Shadowbane Servers Hacked, Chaos Ensues

Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."

Re:game world != real world...

[no+reason+to+be+here]

why should anyone that found a way to compromise security for a game be prosecuted in real life?!
if that will happen, then WHO will take responsibility for all the holes in Windows?!
well, not exactly. they're not going after the people for breaking into a game, but for breaking into a server. Nor are they going after the people responsible for the lousy security on their servers (as your windows comment might suggest), but rather the ones responsible for exploiting that lousy security. This is pretty much standard in the real world. I break into a system, I get caught, I get prosecuted.

unfortunately this is par for the course

[agrounds]

For those of us that have been playing this game regularly, this is only the icing on the cake for a plague of problems. This was a game that was touted for it's massive guild vs guild and player vs player capabilities. Massive warfronts and assaults utilizing seige weapons and a slew of powerful spells and powers. None of this has come to pass. The game lag is too terrible to support even the smallest of battles. PvP is almost impossible during primetime hours due to the inability of most casters to launch spells in a timely manner. (Although you -can- watch your nukes launch 45 seconds after your death)

Server downtime is extreme. Login is at times completely impossible. Rollbacks are nightly. The attrition rate among players is amazing. I've watched my guild vanish over the last few weeks as the host of problems drive out all but the most staunch of players. Ubi/Wolfpack blatantly reject petitions with no regard or consideration for the players. Every patch makes the client actually worse that it was before. This has been a nightmare for most of us. To see news like this only confirms the worst. Bad management, bad hosting, bad coding, and bad customer care have driven most from what I considered to be one of the better games to come out this spring. Just another account cancelled in a long line of departing players.

Re:unfortunately this is par for the course

[Graff]

AFAIK, every server has had at least one battle that would put some of EQ's big raids to shame.

Perhaps so but with pretty much every one of those big battles you have more than 1/2 the participants either lagged to death or forced out of the game due to client or server crashes. It happens just about every time there is a battle of 50+ people.

It is not a matter of having a good computer or connection. The servers themselves start to lag in big battles. There have been many times when I've been on a completely different continent and I've heard of a big raid on a city. Sure enough the server lags horribly just about then and sometimes even crashes. Now maybe on some of the less populated servers this is not as evident but I played on Deception, which is one of the top 3 most populated of the servers.

Not only that but the client sucks too. I'm on a computer that handles Unreal Tournament 2003 at over 50 fps with all the eye candy turned up and in huge fights. The graphics of Shadowbane don't even come close to comparing to UT2003 and they barely pass 40 fps when nothing is going on. If I wander into a city with lots of walls, people, and other objects then the frame rates drop into the teens even with all the graphics turned down. Make this a huge battle and many people start getting 1 frame every few seconds. There are some pretty substantial memory leaks and so the game starts to lag even harder once it exhausts your physical RAM and begins to need to page to disk. On top of all of this the client crashes randomly and often.

The kicker is that once you crash or need to re-log into the game due to the buggy client you will often need to try to get back in for 1/2 hour or more because the login servers are horrible. God forbid that more than a few dozen people need to log in at once, you could be there all night trying to get back into the game. A typical night of playing Shadowbane would be: sit down at computer and attempt to log in, 1/2 hour later get to character selection screen, select character and wait 15 more minutes to get on the game server, play for an hour and then get bumped out of game for some odd reason, rinse and repeat.

I know that I'm not alone in this because there have been droves of people leaving for pretty much the same reasons I've stated here. Just look at the message boards and you'll see plenty of people saying the same thing I just have.

I'm not going to even get into the gameplay issues such as amount of farming needed to support a city, unbalanced classes, missing game features, horrible interfaces, lack of content, game exploits, the hard "soft" cap of level 60, the extreme tendency of servers developing uber-guilds that make it nearly impossible to have more than 1 major nation per server, etc.

It's The End !!!

[da5idnetlimit.com]

Armaggedon !!!

Gosh, I do Hope the poor admin had regular backups 8)

Well, the game was trashed by people that took the time to get WELL into the system before trashing the hell out of it.

Like an "Organized" Attack...

I'm not implying anything, but who gets benefits from this ? Competitors ?

From the forums it seems users are quite unhappy, but then possibly the editor will have another chance, and deply the same "anti-cheat" tech as in Counter Strike and Quake...

If everything is in game then deal with it there.

[Mick+D.]

If they only screwed around in the game world itself and left the real world alone (eg. credit cards, account data, etc) then the company should do the same. From the sound of it, they just showed that 'there is no spoon' to the rest of the game world. We love the movie and the character for doing so, but when someone does the same thing in a 'Real Life' virtual world then they get mad.

Man, this world is getting WAY too many levels to it when I have to destinguish the 'real world's' game world, and the movie world's game world and doing 'real' things in a particular game world and...Ah my brain just gave up.

Re:law?

[WPIDalamar]

Acutally... that's kind of insightful.

Ubisoft is calling it a hack, of course they will to save face... but what if it's just a bug or flaw in the game. What if they did all this through the game client? Is exploiting one of these flaws in a game against the law?

What if I'm playing EQ, and I find a spot in a zone where mobs can't get to. Then I kill things from there. I'm exploiting a bug to become more powerful. Is that the same?

What if I'm playing, and find out if I crouch and jump at the same time I can kill anyone I want? It's obviously cheating, but is it ILLEGAL for me to exploit that?

What if these guys found out if you hit the Ctrl-alt-f3-f4 keys while running north gave them these powers? Then is what they did illegal?

What if these guys used a special piece of software that ran the game in a special mode? Is that illegal? I mean, EVERYONE uses software (your OS) to run the game in a "special" mode (namely, a mode that works properly). Is this worse than exploiting the bug through the normal game interface?

Is this only a problem because is affected other people?

(Remember... big difference between illegal, immoral, and just plain annoying)

The EverQuest "Mass-Kill" - Yes, it happened!

[Blackwulf]

I was a Guide (volunteer CS rep, like an Advisor in Anarchy Online or a Counselor in Ultima Online) for two years in EverQuest, and during that time, one of the other Guides on one of the other servers decided that it would be cool to go out with a bang.

So, she zoned into the Temple of Veeshan (at that time, the highest level zone in the game) and went right in front of Veeshan herself (the uber dragon.)

And then she did a "/who all 50-60" to get all of the high level players on the server.

Then she started /summoning them to her location, and then binding them to that location when they appeared.

Well, when they appeared, Veeshan struck them down with about 2 or 3 blows. And since they were just bound there, they respawned, naked, right in front of Veeshan.

Whack, boom, dead. Reappear, whack, boom, dead.

In EverQuest, when you die, you lose experience. And in EverQuest, you can lose levels if your experience dips down too low.

Some people got deleveled from level 58 to level 53 before the GM staff came in to clear the carnage, and ban the Guide. I know they were considering persecution against this Guide, but I'm not sure if they really went through with it or not.

I believe about 25-30 high-level characters with months of /played time were affected.

I thought it was funny, but it sure made my job as a Guide harder because the playerbase no longer trusted us to keep our cool, and they were calling for the entire Guide program to be disbanded since we were now "too powerful" all of a sudden.

Not the same as hacking the server, but it had the same effect of destroying the games of a segment of the playerbase.

Every MMORPG learns the same lessons

[Speare]

Every time I see a new MMORPG, I am saddened to see that the designers don't learn the well-publicized lessons of their predecessors and competition.

Never trust anything a client gives the server.

Isolate the backend servers from the Internet.

Never trust anything a client gives the server.

Patch management isn't as trivial as one would think.

Never trust anything a client gives the server.

Lag isn't under your control so design around it.

Don't rely on a client hiding anything from the user.

Lag isn't under your control so design around it.

Never trust anything a client gives the server.

Don't include "God" tools in every client, nor accept God logins from untrusted addresses.

And most of all, never trust anything a client gives the server.

The server must be the adjudicator of everything, the data master, the sole arbiter of discrepancies. Assume the client is fully hacked or written from scratch to do anything the user wants. Assume the client sees no walls, sees all invisible objects, sees every spawn point, and can filter on anything your server tells your client.

Why do people pay for MMPORPG Betas?

[cgenman]

The computer game industry has been earning a reputation for releasing buggy code these past few years, and now it has come to a situation where what should be an internal release now costs money. Unlike retail games where occasionally Beta testers are charged, but given the full retail game later, Beta testers on MMPORPG's are not given additional months of play for the priviledge of paying to be guinea pigs. They are not compensated with reduced pay rates or additional in-game powers. In short, they pay to fill a necessary position in the production cycle, then they pay again for the retail product. Many, of course, don't pay for the retail product, and go on diatribes about how unplayable and unbalanced the game (they paid for) is.

How has it gotten so bad that we now release not only buggy games and expect to patch them later, but charge for development releases in addition to charging for final retail releases? We're giving ourselves a bad name here.

If your game is unfinished but in need of stress testing, don't charge for it or you will alienate your potential best customers. If you *must* charge for bandwidth because your manager didn't budget for such costs (and should be rightly as fired as if s/he forgot to budget for artists), then charge a bare minimum until the game is ready for prime time. Don't develop the game on the dime of your testers, or you will find that once you are ready to ship you don't have any customers.

10 dollars a month for our volunteers to do our jobs? We should be ashamed.

Different zone, different dragon - I'm stupid.

[Blackwulf]

As several replies have pointed out, I got the wrong zone and the wrong dragon.

The zone was Veeshan's Peak (the Luclin expansion with ToV was not out) and the dragon was whoever the end of it was.

People can still believe I'm full of shit, but I did find this:

Former Guide Tweety mentioning the incident

WEEKLY UPDATE: 11/22/00 - The Guide of Veeshan's Peak

I wanted to post yesterday, about the guide who went bananas on the TT server. I wanted to, I really did. But what's the point in posting if the sum total of your reaction is:

BWHAHAHAHAHAHAHA!

Put the unlicensed handguns away, it's not that I don't feel sorry for the innocent victims. There were probably several harmless bystanders who got whooshed into a really BIG dragon's ass, and those people didn't deserve to lose the three weeks that it took them to earn their four lousy pixels of experience. I hope that Verant has as promised checked the logs and restored all the folks involved to their previous levels of exp. If they don't, well, don't bother calling the paramedics because I sure won't have a heart attack over the shock of Verant being too pathetic to touch their testicles AND provide customer service.

Remember my little rant entitled "Try Being a Guide"? The ONLY reason I typed a rant instead of hauling some d00ds into VP was because I'm just a big mush ball at heart. I kept thinking that maybe Mr. 58th Level Douchebag had just had a bad day when he was ripping into me. Maybe he didn't really MEAN to call me names and tell me how stupid I was. Remember, I'm the big fan of thinking of the fellow behind the keyboard when it comes to actual interaction - I try to always keep in mind that I don't know the kind of day the other guy is having.

I was also afraid that if I tried that summoning trick, I'd accidentally summon "Pimps," who hadn't ever talked to me, instead of "Pimpz," the intended recipient. Mistakes like that happen, and I didn't want to make one.

But I'll bet you a million dollars that at least half the people still picking dragon teeth out of their asses were the sort of people who said, "fuk you d00d, Ive done this 4 ever, its not an xpl0it" and "wtf u mean u wont rezz me, it's a fucking bug, you stupid twat."

Oh, and yes, it does sound EXACTLY like a normal "event," except that the guide should have convinced someone to let him become a dragon to prevent the players from losing exp (clue alert - a guide-controlled NPC NEVER takes experience from you when he kills you). That's what good little guides do when they want to kill players.