Is it possible with javascript to ban a MAC Address?
What kind of ways would be the best possible way of banning someone (their computer's internal IP?)
I realize Crispy.FullBan does this well, but have any new methods came up regarding baning players?
(And making sure they STAY banned?)
ID:265686
 Jan 10 2007, 7:52 am
|
|
That could be some kind of violation, but that would be a pretty neat idea.
Could something like this be done in javascript? Would it even ALLOW me to execute that kind of a program on a remote machine without the user's authorization? | |
I would say that illegal. I have a legit version of XP I don't wish it to be in a database if I got banned from your game not a very bright idea I would say.
| |
you can use javascript to create an activex control that will let you make WMI queries about the client's machine. these queries can tell you pretty much anytyhing you want to know about the machine: serial numbers of RAM sticks, what processes are running, how tall the computer is. there's even a WMI field to tell you if the machine is powered on!
while it may be neat and handy to ban people based on this information, you can't force the execution of an activex control on a client. if you want to require users to run an activex script to play your game, expect a lot of people to be skeptical. | |
Airjoe wrote:
You're assuming the client even has javascript turned on. This is the biggest flaw in the idea IMO. | |
Well, is there new ways?
I want to keep certain people OUT, make sure they STAY out. Crispy.FullBan just seems outdated. | |
Not to mention anyone with a dial-up connection, and half an understanding of the DM language can take a look through Crispy.FullBan and figure out how to keep getting back into games with new keys. Having had one person who has done this about 30 times already, it gets annoying having literally no way of keeping someone out.
It would be nice to have some client variables about some of those nice little details. Not too many people are going to have a never ending supply of hardware to swap out if we could ban based on hardware serials. | |
Nick231 wrote:
Not to mention anyone with a dial-up connection, and half an understanding of the DM language can take a look through Crispy.FullBan and figure out how to keep getting back into games with new keys. Having had one person who has done this about 30 times already, it gets annoying having literally no way of keeping someone out. This would be extremely nice, but I doubt they would put it, be too much of a security risk. Is there a way to get that kind of information without alerting the client? | |
Generally speaking, you can do a lot more harm with someone's IP address than a serial number for some random piece of hardware. The calls neccesary are already there in most languages, its just a matter of making use of them.
| |
Take a look through it and you will see. From the top of my head, it uses cookies and lists of keys and IP addresses. You can delete the cookie from your BYOND cache, change your key, and change your IP address to bypass this.
| |
Flame Sage wrote:
Crispy.FullBan just seems outdated. Yeah, because code rusts. </sarcasm> I know it's not foolproof. It wasn't meant to be; I made it after seeing for myself just how crap the troll control in most games was. It's raised the bar a long way over what most people used to have, so I consider it a success. You will get the occasional person who can bypass it, and that's a royal pain which I sympathise with. Unfortunately there's really no practical way of improving it without BYOND providing built-in support. (Loading an ActiveX control or Java applet and feeding the information back to BYOND using Javascript is not what I would consider practical. It would be a fair bit of work for something that could be so easily bypassed.) | |
if you think you could bypass such a ban system by disabling javascript, you're thinking of a poorly designed program.
if you're really crazy about keeping people out of your game, you could require that players let the javascript, activex, java, or whatever type of program run. by default you're not allowed to play the game and only by letting another program run can you be allowed in. its very unnecessary and will scare off more people than its worth. while its probably not the most practical way to ban people, it would work fine if done correctly. | |
I was assuming that the system wouldn't require Javascript to be enabled, for exactly the reasons that you've outlined.
| |
yeah but banning someones IP isnt always full-proof also.
if they have a router they could just reset the router and the IP would change. | |
VolksBlade wrote:
yeah but banning someones IP isnt always full-proof also. You could ban the IP range of the ISP but that would ban anyone else who gets the internet from the service provider. It seems there is no real way to truly ban someone from your game. | |
I know, stupid idea.