• Advertisement
Sign in to follow this  

Best Way to Ban Users?

This topic is 4133 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi there, Our casual online game has reached a milestone today - we need to ban our first problem user. Ideally, I would like to ban him from both playing the game (the game is played in a downloaded exe) and posting in our online forums. I know the traditional approach to this has been blocking IP addresses, but in this day of proxy servers and wireless internet access, I am not sure that that would be effective. I was thinking about banning users by hardware MAC address and/or other unique hardware IDs that people might be able to suggest. I think this would work pretty well for the game client - not sure how to apply it to banning people from the forums - any ideas? We have talked about it and we don't want any scheme that involves banning by email address - too easy to get around and we don't want to require honest users to give us more personal info than necessary.

Share this post


Link to post
Share on other sites
Advertisement
Banning by MAC address probably wont work. If they go to another computer or even use a different interface on their computer then this will be ineffective.

The moderators and staff will probably have more insightful comments from their experiences, but I would ban by IP. Yes, there are methods of getting around this but there are methods of getting around any technique you put in place - your game and forums are public, people can play or post if they want. You just have to make it difficult for this person to get around the ban (that might mean repeatedly banning them) and moderate them into nonexistence.

Share this post


Link to post
Share on other sites
ROBLOX, huh? Seems like a place that's all about being friends. I say create an alternate ROBLOX universe where it's all about making enemies and send him there. Seriously, I don't think there is a way of banning anyone from anything without making it hard to join for everyone else. Don't forget that any methods (like by MAC address) can by bypassed by hacking the client. Your best bet is to ban by IP/username/MAC/etc all at once and hope he gets bored before working it all out.

Share this post


Link to post
Share on other sites
Actualy, presuming you are dealing with someone whos just being foul of mouth to your games inhabitants, may I sudgest a more transparent solution?

1. Ban them by IP address, but dont exactly ban them. Block their chat, but dont make it obvious to them. In the game, allow them to see what they are writing, but so noone else can see it. Eventualy they will probably get bored and give up, thinking you arnt doing anything to clean up the mess, and people could care less. Ban both user and IP that way, most likely if he doesent see a "your accounts been closed" or "your chats been blocked" sign, then hes not going to even bother changing IP addresses or users.

2. You could alternatively transparently place him in a virtual world (using the same transparent banning system in point 1) on his own computer, which includes only aimless NPC's set out to annoy the SOB to all hell. I doubt this is some black/red hat who really has any vile intentions, just a moronic 13 year old with nothing better to do.

3. Another interesting, yet more sadistic idea, going along with the idea its some underage kid (as it most likely is.) put a spyware-eque popup program that occasionaly pops up with pornographic, obscene, and/or illegal websites. Nothing better then your parents, teachers, or school librarian catching you staring at "gaynursinghomeporn.com", I guarentee you he wont be bothering your site... or the rest of the internet... for a few years.

Share this post


Link to post
Share on other sites
Quote:
Original post by PaulCesar
3. Another interesting, yet more sadistic idea, going along with the idea its some underage kid (as it most likely is.) put a spyware-eque popup program that occasionaly pops up with pornographic, obscene, and/or illegal websites. Nothing better then your parents, teachers, or school librarian catching you staring at "gaynursinghomeporn.com", I guarentee you he wont be bothering your site... or the rest of the internet... for a few years.


Hmmm... Yeah, that explains why there are loads of casual games available for free on the Internet, and that explains why they are always rigged with spyware; to get you busted and to spy on you (and install viruses).

I like number 2 best, really good idea. Redefines online multiplayer and it should work for a bit.

Share this post


Link to post
Share on other sites
Quote:
Original post by hh10k
I say create an alternate ROBLOX universe where it's all about making enemies and send him there.

That's a very good idea, but I'm not sure he will agree.

IP ban is usually kind of effective. Most of the time, we play from our home so it works quite well. Of course, there are known limitations but no method is perfect. IP ban is teh win in most cases.

PaulCesar's idea #3 is not very legal, so while it sounds like it is fun, don't do it [smile]

Share this post


Link to post
Share on other sites
sorry just one question how does IP banning work cause i thought that ur IP adress was renegotianted approx every three days (resulting in it potentially changing) so wouldnt that mean that they could still get on once there IP changed?

Share this post


Link to post
Share on other sites
Just remember, they're in control of the hardware, so there's no hardware key that cannot be spoofed, emulated, or otherwise changed to suit their needs (and to be non-unique). Not a few OSes will allow you to change your MAC addy via a simple command.

An IP is guaranteed unique-ish and valid or else you're not getting their packets.

Share this post


Link to post
Share on other sites
Quote:
Original post by Julian90
sorry just one question how does IP banning work cause i thought that ur IP adress was renegotianted approx every three days (resulting in it potentially changing) so wouldnt that mean that they could still get on once there IP changed?


that is up the your isp really, i got one connection with a guaranteed static ip address (100Mbps fibre) and one with an isp assigned ip that hasn't changed in 3 years (10Mbps ethernet), the second one could be changed by my isp without notification, the first one can't be changed by them without notifying me. (since i'll need to change my settings if they change it). dialup users generally get a new ip every time they connect.

static ip addresses are generally prefered when the isp allows you to host private servers. in general though dynamic ip addresses are getting more and more common it seems so i wouldn't recomend ip bans, there are also some isps who use NAT to let multiple customers share a single ip (very horrible but they are often quite cheap)

if its an online game i would suggest banning the account + email used to create the account.
Yes he can create a new account but that would force him to create a new email account aswell. you can also prevent the ip from creating a new account for 24 hours or so.

i also suggest blacklisting known proxies to prevent people from accessing the game through them.

Share this post


Link to post
Share on other sites
Ban their CD key and associated user account. If they can hack that then you're game is getting ripped off anyway.

I would also log IP's and hardware configs for investigative purposes. Do not collect too much personal information but do let the users know what you do collect. Information is power in the event of necessary litigation, but you do not want to scare off innocent gamers.

It should also be expressly declared in the TOS that any attempt to breach an imposed ban is a violation of the TOS.

Share this post


Link to post
Share on other sites
Quote:
Original post by Telamon
Our casual online game has reached a milestone today - we need to ban our first problem user. Ideally, I would like to ban him from both playing the game (the game is played in a downloaded exe) and posting in our online forums.

I know the traditional approach to this has been blocking IP addresses, but in this day of proxy servers and wireless internet access, I am not sure that that would be effective.


It's very effective, and as you may have seen in the previous responses, it is pretty much your only simple choice. Contrary to the boasts of many a troublesome kiddie, IP addresses do not change that much between sessions, if at all, and tracking those changes is usually pretty trivial.

Implement banning individual IP addresses, and IP ranges, and hostnames (by wildcards). Keep logs of your players' login habits so you can quickly see what sort of ban is most appropriate. Ensure that players get a 'you have been banned' message with contact details so that innocent players who find themselves wrongly banned can contact you. Consider a ban that only bans new players from a given site, thus allowing you to delete that player while protecting any other players from that site. Also consider collecting that extra personal information such as email addresses for users from suspect sites only - it's not ideal, but it's better than banning everybody and it's better than banning innocents.

Share this post


Link to post
Share on other sites
Oh, and I don't know how you handle new accounts, but again you may want to flag certain IP addresses/ranges/hostnames as requiring approval first - that alone can deter repeated troublemakers as it significantly increases the latency between them deciding to cause trouble and actually being able to.

Share this post


Link to post
Share on other sites
It's impossible to get the MAC address of a user on a website, the only thing you can do is use their IP address. IF their IP does change, you should ban a range, but you may be blocking out other users.

On some of my websites, when you ban a user, it's best to present them with a 404 page instead of a "you have been banned" message. Most of the time they think the site is down and will leave it be.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by PaulCesar
Actualy, presuming you are dealing with someone whos just being foul of mouth to your games inhabitants, may I sudgest a more transparent solution?

1. Ban them by IP address, but dont exactly ban them. Block their chat, but dont make it obvious to them. In the game, allow them to see what they are writing, but so noone else can see it. Eventualy they will probably get bored and give up, thinking you arnt doing anything to clean up the mess, and people could care less. Ban both user and IP that way, most likely if he doesent see a "your accounts been closed" or "your chats been blocked" sign, then hes not going to even bother changing IP addresses or users.



This has to be one of the best idea's I've heard in a long time.
Actually, now that I think about it there is even a precedent:
Halo 2 Xbox Live has the option of muting the voice a player you don't want to hear from; it doesn't do it globally though, only for your own connection to him...
On an interesting side note, it is common for people to unplug their microphones when they don't want to talk with annoying players. And thus a common insult is 'plug that microphone back in you *****!'.

Share this post


Link to post
Share on other sites
Personally, the idea of making a purgatory world for problem users is appealing to me, but we are a small team and we have a billion other things to do add features for the other 99.99% of our users.

Most of the people we will want to ban are probably going to be bratty young kids who lack the technical sophistication to overcome anything except the most simple banning tech. Although none of us have tried, I imagine hacking the Roblox client would be nightmarishly hard -- and thus is the least likely point of attack.

I guess my assumption was that fewer people know how to change MAC addresses than know how to get their IP cycled. I'm also toying with the idea of doing a "digital fingerprint" of the system that would include computer name, gfx card, amount of RAM, MAC address(es), ect and do a "fuzzy compare" to estimate the odds of new accounts actually being previously banned players. (These data would be gathered by our client-side game exe - maybe we could create a browser cookie for "bad players" that the forum software could look for)

That being said, we just need a quick fix right now, so I will probably just implement the good 'ol IP banning method.


Our game is targetted at children, so a high level of moderation is required - it is not enough to say "Oh well, your forums are public, deal with it." The last thing we want is some angry parent emailing us because their kid got pogromed on one of our forums.

Share this post


Link to post
Share on other sites
Quote:
Original post by PaulCesar
1. Ban them by IP address, but dont exactly ban them. Block their chat, but dont make it obvious to them. In the game, allow them to see what they are writing, but so noone else can see it. Eventualy they will probably get bored and give up, thinking you arnt doing anything to clean up the mess, and people could care less. Ban both user and IP that way, most likely if he doesent see a "your accounts been closed" or "your chats been blocked" sign, then hes not going to even bother changing IP addresses or users.


The core idea here is good - we already do something like it for our chat filters. The thing we want to avoid right now is making a forked "quarentined users" website for our one or two problem residents.

So, in game this would work well - out of game, maybe it doesn't apply so much.

Share this post


Link to post
Share on other sites
We have more than our share, perhaps, of troublesome users that disrupt the rest, and our game is free, so we've felt fine about getting creative with ban methods ;)

Some of the funnier ones included converting all of their text to pig latin, or, instead of echoing what they've typed, we print a random entry in a pre-entered list of extremely polite phrases (their messages still look normal to them, of course). We also have alternate channels we can send people to where they can only interact with other trouble makers.

More seriously, we've come up with some effective blocks:

* Regex blocking on names and hosts - I can pre-ban anyone with certain patterns in his name.

* IP range and host name (+regex) blocking: easily get-aroundable by experienced asses, but not worth the trouble, and impossible for many of our younger delinquents.

* Password banning: Most people don't think of changing their password even after going down the street to their friend's house to create a new account. We occasionally get "how did you know??" remarks. It's funny. I'm not sure I should say this in public here, but it's been a couple of years already... time for that trick to be up, maybe.

* Spam-blocking: we limit user's chat rate and throttle it depending on the similarity of what they're saying. Four identical remarks in five seconds earns any user a five minute ip/host/password gag (during which they can't talk to anyone).

Share this post


Link to post
Share on other sites
[lol] I never realized banning people could be so fun!

I'm tempted to start an MMO just so I can dream up creative ways to ban people and get rid of troublesome users.

Share this post


Link to post
Share on other sites
Why don't you try a warning system?

1st Warning - An e-mail/verbal warning from the mods. Maybe have the username in the chat window turn a different color for a set period of time, or something else to tell the rest of the people on the server that the person is on the warning system.

2nd Warning - Ban from the game/forum for a short period of time (days), followed by read-only access to the chat/forum for a longer period (weeks), plus another warning from the mods.

3rd Warning - All out ban.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
It depends on what the user did, ie was it racial, sexiest or foul language? if so report them to there isp.

Share this post


Link to post
Share on other sites
Quote:
Original post by LiteFeather
Why don't you try a warning system?

1st Warning - An e-mail/verbal warning from the mods. Maybe have the username in the chat window turn a different color for a set period of time, or something else to tell the rest of the people on the server that the person is on the warning system.

2nd Warning - Ban from the game/forum for a short period of time (days), followed by read-only access to the chat/forum for a longer period (weeks), plus another warning from the mods.

3rd Warning - All out ban.


Well that's the traditional way. As listed above, showing the bad user the warning may cause them to change IP/account names/other, which basically bypasses your efforts at blocking the user.
I personally like the alternate world idea.

But also, couldn't the admin/mod send a packet that displays an image saying something in the line of "This game is not up-to-date, and the new patch must be downloaded before joining a game." It would fool a greater audience, as this is seen in many online games. And if this "patch" doesn't exist, the guy will be stumped and move on to another game.

Share this post


Link to post
Share on other sites
patch your game to read a binary file or some kind of file in the config that says that the player can't play. If all of a sudden when he logs in and gets banned the file changes. Next time he tries to open the game just put a msgbox that says your not allowed to play. Along with the regular banning. I've played your game and it seems like an effective system. Most players arn't smart enough to know what to do. Other than uninstall and reinstall it and create a new account with a changed IP. (I know it would be evil to not uninstall that file so that even if they install it again it won't work, but don't). Oh yah and don't ban IP's forever, there's a 1 in a billion chance someone might connect to that IP and try to play.

Share this post


Link to post
Share on other sites
Quote:
Original post by Telamon
Personally, the idea of making a purgatory world for problem users is appealing to me, but we are a small team and we have a billion other things to do add features for the other 99.99% of our users.

Most of the people we will want to ban are probably going to be bratty young kids who lack the technical sophistication to overcome anything except the most simple banning tech. Although none of us have tried, I imagine hacking the Roblox client would be nightmarishly hard -- and thus is the least likely point of attack.

I guess my assumption was that fewer people know how to change MAC addresses than know how to get their IP cycled. I'm also toying with the idea of doing a "digital fingerprint" of the system that would include computer name, gfx card, amount of RAM, MAC address(es), ect and do a "fuzzy compare" to estimate the odds of new accounts actually being previously banned players. (These data would be gathered by our client-side game exe - maybe we could create a browser cookie for "bad players" that the forum software could look for)

That being said, we just need a quick fix right now, so I will probably just implement the good 'ol IP banning method.


Our game is targetted at children, so a high level of moderation is required - it is not enough to say "Oh well, your forums are public, deal with it." The last thing we want is some angry parent emailing us because their kid got pogromed on one of our forums.


Although you may think it may be "nightmarishly hard" to hack the client, if one talented cracker breaks it and shares the crack, anyone can get around the security. This may be less of a problem if your game is targeted at kids, but there's still the possibility of some older delinquent (who can crack) finding it and deciding to have some "fun".

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
1. Using the IP will not work, atleast in europe, where most users dont have a static IP. Each time a user connects to his ISP a new IP will be assigned to him. It works as a short term banning, but whenever the user reconnect to his ISP he will probably get an other IP.

2. Why not the MAC address ? (Will propably only works with your game not with your forum)

I. Each time a user logs in , track his MAC address and time.
II. If you need to ban this user, ban all known MAC addresses.
III. Changing the MAC address is quite hard for home used computers (required new hardware!).
IV. If the MAC addresss changes too often, he is probably hacking your game or using an other computer each time.
V. Whenever the MAC address changed too often(i.e. 5 times within 3 days), block the game access for a day.

Share this post


Link to post
Share on other sites
One of the anti-cracking methods I always liked was to subtly break the game so crackers thought they had succeeded. I think they used this method on the European releases of Spyro the Dragon and a few Amiga games.

Obviously, as others have said, cast 'banned' accounts into a terrible netherworld of sorts where they are eternally torn apart by the worst demons imaginable. IP ban 'em from making new accounts.

I really do like the eternal "I need to patch. You need to restart the game to install this patch. I need to patch. You need to.." loop though. That's a special kind of evil. You could always have them log in, then deliver a "killer" patch that breaks the game EXE. Once they reinstall and log in again, down comes the killer patch again, and...

I don't quite understand how MAC filtration is supposed to work; are you trusting the clients to go "I'm foobar @ 194.31.10.10 and my mac address is DE:AD:BE:EF"? That's probably pretty vulnerable to cracking, and brings up frightening privacy implications.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement