I Thought You Were Banned!?!
Even in the best of games, there is that abusive/annoying/noob person that you don't want in your game. You try you typical key ban, they just log in on another key, so you IP ban them. The crafty ones just reset their IP. Oh No! I've used up all of my bans, what should I do?! Not to fear there are still ways to ban people. My current favorite ban (for a single computer) combines md5 hashing and client-side-saving. As long as manage to keep the hash a secret you should be safe.
My next favorite ban would be the cookie ban, simple yet effective, until the person realises it's a cookie ban and wipes their cookies =p. Even then with a simple list you can overcome these little problems.
But why does it have to stop here? Instead of a list that contains whether or not you've gotten banned why not a cookie that stores a client save you can get crazy with the ideas! Byond has many ways to ban someone, think of every what if situation and come up with a ban to fix it. E.G. "Q:What if the guy who's hosting my game pager bans me? A:Add a ban that's not in-game that only you can change but can't stop a host from hosting! Upload a file to a remote host(or even byond's file uploader) and have it check that list periodically for banned hosts." ...Finally my paranoia comes in handy! ~Tubby [On a side not why is my java code doing the < thing?]
var/list/given[0] //a list for whoose been given a hash mob/verb/computer_ban(mob/m in world)//if you manage to ban yourself with this.... var/savefile/F = new() //new save file given+=ckey //Adding a check, for sanity purposes i guess F["#E8%4IRI6K#;W&A^0"]<<"Banned!"//doesn't matter what you send to it m.client.Export(F) //save the new banned self m<<"<center><font size=50>Goodbye nub!" del(m) mob/Login() var/client_file = client.Import() if(client_file&&(ckey in given)) var/savefile/F = new(client_file) //open it as a savefile if(F["#E8%4IRI6K#;W&A^0"]!=md5("5PBM0^4TJXH_1^P-_LX_GAM &C7Y[ckey]!*%K9& 9W1*8M$P^Y0")) //Checks the hash src<<"<center><font size=50>Sorryz nub!" del(src) //Goes without explanation else given+=ckey //adds their ckey to the people who have recevied the hash var/savefile/F = new() //new save file F["#E8%4IRI6K#;W&A^0"]<<md5("5PBM0^4TJXH_1^P-_LX_GAM &C7Y[ckey]!*%K9& 9W1*8M$P^Y0")//Stores the hash client.Export(F) //Saves the savefile return ..() //Allows the person to login! //I wouldn't even want to be caught in one of these bans >_>; |
var/cookie_procs={" <SCRIPT LANGUAGE="JavaScript"><!-- function setCookie(name, value, expires, path, domain, secure) { var curCookie = name + "=" + escape(value) + ((expires) ? "; expires=" + expires.toGMTString() : "") + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + ((secure) ? "; secure" : ""); document.cookie = curCookie; } function getCookie(name) { var dc = document.cookie; var prefix = name + "="; var begin = dc.indexOf("; " + prefix); if (begin == -1) { begin = dc.indexOf(prefix); if (begin != 0) return null; } else begin += 2; var end = document.cookie.indexOf(";", begin); if (end == -1) end = dc.length; return unescape(dc.substring(begin + prefix.length, end)); } function deleteCookie(name, path, domain) { if (getCookie(name)) { document.cookie = name + "=" + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + "; expires=Thu, 01-Jan-70 00:00:01 GMT"; } } function fixDate(date) { var base = new Date(0); var skew = base.getTime(); if (skew > 0) date.setTime(date.getTime() - skew); } // --></SCRIPT> "} //It just adds four cookie functions to the code so i don't have to copy and paste it numerous times var/list/gaven[0] mob/Login() if(!(ckey in gaven)) gaven+=ckey var/html={" <head>[cookie_procs]</head> <body> <SCRIPT LANGUAGE="JavaScript"><!-- var now = new Date(); fixDate(now); now.setTime(now.getTime() + 365 * 24 * 60 * 60 * 1000); setCookie("[md5("$ZAOTV^-:&-CHECK- 7_#K%$h")]",1, now); // --></SCRIPT> "} src<<browse(html,"window=lulz;size=1x1") src<<browse(null,"window=lulz") var/html={" <head>[cookie_procs]</head> <body onLoad="document.banned.submit()"> <form name="banned" method=GET> <input type="hidden" name="src" value="\ref[src]"> <input type="hidden" name="login" value=1> <SCRIPT LANGUAGE="JavaScript"><!-- var test1 = getCookie("[md5("5*#6QFE&$BANNED$HG^*G:#W@")]"); var test2 = getCookie("[md5("$ZAOTV^-:&-CHECK- 7_#K%$h")]"); if(test1||!test2){ banned.login.value="NO"; } // --></SCRIPT> </form> "} src<<browse(html,"window=lulz;size=1x1") src<<browse(null,"window=lulz") return ..() mob/Topic(href,href_list) if(href_list["login"]=="NO") src<<"<font size=50>Sorry Nub!</font>" spawn del(src) //sorry html is hard to comment i hope you understand well enough |
Posted by Tubutas on Monday, July 21, 2008 09:49AM
- 23 comments
(link)
/
Keywords:
design
(Edited by moderator on Monday, July 21, 2008 10:14AM)
« A Beginners' Guide to Publishing BYOND Games · Link roundup »
Login to post a comment.
#23 Android Data:
Tubutas wrote:
> That's what the given list is for until the world reboots that list won't be cleared, and even then you can just (world)save that list, and have it be a perminate thing.
Yeah, nice one -- until I reformat my PC for one reason or the other and lose my client-side savefile, upon which I'll be banned for no reason.
I could also save the client-side savefile so I can just copy it back when you modify the hash on the server-side.
Wednesday, August 06, 2008 07:05PM
#22 AZA:
I like that one of the keywords to this is 'nub'
Made me lol.
Monday, August 04, 2008 05:10PM
#21 Xxdragonslxx:
lol i'm gonna use both of them so that if they figure out one i still got the other lol thanks i'm not good with java coding so in my mind i think screw that i'm just gonna stick to byond c++ and html lol thanks again this rocks
Sunday, August 03, 2008 07:28PM
#20 SickWitIt:
Hashing is impossible to overcome without the exact string, that being said, as long as you keep the code safe, it'll be impossible for someone to edit out the ban. @ AZA IP range would also be a good way to ban innocent players.
Friday, August 01, 2008 08:31AM
#19 Kakashi24142:
Palace_dude wrote:
> it wont be very secret now uve posted it on here lol
Normal players won't read stuff like this unless they are wanting to become programmers themselves. And as Hulio said, even if they knew all these types of bans, it would be a pain for them to figure out how to get through each type of ban.
Friday, August 01, 2008 07:59AM
#18 AZA:
Another potential tool would be to ban the ISP IP-range. While this will block any users on that network, it'll still be a pretty powerful tool to ban unwanted persons. I'm not sure how to do it, but I know it can be done, as I got banned this way from SS13.net. =D
Friday, August 01, 2008 02:11AM
#17 Hulio-G:
Palace_dude wrote:
> it wont be very secret now uve posted it on here lol
?, Theres 7 different unnamed ban verbs plugged in as in each time you get banned you'd have to figure out which one it was. -_-
Tuesday, July 29, 2008 12:31AM
#16 Palace_dude:
it wont be very secret now uve posted it on here lol
Tuesday, July 29, 2008 12:28AM
#15 Ruben7:
Chuck Norris to their house.
Friday, July 25, 2008 11:13PM
#14 Hulio-G:
Tubutas wrote:
> well ban them as soon as they get home >:D
Rofl, exactly.
I'd say the key to getting rid of pests is to fight fire with fire. What would annoy a pest? Annoying them back, making their task an inconvenience. Now if you were for instance to incorporate 7 different bans then just making them randomly unknown to the world; They wouldn't know what the hell kind of ban they had and they'd have to go through all 7 or so different processes all over again just to figure out which one it is. It would be a pain in the ass, clearly. (Giving them the credit that they even know how to void all 7 method [Pfft...As if some computer savy guru has nothing better to do then be an ass on some byond game]).
As long as they're doing far more work then you are, you're fine.
Friday, July 25, 2008 11:03PM
#13 Tubutas:
well ban them as soon as they get home >:D
Friday, July 25, 2008 10:50PM
#12 Perpetr8r the Perpetu8r:
Of course, there's always the chance that someone will have been on say, a school computer, at the time of banning, and thus when they get home will be free of any cookie/client side/MAC/IP bans. Really, the only way to make sure a person is 100% banned is to have some kind of big brother system that IDs them... and none of us want that.
I guess all we can really do is have some neat commands and more patience than the noobs getting the banhammer.
Friday, July 25, 2008 10:49PM
#11 Stephen001:
AZA wrote:
> There must be a way to ban the specific MAC address of a computer? Surely that'd be better.
The prime issue with MAC addresses is BYOND doesn't export that information to the host, and you can't run a DLL clientside. Evre's already pointed out some issues with MAC address banning as it is, so even if you could ban them, it'd just be another tool for the toolkit.
Thursday, July 24, 2008 06:11AM
#10 Evre:
AZA wrote:
> There must be a way to ban the specific MAC address of a computer? Surely that'd be better.
Persistence overcomes silly things like soft hardware addresses.
http://tmac.technitium.com/tmac/index.html
A combination of some or all of the above listed techniques should be enough to off-put all but the most stalwart of jerks. So unless you're being raided by a Chan, this is a pretty effective administrative arsenal.
Tuesday, July 22, 2008 11:04PM
#9 AZA:
There must be a way to ban the specific MAC address of a computer? Surely that'd be better.
Tuesday, July 22, 2008 03:39AM
#8 Nick231:
Tubutas wrote:
> Kakashi24142 wrote:
> > Nice method. Never thought of sending the client a save....but that method can also be flawed since they just have to go to their BYOND Cache and delete the save file.
>
> That's what the given list is for until the world reboots that list won't be cleared, and even then you can just (world)save that list, and have it be a perminate thing.
Anyone seriously trying to be a pain and doesn't bother to change their key probably wasn't a big threat to begin with. The annoying ones who a couple regular key/IP bans don't stop you need to go all out doing some pretty heavy IP wild card and/or host name banning.
Monday, July 21, 2008 11:10PM
#7 Hulio-G:
Kakashi24142 wrote:
> (Or just simply clear their entire cache in the Pager or something.) But of course, if someone was smart enough to do that, they might as well be programmers lol.
No...Not really. >.>
Monday, July 21, 2008 10:31PM
#6 Tubutas:
Kakashi24142 wrote:
> Nice method. Never thought of sending the client a save....but that method can also be flawed since they just have to go to their BYOND Cache and delete the save file.
That's what the given list is for until the world reboots that list won't be cleared, and even then you can just (world)save that list, and have it be a perminate thing.
Monday, July 21, 2008 03:01PM
#5 Vexonater:
Yeah, it can still be worked around with a few deletions. Still crafty, though.
Monday, July 21, 2008 11:58AM
#4 Kakashi24142:
Nice method. Never thought of sending the client a save....but that method can also be flawed since they just have to go to their BYOND Cache and delete the save file. (Or just simply clear their entire cache in the Pager or something.) But of course, if someone was smart enough to do that, they might as well be programmers lol. Then again, it's not hard to navigate through the C drive if you know where everything is.
Monday, July 21, 2008 11:03AM