ID:278054
 
Am I allowed to report someone who's always changing their IP address to avoid the ban on my game? If I were to ban his key(s), he'd simply make another one. Why does he do this? I don't know; he must not have a life or something but he's getting terribly annoying. I doubt I would be allowed to report him, and even if I were, BYOND staff wouldn't be able to do something about it... So would there be ways of making it near impossible for someone to ban avoid? Including changing their IP address >_>. I'm just fed up with the lame security BYOND seems to have :( or at least my lack of knowledge of better security. Sorry if I come out in a sort of "whiny" attitude.
Changing keys does not mean he/she is changing their IP. You will have to ban their main IP, but as you said, they can still change it.

And I'm pretty sure that the owner of the game (AKA: you) are responsible for your own game, not the BYOND Staff.
In response to Wolfdude5 (#1)
Thanks for basically repeating what I had mentioned. Thanks bunches. >_> You were a real help. No, I mean it. You TOTALLY understood everything I said. You really get me.

Sarcasm aside... You provided no advice whatsoever. You basically restated a couple things I said, and even threw in a statement which I never hinted towards.

"Changing keys does not mean he/she is changing their IP."

Where in all of what I said, mentioned otherwise? And there's no "main" IP address on a computer. You can change any and all IPs on your computer and router at any given time using many different means to do so. What I am asking, is if I would be allowed to report someone constantly changing their IP address or making new accounts on BYOND just to annoy a single game (No, I can't.). So now, my next question is: "Is there a way to combat against such means of security avoidance?" Hashing certainly wasn't created to combat change in IP, was it? If it was, that'd be kind of silly, now wouldn't it?

However, BYOND staff can regulate creation of accounts. I doubt they'd be willing to trouble themselves over a single person creating a multitude of accounts, but it couldn't hurt to ask, now could it? Even though I most likely already know the answer to it.
In response to Mizukouken Ketsu (#2)
Mizukouken Ketsu wrote:
Where in all of what I said, mentioned otherwise? And there's no "main" IP address on a computer. You can change any and all IPs on your computer and router

Actually, no. I was speaking of Static IPs.

But yes, you're right, I wasn't helping :) I was trying to make this go off-topic, which I have apparently failed at doing.
You can use a few extra banning methods to make it harder to bypass. This library is designed to do this, and you can probably think of a couple more methods to implement if you insist.
If all fails, you can also resort to using an IP-range ban (though may prefer to have something like that expire).
In response to Kaioken (#4)
Honestly, I don't want to have to run the risk of banning an IP range just to get rid of one person. I could end up banning all or part of my game's populace for all I know. As for the rest in that library... It's pretty much just an IP ban combined with a key ban. I have both already. Any other ideas?
In response to Mizukouken Ketsu (#5)
You could try using a client sided file to save their ban (though I think they save per-key), unless they managed to find and delete/modify it (it saves under a pretty random ID from what I've seen), or they completely changed computers; it should keep them banned. You could also try a cookie-based banning system.
Also, the less people know about how your banning system works, the better. A simple "You are banned for [reason]" will suffice. Telling them they are IP/Key/whatever banned gives them a direct goal at what they need to do/change in order to get back in.
I think that pretty much any game has to have a cost to play, or be invite-only during the testing stage. Any hosted game that doesn't have one of those is open to attack, and there's not much of anything you can do.
In response to Mizukouken Ketsu (#5)
It says it has 4 methods, which I assume to include client-sided savefiles and cookies. Then you could be getting into funny things like using JavaScript to get various less-reliable info like their MAC address, and IP range bans combined with a little of system info comparing such as IE version, OS and whatever useful you can grab, to try avoiding catching other people in the ban.
In response to Kaioken (#8)
Kaioken wrote:
It says it has 4 methods, which I assume to include client-sided savefiles and cookies.

Yup
I know what you are going through. I ran a game for awhile where I would get players like that. In the end there isn't a whole lot you can do to prevent these players from being bothersome. Here are some things you can do to try and discourage players from being annoying.

You may need to update the method in which you ban players. Either you are doing it wrong, poorly, or the player has a static IP address. If it is the later, you might consider banning IP ranges. Keep in mind that, in that event, you may be also accidentally banning other players who may or may not be in that same IP range. If you do decide to ban a IP range, I do not recommend permanently banning it. Keep the IP range banned for awhile and then remove the ban. After awhile the offending player will get bored or frustrated and find something else to do.

On the note of banning IP ranges, another thing you could do is base how many saves a player can have based on their IP or IP range. In that way, you are not necessarily banning all of the players in that rage, but if the trouble maker keeps coming back, he will eat up the available save slots.

Some of these trouble makers also like to log in, scream something over public channels and then log out, like a hit and run. I used to set up my game so that all players who logged in, displayed their IP address to all GM staff. Further more, if any kind of abusive player names, or conversations tried to appear in the game, the game quickly squashed it. Having a good spam/curse prevention system can really help you out.

Another thing you can do is just make it harder for them to be annoying. Place restrictions on new players. In many MUDs I have played, new players are not even allowed to communicate with other players until around level 10 or so. This is to prevent bothersome players who only want to log in and cause problems. Another thing you can do is separate new players from the rest of the game until they reach a certain level.

Finally if all else fails, use their IP address to report them. Most if not all ISPs have a TOS that usually forbid a user from using their internet connection in a unlawful or even harassing way. Constantly bothering and annoying a online game could be considered a breach of contract by harassment. Instead of banning them and having them change their IP again, simply get their IP, look up their ISP and then contact them and file a complaint. If they get enough complaints the ISP can either suspend that users internet access, or they can even prevent him from connection to your game from their end.

In response to Trosh Kubyo (#10)
Trosh Kubyo wrote:
You may need to update the method in which you ban players. Either you are doing it wrong, poorly, or the player has a static IP address.

static -> dynamic*
In response to Kaioken (#8)
Another method you can use, silent ban. Remove all ability to communicate and interact, but make it look like they are interacting.

He'll think he's being completely ignored, or catch on after a while.
In response to Jerico2day (#12)
Jerico2day wrote:
Another method you can use, silent ban. Remove all ability to communicate and interact, but make it look like they are interacting.

He'll think he's being completely ignored, or catch on after a while.

This is really, in my experience, the most effective way to remove troublemakers. Don't remove them from the game, because if they've been removed they'll be trying to get back in. But if they're still in the game, and as far as they can tell they're still being as annoying as ever, they'll stick around.

This also works for language filters and such, since people don't know they're being moderated as the message they've sent looks, to them, exactly the way they sent it. However, to everyone else, it either didn't get sent or it came out differently.

Failing that, you might try a more unseemly approach, such as opening 1000 windows on their end, removing their ability to close the windows or the game, and generally giving them hell.
In response to Foomer (#14)
Foomer wrote:
Failing that, you might try a more unseemly approach, such as opening 1000 windows on their end, removing their ability to close the windows or the game, and generally giving them hell.

Oh, I love that idea! You can make also make so many controls that they run out of RAM and their computer goofs up.

client/proc/give_em_hell()
var/list/L = new
L["parent"] = "window"
L["type"] = "label"
L["text"] = genspam(1000)
L["pos"] = "1,1"
L["size"] = winget(src,"window","size")
L["anchor1"] = winget(src,"window","anchor1")
L["anchor2"] = winget(src,"window","anchor2")
for(var/X in 1 to 1000)
winset(src,"bannedbutton[X]",L)

proc/genspam(n)
for(var/X in 1 to n)
. += "[X]"


That should use up a ton of RAM! By the way, the string would use up a good bit of RAM, correct? Or does the text param not affect the amount of RAM usage? I would assume it would, as BYOND can access it's value, but I wouldn't want to mislead anyone.
In response to Foomer (#14)
Heh, we used to do that on my game, it was simply a spam window that opened up as many windows as possible. You could add in sounds or images if you liked and it would keep doing it until your PC crashed or you closed BYOND.
In response to Jeff8500 (#15)
I was very naughty with this, as I used to open up a million pages of randomly-picked shock sites. They always take forever to load too, because for whatever reason, they are loaded with ads.
In response to Mizukouken Ketsu (#5)
I thought up a way to use .sav files to ban players. When you ban them, have it write a .sav to their computers, if he tries to login (with any key/ip) check for the ban .sav and just reban the key/ip.
In response to Axiom (#18)
Why on EARTH would you save the banlist to THEIR computer? They can just delete it and rejoin! >_>

Save the banlist to the game's folder on the hoster's computer/server or whatever, not each individual player's machine.
Page: 1 2 3