Clean and Secure UGC Environment - RareSloth Games

Clean and Secure UGC Environment

The King Rabbit level builder is our first crack at creating an online community for a game. The biggest bottleneck of our game was content since the two of us could only generate so much in a period of time. Opening the level builder up to the community allows there to be a free and constant flow of content that everyone can play.

With any UGC (User-Generated Content) environment, there is sure to be profane or offensive content – trolls will be trolls. Add to that the rampant hacking and cracking of digitial goods and it’s easy to see how an environment can quickly go sour. We want to keep our community clean and fun for everyone so I’d like to share a few steps we’ve taken to do so.

* We use Ruby on Rails, so you’ll see terminology specific to Ruby or Rails like “gem” and “route”.

Cleanliness

Profanity Filter

obscenity is a simple gem that gives you an easy way of filtering out profane words from strings. We use it to keep naughty words from being used in level names and usernames. It’s not perfect since it sources its filter from a simple list of words, but the list is pretty large and covers the most common words. It also has words from a few languages other than English.

Its usage is as simple as:

# Replace bad words with a smile emoji
def clean_profanity
  if self.name.present?
    self.name = Obscenity.replacement("\u{1F642}").sanitize(self.name)
  end
end
Reporting Offensive Content

Reporting Offensive Content

Reporting/Banning Levels

We allow players to report levels if they feel offended. When a level has been reported enough times, it’ll automatically get banned, meaning it’ll no longer get picked by the level picking algorithm. It’s a simple system that keeps the worst content out.

Security

DDOS/Anti-Hack

rack-attack is a simple gem to add to your app server that will immediately provide value. It makes it easy to whitelist or blacklist ip addresses and routes. You can also rate-limit ip addresses to protect yourself from getting DDOS’d. We use rack-attack primarily to rate-limit certain api routes that can spawn heavy tasks.

Invalid Purchases

We have certain purchases that can generate heavy tasks due to purchase redemption logic. For example, our 100 Items Pack purchase has to find 100 unclaimed packs, tie them to the user claiming them, update the user’s available items, and render the contents of the pack. It’s not a terribly heavy process, but when enough people are claiming them at the same time (via cracked/hacked purchases), the server begins to get busy, which slows down response times for everyone else. We’ve only seen about 160 users in the first month who have illegitimately bought our IAP, but a few of them have bought over 50 of the most valuable items. Our process is simple. If players make invalid purchases, they will be banned from using our api, meaning no online content for them.

Feel free to comment or get in touch if you’d like to know more about what we’re doing here at RareSloth.

Leave a Reply

Your email address will not be published.