Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • LiveOps /
avatar image
Question by rugbugredfern · Apr 15, 2021 at 12:03 AM · CloudScriptAccount Management

Preventing account botting with CloudScript

Recently I had an issue where someone created 100,000 new accounts, maxxing out our player cap. All of the accounts were created from the same IP address, a VPN, and have no statistics/display names. I've seen Cloud Scripts as a solution, but have no idea where to start. I am wondering if there is any solution to:


  1. Delete all of the botted accounts, by deleting all accounts created from the given IP
  2. Prevent multiple accounts from being created from the same IP to prevent something like this in the future.
Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Brendan · Apr 15, 2021 at 12:56 AM

That seems odd, since we limit the number of API calls per IP Address, so it would take them quite a while to do that. Also, it's not clear why they would bother, since there's no real "reward" for doing so.

Looking at your title, I do see the behavior in question. If you haven't already (and for others), the way to find the IP Address used for this would be a query like this in the Data Explorer:

['events.all'] 
| where FullName_Name == "player_logged_in"
| where Timestamp > ago(7d)
| summarize totalNum = count() by tostring(EventData.IPV4Address)

You could then also find the exact time range for this like so:

['events.all'] 
| where FullName_Name == "player_logged_in"
| where EventData.IPV4Address == "103.242.239.0"
| summarize Min = min(Timestamp), Max = max(Timestamp)

If they're the only person that signed in during that period, you could just ban anyone that signed in during that period (or delete their accounts). But, since that's pretty unlikely, you'll need to look for other common factors. For example, if you always set a Statistic or other trackable (and Segment-able) value in the player profile on their first play, you could just create a Segment for players that don't have that value, and so delete them all at once. Generally speaking, someone doing this isn't likely to spend a lot of time following up, so you could also just identify accounts that haven't been active for some period and delete them.

One thing I would definitely recommend is to turn off all the API endpoints you're not using via the API Policy Permissions.

We're also looking at potential actions we may take against the IP in question.

Comment

People who like this

0 Show 12 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image rugbugredfern · Apr 15, 2021 at 01:07 AM 0
Share

Thanks for your response. The accounts in question have no statistics associated with them at all, but I cannot figure out how to make a segment for players without a statistic. If I was able to make a segment for all players without the "Exp" statistic and delete them that would be great, since all players who join a match will get an Exp statistic, so I can easily differentiate between bot accounts and real players.

avatar image Brendan ♦♦ rugbugredfern · Apr 15, 2021 at 01:28 AM 0
Share

In the current model, you can't really segment on a lack of something, so what you would need to do is write a small script that checks for the invalid state and deletes the player account if it's invalid. Then, you could run that as a Scheduled Task against the All Players segment. If you believe the hacker in question will be continuing to re-use those accounts, you could additionally have a script that's triggered in reaction to a login call. It would check that, for any login which is not the first time the player logs in, if the invalid state is still on the player account, that account is deleted.

avatar image rugbugredfern Brendan ♦♦ · Apr 15, 2021 at 04:41 AM 0
Share

All right, I've been able to get all of the player logged in events for this IP, but how can I delete the accounts with this information?

Show more comments
Show more comments
avatar image Burak Sen · Apr 16, 2021 at 10:29 PM 0
Share

`turn off all the API endpoints you're not using via the API`

@brendan What do you mean by 'All', since there are so many endpoints. Can you please provide some more details about: which endpoints should be disabled.

avatar image Brendan ♦♦ Burak Sen · Apr 16, 2021 at 10:37 PM 2
Share

The API policy (https://docs.microsoft.com/en-us/gaming/playfab/api-references/api-access-policy) allows you to turn off API methods (endpoints) you're not using, in order to minimize the surface area a hacker could attempt to use. In this case, the Client API calls. As to which ones to turn off, that's up to you. I'd recommend reviewing which ones you're using in the client app, and turn off all the others.

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    7 People are following this question.

    avatar image avatar image avatar image avatar image avatar image avatar image avatar image

    Related Questions

    User not found issues 1 Answer

    Does a new pricing tier apply to all Titles in a Studio? 1 Answer

    Cloudscript and Azure Function Price 1 Answer

    Cloudscript + Azure Functions + Redis 1 Answer

    Viewing the CloudScript error details in the GameManager 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges