Project 1999 - A serious post about duping

Project 1999 (/forums/index.php)

- Rants and Flames (/forums/forumdisplay.php?f=30)

- - A serious post about duping (/forums/showthread.php?t=115939)

I really doubt it is only CRoAs and AoNs being duped at this point. I feel bad for whoever is attempting to sort this out.

I'd imagine they could run a query to obtain the amount of fungis or other items on the server, then compare it with another query run a few days later and see if the numbers add up when compared to amount of possible spawns and drops.

Would be an easy way to check for mass duping I'd think.

Quote:

Originally Posted by lazylex (Post 1039562)

but smart people would be very careful about duping so it wouldn't arouse suspicion. I think the AoN thing might do them in though. We can account for the ones we have- and not many have slipped through our fingers since we started getting them.

If what was said above is true, then there is indeed widespread duping going on right now.

Rogean, could you please look into this? I know in the beginning the lag seemed targeted at messing with streamers or just TMO in general but I think that was just for the lulz. If it's done right I bet with very few machines you could generate this sort of lag if you knew which packets to send.

Find all the AON packets

shut this shit down if you have to. this is ruining the integrity of the game

Quote:

Originally Posted by SirAlvarex (Post 1039503)

For what it's worth, I agree with you.

This isn't a normal DOS. The server lag comes in spurts, and it's over in the matter of seconds. If what you say is true and what's being sent is valid EQ packets, then it's even more possible that duping is occurring. Why? Because that's all the game is. All there has to be is one set of packets that, when sent, say "loot item X". Or, "trade item X". Or, "Pick up item X". If any of these actions send the value of X from the client, you can tell the server all kinds of crap.

Is that the problem? God, I hope not. That would be easy to validate against the DB (very similar to programming against a SQL injection). There's also a chance that this is akin to a Buffer Overflow exploit, where someone is pushing all kinds of data at the server to overflow some counters to turn item X into item Y.

Anyway, my main point is that this is either a very weak attempt at a DOS, or it's directed in such a way that the dupes are the goal. A *real* DDOS wouldn't last for 5 minutes at a time. It'd take the entire server offline for a week(s). Like what happened 2 or 3 years ago.

This makes a lot of sense, but why do the forums go down at the same time?

If each item that ever dropped was assigned a unique ID, linking it to the mob that died/time of death, a "looted by", and a trade history we could have this under control no?

Duping, RMT, trading accounts for high level items/other accounts/cash.

Where does the server integrity stand? The economy now and the future?

Is a server wipe still out of the question?

It sounds like someone is throwing a bunch of shit at the wall (duping mad items) and seeing what sticks (the shit the GMs don't catch).
To protect the integrity of the server, I like the idea of shutting off player trades until this is sorted out. This amount of duping (if that is really what is going on) is creating a long term economical mess. It may also get legitimate players banned or suspended for purchasing duped items.

The classic solution would have been "server down" statuses on our server select screen and a rollback, once it was determined what was occurring. I'm not saying we need something as drastic as that, but something should be done. The longer it goes on for, the more elaborate this web of duping/trading is going to become and there is bound to be shit that is missed in the thousands of legitimate trades occurring.

I've been silent lately, but I am posting here to say a couple of things.

First: I am not involved with the DDoS at all. Please stop linking me to them, as I have nothing to do with it.

Second: My actions were completely self-motivated. I've pissed off a whole lot more people than just the p99 community with my actions, so don't think that I have somebody pulling my strings. I don't.

Third: I brought up the server instability/dupe bug in my interview with Tiggles. If I were seeking profit from that dupe, why would I bring it into the limelight?

Anyway, as far as my stance on everything else, I choose to remain silent. Gossip about me as you please, but this post is my firm stance on the matter, and I am speaking the truth.