Improving Anti-bot
VulgarnyKarlson
- Looter captcha-maker and signature-maker - should be same IP and API-Token
- Looter should make same pre-request's ( maybe same search request, or another types)
- As i see you using created_at and game_id (i don't know about now) but before i was checking - you are not using it, so you should link your captcha to game_id which is generating
Limiting req/s by ip to captcha is not solution, it's just patch which is not fixing fully of issusie
I wrote only of found issue's, i also know about tweaks which you made yesterday/today (maybe not all, but much )
Add to 2nd - simple downloading static files also can be a require to make sure it's not a bot
Also , 1 very tricky solution can be - coordinate of clicking of interaction buttons ( you can send info to your server, just to explain of user actions, but as expirience it's hard using, cause emulator can also randomize if he will find this trick ) - same coordinate's can prevent emulator browser bots
But don't ban bot's ip when they did mistake, cause it's giving a information which mistake they did, wait some time , also good move to hide error on "Game has been attacked"
Wallets bans can be useless, cause you can make 1 wallet for check theory ( don't forget about proxies, which can easy self-maded) . And also make script to transfer all crabs and make teams to another wallet ( it's not too hard )
Also i would recommend to not ban bots, just fix issue's. Cause making ban - you not taking additional info's ASAP
Theo Dore
Very good info.