Technology's a decent preventive measure but there's really nothing like making a swift example of a griefer.
From my experience, it's usually pretty trivial to catch them in the act once you have an idea of what's going on (through logs or a GM page). They're even so predictable as to go right back to whatever they were doing the second after you leave them with their warning. And in the case they reregister, neither their ego nor their behavior will allow them more than a couple days of freedom (depending on your playerbase's size, it's easier to police 300 people on a free server than 300,000 on UO proper). I don't know about your situation but such a short lifespan is pretty crippling in a somewhat treadmill dependent MMORPG.
IP banning and the like, IMO, has too great a possibility of hurting the wrong people and should really be part of a more comprehensive (human involved) solution and open to appeal at a later date. Just my two cents though :)
18 users logged in
Proud partner of GDC 2025
Before posting, review our community guidelines.
Support GameDev.net with a monthly GDNet+ subscription!
Banning the MAC - possible?
126
January 04, 2006 05:18 PM
I feel like this thread has gone off on a tangent.
Why ban by computer and not account? What about internet cafes? And if you want to ban by computer why not just negotiate a unique ID at registration time? Wheather it is based on a physical serial number or not is beside the point.
Why ban by computer and not account? What about internet cafes? And if you want to ban by computer why not just negotiate a unique ID at registration time? Wheather it is based on a physical serial number or not is beside the point.
January 04, 2006 10:43 PM
The problem with banning accounts is that, if accounts are free, griefers will just create dozens of them (maybe hundreds!).
The problem with generating a unique ID at registration time is that griefers will figure out where on the computer you store it (registry, disk, isolated storage, boot sector, ...), and they will write a little tool that just removes the ID, making the machine look un-registered.
The problem with generating a unique ID at registration time is that griefers will figure out where on the computer you store it (registry, disk, isolated storage, boot sector, ...), and they will write a little tool that just removes the ID, making the machine look un-registered.
enum Bool { True, False, FileNotFound };
157
January 05, 2006 01:32 AM
Yes, hplus is right. We have problems because accounts are free and easy to create, they only require a valid email adress that work once. Banning accounts is futile, banning a particular machine will help a lot to slow down the offender. We never had to get to the point of banning per machine tho.
126
January 05, 2006 06:06 PM
Mate, give me an hour and Ill spoof any physical serial you want. Here are some ways to do it:
- Decompile and rewrite driver
- Write filter driver (yes from a template an hour)
- Decompile and rewrite MS API that does the query
- Decompile and rewrite game client
- Write an out going filter
It's all about time, consider this model:
Realise that the uid need not be supplied as the final stage of installation but during installation. If the game is fully installed and the uid doesnt exist then it wont just get a new one.
The uid is negotiated. That is the client passes an id, and the server generates a uid by hashing the id with a key not known to the client.
At logon, the client passes the uid to the server for confirmation. This means that the user cannot generate their own uid.
This is still hackable (just need to emulate a uid request) as are all systems, but heres the tricky bit:
The key is generated recursively during installation as requested by the server. The point of this is to force the key generation to be a slow process (timed to coincide with a fast install).
So there is initial hack time to extract the request code plus a down time for each request. That trumps initial hack time for any other system with no extra time per change of id.
I still think you should ban by account though :)
[Edited by - Scuppy on January 5, 2006 6:06:19 PM]
- Decompile and rewrite driver
- Write filter driver (yes from a template an hour)
- Decompile and rewrite MS API that does the query
- Decompile and rewrite game client
- Write an out going filter
It's all about time, consider this model:
Realise that the uid need not be supplied as the final stage of installation but during installation. If the game is fully installed and the uid doesnt exist then it wont just get a new one.
The uid is negotiated. That is the client passes an id, and the server generates a uid by hashing the id with a key not known to the client.
At logon, the client passes the uid to the server for confirmation. This means that the user cannot generate their own uid.
This is still hackable (just need to emulate a uid request) as are all systems, but heres the tricky bit:
The key is generated recursively during installation as requested by the server. The point of this is to force the key generation to be a slow process (timed to coincide with a fast install).
So there is initial hack time to extract the request code plus a down time for each request. That trumps initial hack time for any other system with no extra time per change of id.
I still think you should ban by account though :)
[Edited by - Scuppy on January 5, 2006 6:06:19 PM]
January 05, 2006 06:46 PM
For a griefer, re-installing isn't that big a deal. They gotta get their anti-social kicks on, else they'd feel all lonely and helpless.
But it's moving in the right direction. If you really want to make sure it costs something to mint a new ID, how about .... charging for accounts? :-)
But it's moving in the right direction. If you really want to make sure it costs something to mint a new ID, how about .... charging for accounts? :-)
enum Bool { True, False, FileNotFound };
413
January 05, 2006 07:11 PM
I like Scuppy's idea,
only problem I see with it is that if the user needs to waste a long time (say 5 minutes) to recursivly calculate its uid, the server will need a long time too.
If the server gets 100 new users per hour it has to calculate the new UIDs... and it will make a CPU bottle neck.
Maybe I didnt understand the idea right?
Iftah.
only problem I see with it is that if the user needs to waste a long time (say 5 minutes) to recursivly calculate its uid, the server will need a long time too.
If the server gets 100 new users per hour it has to calculate the new UIDs... and it will make a CPU bottle neck.
Maybe I didnt understand the idea right?
Iftah.
100
January 05, 2006 07:43 PM
Require a key purchased with a 1 dollar fee paid online by Credit Card. Then use that information to identify them as a real person who is not on the banned list. The key should be sent through e-mail.
Programming since 1995.
January 10, 2006 11:41 AM
You're assuming that the goal of the griefer is to play the game.
The goal of the griefer is often to grief; they wouldn't care that being in good standing after 30 days gives you the Super +8 Cleaver.
The goal of the griefer is often to grief; they wouldn't care that being in good standing after 30 days gives you the Super +8 Cleaver.
enum Bool { True, False, FileNotFound };
238
January 10, 2006 12:12 PM
Quote:
Original post by hplus0603
You're assuming that the goal of the griefer is to play the game.
The goal of the griefer is often to grief; they wouldn't care that being in good standing after 30 days gives you the Super +8 Cleaver.
True, but one might highly limit what players of new accounts can do. That way, you might prevent griefers from doing some of the things that cause the most problems. It would really depend on how the game is designed, though, and even if it worked for a particular game, it would only be a partial solution.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
Recommended Tutorials
Advertisement