Jump to content

Can't play comix harem in nutaku


aboy80
 Share

Recommended Posts

I can't play comix harem in Nutaku. when click continue play button, the browser(chrome) shows "loading game" at first, after a while, this shows "www.nutaku.net refused to connect." in browser. It happens every day. I clean the browser cache; it still has the issue. Now I can't play it anymore.

image.thumb.png.4f7c489bf5c7154968252813dec2a5eb.png

Link to comment
Share on other sites

You can try with another browser, my suggestion would be firefox in PC and kiwi browser in android.

If you still want to use chrome try to disable all extensions and relax some security options in the configuration to see if they are the cause.

Link to comment
Share on other sites

On 5/22/2023 at 12:54 AM, jelom said:

You can try with another browser, my suggestion would be firefox in PC and kiwi browser in android.

If you still want to use chrome try to disable all extensions and relax some security options in the configuration to see if they are the cause.

I try use Microsoft Edge and Firefox in PC, also use Safari in IPad, it has the same issue. However, I create a new account to play it, it can play in new account, I believe it is a bug 

  • Surprised :O 1
Link to comment
Share on other sites

  • 4 weeks later...

Weird, I can't run CxH on Nutaku, it says: "The www.nutaku.net site does not allow connection."
All other KK games work without problems.

Spoiler

1.thumb.jpg.fa6fe76b37d27c139c0b9cd93f6a855c.jpg

P.S. I tried clearing the cache and using different computers, as well as running on an Android smartphone. Different locations have different internet providers. The situation is the same everywhere.

P.P.S. I read the topic above and came to the conclusion that I have exactly the same problem, because the error message in the console is exactly the same.

Edited by Master-17
P.P.S.
Link to comment
Share on other sites

As of this evening, I can no longer load Comix Harem. Entering https://www.nutaku.net/games/comix-harem/play/ in my browser loads the Nutaku frame, but results in the inner frame throwing the error message "www.nutaku.net refused to connect."

First instance of anomaly was around 22 CEST. Last successful login was around 11am CEST earlier today, the 22/6.

Loading the page while in devtool mode produces a warning "refused to display 'https://www.nutaku.net/' in a frame because it set 'X-Frame-Options' to 'sameorigin'."

I also play Harem Heroes and Pornstar Harem on the Nutaku platform. The anomaly could have been present in HaH or PSH, but is not. Those two games do not display the devtools-error message related to X-Frame-Options.

Comparing the requests between HaH, CxH and PSH - only CxH mentions an "initiator" on another domain (nutaku.comixharem.com/home.html - redirect) to the "play/" URL (ie. https://www.nutaku.net/games/comix-harem/play/ for CxH).

Comparing the "play/" URL again, the server response headers are similar between HaH and PSH - but dissimilar to CxH. CxH reponds with three additional set-cookie headers; LBSERVERID, Nutaku_gamePreferences and Nutaku_userLoggedIn.

 

This anomaly may or may not be related to a similar bugreport by aboy80 in the same forum area, with similar errormessage and warning regarding same-origin directive (https://forum.kinkoid.com/index.php?/topic/30380-cant-play-comix-harem-in-nutaku/)

 

Edit:

I just recalled that I have the HaremHeroes android app and can usually move to ComixHarem from there. Trying that now, at 0040 CEST, allows me to load the HaremHeroes/Nutaku page - but following the link, from the app to CxH context, produces a black screen (with working Nutaku frame).

Edited by JBaptiste
added test on android app
  • Like 1
Link to comment
Share on other sites

I have no idea how website development works, but the request structure when comparing HaH (works here) to CxH (does not work here) differs.

The request https://nutaku.haremheroes.com/integrations/?action=startGame&sess=xxx is responded with http status code 200 in HaH , but 302 (temporary redirect) in CxH, with the redirection pointing to nutaku.comixharem.com/home.html. This request gets a response with a 301 (permanent redirect), redirection pointing back to https://www.nutaku.net/games/comix-harem/play/.

The HH_SESS_13 (session?) cookie seems to get dropped/regenerated at the redirection with the request for https://nutaku.comixharem.com/home.html 

The first play/-request includes cookies in request-headers. The second play/-request does not include "cookie" in request-headers. The browser rejects most cookies being set, including XSRF-token, the second time the play/ URI is requested (after the redirections). The cookie rejection message is "This attempt to set a cookie via a set-cookie header was blocked because it had the 'SameSite=Lax' attribute but came from a cross-site response which was not the response to a top-level navigation".

I can reproduce the CxH login issue in a separate, "clean" browser environment with no browser-extensions, that has never been used for Nutaku. The "clean" run exhibits the same peculiar redirections and cookie-rejection mentioned above.

*waves to Master-17, who seems to be hitting the same issue as I, judging by the thread mentioned in original post*

  • Hug 1
Link to comment
Share on other sites

9 hours ago, Master-17 said:

In general, just below there is already a corresponding topic

there was no need to create a new one.

I understand that using a forum as a bugtracking system is not optimal - but why stop at merging a 4 week old post, when there are additional, older posts with equally similar forum posts? eg. 1/9-2022 https://forum.kinkoid.com/index.php?/topic/23970-on-nutaku-the-сomixharem-stopped-loading-in-any-browsers-available-to-me/

I can't make up my mind if it is disheartening with the older outcomes and wild troubleshooting approaches - or encouraging that, whatever my issue is, may not be isolated to my account. I must say I hope we find the root cause of this error - imagine being able to exonerate @Alander

At least I can appreciate the new-ish club co-leader functionality being put in place so the club leadership should survive with no hassle.

 

 

Link to comment
Share on other sites

22 hours ago, Master-17 said:

@JBaptiste, have you tried something from this topic https://ittutoria.net/fixing-refused-to-display-in-a-frame-because-it-set-x-frame-options-to-sameorigin-error/ ? I just don’t understand it too much, so I don’t understand what and where to enter.

Thank you for the input @Master-17, it is appreciated.

I'm not a webdeveloper, so take my interpretation with a solid grain of salt. If I understand it correctly, the suggestions on that link relate to server-side modifications to avoid a security policy from triggering in browsers. Only the Kinkoid/Nutaku devs can modify server-side, in my world.

I will however try and disable this security policy on the clientside, ie. in my browser, just to see if that changes anything. The policy seems to have been made difficult to disable in newer browsers, so I am looking at getting an older chrome browser installed, just so I can disable same-origin policy and see what happens. (I don't recommend this for anything but testing, as disabling security elements is unwise in general.)

Unfortunately from a troubleshooting perspective, it is not a good hypothesis to be testing as the root cause, as only a miniscule number of users appear to hit this issue. If our issues had been a misconfigured set-origin cookie policy or webservice misconfiguration with the redirects, I would expect most users to be suffering unless it was limited to a specific host in a cluster setup or something like that. I am guessing one of the serverside headers indicate which loadbalancing clusternode is being hit though, and I seem to hit different nodes.

The hypothesis that my browser configuration with selective loading of scripts is the cause for my login issues was tested by using a "vanilla" unrestricted Google Chrome instance. This also lead to the same error state, so I have discarded that hypothesis for now.

I am struggling to build hypotheses on possible causes that would impact a very small subset of users. Right now - however oddly flattering and infuriating - looking at what happened to @Alander, makes triggering an anticheat detection threshold in CxH a valid hypothesis. I just don't know how to test it. One could create a new Nutaku-account, like somebody did in the 2022 post, to see if they could log into CxH then, with the same client side setup - but ironically that could be cheating, as multiaccounting is not allowed in Nutakus terms of service, if I recall correctly.

What about the hypothesis: a ressource-protection mechanism threshold was triggered, flagging my network ressource as "bad"? I would expect network protection to drop or sinkhole connections from a network source considered bad. I guess I could try and test if logging in from a different network would change anything. Again, somewhat ironically, I have been initiating unusually many site reloads lately , to try and understand the network requests and may trigger poor thresholds by now. 😄 I am currently imagining two devops techies sitting in a poorly airconditioned office cellar floor, going "look, some dimwit is trying to reload the main page fifty times the last four hours. that has got to be the weakest DOS attack this month". 😉

 

So - my troubleshooting plan;

0) ask publicly if someone comfortable with browser devtools, where their CxH still works, could check their own network traffic, to see if my network request pattern of seeing some redirections, is an anomaly exclusive to me.

1) get an old chrome and test with disabled same-origin policy protection.

2) temporarily remove my mobile phones permanent vpn, so my mobile device comes from a new network source.

Link to comment
Share on other sites

1 minute ago, DvDivXXX said:

Seems pretty annoying, sorry for you guys.

I'm not sure if this has been reported to Kinkoid yet or not (I've just took a few days off the forum). It seems to be a Nutaku problem, but @Tohru - Kinkoid just in case.

Thanks. :) I'm not sure if it qualifies as reporting to Kinkoid, but I opened a support request ticket through Nutakus support system late thursday night (CEST).

  • Thanks 2
Link to comment
Share on other sites

My troubleshooting results were largely fruitless:

2) temporarily removed VPN tunnelling from my mobile device, so my network traffic came straight from device still, then opening Harem Heroes app and navigating to Comix Heroes produced the same app behaviour. I will rule out network source as being a factor.

1) Set up a VM, downloaded an ancient Chromium browser to try and disable same-origin policy protections but failed to produce a scenario where the browser did not warn about samesite origin policy rejected cookies. I still consider the request to https://nutaku.comixharem.com/integrations/?action=startGame&sess=xxx pivotal. I really don't know why the server responds with http redirection and set-cookies headers that delete what I presume is a session cookie.

  • Like 1
Link to comment
Share on other sites

Nutaku support reached out to me to respond to my support ticket today. To my surprise, I appear to share fate with @alander, as I have apparently triggered an anticheat measure for unauthorized software use. This trigger results in a permanent ban from Comix Harem. For some reason, other kinkoid games do not share the same anticheat system, nor does a cheater-ban result in being banned from other Kinkoid or Nutaku games. There is a policy of not discussing cheat detection mechanisms - and I understand the policy, however frustrating it is for me right now. 

I have no idea what triggered this verdict as I don't recall having changed the way I play CxH. I don't play CxH any different than I play HaH. But "everyone in prison is innocent" I guess. I have bold'ed my prime "suspects". Now it probably doesn't look good that I tried so hard to understand why my CxH login was failing. 9_9 I will leave it up the mods to assess if my troubleshooting details should be removed in this new light.

I don't really know how to help other players in this matter. Maybe I can share how I played before being banned and maybe that can help others avoid my fate in CxH. Maybe it will even help tune anticheat?

I have been playing HaH since 2017. I have been playing CxH since the day it was opened to the public (oh how I enjoyed the low player ID tiebreaker advantage in daily contests).

In terms of anomaly detection, the day my account was locked (thursday 22/6), was the final day of a league week, where I for the first time in my CxH career, decided to use koban to use all league-challenges to fight for 1st spot in league.. only in dicktator 1, mind you. But I doubt there is a cheatdetection triggering on players using koban. Hell, I even reported abusable bugs. You can probably find me reporting an abusable bug on the test server on this forum.

Another "gray-zone" (?) technique on my part is - not waiting for the website to respond when navigating. When battling bosses for mythic girl shards, I use a cycle of "initiate combat", "click return on browser" , without waiting for the rewards to load, in order to speed up boss battles. Maybe I am quick enough to be flagged as software assisted?

But the anticheat verdict said "unauthorized software", so I guess it must have been something else.

My setup: 2 devices;

1) A regular computer (linux) running the Chromium webbrowser (v113). The browser and browser profile is dedicated to adult games - in my case Nutaku-games & Kinkoid-games-related discord & this forum & the harem-battle wiki webpage. The browser is set to open five tabs every browsing session startup; HaH,CxH,test-Hentaiheroes (not nutaku) and Fake Lay & a tab for discord. I use four browserplugins - three security-plugins (EFF privacy badger, uBlock origin, uMatrix) and Violentmonkey. The latter is used to run a userscript that I found on this forum (probably through https://forum.kinkoid.com/index.php?/topic/22072-community-scripts/page/6/#comment-287875); "Hentai Heroes++ BDSM version". The userscript is enabled for HaH,CxH and test-hentaiheroes and is currently version 1.36.5 for me. The security-plugins filters block (some of) the trackers from Google, the atsptp, trafficjunky and Bebi/adtng advertising/tracking network. To the best of my knowledge, this was one of the userscripts tolerated by devs.

2) An android mobile device running the Harem Heroes app, downloaded from the Harem Heroes page on Nutaku. I don't have the Comix Harem app. On my mobile device, I would start the HaH application and do my HaH stuff, then use the kinkoid-link within the app to navigate to Comix Harem (still in the Harem Heroes app). The mobile device is configured to route all network traffic through my home network using VPN - not for anonymity, but in order to protect my mobile phone with the security measure on my home network as well as reducing browsing data leaking.

Known malicious,advertising and tracking sites may additionally be dns-sinkholed on my home network.

So, to wrap up - I hope someone can use my debriefing for something useful. So long and thanks for all the fish. Not sure I want to continue HaH at this point, despite the great clubmates I have. I am not too bitter, I got some serious "mileage" out of the Kinkoid games. One of the best value-for-money games I have ever had, if I look at the money I spent versus the number of hours I spent there. :) Considering I make a living off of fraud detection in a different industry, I also appreciate the irony of being knocked out by (what I consider) a fraud detection false positive. :D

  • Like 1
  • Hug 1
Link to comment
Share on other sites

On 6/26/2023 at 7:31 PM, JBaptiste said:

To my surprise, I appear to share fate with @alander, as I have apparently triggered an anticheat measure for unauthorized software use. This trigger results in a permanent ban from Comix Harem.

OK. I'll try to contact support by myself. Maybe it's same problem. I've described my work with the game so maybe it'll help to solve it.

---

For some reason, I did not receive a notification about the answer, so I saw the message only now, when I manually checked the chat. As expected, their anti-cheat system, assembled on the knee by some loser, saw some unauthorized software. Of course, they don’t write what kind of software, because they probably don’t know. Naturally, they are not going to discuss this topic further, because they have no evidence and any discussion in the future would 100% lead to the fact that they would have to admit their mistake and apologize, and of course they don’t want to do this, because it's a reputational loss. Not scary. Of course it's a shame for the wasted time, but I didn't really like CxH. I returned to its passage only after the appearance of a daily cross-promo from other games. It was only necessary to go through the story to the end - and bam, a permanent ban

Spoiler

1.thumb.jpg.ec8a04800f1cb0da1c12302834f10588.jpg

 

Edited by Master-17
Answer of the support
  • Like 2
Link to comment
Share on other sites

On 6/26/2023 at 9:11 PM, Master-17 said:

OK. I'll try to contact support by myself. Maybe it's same problem. I've described my work with the game so maybe it'll help to solve it.

---

For some reason, I did not receive a notification about the answer, so I saw the message only now, when I manually checked the chat. As expected, their anti-cheat system, assembled on the knee by some loser, saw some unauthorized software. Of course, they don’t write what kind of software, because they probably don’t know. Naturally, they are not going to discuss this topic further, because they have no evidence and any discussion in the future would 100% lead to the fact that they would have to admit their mistake and apologize, and of course they don’t want to do this, because it's a reputational loss. Not scary. Of course it's a shame for the wasted time, but I didn't really like CxH. I returned to its passage only after the appearance of a daily cross-promo from other games. It was only necessary to go through the story to the end - and bam, a permanent ban

  Reveal hidden contents

1.thumb.jpg.ec8a04800f1cb0da1c12302834f10588.jpg

 

Damn. I share your frustration - literally as well as figuratively. I am still on the fence if I want to continue HaH, when random expulsions like this are possible.

Was there anything in my description of my setup that overlapped yours?

I wonder if I should drop a warning to other people in the userscript-threads about this. I thought half the forum was using one of the tolerated (maybe not tolerated?) userscripts. All the screenshots I see on this forum seem to have one or the other userscript feature, so I thought userscripts were common. Are you on HH++ BDSM version as well?

  • Hug 2
Link to comment
Share on other sites

  • Moderator

HH++ is in very widespread use, and both versions (Tom's OCD and Zoo's BDSM) are completely allowed and often checked by Kinkoid staff. It's 100% not what the anti-cheat system detected in any of the recent false positive cases, otherwise 90% of the forum would have had their gaming accounts banned as well.

Having said that, there IS and issue with this anti-cheat automatic permanent ban system, especially combined with the also automatic message that "this is final and you get no chance to appeal". From a technical standpoint, as we've seen quite a lot of credible cases lately of people getting banned for "cheating" and/or "using forbidden third-party tools" who not only weren't doing what the automatic thingy detected, but can't even guess what might have triggered such a detection. Also, for me, it's problematic from a customer service standpoint and just moral standpoint, as you should definitely not get permanently fucked without possibility of parole just because an undisclosed automatic tool sniffed the wrong smell on you. Capable humans should verify the claim and make an educated and reasonable decision.

Guys, could you please each give me your User ID and/or exact nickname along with the game and platform (eg Nutaku for M-17, dot com for JB if IIRC) for your respective banned accounts, so I can bring them to Kinkoid's attention directly? Ideally, give me as concise and precise a one-liner as possible, so I can copy-paste that and they can directly for sure know which exact account to review. Thanks.

  • Thanks 1
Link to comment
Share on other sites

18 hours ago, DvDivXXX said:

Guys, could you please each give me your User ID and/or exact nickname along with the game and platform (eg Nutaku for M-17, dot com for JB if IIRC) for your respective banned accounts

Nutaku ID 6522830, can't get CxH ID for now because ban ;) Nickname DarkAngel

Edited by Master-17
Nick
  • Like 1
Link to comment
Share on other sites

I'm on Nutaku (nutaku-id:"8333639", username:"jeanbaptiste", Harem Heroes-id:"836721") for HaH, CxH (banned) & PSH (inactive).

I'm not sure if I can find the ComixHarem-id while banned. I guess nutaku-id will have to do.

I appreciate you "fighting" for us, so don't take this the wrong way, I do however understand why devs would want to limit the amount of information about the implemented security mechanism triggers and anomaly detection thresholds. It is a bit of a double-edged sword to inform. I don't think it is in players interest to help cheaters understand detection. I certainly wouldn't mind helping reducing false-positive detections though. :)

  • Like 1
Link to comment
Share on other sites

  • Moderator

Okay, thank you guys. Note that Kinkoid staff don't work on weekends, so don't expect a response before Monday at the earliest, but I'll bring up your cases today.

2 hours ago, JBaptiste said:

I appreciate you "fighting" for us, so don't take this the wrong way, I do however understand why devs would want to limit the amount of information about the implemented security mechanism triggers and anomaly detection thresholds. It is a bit of a double-edged sword to inform. I don't think it is in players interest to help cheaters understand detection. I certainly wouldn't mind helping reducing false-positive detections though.

100% agreed. Of course the more info is out there about what can or cannot be detected, the easier it'll be for actual cheaters to bypass the system. My issue is more with the combo of the tool giving false positives a bit too often lately, Kinkoid seemingly not verifying the results manually (at least in a way that would allow them to undo false positive bans proactively), AND the message all perma-banned players get (including false positives) that it's forever and they shouldn't even try to ask for their case to be reviewed. This seems like a recipe for randomly pushing away perfectly good players regularly because of a system's imperfections.

  • Like 3
Link to comment
Share on other sites

  • 2 weeks later...

Oh, I got unbanned. Cool! Time to turn the cheats on to the maximum! (Joke)

Spoiler

1.thumb.jpg.4c790a39b9600ab26d66051c919a4258.jpg

True, I would still like to know more about the reasons for the ban, as well as how to avoid such a problem in the future?

And I would also like to clarify - will there be any compensation for the resources and rewards lost due to this unfair ban? After all, the rewards of the Season were missed, several activities and so on.

Edited by Master-17
Compensation?
  • Like 1
  • Hearts 1
Link to comment
Share on other sites

  • Moderator

Tech is still working on ironing out the stuff that went wrong with the anti-cheat auto-detection thingy to avoid this in the future. It's also still in progress and most but not all accounts who were banned due to a false positive recently have been unbanned yet.

  • Like 1
Link to comment
Share on other sites

I appear to be allowed to log in again as well. It is a pleasant surprise to be cleared. I do not seem to be able to participate in the league anymore, but I will give it a day or two before testing my luck by opening a support ticket. :)

  • Like 1
  • Hearts 1
Link to comment
Share on other sites

  • Moderator

Glad to hear you've been unbanned too.

About the leagues, I don't remember the exact criteria but I know some things depend on whether you logged in during the week or days before the last league reset. Since you were banned for over a week, you might need to wait a day or two to join the current one. I'm afraid you're also going to be demoted, hopefully just one division lower than where you were at before the ban, but after a certain duration of inactivity you start over from W1.

  • Like 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...