User panel stuff on forum
  30 posts on 1 page  1
Client Talk
2008-01-27, 13:47
Member
182 posts

Registered:
Mar 2006
These are just some ideas for discussion for the Quakeworld developer guys, since you guys are very experienced:

Banning troublemakers, uniquely identifying players

Quake has always had the problem of having to identify players by IP address. This doesn't work very well for a lot of different for the purposes of banning. [Other games have the benefit of actually having ways to uniquely identify players: Steam, CD-keys and so forth).

But a possible solution is having the client pull the MAC address of the hardware running the internet adapter and creating a hash from it (might be some sort of privacy violation to send the actual address, I don't know). These addresses are unique worldwide, or so I've read.

If both the client and server were modified to expect this, this could be used as part of a key not only for banning, but also for true identification of a player. You can't do too much about your hardware.

For backwards compatibility, the server could accept old clients that don't do this, but make a notification of a client that isn't doing this.

Just want to see what kind of thoughts you guys have on this. I'm probably going to try this for NQ within a couple of weeks.
--------
Is that a roll of toothpicks in your pocket or are you just happy to see Sassa?
2008-01-27, 13:59
Member
705 posts

Registered:
Feb 2006
It just takes one command to change the mac address in Linux, but i guess most use windows and windows users probably don't even know what a mac address is, I'm all for it. faking is bad!
2008-01-27, 14:11
Member
1102 posts

Registered:
Jan 2006
Useless as MAC addresses are very easy to change. Any desperate troublemaker would laugh at this so just forget about it.
2008-01-27, 15:30
Member
637 posts

Registered:
Jan 2006
very laughable.
http://slip.4.pl/ - unblocking myspace facebook firewall
2008-01-27, 17:38
Moderator
1329 posts

Registered:
Apr 2006
It's really problematic at best.

Like already mentioned, MAC address can be changed easily these days. You can even do it through drivers on most of the network cards out there.

The only thing that might actually work would be to have some sort of identification system. It means you would have to create an account to some "master server" that provides you with an unique key. Then you should set up your client with that key and connect to the servers. While all this is being done your client would validate your auth info and allow you to connect to a server.

Now regarding the bans. It would mean that the server you are connecting would have to check your auth info from the "master server" and compare it to it's own ban list. What if the "master server" was down? You couldn't play at all since servers now require the auth info check (if it's to be strict and actually working). Also the connecting time would be somewhat increased. On top of that what prevents you from just making another account? Quake has no cd-key so on what basis should one get account infos?

And tbh what's the point for having such strong and lots of work requiring feature for that one cheater we see on each year? MVDSV can set real-ip bans that hit through proxies and avoiding such requires either coding experience to modify client or changing your ip-address (the part that isn't hard depending on the ISP). It's also possible to ban IP-ranges that actually might be an annoyance but it still works.
Servers: Troopers
2008-01-27, 17:45
Administrator
2059 posts

Registered:
Jan 2006
Being able to uniquely identity a player wouldn't only be good for preventing abuse and cheats, but also for things like individual statistics and such too, perhaps?
www.facebook.com/QuakeWorld
2008-01-27, 22:09
Member
637 posts

Registered:
Jan 2006
yep

there have been numerous projects on the polish qw board for that, it's pretty simple to implement actually, shaman had it like 90% working

btw, remember that 'nofake' or something hosted on the old qw.nu ? was awesome
http://slip.4.pl/ - unblocking myspace facebook firewall
2008-01-27, 23:50
Member
2 posts

Registered:
Jan 2008
email or irc like identd@w.t.f.
*
2008-01-28, 00:39
Member
182 posts

Registered:
Mar 2006
ruskie wrote:
It just takes one command to change the mac address in Linux, but i guess most use windows and windows users probably don't even know what a mac address is, I'm all for it. faking is bad!

Had no idea this was possible. I'm glad I asked

Renzo wrote:
MVDSV can set real-ip bans that hit through proxies and avoiding such requires either coding experience to modify client or changing your ip-address (the part that isn't hard depending on the ISP). It's also possible to ban IP-ranges that actually might be an annoyance but it still works.

Yeah, some ISPs you can change your IP address in 5 seconds. I can.

The more unique identification aspect would be good for stats too as someone above mentioned.
--------
Is that a roll of toothpicks in your pocket or are you just happy to see Sassa?
2008-01-28, 04:36
Member
347 posts

Registered:
Feb 2006
goqsane wrote:
btw, remember that 'nofake' or something hosted on the old qw.nu ? was awesome

It was called exposure BTW. :-)
2008-01-28, 08:31
Member
1026 posts

Registered:
Feb 2006
many ISPs in my country use Mac adress to identify clients and prevent IP stealing (since these ISPs are based on neighborhood LANs and it's very easy to steal someone's IP).

a protection idea would be to write a secret key in the registry and verify that if it's valid or banned.
the bad user would have to reinstall their OS to get rid of it.. and it would be kinda inconvenient.. well.. just an idea
god damn hippies >_<
2008-01-28, 12:26
Member
637 posts

Registered:
Jan 2006
nothing on the client side will ever be safe, just accept that.

try to make some kind of a central qw users database at least that will be SOMEWHAT of a 'safe' feature
http://slip.4.pl/ - unblocking myspace facebook firewall
2008-01-28, 13:31
Member
805 posts

Registered:
Mar 2006
Aquashark wrote:
many ISPs in my country use Mac adress to identify clients and prevent IP stealing (since these ISPs are based on neighborhood LANs and it's very easy to steal someone's IP).

a protection idea would be to write a secret key in the registry and verify that if it's valid or banned.
the bad user would have to reinstall their OS to get rid of it.. and it would be kinda inconvenient.. well.. just an idea

It would take like 20 seconds to find a secret registry key!
https://tinyurl.com/qwbrasil - QuakeFiles
2008-01-28, 14:31
Administrator
2059 posts

Registered:
Jan 2006
goqsane wrote:
nothing on the client side will ever be safe, just accept that.

try to make some kind of a central qw users database at least that will be SOMEWHAT of a 'safe' feature

As someone else said - what would prevent you from creating several users?
What would work as the "primary key" that you identify each user by? E-mail? PIN? I guess what we are trying to prevent here is troublemakers who uses aimbots, is an ass on a server or whatever and that will always be possible i think as it's impossible to uniquely identify even a person on the web when it comes to an international scene?
www.facebook.com/QuakeWorld
2008-01-28, 14:50
Member
805 posts

Registered:
Mar 2006
Ake Vader wrote:
goqsane wrote:
nothing on the client side will ever be safe, just accept that.

try to make some kind of a central qw users database at least that will be SOMEWHAT of a 'safe' feature

As someone else said - what would prevent you from creating several users?
What would work as the "primary key" that you identify each user by? E-mail? PIN? I guess what we are trying to prevent here is troublemakers who uses aimbots, is an ass on a server or whatever and that will always be possible i think as it's impossible to uniquely identify even a person on the web when it comes to an international scene?

Our incapacity to indentify bad users is really frustrating sometimes. However the many actions that could be taken to prevent this users from accessing servers, would be a bigger barrier to new player trying to experiment the game than for the unwanted ones.
https://tinyurl.com/qwbrasil - QuakeFiles
2008-01-28, 15:19
Member
312 posts

Registered:
Feb 2006
a solution (a shitty one, but one anyway) would be to form a high qw council to manually add the user id and passwords and have then implemented in every new ktx/mvdsv whatever the server is and using some sort of auth system like in the q bot, but im guessing this would be pretty flawed and silly. and slow too if someone wants to try the game.

and also might be annoying now that theres rookies joining the scene and no way telling whether they're fake or not without seeing them play but perhaps this could work if someone polished the idea and made it good if it's even possible
2008-01-28, 15:29
Member
1026 posts

Registered:
Feb 2006
another partial solution is resolving player IPs to country and city (like GGPO does in its matchmaking system).. as a sidenote: country flags would look cool in EZQuake scoreboard.

this partial solution coupled with another one would make faking really hard.

http://img172.imageshack.us/img172/9625/asd2fw1.th.jpg

placing mouse cursor on dots shows everyone from each dot's respective location..
god damn hippies >_<
2008-01-28, 15:34
Member
805 posts

Registered:
Mar 2006
We could use a better f_system, one that could not be turned off (maybe server side) to identify users (spectators and players).

Edit.: Aquashark's idea plus a better f_system check should be enougth to identify someone.
https://tinyurl.com/qwbrasil - QuakeFiles
2008-01-28, 17:23
Member
1102 posts

Registered:
Jan 2006
Is this a problem in the QW scene at all?
2008-01-28, 17:48
Member
1435 posts

Registered:
Jan 2006
I guess we are looking for something quick&cheap, but something that all players could easily start using.
I don't like being a pesimist, but QW is really lacking developers lately... (just another factor)
2008-01-28, 17:57
Administrator
2059 posts

Registered:
Jan 2006
Spirit wrote:
Is this a problem in the QW scene at all?

Well i really wanted to have something like this when some asshole joined the xs4all FFA server with an aimbot a couple of weeks ago.
www.facebook.com/QuakeWorld
2008-01-28, 20:04
Moderator
1329 posts

Registered:
Apr 2006
Ake Vader wrote:
Spirit wrote:
Is this a problem in the QW scene at all?

Well i really wanted to have something like this when some asshole joined the xs4all FFA server with an aimbot a couple of weeks ago.

Funny. I know the cheater's ip-address and it seems to be more or less static (swedish guy btw) since his ip-address can be matched on few different nicks. Therefore he could be easily banned using real-ip ban.
Servers: Troopers
2008-01-29, 07:23
Member
182 posts

Registered:
Mar 2006
Let's say there is Player X.

What is going to be constant about PlayerX in a realistic sense?

1. He will be using the same mouse setting every game (sensitivity, m_yaw, etc.)
2. He will be using the display settings every game (width, height, etc.)
3. He will be using the same FOV every game
4. f_system is going to be constant
5. Maybe other stuff

If you created something like a MD5 hash, CRC16 or CRC32 of that and displayed it in f_system, wouldn't that be virtually unique?

A CRC 16 is 4 hexidecimal digits like (F3B5), CRC32 is 8 (F3B5-2355) and a MD5 is way too long.
--------
Is that a roll of toothpicks in your pocket or are you just happy to see Sassa?
2008-01-29, 07:37
Member
569 posts

Registered:
Feb 2006
Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.
2008-01-29, 13:54
Member
805 posts

Registered:
Mar 2006
Willgurht wrote:
Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.

No drama please!

--//--

Baker5 wrote:
2. He will be using the display settings every game (width, height, etc.)
3. He will be using the same FOV every game

Not exactly!

I have 2 monitors in my computer (17" CRT and 19" wide), then I use two sets of display and mouse settings to match the monitor I'm using at certain moment. I'm not saying this to prove that kind of identification will be useless, I'm saying this to show that it's not flawless.
https://tinyurl.com/qwbrasil - QuakeFiles
2008-01-29, 18:58
Member
805 posts

Registered:
Mar 2006
Right now I'm using this service to know who is who on server!

http://www.ip-adress.com/
https://tinyurl.com/qwbrasil - QuakeFiles
2008-01-29, 21:02
Administrator
2059 posts

Registered:
Jan 2006
vegetous wrote:
Right now I'm using this service to know who is who on server!

http://www.ip-adress.com/

Sucks if you get an ip-address in Stockholm though for example.
www.facebook.com/QuakeWorld
2008-01-29, 22:28
Member
284 posts

Registered:
Oct 2006
Baker5 wrote:
Let's say there is Player X.

What is going to be constant about PlayerX in a realistic sense?

1. He will be using the same mouse setting every game (sensitivity, m_yaw, etc.)
2. He will be using the display settings every game (width, height, etc.)
3. He will be using the same FOV every game
4. f_system is going to be constant
5. Maybe other stuff

If you created something like a MD5 hash, CRC16 or CRC32 of that and displayed it in f_system, wouldn't that be virtually unique?

A CRC 16 is 4 hexidecimal digits like (F3B5), CRC32 is 8 (F3B5-2355) and a MD5 is way too long.

Not that I really feel a need for this kind of added lamer security, I could honestly say that I wouldn't pass phase checks for 1-3 on most days, even check 4 is suspect And what about players simply trying different settings during the game? Personally I don't believe that we can come up with a system that is easy to set up, manage, deploy and doesn't hinder new players. If we actually get to the point where the scene is huge and proportionally more lamers involved, then maybe, just maybe I would ask for something like this. Admin voting and giving trusted people admin rights on servers works pretty good atm.
2008-01-29, 23:41
Member
39 posts

Registered:
Jan 2006
niomic wrote:
Not that I really feel a need for this kind of added lamer security, I could honestly say that I wouldn't pass phase checks for 1-3 on most days, even check 4 is suspect And what about players simply trying different settings during the game? Personally I don't believe that we can come up with a system that is easy to set up, manage, deploy and doesn't hinder new players. If we actually get to the point where the scene is huge and proportionally more lamers involved, then maybe, just maybe I would ask for something like this. Admin voting and giving trusted people admin rights on servers works pretty good atm.

Agree.
2008-01-30, 01:35
Member
370 posts

Registered:
May 2006
Sometimes, every now and then, there are some haxx and bots on the XS4ALL FFA server, would be handy against them, but they are not that much around.
Custom maps for the show, episodes for the pro.
  30 posts on 1 page  1