Ideal Infrastructure for RPG Multiplayer Game with persistent Player Data and secure Item Drops?

Hey everyone,

I am working on a multiplayer coop FPS action RPG game (PvE only) featuring player level increases, random item drops and persistent player data storage. I seek for help and advice in order to decide how to best set up the game’s infrastructure.

First, here are some basic aspects that need to be considered:

• In terms of gameplay mechanics, the game can be compared to coop shooters like Borderlands 2
  
• The game is played with up to 5 players at a time, both Internet and LAN play is supported
• Games are supposed to be hosted by players themselves, or by running dedicated servers
• Players can gain XP, permanently increase in level, and may acquire items. Player data (level, XP, items, etc.) needs to be securely and persistently stored somewhere in the cloud
• Cheating must be prevented (e.g. cheating items, gaining XP faster, etc.)
• The multiplayer code is set up after authoritative server approach
  
• I consider making the game Steam-exclusive since I know that Steam provides some methods for cheat-protection and persistent player data storage (however, this is just one possible option so far)

One primary question for me is how to prevent hosts (server players) from cheating. Let’s assume a player hosts a LAN or Internet game and manages to apply a cheat in order to instantly kill a boss and get powerful items. What can I do against this? And, since the game involves randomized item drops, do I need some kind of master server to control the item drops?

How do you think other games like Borderlands 2 do solve this issue?

If I choose to make the game Steam exclusive, do you think this would make my life easier because Steam takes care of security issues and player data storage?

Maybe someone of you has faced similar issues before, or has more experience on this and can give me some advice, lessons learned and/or best practices on how to set up my game's technical infrastructure.

Thanks for your help!

 

On a private LAN with no external access, you have absolutely no control over cheating whatsoever. XP/Levels/loot gained whilst on LAN can't be taken to Internet games as any account that has ever used the LAN must be considered dirty.

 

Yes, but I haven't said that LAN games must exclude external access. An internet connection is assumed at any time, also for LAN games. Also, the infrastructure question applies to self-hosted internet games as well.

 

Self hosted or LAN is a distinction without a difference. It's who is running the server that matters because they control all network traffic in and out of the game and control the server. They have so many avenues of attack it's not even funny. You don't even need to use advanced hacking techniques, I could just slow down all traffic except for my own resulting in everyone else lagging but me, or similar stuff that's trivial to do.

But for your type of game do you really care that much? Players can just choose another server if they think someone is cheating, and usually hardcore players play with servers where they know everyone.

My approach to this would be make it hard for the idiots. Have the server do some basic checking to make sure people aren't just messing with the obvious easy things like any static data you load. Make SHA digests of any data you load and compile those digests into the build (or load them via a central server), and then check them on startup. Basically just verify anything you load is correct and not been tampered with. That type of approach will stop the clueless.

For someone that knows what they are doing you can't stop them. If you let me run the server I guarantee I can find a way to cheat in ways you wouldn't even think of. You will spend countless hours preventing a specific angle of attack and then someone will just use another approach. You can't win.

 

Thanks for your reply, I see.

Again, I would like to pick up Borderlands 2 as example (Steam version). This game allows me to host a LAN game myself. How do you think they handle the problem here?

In fact, I think I need more advice and guidance in order to properly set up the technical infrastructure.

 

Update:

It seems that Borderlands 2 actually just uses local save games and does not use an exclusive cloud data server. While it uses Steam Cloud, this does no more than synchronizing local save files across different computers. Still I guess they have some additional security mechanisms to make it less easy to hack the save files.

Anyway, I am wondering if I even need to put higher priority on the security aspect then, considering that cheating in coop games is not so much of an issue like in competitive pvp shooters like Counter-Strike and such.
I mean, if AAA coop titles like Borderlands 2 can afford to save character stats locally, maybe this might be a fine approach for my project as well.

 

Go research the "claptrap love letter" - Borderlands 2 itself had trouble delivering a multi-player lan experience, and it almost didn't get delivered.

The only way to make this work effectively is to model it after the FPS games out there and give up some of your authority. Call of Duty, Borderlands, Resident Evil, nameless others, include "offline" or "lan" play. They don't distinguish your characters offline experience with the online experience, and your character travels with you with all his achievements, experience, items, etc.

In this model, there will be cheaters. The model the above games have taken is low impact. Weapons and Skins, maps, potions, ranks and levels and awards that really have only personal gratification. There are trainers for Call of Duty and Resident evil that make you max level, and give you access to the full inventory immediately offline, then you can take that online. But it does not make you all powerful, and even with the best weapon loadout that CoD offers, someone will still headshot you and end you as if you were level 1.

If you want to go fully authorative and progression can only happen appropriately to your rules, you've got to keep it online. Do NOT allow lan servers or offline play. If you want "lan parties" - allow users to create password protected matches and invite friends (to your hosted server) so they can have a meetup experience.

 

So honestly, in this space...I'd say you're probably ok. Here's a little bit of nostalgic experience to sooth your decisions a little bit

I was part of a team that produced one of the first successful persistent MMO's. I've done two others since. In the first one, we used client side authority for hit boxes, movement, NPC AI and a number of other things. We had a "zone" based setup and we actually sent ALL THE ZONE DATA regardless of distance to the client...ridiculous I know.

In my later two MMO's we took steps each time, to examine the technology, look at the risk / reward factors of hacking / cheating, and how much it was worth it to us to provide a game experience free of unfair advantages.

Here's the kicker..regardless of those systems, manpower and monitoring, when we look at the percentage of "bans" in each game, it's less than 5% of your entire player base ever attempts to cheat, and it's THE SAME regardless of how simple or sophisticated our attempts to preven it were.

Those that are intent on cheating always will find a way, no mater how small or unadventageious. Those that play for the fun of it will rarely knowingly cheat.

Focus on providing a great user experience that doesn't make your typical non-cheating user frustrated with the process.

 

Man, thanks for that @Freakyuno It backs up what I've always thought, but you have real-world experience of it. Thank you for sharing

 

Thanks for sharing your experiences.

I think this is the way to go here.

 

What I've seen on 2-3 games which I've seen their online monitoring dashboards fully confirms @Freakyouno 's experience.
The players will always find a way to cheat, you move everything to server and add lag and ... for real none cheating players to avoid cheaters but I guarantee that in almost all cases some of them will find a way. I put my name on it.