ID:1724781
 
Keywords: banning, sticky
Someone recently asked me about sticky banning. I gave a detailed response on how to go about it and catch people in their tracks. This is the explanation I gave. If anyone would like to generate a snippet for this, feel free. It'll help those who come across it. The logic is there. All that is needed is for it to be converted in to code.




A way to go about making a ban system like this is to do the following in theory:

By banning a user, their CID is added to a list. The reason the CID is added first is because CIDs are the hardest to change so it'd be more efficient to check for the CID first. The CID (first layer) in this list should be able to contain another list (second layer). In the second layer should be the IP and Key of the individual. IPs are a little easier to change than CIDs. Keys are the easiest to change.

When a user logs in, first loop through all the items in the ban list.

BAN LIST --
CID:3135283495
IP: 192.168.1.1
KEY: ExampleUser

CID:3135283496
IP: 192.168.1.2
KEY: ExampleUser2

The user who logs in has a CID that matches the CID of the first CID in the ban list. However, their KEY is different but their IP is not. So, what you want to do is add their KEY to the list.

The second user who logs in does not match the first CID. So, you check to see if all the IPs and Keys within that list match any of the data that is on the second user. None of them match. So, move on to the second CID in the list.

In this second CID list, the CID does not match. However, the IP does and the KEY doesn't. So, add the CID to this CID list and add the KEY to this list as well. As a result, the next time they log on another account or computer, it will, hopefully, catch them in their tracks.

The downside to this method is that if they change their CID, IP, and Key, then there is no way to check if they are suppose to be sticky banned. But, that just means they have a whole new identity altogether. There is absolutely no way to truly check beyond that point. Just ban them again and hope for the best.
Question- why not use DD's host ban's sticky ban? It has a lot more data to work with than a single game, and they're pretty easy to use.
In response to Audeuro
Audeuro wrote:
Question- why not use DD's host ban's sticky ban? It has a lot more data to work with than a single game, and they're pretty easy to use.

For games that don't have trusted mode enabled or access to the config files.
All security modes can facilitate DD bans, you just can't access them in-game without trusted access.
In response to Nadrew
Nadrew wrote:
All security modes can facilitate DD bans, you just can't access them in-game without trusted access.

That's what I mean. You can't edit DD bans through the code without trusted. If my users could, I would just rage quit due to the security issues. People would be global banning left and right. This was written for a client of mine who wanted someone sticky banned. I just felt like I put a lot of detail in to the explanation that it deserved a public post for those who just can't come up with an efficient logic. Hopefully this is of use.

To clarify, I was requested to ban someone from all servers using the Linux method by inputting the users in the ban text file. This would ban the person not on just one game but 25 others. That level of severity is only reserved for serious offenses that cause a threat to a person's life (i.e. Murder, pedophilia, etc.).

Now, I have noticed a cfg folder inside some games sometimes. It pops up randomly. Might be for admins.txt, I can't remember... I've been out of BYONDs insides too long too remember. I also know of SetConfig(). Put two and two together and my guess is you can rid my tutorial post and pretty much utilize that cfg folder somehow. Perhaps writing to bans.txt in that local cfg folder or using SetConfig()?
Safe mode games can actually access the GAME namespace in GetConfig() and SetConfig(), giving them access to the ban system without giving them access to the global APP namespace.
In response to Xirre
Xirre wrote:
To clarify, I was requested to ban someone from all servers using the Linux method by inputting the users in the ban text file. This would ban the person not on just one game but 25 others. That level of severity is only reserved for serious offenses that cause a threat to a person's life (i.e. Murder, pedophilia, etc.).

Now, I have noticed a cfg folder inside some games sometimes. It pops up randomly. Might be for admins.txt, I can't remember... I've been out of BYONDs insides too long too remember. I also know of SetConfig(). Put two and two together and my guess is you can rid my tutorial post and pretty much utilize that cfg folder somehow. Perhaps writing to bans.txt in that local cfg folder or using SetConfig()?

The cfg/ in the application folder equates to the APP/ namespace in GetConfig(). HOME and APP are both usable, even in safe mode, where as USER and SYSTEM are not.
Wow. I must have missed this. So, questions:

Can you add to the HOME space with set config if you are in safe mode or do you have to edit it by .txt?

If a game is hosted at root/Hosting/Control and is a controller that is in trusted mode and then that game uses shell() to start up other games in safe mode and these other games are in root/Hosting/Control/servers/ckey_here/games...

A) Would setting config settings in the Control folder effect just Control or all games it hosts as well?

B) Would setting config settings in ckey_here (the folder that contains other folders of games) effect the user's games or do nothing?

C) Would setting config settings in a game's home environment be possible if they are in safemode?

D) If a user is added to the ban list, what happens? Are they removed instantly? Does someone have to log in to initiate the ban reading? Does someone have to log out? Does the banned person have to relog or be kicked?

If all of these have some pretty sweet answers, hell... I'll make good use of this! I'll probably include a tutorial on it as well and a easy to use library. So beneficial...
In response to Xirre
Xirre wrote:
Can you add to the HOME space with set config if you are in safe mode or do you have to edit it by .txt?

Yes- HOME and APP are available for SetConfig() in safe mode.

If a game is hosted at root/Hosting/Control and is a controller that is in trusted mode and then that game uses shell() to start up other games in safe mode and these other games are in root/Hosting/Control/servers/ckey_here/games...

A) Would setting config settings in the Control folder effect just Control or all games it hosts as well?

It would effect just control. For it to affect ALL games that it hosts, you'll either want to use ~/.byond/cfg/*.txt OR use world.SetConfig() w/ the USER scope.

B) Would setting config settings in ckey_here (the folder that contains other folders of games) effect the user's games or do nothing?

This probably won't do anything, but you can change that. The only cfg folders of significance are:

  • SYSTEM - /usr/local/byond/cfg/ by default
  • USER - ~/.byond/cfg/
  • HOME - <safe home directory>/cfg/ -- NOTE: Normally, <safe home directory> is the directory of the DMB, unless otherwise specified with -home
  • APP - <App directory>/cfg/


  • What's worth noting here is that HOME can be set with -home, so for a given ckey's games you can set -home in your shell() command to the path to the ckey_here directory and then you can use the <ckey_here>/cfg path to do a user-wide ban.

    The only thing to be careful of is that setting -home will basically move the scope of what a single hosted instance can touch back up to the "ckey_here" directory, so that any of THAT ckey's games could technically touch any other of THAT ckey's games. Not generally considered a security risk, but it is something that's worth noting explicitly to make sure and allow you to make that decision.

    C) Would setting config settings in a game's home environment be possible if they are in safemode?

    Not sure what you mean by that, but I'm assuming you mean the APP namespace that I described above-- in which case, yes, APP and HOME are both accessible in safe mode through SetConfig()/GetConfig().


    D) If a user is added to the ban list, what happens? Are they removed instantly? Does someone have to log in to initiate the ban reading? Does someone have to log out? Does the banned person have to relog or be kicked?

    This I honestly don't remember. I am pretty confident that just writing to the ban file or SetConfig()'ing it won't actually kick the user, but you'd have to experiment with.

    What I can tell you for sure is that DreamDaemon will reload the ban file every 30 seconds.

    If all of these have some pretty sweet answers, hell... I'll make good use of this! I'll probably include a tutorial on it as well and a easy to use library. So beneficial...

    I do have a command-line tool I wrote years ago to manage hostbans at the USER (~/.byond/cfg) level, but I suspect that won't entirely be useful for your purposes. I have documentation for all of the available flags and whatnot, at least.
Option C would be the way to go. I can easily implement -home and then have a command that writes the ban for the user. When I have time I will do that and write a detailed guide about all the functionalities of SetConfig. It is truly useful.
Yeah, that'd be easy enough with a "ban manager" world that runs in the same user space as their games and listened for commands on Topic() or something similar.

You might play around with GetConfig()/SetConfig() a little bit before deploying it in real world use, though. I seem to recall at some point that it would occasionally break and wipe out all of your bans, and GetConfig() would throw a "Bad Config Error" when trying to read keyban and ipban from the APP namespace.

I'm not sure, though, if that's something they've fixed since, though. It's been 8 years...
In response to Audeuro
Yeah, I haven't used it in about 5 years. Always thought it was useless in most situations. I'll be sure to do some testing before putting it on.