Now, Many Ban systems usually aren't that great. Crispy's Ban system is good, but its easy to bypass if you know what you are doing. I've been thinking of a few ways to create one that really keeps them banned(Sort of).
My first one
Instead of banning them by IP or Key, ban them by Email address. Sure, they could just create another E-mail address but who wants to do that?
The second one
Creating a file in the BYOND cache. This would be much like client saving. So if this file is located inside the BYOND cache it doesn't allow access to the game. A few problems with this one though. First of all, How would you "Unban" them. it could always be used for a Perm-Ban i suppose. Savefile editing wouldnt be a problem because the file could just be encrypted.
Could any of these even Work? Or is 4.0's DreamDaemon the only thing to use?
ID:152239
 Aug 11 2007, 8:50 am
|
|
Em...email ban prob not gonna work as that is real easy to get around.
| |
Axerob wrote:
Instead of banning them by IP or Key, ban them by Email address. Sure, they could just create another E-mail address but who wants to do that? Nobody wants to go through the hassle of constantly creating another e-mail address, because they have to provide personal information and make up a password and stuff like that. Except they don't need to, since there's a free service dedicated to giving out free, temporary e-mail addresses. Oops. Creating a file in the BYOND cache. This would be much like client saving. So if this file is located inside the BYOND cache it doesn't allow access to the game. A few problems with this one though. First of all, How would you "Unban" them. it could always be used for a Perm-Ban i suppose. Savefile editing wouldnt be a problem because the file could just be encrypted. This is exactly what hub://Crispy.FullBan does. To perform unbanning, players are added to an "unban" list of players to be unbanned. Once they log back in, their client-side savefile is removed. Could any of these even Work? Or is 4.0's DreamDaemon the only thing to use? The only forms of banning available on BYOND cannot be used to keep someone out permanently. If the banned player is determined enough, s/he can always bypass the ban. If you ban by BYOND key, they'll just create another key. The aformentioned service can be used to create an infinite amount of keys. And thanks to the fact that the service changes IPs & addresses every month, it's would be nearly impossible to stop. If you ban by IP, it may not work if they have a dynamic IP or multiple IPs. Or they will just login from the nearest cybercafé. Alternatively, they could even login from a friends' house. If you ban via client-side savefile, they can remove the savefile to undo that part of the ban. Banning by e-mail results in the problem described above. The only way to be sure that the nasty player is out is to make your game "invite only" and only invite those in who you want to join your game. A combination of the methods listed above would likely have more effect, as most players give up after a few tries. But like I said from the beginning: anyone determined enough can bypass the ban. -- Data | |
Android Data wrote:
The only forms of banning available on BYOND cannot be used to keep someone out permanently. If the banned player is determined enough, s/he can always bypass the ban. The only form of banning available anywhere that is 100% reliable is to manually hunt down and kill the person causing problems. Of course, that has the possibility of causing some problems of it's own... | |
Nick231 wrote:
The only form of banning available anywhere that is 100% reliable is to manually hunt down and kill the person causing problems. This is an unreliable form of banning. The killed troll can still become a spirit and haunt the game. Then there's nothing you can do about it. At least not without a priest. But where on BYOND would you find a priest?! -- Data | |
Android Data wrote:
Axerob wrote: Well that Isn't exactly true, the ban system in DMO is absolute, and noone has been known to bypass it. Kajika uses a Key Ban, an IP ban, a IP var ban, and another type of ban that is unknown, also It put's any IP or key that a banned person tries to use, automatically on the banned list. How this is done, I don't know, I'm sorry, but when I make my MTG game, I plan to beg Kajika for the ban code he uses lol. | |
Zoltor wrote:
the ban system in DMO is absolute, and noone has been known to bypass it. Then I challenge DMO: invite me when you have some spare time, and I will break through the ban. -- Data | |
Android Data wrote:
But where on BYOND would you find a priest?! If you guys want to give me the $15, I'm sure I could take an online ordainment course. | |
Android Data wrote:
But where on BYOND would you find a priest?! *cough* Granted Im not Catholic, nor been officially ordained, I do know the ceremonies and Im sure I could handle it ^.^ | |
$500 says Android CAN do it! Who wants in?
All Android will have to do is change his key, change his IP, and clear his cache (just in case). He can then try to log in. | |
Yeah, such a ban system is interesting. Its quite similar to what Im using in Sabachthani. Not that hard to do, but easy enough to bypass if the person is determined enough. Unless they have something in it I havent thought of, I can think of several ways to bypass it, most likely on the first attempt.
As I use it myself I wont explain how to break through it here, but I will explain how it works and if anyone is intelligent enough they can probly figure it out. There are three ban levels used: 1.Absolute Ban - (Explained below) 2.Full Ban - Bans key and IP. If someone logs in from a banned IP it adds the key to the ban list. 3.Key Ban - Kinda obvious, only bans the Key Now, as for the Absolute Ban, it uses the following features:
| |
And then for an added measure in case its an IP range ban, just use a program like Tor to re-route your IP through Hong Kong.
The only time banning is absolute is when its a pay-for-play game, and even then its not absolute, just less likely someone will go through the trouble of going around it. | |
Typically, IP-range banning is a bad idea because it ends up banning users in the same area as the victim of the ban. This is especially bad if you start registering keys and their IP addresses and such.
| |
CaptFalcon33035 wrote:
$500 says Android CAN do it! Who wants in? Where you listening, changing IP doesen't work, becuases some kind of IP war is used(IP range of sorts), so even if the IP cnanges, and you login with a new key, it wont get you anywere. PS. Trust me, if it were that simple, people would have bypassed it by now. I've been forced to ban many over the years, so if it were possible I would've seen it, also their would be complaints on the DMO forums about banned people bypassing bans. | |
Jamesburrow wrote:
And then for an added measure in case its an IP range ban, just use a program like Tor to re-route your IP through Hong Kong. How would that help? | |
Yeah, I was listening, and I still know that any form of ban on BYOND is passable. Banning IP ranges has a ton of unexpected results and can be bypassed.
| |
Because, you can register their key. When they buy the game, they can be given a code. You can ban the code or the key. That way, to play the game, you'd be required to buy it again. That is the best form of protection for a BYOND game, but who is going to buy a BYOND games, and if the game is good enough to be bought, who is just not going to buy it again?
| |
Using the cache (which is effectively what cookie-banning does), you can issue a little timestamp or save the ckey of the user banned. If that user is no longer in your ban lists, let them slide.
I'd love in BYOND gave access to the MAC address. Of course, using Microsoft's COM would make it that much harder to port BYOND to other operating systems.