[Suggestion] UID3

EK.IceFlake · Feb 08, 2017, 12:06 PM

Well some nerd is ban evading on vks server and making us (the admin team) very angry. I suggest a UID3 which would return a hashed version of the players product key.

vito · Feb 08, 2017, 12:20 PM

What if they are using cracked version from torrents? (most of them are I am sure).
I don't really think UID3, UID4, UID5 will help, it's will be forever fight with cheaters. Make an invite system (but there is social corruption effect) or something else to keep your users clean, but any method is very dangerous to playercount, especially for new players.

KAKAN · Feb 08, 2017, 12:22 PM

Whatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that

EK.IceFlake · Feb 08, 2017, 12:23 PM

Quote from: vito on Feb 08, 2017, 12:20 PMWhat if they are using cracked version from torrents? (most of them are I am sure).
I don't really think UID3, UID4, UID5 will help, it's will be forever fight with cheaters. Make an invite system (but there is social corruption effect) or something else to keep your users clean, but any method is very dangerous to playercount, especially for new players.

Well... then you got what you pay for.
However, I just thought of a problem: some people don't have any product key, due to the new microsoft digital entitlement or something.
We need something that uses some hardware code. A hard drive serial, not a volume serial (which is normal UID) would be good.

EK.IceFlake · Feb 08, 2017, 12:23 PM

Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that

Lmao the server can reject connection then

jWeb · Feb 08, 2017, 12:57 PM

Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PM
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that
Lmao the server can reject connection then

You don't block it. You simply change it.

EK.IceFlake · Feb 08, 2017, 01:36 PM

Quote from: jWeb on Feb 08, 2017, 12:57 PM
Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PM
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that
Lmao the server can reject connection then

You don't block it. You simply change it.

Then you use a country ban as a last resort

Xmair · Feb 08, 2017, 01:42 PM

And then proxy jumps in.

jWeb · Feb 08, 2017, 01:49 PM

Quote from: EK.IceFlake on Feb 08, 2017, 01:36 PM
Quote from: jWeb on Feb 08, 2017, 12:57 PM
Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PM
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that
Lmao the server can reject connection then

You don't block it. You simply change it.
Then you use a country ban as a last resort

And what if he's from your country? Does that mean you banned yourself?

EK.IceFlake · Feb 08, 2017, 01:53 PM

Quote from: jWeb on Feb 08, 2017, 01:49 PM
Quote from: EK.IceFlake on Feb 08, 2017, 01:36 PM
Quote from: jWeb on Feb 08, 2017, 12:57 PM
Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PM
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that
Lmao the server can reject connection then

You don't block it. You simply change it.
Then you use a country ban as a last resort

And what if he's from your country? Does that mean you banned yourself?

Add yourself to a whitelist

Anyways, we are making it harder for hackers to evade, not impossible. Making that impossible is impossible

KAKAN · Feb 08, 2017, 01:56 PM

country ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up

jWeb · Feb 08, 2017, 02:14 PM

Quote from: KAKAN on Feb 08, 2017, 01:56 PMcountry ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up

IO is denied on client for several good reasons. First, the file can easily be removed. Secondly, I can get nasty with it. I can write a file so huge that will occupy the whole system drive. And the user would have no idea why. Thirdly, I could write malicious files to the user's disk. And so on.

Quote from: EK.IceFlake on Feb 08, 2017, 01:53 PMAdd yourself to a whitelist

What if you have a dynamic IP address? Will you white-list that for everyone in a certain country every-time they try to connect? So they're gonna be like "hey man, I wanna play. can you let me?".

Or do you plan on avoiding that issue by creating accounts and white-listing accounts? But doesn't this defeat the purpose of having a UID in the first place?

I mean, you could make the accounts harder to obtain. Such as making registration by invitation only. And also punishing the user who invited a cheater. Making the accounts harder to obtain. Thus making the users think again before cheating or inviting a cheater.

And to that you might respond with "but then you'll have an empty server". Well isn't that the same as banning everyone who's cheating? Without a way for them to come back.

But if you reach that point then that means your server wasn't good enough to convince them to behave in order to obtain the privilege to play on it. So that's your fault.

Quote from: EK.IceFlake on Feb 08, 2017, 01:53 PMAnyways, we are making it harder for hackers to evade, not impossible. Making that impossible is impossible

You're not making i harder as long as it's in control of the client's machine.

DizzasTeR · Feb 08, 2017, 03:12 PM

Eh? You know as the evaders get stronger, your protection and security measures should get stronger as well. Think of every tiny information each player has unique and compare them, if the result is not 100% equal but there are small matches then log it and inspect it.

KAKAN · Feb 08, 2017, 05:55 PM

Quote from: jWeb on Feb 08, 2017, 02:14 PM
Quote from: KAKAN on Feb 08, 2017, 01:56 PMcountry ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up

IO is denied on client for several good reasons. First, the file can easily be removed. Secondly, I can get nasty with it. I can write a file so huge that will occupy the whole system drive. And the user would have no idea why. Thirdly, I could write malicious files to the user's disk. And so on.

Then, the devs should give us some Storage method( take localStorage or sessionStorage in web for ex ) with a limit of about 1MB

jWeb · Feb 08, 2017, 06:14 PM

Quote from: KAKAN on Feb 08, 2017, 05:55 PMThen, the devs should give us some Storage method( take localStorage or sessionStorage in web for ex ) with a limit of about 1MB

The other option would be to allow servers to have a persistent storage database based on SQLite since you can limit the database size and provide a neat way of storing structured data without direct access to the storage disk since everything is isolated in the database.

Actually a feature like that should've been done in the first place.