Bug [5.2.0] - Ticket purchase from Energy can cause temporary ban of IP

[Knatan]

Describe the bug If you gather 360 Energy in total, for example via Seasons of the Rose, the script will "Spam spend" and cause your IP to be banned.

To Reproduce

1. Go to Test server.
2. Disable UseEne script option next to auto-champion.
3. Unlock the bonus pass for Season reward until you have a lot of Energy stacked. For example 360 energy, or maybe more. You can also acquire Stacked Energy from Path of Attraction rewards.
4. Enable useEne script option
5. Get banned for some hours with a "500 Internal Server Error" message

Expected behavior The expected behaviour is to just have the script purchase some tickets. I don't mind if it takes 2 seconda instead of a nanosecond.

Additional context I believe this bug has always been present ever since Dorten introduced this feature from the original script, it's just that recently we have been able to amass a lot of Energy, and I discovered this thanks to Season of the Rose rewards in conjunction with the Energy rewards from Path of Attraction. The more energy you stack up, the more "spammy" the script will become, and trigger the game server to blacklist you. I was able to clue together what had happened thanks to Roukys mentioning that he had encountered this phenomenon in the past with the League calculations. This is likely the same problem.

[Roukys]

@Knatan could you try that : (please don't close issue if it work I'll close when patching ;)

remplace : 

hh_ajax(params, function(data) {
                anim_number($('.tickets_number_amount'), data.tokens - amount, amount);
                Hero.updates(data.heroChangesUpdate);
            });

by : 

setTimeout(hh_ajax(params, function(data) 
                               {
                anim_number($('.tickets_number_amount'), data.tokens - amount, amount);
                Hero.updates(data.heroChangesUpdate);
            }
                              ),randomInterval(800,1200));

[Knatan]

Thanks Roukys! This will be difficult to test at the moment, I'll try it next month when we get a new season pass and Path of Attraction.

[Roukys]

yes I'll try also, lets keep this open :)

[NinJaraya]

I think there must be other causes besides that for this error. I've been having this error quite often before that, like once or twice a month. Since I'm never around when it happens, I don't know the cause. by Google Translate.

[Knatan]

I think there must be other causes besides that for this error.

That is also correct. But in this case I'm 99% certain of the ban. It became especially apparent due to the events in #62 It was even discovered by the game developers that this particular bug can cause cheating to happen in daily contests related to Spending Energy.

[Roukys]

@Knatan, didn't understood your last sentence, it can cause cheating to happen ?

@NinJaraya @Knatan I'll check, it can only be on ajax calls, lets see if this one can be solved, if yes I'll apply the same to other ajax calls.

For info ajax is called for : 

buyings stats, item on the market, buying troll points, league opponent fetching

[Knatan]

@Roukys One of the well documented public ostracizing happened here: https://forum.hentaiheroes.com/index.php?/topic/16069-19-nov-20-legendary-contests-discussion/page/5/&tab=comments#comment-210670 And the game developers know about it. They now have the means to track down people who use the ancient script and give them a good old ban.

[Roukys]

yes nothing on our side to do so much out of spends Kobans for combat, and the one esked for selling items ...

script is to help us not cheat...

to look into to prevent further issues ...

[Knatan]

I think it was an accidental circumstance and not the script's fault, so I don't think you need to worry about that.

The test server had an update as per #62 , the developers had messed up the button to purchase tickets. Bug: If you tried to manually click the button to purchase champion ticket, nothing would be purchased, and the energy would remain at 100. But the click still resulted in points for the contest that were related to energy spending. So the old version of the script would "purchase" tickets infinitely and give people millions of Contest points, Then the server would ban them for a few hours due to the Ajax spamming. Then the ban lifts, and the script spams the Ticket purchase again. Then the server gives another temporary ban, etc. in a long repeat.

It was an unfortunate incident. But I place blame on game devs for messing up the ticket purchase button. But in the end the incident helped us figures out what was going on.

[Roukys]

Yes buying stats could be a spam one like if you've won million, it will spam update of stats.

others normally have action before being triggered again (champions, troll energy)