JBaptiste

To wrap up my part here; I had to wait a week before being allowed to join the leagues again, but since today I am back. Relegated twice.

I appear to be allowed to log in again as well. It is a pleasant surprise to be cleared. I do not seem to be able to participate in the league anymore, but I will give it a day or two before testing my luck by opening a support ticket.

I'm on Nutaku (nutaku-id:"8333639", username:"jeanbaptiste", Harem Heroes-id:"836721") for HaH, CxH (banned) & PSH (inactive). I'm not sure if I can find the ComixHarem-id while banned. I guess nutaku-id will have to do. I appreciate you "fighting" for us, so don't take this the wrong way, I do however understand why devs would want to limit the amount of information about the implemented security mechanism triggers and anomaly detection thresholds. It is a bit of a double-edged sword to inform. I don't think it is in players interest to help cheaters understand detection. I certainly wouldn't mind helping reducing false-positive detections though.

Damn. I share your frustration - literally as well as figuratively. I am still on the fence if I want to continue HaH, when random expulsions like this are possible. Was there anything in my description of my setup that overlapped yours? I wonder if I should drop a warning to other people in the userscript-threads about this. I thought half the forum was using one of the tolerated (maybe not tolerated?) userscripts. All the screenshots I see on this forum seem to have one or the other userscript feature, so I thought userscripts were common. Are you on HH++ BDSM version as well?

Nutaku support reached out to me to respond to my support ticket today. To my surprise, I appear to share fate with @alander, as I have apparently triggered an anticheat measure for unauthorized software use. This trigger results in a permanent ban from Comix Harem. For some reason, other kinkoid games do not share the same anticheat system, nor does a cheater-ban result in being banned from other Kinkoid or Nutaku games. There is a policy of not discussing cheat detection mechanisms - and I understand the policy, however frustrating it is for me right now. I have no idea what triggered this verdict as I don't recall having changed the way I play CxH. I don't play CxH any different than I play HaH. But "everyone in prison is innocent" I guess. I have bold'ed my prime "suspects". Now it probably doesn't look good that I tried so hard to understand why my CxH login was failing. I will leave it up the mods to assess if my troubleshooting details should be removed in this new light. I don't really know how to help other players in this matter. Maybe I can share how I played before being banned and maybe that can help others avoid my fate in CxH. Maybe it will even help tune anticheat? I have been playing HaH since 2017. I have been playing CxH since the day it was opened to the public (oh how I enjoyed the low player ID tiebreaker advantage in daily contests). In terms of anomaly detection, the day my account was locked (thursday 22/6), was the final day of a league week, where I for the first time in my CxH career, decided to use koban to use all league-challenges to fight for 1st spot in league.. only in dicktator 1, mind you. But I doubt there is a cheatdetection triggering on players using koban. Hell, I even reported abusable bugs. You can probably find me reporting an abusable bug on the test server on this forum. Another "gray-zone" (?) technique on my part is - not waiting for the website to respond when navigating. When battling bosses for mythic girl shards, I use a cycle of "initiate combat", "click return on browser" , without waiting for the rewards to load, in order to speed up boss battles. Maybe I am quick enough to be flagged as software assisted? But the anticheat verdict said "unauthorized software", so I guess it must have been something else. My setup: 2 devices; 1) A regular computer (linux) running the Chromium webbrowser (v113). The browser and browser profile is dedicated to adult games - in my case Nutaku-games & Kinkoid-games-related discord & this forum & the harem-battle wiki webpage. The browser is set to open five tabs every browsing session startup; HaH,CxH,test-Hentaiheroes (not nutaku) and Fake Lay & a tab for discord. I use four browserplugins - three security-plugins (EFF privacy badger, uBlock origin, uMatrix) and Violentmonkey. The latter is used to run a userscript that I found on this forum (probably through https://forum.kinkoid.com/index.php?/topic/22072-community-scripts/page/6/#comment-287875); "Hentai Heroes++ BDSM version". The userscript is enabled for HaH,CxH and test-hentaiheroes and is currently version 1.36.5 for me. The security-plugins filters block (some of) the trackers from Google, the atsptp, trafficjunky and Bebi/adtng advertising/tracking network. To the best of my knowledge, this was one of the userscripts tolerated by devs. 2) An android mobile device running the Harem Heroes app, downloaded from the Harem Heroes page on Nutaku. I don't have the Comix Harem app. On my mobile device, I would start the HaH application and do my HaH stuff, then use the kinkoid-link within the app to navigate to Comix Harem (still in the Harem Heroes app). The mobile device is configured to route all network traffic through my home network using VPN - not for anonymity, but in order to protect my mobile phone with the security measure on my home network as well as reducing browsing data leaking. Known malicious,advertising and tracking sites may additionally be dns-sinkholed on my home network. So, to wrap up - I hope someone can use my debriefing for something useful. So long and thanks for all the fish. Not sure I want to continue HaH at this point, despite the great clubmates I have. I am not too bitter, I got some serious "mileage" out of the Kinkoid games. One of the best value-for-money games I have ever had, if I look at the money I spent versus the number of hours I spent there. Considering I make a living off of fraud detection in a different industry, I also appreciate the irony of being knocked out by (what I consider) a fraud detection false positive.

My troubleshooting results were largely fruitless: 2) temporarily removed VPN tunnelling from my mobile device, so my network traffic came straight from device still, then opening Harem Heroes app and navigating to Comix Heroes produced the same app behaviour. I will rule out network source as being a factor. 1) Set up a VM, downloaded an ancient Chromium browser to try and disable same-origin policy protections but failed to produce a scenario where the browser did not warn about samesite origin policy rejected cookies. I still consider the request to https://nutaku.comixharem.com/integrations/?action=startGame&sess=xxx pivotal. I really don't know why the server responds with http redirection and set-cookies headers that delete what I presume is a session cookie.

Thanks. I'm not sure if it qualifies as reporting to Kinkoid, but I opened a support request ticket through Nutakus support system late thursday night (CEST).

Thank you for the input @Master-17, it is appreciated. I'm not a webdeveloper, so take my interpretation with a solid grain of salt. If I understand it correctly, the suggestions on that link relate to server-side modifications to avoid a security policy from triggering in browsers. Only the Kinkoid/Nutaku devs can modify server-side, in my world. I will however try and disable this security policy on the clientside, ie. in my browser, just to see if that changes anything. The policy seems to have been made difficult to disable in newer browsers, so I am looking at getting an older chrome browser installed, just so I can disable same-origin policy and see what happens. (I don't recommend this for anything but testing, as disabling security elements is unwise in general.) Unfortunately from a troubleshooting perspective, it is not a good hypothesis to be testing as the root cause, as only a miniscule number of users appear to hit this issue. If our issues had been a misconfigured set-origin cookie policy or webservice misconfiguration with the redirects, I would expect most users to be suffering unless it was limited to a specific host in a cluster setup or something like that. I am guessing one of the serverside headers indicate which loadbalancing clusternode is being hit though, and I seem to hit different nodes. The hypothesis that my browser configuration with selective loading of scripts is the cause for my login issues was tested by using a "vanilla" unrestricted Google Chrome instance. This also lead to the same error state, so I have discarded that hypothesis for now. I am struggling to build hypotheses on possible causes that would impact a very small subset of users. Right now - however oddly flattering and infuriating - looking at what happened to @Alander, makes triggering an anticheat detection threshold in CxH a valid hypothesis. I just don't know how to test it. One could create a new Nutaku-account, like somebody did in the 2022 post, to see if they could log into CxH then, with the same client side setup - but ironically that could be cheating, as multiaccounting is not allowed in Nutakus terms of service, if I recall correctly. What about the hypothesis: a ressource-protection mechanism threshold was triggered, flagging my network ressource as "bad"? I would expect network protection to drop or sinkhole connections from a network source considered bad. I guess I could try and test if logging in from a different network would change anything. Again, somewhat ironically, I have been initiating unusually many site reloads lately , to try and understand the network requests and may trigger poor thresholds by now. 😄 I am currently imagining two devops techies sitting in a poorly airconditioned office cellar floor, going "look, some dimwit is trying to reload the main page fifty times the last four hours. that has got to be the weakest DOS attack this month". 😉 So - my troubleshooting plan; 0) ask publicly if someone comfortable with browser devtools, where their CxH still works, could check their own network traffic, to see if my network request pattern of seeing some redirections, is an anomaly exclusive to me. 1) get an old chrome and test with disabled same-origin policy protection. 2) temporarily remove my mobile phones permanent vpn, so my mobile device comes from a new network source.

I understand that using a forum as a bugtracking system is not optimal - but why stop at merging a 4 week old post, when there are additional, older posts with equally similar forum posts? eg. 1/9-2022 https://forum.kinkoid.com/index.php?/topic/23970-on-nutaku-the-сomixharem-stopped-loading-in-any-browsers-available-to-me/ I can't make up my mind if it is disheartening with the older outcomes and wild troubleshooting approaches - or encouraging that, whatever my issue is, may not be isolated to my account. I must say I hope we find the root cause of this error - imagine being able to exonerate @Alander At least I can appreciate the new-ish club co-leader functionality being put in place so the club leadership should survive with no hassle.

I have no idea how website development works, but the request structure when comparing HaH (works here) to CxH (does not work here) differs. The request https://nutaku.haremheroes.com/integrations/?action=startGame&sess=xxx is responded with http status code 200 in HaH , but 302 (temporary redirect) in CxH, with the redirection pointing to nutaku.comixharem.com/home.html. This request gets a response with a 301 (permanent redirect), redirection pointing back to https://www.nutaku.net/games/comix-harem/play/. The HH_SESS_13 (session?) cookie seems to get dropped/regenerated at the redirection with the request for https://nutaku.comixharem.com/home.html The first play/-request includes cookies in request-headers. The second play/-request does not include "cookie" in request-headers. The browser rejects most cookies being set, including XSRF-token, the second time the play/ URI is requested (after the redirections). The cookie rejection message is "This attempt to set a cookie via a set-cookie header was blocked because it had the 'SameSite=Lax' attribute but came from a cross-site response which was not the response to a top-level navigation". I can reproduce the CxH login issue in a separate, "clean" browser environment with no browser-extensions, that has never been used for Nutaku. The "clean" run exhibits the same peculiar redirections and cookie-rejection mentioned above. *waves to Master-17, who seems to be hitting the same issue as I, judging by the thread mentioned in original post*

As of this evening, I can no longer load Comix Harem. Entering https://www.nutaku.net/games/comix-harem/play/ in my browser loads the Nutaku frame, but results in the inner frame throwing the error message "www.nutaku.net refused to connect." First instance of anomaly was around 22 CEST. Last successful login was around 11am CEST earlier today, the 22/6. Loading the page while in devtool mode produces a warning "refused to display 'https://www.nutaku.net/' in a frame because it set 'X-Frame-Options' to 'sameorigin'." I also play Harem Heroes and Pornstar Harem on the Nutaku platform. The anomaly could have been present in HaH or PSH, but is not. Those two games do not display the devtools-error message related to X-Frame-Options. Comparing the requests between HaH, CxH and PSH - only CxH mentions an "initiator" on another domain (nutaku.comixharem.com/home.html - redirect) to the "play/" URL (ie. https://www.nutaku.net/games/comix-harem/play/ for CxH). Comparing the "play/" URL again, the server response headers are similar between HaH and PSH - but dissimilar to CxH. CxH reponds with three additional set-cookie headers; LBSERVERID, Nutaku_gamePreferences and Nutaku_userLoggedIn. This anomaly may or may not be related to a similar bugreport by aboy80 in the same forum area, with similar errormessage and warning regarding same-origin directive (https://forum.kinkoid.com/index.php?/topic/30380-cant-play-comix-harem-in-nutaku/) Edit: I just recalled that I have the HaremHeroes android app and can usually move to ComixHarem from there. Trying that now, at 0040 CEST, allows me to load the HaremHeroes/Nutaku page - but following the link, from the app to CxH context, produces a black screen (with working Nutaku frame).

A tiny visual bug in test server (in the https://test.hentaiheroes.com/event.html?tab=dpg_event_5 element); "Double date" event overview page indicates that Equipment pachinko has a 2x droprate for shards/girls. To the best of my understanding QP will never drop shards or girls, I would not expect it displayed here. This also messes up the layout so the "current gains"-section is partially covered.

The test server appears to (also & still) be affected by the Fae event bug of continuously generating ladybug points several times per day.

Hey, sorry for not getting back to this thread. @drgdrrgf thanks for the input, you were onto something. If anybody should have similar trouble - the PoA event required the player to have reached world 3, quest 5 before being able to compete. A warning was being suppressed on the client-side (I limit thirdparty scripts, popups etc).

I am new to Hentai Heroes (but old Harem Heroes player). The PoA / Magical Guardians event is stalled for me since the beginning of the event , yesterday. The bottomright notification for "Magical Guardian"-event is displayed, but clicking it just causes the mainpage to refresh. Triggering the first task (assuming it is the same as in HaH) does not produce a "+1 daily" notification. The expected behaviour is "event details overview" to pop up. I have tried using other browsers (Firefox, Chrome, Chromium) and another computer (Linux, Windows), and all do not react as expected when interacting with the event-button. This is my first event of this type on HeH. Other events (LC, KC) worked as expected. Is there a playerlevel-requirement or worldstory-requirement or something to be able to participate in this event-type, or is it broken (for me)?