Sign in to follow this  
leeor_net

Unique Client Identifier

Recommended Posts

I've been toying with a couple of ideas as to how to uniquely identify a client without having to use their IP address (and without violating privacy) particularly in the case of banning. Suffice it to say that I'm developing a multiplayer game in which users connect to a central server for (basically) matchmaking and I've considered that at some point it may become necessary to permanently ban a player. While the easy way would be to, very simply, delete an account and ban certain e-mail addresses from registering, suppose there's a bit of a savvy end-user who's bent on ruining things for everybody else. What's an effective means of permanently banning that user without imposing whole IP range bans (as we all know IP bans are worthless these days)? I had thought it possible that the client could generate a hash from some sort of identifier on the machine such as hardware or some sort of GUID provided by the host OS... I've poked around on Google for a bit and there are many suggestions against using MAC addresses as these can be changed via software/drivers. CPUID seems to no longer be supported and other things are Windows only (this game currently runs on Windows, MacOS X and BSD). I imagine that each platform will probably have some slightly different means of achieving a unique identifier. It's also an open-source game which means that anybody with any bit of programming knowledge will probably be able to get around such a permaban very easily by modifying the client to send a random hash (which would then circumvent the ban). These are repeat offenders that can be reported to ISP's and I seriously doubt I'd see too many of them. Anyway, I'm curious what others' thoughts on this are? (P.S. -- this isn't about perfect security or even industry grade game protection... more an intellectual challenge)

Share this post


Link to post
Share on other sites
I don't think you need to go that far. The simple act of signing up (and verifying an email address) is usually enough to discourage most people. For example, I'm pretty sure that's all gamedev.net does.

Share this post


Link to post
Share on other sites
I agree with Codeka in that going further than simple email verification is usually not necessary.

That said, a hash of things like hard drive serial or bios dates could be a good way to go. But as you know, it's almost impossible to stop someone dedicated enough, a better way to think is how to make it pointless to cheat/harrass instead of a challenge.

Share this post


Link to post
Share on other sites
Storing a UUID in the registry is a good way -- the "naive" trouble-makers will never figure it out.

Real troublemakers, though, will know the following tricks:

1) Use disposable e-mail.
2) Change the MAC address of the network card.
3) Run virtualized so hardware can change.
4) Connect through a VPN or open proxy, so IP addresses change.
5) Use one-time-use credit cards.

The best way to combat that is to provide enough value that users want to pay for the service. Then put required services on the network (on your servers), controlled by a user id / password. If you ban someone, ban that user id / password, and they have to pay again. That way, at least you'll be making a little bit of money if they persist.

Another option is to let user prefer/vote on other users, and users who are troublesome simply don't end up playing with people who don't like them.

Share this post


Link to post
Share on other sites
Quote:
Original post by hplus0603
Another option is to let user prefer/vote on other users, and users who are troublesome simply don't end up playing with people who don't like them.

Along the same lines. Some volunteer players that can act as mini moderators. Allowing them to suspend and recommend banning can be useful to keep the peace.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this