question

HiRoGliFiQ avatar image
HiRoGliFiQ asked

Playfab + Photon turnbased + webhooks = stop hacker?

Please bare with me while I describe a hypothetical hack of my game.

...hacker logs into my game.
Hacker starts to create 10,000 rooms on my photon cloud.
Hacker enters everybody elses room, and deletes all the custom properties for all their rooms, and replaces those custom properties with profanity.

Meanwhile, my webhooks are sending all these events to playfab.... for verification.

My playfab's Cloud Scripts are screaming, "IT'S a HaCKER! It's a Hacker!!!!!!"

6 hours later... my playfab's cloud scripts are still screaming, "IT'S a HaCKER! It's a Hacker!!!!!!"

Sending the event to playfab, and running some logic to determine that it's a hacker -- that's where playfab's documentation on the subject seems to end.

So okay, I know their a hacker. Now what?

Can I stop them from making 10,000 rooms?
Can I stop them from spamming?
Can I stop them from entering rooms?
Can I stop them from modifying custom room properties for every single room, including rooms they didn't make?
Can I stop or undo any action they just did (on photon cloud)?
Can I kick them from the photon cloud room, or the lobby?

From reading photon cloud's documentation, I can't find any way to do a single thing to stop a user from doing anything they want, as often as they want. Except, perhaps, I could delete their account and hope they eventually log out of my game and won't be able to get back in.

What good is it to use playfab to verify my photon cloud events, if I still can't do anything about it?

Yet playfab seems to make it out to be a big deal that you can authenticate and run cheat detection on the events received from photon cloud. Why and how is it helpful to know they are cheating, if I can't stop them? Or am I missing something here?

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

Some of your questions (stopping users from making rooms or updating properties) are best addressed to the Exit Games team, since they're specific to the Photon Cloud tech. The integration with PlayFab is twofold - allowing you to authenticate players with PlayFab and then use that to sign them into the Photon Cloud, and using webhooks from Photon Cloud to drive server-authoritative logic in PlayFab.

Preventing cheating in online games requires server authority. Many types of games can accomplish this by driving key updates through Cloud Script, whether through webhooks or direct calls. For example, if a player makes a move on a board game, your script could check the move for validity - did the player try to move further than he is allowed, or through a space he shouldn't be able to? These checks are going to be specific to the gameplay design, so there isn't a single description we could use for all of them, but if you have some specifics on your gameplay available, we can certainly make recommendations.

At any rate, using those checks would then allow you to update a securely maintained state for the game session, either in Shared Group Data or distributed across the User Data of the participants. That way, if the checks fail, you don't update the state with it, blocking the attempt to cheat. If you keep track of the instances of that via event logging, you could also generate a report for yourself on players who regularly cheat, and use our banning system to remove them from your game.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.