In response to A.T.H.K
It depends, really. You can have it delete the host files from their pc, globally ban them from hosting via it, etc. This is something you'd want to build onto, and at the root it wouldn't solve all of the issue of host files spreading, but it's a nice aide in case the situation arises.

In my particular case, with how my game functions, this remote is just as much a deterrent as it is a stopper. The damage it can do to the server is enough to make the host give up, as they'll lose all their progress.
In response to Kitsueki
True, but why not just stop the host from the start not allowing them to host at all? .. see my previous code.
In response to A.T.H.K
That's the better way, my way is just the 'lazy' way :P
In response to A.T.H.K
A.T.H.K wrote:
> world
> New()
> ..()
> spawn(10)
> // For some reason world.internet_address isn't set straight away
> // I assume it does a call to BYOND first to retrieve it correctly
> // http://www.byond.com/forum/?post=156792
>
> // Attempt to download the list if it is not accessible shutdown()
> var/theList[] = world.Export("http://byondpanel.com/thelist.txt")
> if(!theList)
> world.log << "Failed to connect to master list."
> shutdown()
>
> world.log << "Connected to master list"
>
> // Grab the content of the downloaded file
> var/AcceptedIPsAndKeys = file2text(theList["CONTENT"])
>
> world.log << "Checking IP and Key now"
>
> // Attempt to find world.host (host Key) in the list
> // If key is not in the list or isn't available check IP
> // if final IP check fails shutdown() world
> if(!findtextEx(AcceptedIPsAndKeys,world.host))
> world.log << "Failed to verify your key against the master list [world.host]"
> if(world.internet_address)
> if(!findtextEx(AcceptedIPsAndKeys,world.internet_address))
> world.log << "Failed to verify your IP against the master list [world.internet_address]"
> world.log << "Game now shutting down as you are not a verified host please visit http://foo.bar to register!"
> shutdown()
> else
> world.log << "IP has been verified, have fun hosting!"
> else
> world.log << "Seems your internet address is null bye bye"
> shutdown()
> else
> world.log << "Key has been verified, have fun hosting!"
>

Pretty much have a list of accepted or verified hosts via IP or Key anyone else and the world gets shutdown.

List file is here - http://byondpanel.com/thelist.txt

Works amazing thank you :).
In response to A.T.H.K
A.T.H.K wrote:
True, but why not just stop the host from the start not allowing them to host at all? .. see my previous code.

It's still easy to bypass. I look at the traffic from dream daemon and see it's hitting this site. I can then look at the file and copy it, adding my key to the bottom. Putting up a webserver, changing the hosts file and coping the file into that location is about five minutes tops.

The method I've thought about is using a salted MD5 hash of the current 5 minute timeframe. (i.e. right now 083020132255) and have that dynamically generated on the page. Changing the hash would be the 'license' in this case.
I like the code by ATHK and some of the ideas in the thread but at the same time they still have the core issue.

Alternatively; You can just not give out host files and host the game yourself.

I understand the status quo on Byond is that you make games and then have someone else with a better connection host it; but a VPS these days is relatively cheap, especially if you're able to secure a nice promotional deal.

I recently got two VPS 1 year deals for $25 a piece with 2GB of ram and gigabit backbone. Partial share of four CPU cores but I've had no issues whatsoever resource wise and I've been running several Byond games alongside a populated Minecraft server on each. I still have a lot of capacity to go too.

If you're running a persistent game, like say Nestalgia / some of the other RPGs then this is probably one of the better bets.
I know Darker Emerald does stuff like this. It has its benefits but there is a simple solution hos the game yourself and not share your stuff. But this could be handy when you hard code someone not being able to come on the game or getting rid of an moderator and such.
General rule of thumb with this stuff: if you're running code on your machine, then you have complete control over it. It just becomes an arms race as to how the developer obfuscate the code versus how someone will find away around it.

Doesn't mean that it's not worthwhile to develop these kinds of tools, but in the end, if you're trying to prevent someone from running software that's running on their computer, then they can just modify the software. Something important to note when you're thinking about security.

Nice Tutorial :) helped me understand more and now i know that you could make a Admin system with a website and a notepad :)
I had something similar to this that I made 3 years ago. What it would do is check a website for a value of 0 or 1. If it wasn't available, it would automatically shut down the game. If it was 0, the game was in the clear. If it was 1, it checks another file to see if it's 0 or 1. If that file was 0, it would check to see if the game's IP was on the ban list. If that file was 1 instead, it would check if the game was on the allowed list.

The ban list was for individually banning games. In the event that the games ever got out of hand and people couldn't be trusted, it would immediately terminate all games if they were not in the allowed hosts list. And if even more problems occurred, it would just delete the game itself.

But I doubt it would have gotten to that point unless someone found a way to prevent the game from shutting down when it couldn't access the web server. Which, once again, is very unlikely.
I find this topic quite interesting, I might write up a snippet of how I would go against this problem.

Why not have an .ini file attached to the .DMB with a Hashed string, that is passed out to a php script, then decrypted, and check if there is an existing one over a MySQL database, and in case it exists, havee the php script make a topic call allowing the world no keep running.

Just wondering.
You can easily bypass my solution if you're that desperate by editing the packets, realistically you would encrypt the data going to the server and decrypt on the server. This would also bypass the user setting up their own web server and pointing all traffic from localhost to it.


The only full proof way is to program in the hosts key or IP depending on which way you want to go, but this means each new host you'll have to compile for each new host...
I use that kind of system. I dont mind at all for the extra work.
I know this is a bit of a bump, but I must point out. Deleting something off of someone else's computer via a remote access protocol of some format is technically considered hacking if there is no legal consent or court order, and you can be punished for it by law. Just a word to the wise.
I didn't really read much about all the other possibilities the others suggested but in what I posted, there is nothing that reads or touch a file on the player's PC.
I would still like to see some alternatives to this or additions to the supplied code.

I want to see what ya'll can do! I like the idea @Pirion came up with and it's pretty simple to do but yet so effective or instead of dynamically changing the MD5 hash just use an extremely long hash

[hash1234characters]md5(key_or_IP)[hash1234characters]

I suppose that'll still be quite easy to crack.

Was thinking of storing a SALT in a database and a assigning it to the key, this way it'll all be done server > server instead of the client seeing any characters from the SALT.
The first one can be used to let hosters know to update their server.
These are the only ways?
I personally don't see the harm in allowing people to have private servers. Preventing them is rather simple, in that you don't release host files. You could always make two dmbs, one to initiate the second, so the second is useless without the first, sending a command to the server on startup, preventing direct hosts. Then verify that the host is trusted by an encoded world.Export/world.Topic that returns false if the proper encoded message isn't received. Over complicated, but I am sure effective. That, or I need sleep.
In response to NNAAAAHH
NNAAAAHH wrote:
I personally don't see the harm in allowing people to have private servers. Preventing them is rather simple, in that you don't release host files. You could always make two dmbs, one to initiate the second, so the second is useless without the first, sending a command to the server on startup, preventing direct hosts. Then verify that the host is trusted by an encoded world.Export/world.Topic that returns false if the proper encoded message isn't received. Over complicated, but I am sure effective. That, or I need sleep.

You need sleep.
Page: 1 2 3 4