Jump to content
  • Advertisement
Sign in to follow this  
Kraiger

Effective Banning Measures

This topic is 4866 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm currently revamping the banning system for a semi-text based MMORPG I'm developing. I'm trying to come up with the most fool-proof method of banning a user if they misbehave, and here is what I've come up with. 1. Account Ban - To register an account you have to have a valid e-mail address, so this is effectively an e-mail address ban. They could make a new account based on a different e-mail address. 2. IP Ban - Obviously IP addresses change (especially for the few dial-up users still out there ;) ) and you also run the risk of catching someone else in the ban if you ban by IP Range. 3. MAC Address Ban - This seems to be the most effective measure, especially in junction with the other two, however it's still possible to mask it. 4. Embedded Registry / File - This seems like it would also help, in conjunction with the others if every install had a personalized ID for it. However, this also would be something a user could find and edit if they knew to look for it. So, my question is, has anyone found a more fool-proof method of banning? Any help or comments would be appreciated.

Share this post


Link to post
Share on other sites
Advertisement
I don't have any real insiteful information for you but just want to comment on the account banning. Since this is an RPG game if a user has been playing for a little while and built up some stats / experience or whatever your promotion system is based on, then suspending there account would seem to be a good first step. Like you mentioned they could always create a new account, but they would be starting over again.

I can point you in the direction of a fella who has to deal with this all the time with his free MMORPG Forgotten World. You can probably just reach Rod by leaving a post in the FW forum

Share this post


Link to post
Share on other sites
The problem is that certain dial-up accounts generate a "fake" MAC address, which is shared between different users of the same dial-up ISP. Also, some Ethernet cards allow you to change your MAC address (especially wireless).

The best way to ban is to charge something for your game. If it's $5 to start over, then there's enough of a limit that most griefers won't keep doing it daily.

Share this post


Link to post
Share on other sites
Maybe you could require verification via telephone if you're really concerned about cheating / banning. To get an account, you have to provide your phone number, and later you can check and make sure they gave you a real phone number.

I suppose the 2 problems would include cheaters using friends' phone numbers and the privacy aspect. Or, maybe Little Bobby signs up and gives his phone #, but when you call to verify, Bobby's Mommy says, "I've never heard of that," so you delete his account when it was actually a valid number.

It's not the best idea I reckon, but maybe it could work.

Share this post


Link to post
Share on other sites
Mail them a registration number to their mailing address. Now that you have their address, you can go punch them in the face instead of having to ban them.

Share this post


Link to post
Share on other sites
Quote:
Original post by giveblood
Mail them a registration number to their mailing address. Now that you have their address, you can go punch them in the face instead of having to ban them.


Unless they have a PO box?

Anyways Kraiger, there's no such thing as a fool proof method, just look at all the copy protection is put on games yet people always find the time to get around them. Best used method is the system of CD keys, only allow one key logged on at a time, and once a key is banned, then it's done with. You would do all of this verifcation server side of course to make sure the clients couldn't fake it. As to comment on your ideas:
1. That's a must, disable/delete the account
2. Works for the most part if you do not do ranges, and there exists methods to get a real ip if they are behind a proxy trying to mask their IP or change it.
3. Not sure how it would be implemented, but collecting user hardware information might raise privacy concerns if you do not disclose what you will do if a user is caught cheating.
4. Not worth it, reinstalls, formats, even programs like spybot can detect reg changes and allow the user to deny that change.

Just my take on this, I really think the whole idea about having accounts based on a personal key, CD key more or less, is the best approach to prevent people from geting around the system. Better yet, what you could do is not even generate the key on the client side, you do it on one of your computers and send the key to the user encrypted of course. Then that way, you do not have to worry about keygens popping up or anything like that.

Share this post


Link to post
Share on other sites
1. reverse dns there ip adress. (or get your clients to do it, but you double check it).

2. when banning, ban on a per-dns basis.

The reson for this, is that most peoples hosts are something like something.wa.bigpond.net, or something.pa.comcase.net, so if there really giving you some grief, you can ban there state. Now, unless they move interstate they can't get in. (or they find a proxy that allows them to connect using that port. unlikely).

Also, everything done client side is suspect. Never assume that it does what you programmed it to do. (especially with security).

From,
Nice coder

Share this post


Link to post
Share on other sites
Well, there might be a more reliable way to identificate clients than relying on MAC and/or IP adresses: http://www.cse.ucsd.edu/users/tkohno/papers/PDF/

in the news:
http://it.slashdot.org/article.pl?sid=05/03/04/1355253
http://news.com.com/Tracking+PCs+anywhere+on+the+Net/2100-1029_3-5600055.html

Good luck!

Share this post


Link to post
Share on other sites
I think banning the e-mail address and password pair is the best method. The only way they could get in after that, is if they hacked someone elses account. If they can get into other player's accounts, then banning is the least of your worries.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!