[New Users] Please note that all new users need to be approved before posting. This process can take up to 24 hours. Thank you for your patience.
Check out the v.255 - The Dark Ride: Ride or DIe Patch Notes here!
If this is your first visit, be sure to check out the Forums Code of Conduct: https://forums.maplestory.nexon.net/discussion/29556/code-of-conducts

Would SMS verification reduce the botting problem?

TwilightHimeTwilightHime
Reactions: 1,245
Posts: 95
Member
edited February 2020 in General Chat
Many services these days require you to sign up with both an email and a phone number, where you'll be sent a verification text. If account creation required a player to have a valid phone number, would that cut down the number of bots that hackers can create?
darikWONDERGUYShadEightpepeCadena91Glirotus

Comments

  • PeachCrispsPeachCrisps
    Reactions: 310
    Post: 1
    Member
    edited February 2020
    It's unlikely as you can use services that provide SMS verification without the need for a cellphone. They provide a web interface and numbers for anyone to use to get around SMS verification. You can also use Google Voice for a free number to use for SMS verification.

    The most it may do is cause the botters to add another step to their account creation tools, but once that's done they can make accounts just as fast as they do now.
    Fuhreak
  • StarryKnightStarryKnight
    Reactions: 1,935
    Posts: 119
    Member
    edited February 2020
    It would have little to no effect. Nothing is stopping someone from botting even after using SMS verification, and buying a 20 dollar track/burner phone is just a 5 minute walk to walmart away, not to mention just leads to hackers cloning phones, running fake sms software, etc. Just makes hackers have to put in 1-2 minutes of additional work prior to hacking.
    Fuhreak
  • TwilightHimeTwilightHime
    Reactions: 1,245
    Posts: 95
    Member
    edited February 2020
    It's unlikely as you can use services that provide SMS verification without the need for a cellphone. They provide a web interface and numbers for anyone to use to get around SMS verification. You can also use Google Voice for a free number to use for SMS verification.

    The most it may do is cause the botters to add another step to their account creation tools, but once that's done they can make accounts just as fast as they do now.
    It would have little to no effect. Nothing is stopping someone from botting even after using SMS verification, and buying a 20 dollar track/burner phone is just a 5 minute walk to walmart away, not to mention just leads to hackers cloning phones, running fake sms software, etc. Just makes hackers have to put in 1-2 minutes of additional work prior to hacking.

    I'm thinking there is a limit to the number of numbers you can get a hold of. Anyone can create millions of emails off their own email server or even gmail, but can someone do the same thing with phone numbers?

    I have used online SMS services, but I had to go through hoops just to get more than one. And since many of them were shared, it would be useless if it was already used. There were paid services that would give you your own phone number, but I don't know if creating my own number was an option.

    But let's say they could get as many numbers as they wanted as long as they paid for it. If a hacker has to spend $20 per character or even $1 per character, that might be a huge cost that would make it less cost-effective to run thousands of bots.

    I haven't used google voice before, but it looks like you need a google account and a US phone number to actually get a google voice number. A hacker that's planning to create thousands of phone numbers would probably be dealt with by google themselves, which means less work for nexon.
    WONDERGUYLaudierShadEight
  • ShadEightShadEight
    Reactions: 3,110
    Posts: 381
    Member
    edited February 2020
    I love how all solutions to the botting problem mindlessly falls back to 'durrr hackers will find a way I'm telling you bro'. Realize that most of these so called 'genius' hackers are actually code monkeys who abuse a thousand-year old software from a company that isn't even trying, and they aren't going to settle with an additional layer of security especially one that is under a paywall.

    The only hurdle here is implementation.
  • FuhreakFuhreak
    Reactions: 7,670
    Posts: 1,623
    Member, Private Tester
    edited February 2020
    ShadEight wrote: »
    I love how all solutions to the botting problem mindlessly falls back to 'durrr hackers will find a way I'm telling you bro'. Realize that most of these so called 'genius' hackers are actually code monkeys who abuse a thousand-year old software from a company that isn't even trying, and they aren't going to settle with an additional layer of security especially one that is under a paywall.

    The only hurdle here is implementation.

    When these code monkeys make money off of said thing and plenty of tools already exist for abusing said verification methods, yes they will.
    You can easily download free and open source tools for bypassing most of the suggested methods for verification. It will not work.
  • ShadEightShadEight
    Reactions: 3,110
    Posts: 381
    Member
    edited February 2020
    Fuhreak wrote: »
    When these code monkeys make money off of said thing and plenty of tools already exist for abusing said verification methods, yes they will..

    They only make cheap money due to lax barriers, this game isn't much a gold mine for them to set up a dedicated phone line in order to break even. So no they won't.
    Fuhreak wrote: »
    You can easily download free and open source tools for bypassing most of the suggested methods for verification. It will not work.

    These 'free and open source' verifiers are usually low quality shared services that can be filtered out of the system (as most companies already do). The time, effort and money it takes to get a reliable server for phone verification is considerable for botters requiring hundreds of accounts per second.

    All these statements that 'hackers can simply do X' are therefore based on empty assumptions and simply amount to a fallacy.
  • TwilightHimeTwilightHime
    Reactions: 1,245
    Posts: 95
    Member
    edited February 2020
    Fuhreak wrote: »
    When these code monkeys make money off of said thing and plenty of tools already exist for abusing said verification methods, yes they will.
    You can easily download free and open source tools for bypassing most of the suggested methods for verification. It will not work.

    Can you describe a free and open source tool that can

    1. bypass SMS verification?
    2. more importantly, do it at scale? 100 numbers? 1000 numbers? 10000 numbers?

    There are many ways to get a dozen phone numbers. Twilio, Google Voice, looking up burner numbers online, etc, but I think the number of phone numbers available is tiny compared to the number of emails that can be generated by throwaway email servers.

    Maybe in the beginning, there's a million numbers available. But after a few months, that number will likely dwindle. Ban a couple hundred thousand accounts a week, and that's already a million phone numbers after 3 months.
  • FuhreakFuhreak
    Reactions: 7,670
    Posts: 1,623
    Member, Private Tester
    edited February 2020
    Fuhreak wrote: »
    When these code monkeys make money off of said thing and plenty of tools already exist for abusing said verification methods, yes they will.
    You can easily download free and open source tools for bypassing most of the suggested methods for verification. It will not work.

    Can you describe a free and open source tool that can

    1. bypass SMS verification?
    2. more importantly, do it at scale? 100 numbers? 1000 numbers? 10000 numbers?

    There are many ways to get a dozen phone numbers. Twilio, Google Voice, looking up burner numbers online, etc, but I think the number of phone numbers available is tiny compared to the number of emails that can be generated by throwaway email servers.

    Maybe in the beginning, there's a million numbers available. But after a few months, that number will likely dwindle. Ban a couple hundred thousand accounts a week, and that's already a million phone numbers after 3 months.

    There are tools that can do that, yes. Just look on github. Really people, it's not nearly as air tight as you think.
    The number of banned accounts thing would be what really kills it. You run into the problem of every phone number under the sun being blocked from Nexon accounts though.

    Remember that Korean MMOs are backed by real world data as well (KSSN) and they still have hackers.
    It might slow them down, but it certainly won't stop them.
    https://leagueofbetting.com/north-korea-hacks-south-korean-mmo-to-fund-nuclear-weapons-program/
  • AggraphineAggraphine
    Reactions: 19,415
    Posts: 3,553
    Member
    edited February 2020
    Fuhreak wrote: »
    Fuhreak wrote: »
    When these code monkeys make money off of said thing and plenty of tools already exist for abusing said verification methods, yes they will.
    You can easily download free and open source tools for bypassing most of the suggested methods for verification. It will not work.

    Can you describe a free and open source tool that can

    1. bypass SMS verification?
    2. more importantly, do it at scale? 100 numbers? 1000 numbers? 10000 numbers?

    There are many ways to get a dozen phone numbers. Twilio, Google Voice, looking up burner numbers online, etc, but I think the number of phone numbers available is tiny compared to the number of emails that can be generated by throwaway email servers.

    Maybe in the beginning, there's a million numbers available. But after a few months, that number will likely dwindle. Ban a couple hundred thousand accounts a week, and that's already a million phone numbers after 3 months.

    There are tools that can do that, yes. Just look on github. Really people, it's not nearly as air tight as you think.
    The number of banned accounts thing would be what really kills it. You run into the problem of every phone number under the sun being blocked from Nexon accounts though.

    Remember that Korean MMOs are backed by real world data as well (KSSN) and they still have hackers.
    It might slow them down, but it certainly won't stop them.
    https://leagueofbetting.com/north-korea-hacks-south-korean-mmo-to-fund-nuclear-weapons-program/

    If every problem could be solved by pretty words and likes, facebook would've cured cancer a decade ago.
  • TwilightHimeTwilightHime
    Reactions: 1,245
    Posts: 95
    Member
    edited February 2020
    Fuhreak wrote: »
    There are tools that can do that, yes. Just look on github. Really people, it's not nearly as air tight as you think.
    The number of banned accounts thing would be what really kills it. You run into the problem of every phone number under the sun being blocked from Nexon accounts though.

    Remember that Korean MMOs are backed by real world data as well (KSSN) and they still have hackers.
    It might slow them down, but it certainly won't stop them.
    https://leagueofbetting.com/north-korea-hacks-south-korean-mmo-to-fund-nuclear-weapons-program/

    Can you link a github example that you have seen that would be an effective bypass against SMS verification, for farm bots?
    Having every phone number under the sun being blocked is not really a problem.

    The goal is precisely to slow them down, not to stop hacking completely. I think you have a very different goal in mind.
    WONDERGUY
  • WONDERGUYWONDERGUY
    Reactions: 3,370
    Posts: 504
    Member
    edited February 2020
    Fuhreak wrote: »
    There are tools that can do that, yes. Just look on github. Really people, it's not nearly as air tight as you think.
    The number of banned accounts thing would be what really kills it. You run into the problem of every phone number under the sun being blocked from Nexon accounts though.

    Remember that Korean MMOs are backed by real world data as well (KSSN) and they still have hackers.
    It might slow them down, but it certainly won't stop them.
    https://leagueofbetting.com/north-korea-hacks-south-korean-mmo-to-fund-nuclear-weapons-program/

    Can you link a github example that you have seen that would be an effective bypass against SMS verification, for farm bots?
    Having every phone number under the sun being blocked is not really a problem.

    The goal is precisely to slow them down, not to stop hacking completely. I think you have a very different goal in mind.

    yes the goal its to slow down/lower the amount of hackers
    KMS does that, there is hackers in KMS aswell no one can stop that but they dont giveup because that

    in GMS maplestory feels opposite
    even when you google maplestory you get meso sellers,hacks offers as normal thing
    ranking are full with them (weekly ban data just show 50% of them)
    go ingame and find elite boss you will see 20+ kaisers and kannas botting 24/7

    even top 10 mail providers requests phone number ( yea sure there is some shady providers that dont but why work with those lol )

    i dont understand why nexon ignores request of phone number still... small thing that can help more then broken autoban and support system that is spamed by hackers
    i dont see nexon loseing if they add this option even if there is no benefit worth the try

    also is sad to hear long time nexon workers leaving (some that actuly know the game :( )
  • AggraphineAggraphine
    Reactions: 19,415
    Posts: 3,553
    Member
    edited February 2020
    Having every phone number under the sun being blocked is not really a problem.

    The goal is precisely to slow them down, not to stop hacking completely. I think you have a very different goal in mind.

    I don't know what you think you have in mind, but you may want to check your math there, sport.
  • microwavemicrowave
    Reactions: 425
    Posts: 22
    Member
    edited February 2020

    WONDERGUY wrote: »
    Fuhreak wrote: »
    There are tools that can do that, yes. Just look on github. Really people, it's not nearly as air tight as you think.
    The number of banned accounts thing would be what really kills it. You run into the problem of every phone number under the sun being blocked from Nexon accounts though.

    Remember that Korean MMOs are backed by real world data as well (KSSN) and they still have hackers.
    It might slow them down, but it certainly won't stop them.
    https://leagueofbetting.com/north-korea-hacks-south-korean-mmo-to-fund-nuclear-weapons-program/

    Can you link a github example that you have seen that would be an effective bypass against SMS verification, for farm bots?
    Having every phone number under the sun being blocked is not really a problem.

    The goal is precisely to slow them down, not to stop hacking completely. I think you have a very different goal in mind.

    yes the goal its to slow down/lower the amount of hackers
    KMS does that, there is hackers in KMS aswell no one can stop that but they dont giveup because that

    in GMS maplestory feels opposite
    even when you google maplestory you get meso sellers,hacks offers as normal thing
    ranking are full with them (weekly ban data just show 50% of them)
    go ingame and find elite boss you will see 20+ kaisers and kannas botting 24/7

    even top 10 mail providers requests phone number ( yea sure there is some shady providers that dont but why work with those lol )

    i dont understand why nexon ignores request of phone number still... small thing that can help more then broken autoban and support system that is spamed by hackers
    i dont see nexon loseing if they add this option even if there is no benefit worth the try

    also is sad to hear long time nexon workers leaving (some that actuly know the game :( )

    Today there are fake programs. such as phone, email, voice recognition, SMS via Google Play Store programs and other websites, this is the problem, many hackers will use these methods to continue in the game and legitimate players who have 2 or 3 optional accounts would be affected, adding this would be a catastrophe because simply nexon is not prepared for this, maplestory .. no .. nexon .. practically became ubisoft and others like Activision, Depp silver and gearbox and other companies for disaster in their games help their communities etc etc

    Forgive my language but I think that returning to the old game launcher, an online gm system in the game , a game guard with updates every day as an example does steam or blizzard , programs antibots as have in kms will solve this in one part

    Why remove nexon launcher? because it has unnecessary processes and is badly programmed with a blackciper that never worked and this due to the increase in the game of cheats, hackers, files in the folder for example mob.map are damaged and are used by them, note separately the high use of cpu and memory ... with crash lag and unjustified bans results in the end, that the game is abandoned

    WONDERGUY
  • FuhreakFuhreak
    Reactions: 7,670
    Posts: 1,623
    Member, Private Tester
    edited February 2020
    Fuhreak wrote: »
    There are tools that can do that, yes. Just look on github. Really people, it's not nearly as air tight as you think.
    The number of banned accounts thing would be what really kills it. You run into the problem of every phone number under the sun being blocked from Nexon accounts though.

    Remember that Korean MMOs are backed by real world data as well (KSSN) and they still have hackers.
    It might slow them down, but it certainly won't stop them.
    https://leagueofbetting.com/north-korea-hacks-south-korean-mmo-to-fund-nuclear-weapons-program/

    Can you link a github example that you have seen that would be an effective bypass against SMS verification, for farm bots?
    Having every phone number under the sun being blocked is not really a problem.

    The goal is precisely to slow them down, not to stop hacking completely. I think you have a very different goal in mind.

    I won't link to one as that's highly questionable, but there are account creation programs designed to bypass SMS verification.
    You can look for them on your own if you care so much for them. My goal isn't to stop hackers completely.
    My goal is to slow them down without hurting legit players. SMS verification isn't very secure. Plenty of players don't want Nexon having their information, either.
    I've said in the past that phone verification would work to some degree, but that I oppose it.
  • TwilightHimeTwilightHime
    Reactions: 1,245
    Posts: 95
    Member
    edited February 2020
    Fuhreak wrote: »
    I won't link to one as that's highly questionable, but there are account creation programs designed to bypass SMS verification.
    You can look for them on your own if you care so much for them. My goal isn't to stop hackers completely.
    My goal is to slow them down without hurting legit players. SMS verification isn't very secure. Plenty of players don't want Nexon having their information, either.
    I've said in the past that phone verification would work to some degree, but that I oppose it.

    SMS verification would be a solution going forward. Existing accounts would not require verification. So these "plenty of players" that have been doing fine for years don't need to worry about giving nexon their information.

    SMS verification isn't very secure because anyone can get a number, but there is a reasonable limit to the number of phone numbers that someone would be able to get ahold of before they start running into problems.

    And it's not like someone's going to be able to use my phone number, get the verification code, and then have my account banned.
    microwave wrote: »
    Today there are fake programs. such as phone, email, voice recognition, SMS via Google Play Store programs and other websites, this is the problem, many hackers will use these methods to continue in the game and legitimate players who have 2 or 3 optional accounts would be affected, adding this would be a catastrophe because simply nexon is not prepared for this, maplestory .. no .. nexon .. practically became ubisoft and others like Activision, Depp silver and gearbox and other companies for disaster in their games help their communities etc etc

    Yes, but there isn't an unlimited number of phone numbers available like there is with emails.

    If a legitimate player wants to create a second or third account, nexon can allow a single number to be associated with 2 or 3 accounts. Perhaps have a cooldown where you can create a second account after a week or two weeks. If a number is banned, then of course you would not be able to use that number again.
    Aggraphine wrote: »

    I don't know what you think you have in mind, but you may want to check your math there, sport.

    Is there an issue with the math?
    WONDERGUY
  • JushiroNetJushiroNet
    Reactions: 6,160
    Posts: 748
    Member, Private Tester
    edited March 2020
    I think people need to be reminded that actions can be taken without being completely secure.

    For example you would never say something like "WHY EVEN LOCK YOUR DOOR IT'S NOT 100% EFFECTIVE PEOPLE CAN STILL BREAK IN AND STEAL YOUR STUFF." There is value in making things harder. The catch is that nexon also needs to be careful not to make things too restrictive for legit players.
    DaxterbeerFuhreakSlicedTimeShadEight
  • AggraphineAggraphine
    Reactions: 19,415
    Posts: 3,553
    Member
    edited March 2020
    Is there an issue with the math?
    Having every phone number under the sun being blocked is not really a problem.

    Considering "every phone number under the sun" would encompass those of legit players, yes I'd say "an issue with the math" is a loose description of things.
  • TwilightHimeTwilightHime
    Reactions: 1,245
    Posts: 95
    Member
    edited March 2020
    Aggraphine wrote: »
    Considering "every phone number under the sun" would encompass those of legit players, yes I'd say "an issue with the math" is a loose description of things.

    Only a handful of legitimate players would be affected by hackers going online looking for phone numbers, and I suspect it would be limited to players that do not have a phone number and therefore need to use the same services.

    I doubt you nor I would be affected by hackers getting every number out there banned.

    Also I doubt hackers would be going anywhere near "every phone number under the sun".
  • WONDERGUYWONDERGUY
    Reactions: 3,370
    Posts: 504
    Member
    edited March 2020
    its allready standard in internet industry to have its not something that will hurt maplers if they use or nexon
    even mails providers like outlook,gmail makes you to have a phone number it also makes the accounts more safe and eazy to recover

    just like you said
    Many services these days require you to sign up with both an email and a phone number, where you'll be sent a verification text. If account creation required a player to have a valid phone number, would that cut down the number of bots that hackers can create?

    also nexon can ban from useing sus mail providers and mobile cell phone carriers that mass produce them without verify your info
    i dont know why they make big deal of it when everyone uses one to get to verify things allready


    and yes it wont stop hackers sure there will be allways way around but wont be so many each week
  • pepepepe
    Reactions: 2,125
    Posts: 161
    Member
    edited March 2020
    not to mention just leads to hackers cloning phones
    The things people do for this mushroom game...