search

FMCorz / moodle-block_xp

A gamification plugin for Moodle allowing students to gain experience points and level up.
https://levelup.plus/?ref=github
147 stars 41 forks source link

Cheat guard not working #38

Closed eozz closed 8 years ago

eozz commented 8 years ago

Hello, we are having issues with cheat guard, current configuration is:

Cheat guard Max. actions in time frame Help with Max. actions in time frame 2

Time frame for max. actions Help with Time frame for max. actions 18000

Time required between identical actions Help with Time required between identical actions 36000

However users get points for each refresh. Rules - event CRUD is equal to - r ...

Level up has been configured to work sitewide

FMCorz commented 8 years ago

Hi,

The cheat guard is not looking at the rules, but at the events. It only prevents similar events to be repeated, it will not discard events based on the rule they match. Though maybe we could improve this in the future.

eozz commented 8 years ago

Ok, but then for each \core\event\course_viewed event the plugin should not assign experience points, based on timeframe or time required settings, however it does. So this results in XP gaining by just refreshing the course page multiple times per minute.

FMCorz commented 8 years ago

Hi,

I have to admit that the logs do not contain enough information for users to understand how the cheat guard works. It is not only based on the name of an event, but also where the event happened. If your students have access to 10 different courses, they can visit each and get XP for each course in the timeframe specified.

Let me explain why. Take as an example a list of resources, say 10 pages. Most likely you want to prevent your students from refreshing the page over and over again, however they should still be given XP for each different resource that they accessed, they may just be fast readers.

Hence, the cheat guard only loosely checks if the event was already captured within its own context. Unfortunately the logs do not indicate all the parameters taken in account.

Now, your students might just be smarter than the system. The one way to cheat it is by logging out and back in. The cheat guard was not meant to be super smart, it was made to prevent easy cheating such as refreshing a page over and over. I could definitely improve it but for performance reasons it was better to keep it simple.

Would you mind checking if your students are logging in/out?

Cheers, Fred

eozz commented 8 years ago

Hi, so far it seems that users gain points without logging out, below is a short log from Level up point gain and a txt file with users activity. System log shows no logout/in during the point aquiring.

Also there are only few courses, so the points are gained by refreshing the same courses over and over again, although the cheat guard time has been set to high values.

Saturday, 21 May 2016, 9:22 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:22 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:21 AM Kalvis Ruckis 1 \mod_resource\event\course_module_viewed Saturday, 21 May 2016, 9:21 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:21 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:21 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:21 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:20 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:20 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:19 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:19 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:19 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:19 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:19 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:17 AM Kalvis Ruckis 1 \mod_resource\event\course_module_viewed Saturday, 21 May 2016, 9:17 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:17 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 9:02 AM Kalvis Ruckis 1 \mod_quiz\event\course_module_viewed Saturday, 21 May 2016, 8:59 AM Kalvis Ruckis 1 \core\event\course_viewed Saturday, 21 May 2016, 8:59 AM Kalvis Ruckis 1 \core\event\course_viewed

log.txt

FMCorz commented 8 years ago

Thanks.

Looking at the log file, it is pretty clear that this user is having fun logging in and out a lot. They have found a workaround to counter the cheat guard and are abusing the system. I'm afraid that at this point I do not have a solution, though you can selectively ban this user from earning XP by giving them a role that prohibits xp:earn.

21 May, 09:21   User    User has logged in  The user with id '64' has logged in.
21 May, 09:21   User    User logged out The user with id '64' has logged out.
21 May, 09:21   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:21   User    User has logged in  The user with id '64' has logged in.
21 May, 09:21   User    User logged out The user with id '64' has logged out.
21 May, 09:21   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:21   User    User has logged in  The user with id '64' has logged in.
21 May, 09:20   User    User logged out The user with id '64' has logged out.
21 May, 09:20   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:20   User    Course: Zello izmantoðana  System  Course viewed   The user with id '64' viewed the course with id '17'
21 May, 09:20   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:20   User    User has logged in  The user with id '64' has logged in.
21 May, 09:20   User    User logged out The user with id '64' has logged out.
21 May, 09:19   User    Course: Zello izmantoðana  System  Course viewed   The user with id '64' viewed the course with id '17'
21 May, 09:19   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:19   User    User has logged in  The user with id '64' has logged in.
21 May, 09:19   User    User logged out The user with id '64' has logged out.
21 May, 09:19   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:19   User    User has logged in  The user with id '64' has logged in.
21 May, 09:19   User    User logged out The user with id '64' has logged out.
21 May, 09:19   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:19   User    User has logged in  The user with id '64' has logged in.
21 May, 09:19   User    User logged out The user with id '64' has logged out.
21 May, 09:19   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:19   User    User has logged in  The user with id '64' has logged in.
21 May, 09:18   User    User logged out The user with id '64' has logged out.
...
21 May, 09:17   User    Course viewed   The user with id '64' viewed the course with id '1'
21 May, 09:17   User    User has logged in  The user with id '64' has logged in.
21 May, 09:17   User    User logged out The user with id '64' has logged out.
21 May, 09:17   User    Course viewed   The user with id '64' viewed the course with id '1'

Cheers, Fred

PS: Maybe you should edit your comment to remove the name of that person, otherwise it'll come in Google results.

eozz commented 8 years ago

Ok, thanks for info!