int z)
	{
		final int intervalMinutes = Config.VALIDATION_INTERVAL;
		final long intervalMilliseconds = intervalMinutes * 60 * 1000;
		final long currentTime = System.currentTimeMillis();
		try (Connection con = DatabaseFactory.getConnection();
			PreparedStatement insert = con.prepareStatement("INSERT INTO character_coordinate_history (playerName, x, y, z, visitTime, visitCount) VALUES (?, ?, ?, ?, ?, 1)");
			PreparedStatement select = con.prepareStatement("SELECT visitTime, visitCount FROM character_coordinate_history WHERE playerName = ? AND x = ? AND y = ? AND z = ? AND visitTime >= ? ORDER BY visitTime DESC");
			PreparedStatement update = con.prepareStatement("UPDATE character_coordinate_history SET visitCount = visitCount + 1 WHERE playerName = ? AND x = ? AND y = ? AND z = ? AND visitTime = ?"))
		{
			select.setString(1, playerName);
			select.setInt(2, x);
			select.setInt(3, y);
			select.setInt(4, z);
			select.setLong(5, currentTime - intervalMilliseconds);
			ResultSet resultSet = select.executeQuery();
			if (resultSet.next())
			{
				long visitTime = resultSet.getLong("visitTime");
				int visitCount = resultSet.getInt("visitCount");
				if (visitCount >= 2)
				{
					LOGGER.log(Level.INFO, "Player " + playerName + " visited the same coordinates " + x + " " + y + " " + z + " within the last " + intervalMinutes + " minutes.");
					return;
				}
				update.setString(1, playerName);
				update.setInt(2, x);
				update.setInt(3, y);
				update.setInt(4, z);
				update.setLong(5, visitTime);
				update.executeUpdate();
			}
			else
			{
				insert.setString(1, playerName);
				insert.setInt(2, x);
				insert.setInt(3, y);
				insert.setInt(4, z);
				insert.setLong(5, currentTime);
				insert.executeUpdate();
			}
		}
		catch (SQLException e)
		{
			LOGGER.log(Level.WARNING, "Failed to validate and store player coordinates", e);
		}
	}
}

Index: java/gold/lineage2/gameserver/network/clientpackets/ValidatePosition.java
===================================================================
--- java/gold/lineage2/gameserver/network/clientpackets/ValidatePosition.java	(revision 9)
+++ java/gold/lineage2/gameserver/network/clientpackets/ValidatePosition.java	(working copy)
@@ -16,8 +16,6 @@
  */
 package gold.lineage2.gameserver.network.clientpackets;
 
+import gold.lineage2.beta.CoordinateQueue;
 import gold.lineage2.commons.network.PacketReader;
 import gold.lineage2.gameserver.data.xml.DoorData;
 import gold.lineage2.gameserver.model.World;
@@ -116,13 +114,6 @@
 		player.setClientZ(_z);
 		player.setClientHeading(_heading); // No real need to validate heading.
 		
+		// Validates and stores player coordinates in a database.
+		final CoordinateQueue queue = new CoordinateQueue();
+		ueue.addRequest(player.getName(), _x, _y, _z);
+		
 		// Mobius: Check for possible door logout and move over exploit. Also checked at MoveBackwardToLocation.
 		if (!DoorData.getInstance().checkIfDoorsBetween(realX, realY, realZ, _x, _y, _z, player.getInstanceWorld(), false))
 		{

package gold.lineage2.beta;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.logging.Level;
import java.util.logging.Logger;

import gold.lineage2.commons.database.DatabaseFactory;

/**
 * @author Trance
 */
public class ActionQueue
{
	private static final Logger LOGGER = Logger.getLogger(ActionQueue.class.getName());
	
	/**
	 * Checks the timing difference between consecutive player actions represented as an array of timestamps.
	 * @param playerName 
	 * @param actionName 
	 * @param actionTimestamps 
	 * @param threshold 
	 */
    public void checkActionTiming(String playerName, String actionName, long[] actionTimestamps, long threshold)
    {
        for (int i = 1; i < actionTimestamps.length; i++)
        {
            long timeDiff = actionTimestamps[i] - actionTimestamps[i - 1];
            if (timeDiff < threshold)
            {
                recordActionToDatabase(playerName, actionName, actionTimestamps[i], timeDiff);
            }
        }
    }
    
	/**
	 * Records a player's action timestamp and time difference.
	 * @param playerName 
	 * @param actionName 
	 * @param actionTimestamp
	 * @param timeDiff
	 */
	private void recordActionToDatabase(String playerName, String actionName, long actionTimestamp, long timeDiff)
	{
		final String insert = "INSERT INTO character_actions_history (timestamp, time_diff, count, action_name, player_name) " + "SELECT ?, ?, IFNULL(MAX(count) + 1, 1), ?, ? FROM character_actions_history WHERE timestamp < ?";
		final String update = "UPDATE character_actions_history SET time_diff = ?, count = ? WHERE id = ?";
		try (Connection con = DatabaseFactory.getConnection();
			PreparedStatement insertStmt = con.prepareStatement(insert);
			PreparedStatement updateStmt = con.prepareStatement(update))
		{
			// Set the parameter values for the INSERT statement
			insertStmt.setLong(1, actionTimestamp);
			insertStmt.setLong(2, timeDiff);
			insertStmt.setString(3, actionName);
			insertStmt.setString(4, playerName);
			insertStmt.setLong(5, actionTimestamp);
			// Execute the INSERT statement and get the count value
			int count = insertStmt.executeUpdate();
			// Set the parameter values for the UPDATE statement
			updateStmt.setLong(1, timeDiff);
			updateStmt.setInt(2, count);
			updateStmt.setInt(3, count > 1 ? count - 1 : 1);
			updateStmt.executeUpdate();
			
		}
		catch (SQLException e)
		{
			LOGGER.log(Level.WARNING, "Failed to record action to database", e);
		}
	}
}

package gold.lineage2.beta;

import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
import java.util.logging.Logger;

import gold.lineage2.commons.database.DatabaseFactory;

/**
 * Checking the integrity of the database tables.
 * @author Trance
 */
public class DatabaseIntegrity
{
	private static final Logger LOGGER = Logger.getLogger(DatabaseIntegrity.class.getName());
	
	protected DatabaseIntegrity()
	{
		createCharacterCoordinateHistoryTable();
		createCharacterActionsHistoryTable();
	}
	
	/**
	 * Creates a table called character_coordinate_history in a database.
	 */
	private static void createCharacterCoordinateHistoryTable()
	{
		final String tableName = "character_coordinate_history";
		final String columns = "playerName VARCHAR(100), x INT, y INT, z INT, visitTime BIGINT, visitCount INT DEFAULT 0";
		final String primaryKey = "playerName, x, y, z, visitTime";
		final String sql = "CREATE TABLE IF NOT EXISTS " + tableName + " (" + columns + ", PRIMARY KEY (" + primaryKey + "))";
		try (Connection con = DatabaseFactory.getConnection();
			Statement stmt = con.createStatement())
		{
			stmt.executeUpdate(sql);
		}
		catch (SQLException e)
		{
			LOGGER.log(Level.WARNING, "Failed to create table " + tableName, e);
		}
	}
	
	/**
	 * Creates a table called character_actions_history in a database.
	 */
	private void createCharacterActionsHistoryTable()
	{
		final String tableName = "character_actions_history";
		final String columnTimestamp = "timestamp";
		final String columnTimeDiff = "time_diff";
		final String columnCount = "count";
		final String columnPlayerName = "player_name";
		final String primaryKey = "id";
		final String sql = "CREATE TABLE IF NOT EXISTS " + tableName + " (" + primaryKey + " INT AUTO_INCREMENT PRIMARY KEY, " + columnTimestamp + " BIGINT, " + columnTimeDiff + " BIGINT, " + columnCount + " INT NOT NULL DEFAULT 1, " + columnPlayerName + " VARCHAR(255)) ENGINE=InnoDB";
		try (Connection con = DatabaseFactory.getConnection();
			Statement stmt = con.createStatement())
		{
			stmt.executeUpdate(sql);
		}
		catch (SQLException e)
		{
			LOGGER.log(Level.WARNING, "Failed to create table " + tableName, e);
		}
	}
	
	public static DatabaseIntegrity getInstance()
	{
		return SingletonHolder.INSTANCE;
	}
	
	private static class SingletonHolder
	{
		protected static final DatabaseIntegrity INSTANCE = new DatabaseIntegrity();
	}
}

Code [aCis 401]MathQuiz Simple Anti-Botting action.

Recommended Posts

'Baggos'

Trance

'Baggos'

Trance

Create an account or sign in to comment

Create an account

Sign in

Posts

Topics

Browse

Activity

Store