Well some nerd is ban evading on vks server and making us (the admin team) very angry. I suggest a UID3 which would return a hashed version of the players product key.
What if they are using cracked version from torrents? (most of them are I am sure).
I don't really think UID3, UID4, UID5 will help, it's will be forever fight with cheaters. Make an invite system (but there is social corruption effect) or something else to keep your users clean, but any method is very dangerous to playercount, especially for new players.
Whatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Quote from: vito on Feb 08, 2017, 12:20 PMWhat if they are using cracked version from torrents? (most of them are I am sure).
I don't really think UID3, UID4, UID5 will help, it's will be forever fight with cheaters. Make an invite system (but there is social corruption effect) or something else to keep your users clean, but any method is very dangerous to playercount, especially for new players.
Well... then you got what you pay for.
However, I just thought of a problem: some people don't have any product key, due to the new microsoft digital entitlement or something.
We need something that uses some hardware code. A
hard drive serial, not a volume serial (which is normal UID) would be good.
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then
Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PMQuote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then
You don't block it. You simply change it.
Quote from: jWeb on Feb 08, 2017, 12:57 PMQuote from: EK.IceFlake on Feb 08, 2017, 12:23 PMQuote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then
You don't block it. You simply change it.
Then you use a country ban as a last resort
And then proxy jumps in.
Quote from: EK.IceFlake on Feb 08, 2017, 01:36 PMQuote from: jWeb on Feb 08, 2017, 12:57 PMQuote from: EK.IceFlake on Feb 08, 2017, 12:23 PMQuote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then
You don't block it. You simply change it.
Then you use a country ban as a last resort
And what if he's from your country? Does that mean you banned yourself?
Quote from: jWeb on Feb 08, 2017, 01:49 PMQuote from: EK.IceFlake on Feb 08, 2017, 01:36 PMQuote from: jWeb on Feb 08, 2017, 12:57 PMQuote from: EK.IceFlake on Feb 08, 2017, 12:23 PMQuote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then
You don't block it. You simply change it.
Then you use a country ban as a last resort
And what if he's from your country? Does that mean you banned yourself?
Add yourself to a whitelist
Anyways, we are making it harder for hackers to evade, not impossible. Making that impossible is impossible
country ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up
Quote from: KAKAN on Feb 08, 2017, 01:56 PMcountry ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up
IO is denied on client for several good reasons. First, the file can easily be removed. Secondly, I can get nasty with it. I can write a file so huge that will occupy the whole system drive. And the user would have no idea why. Thirdly, I could write malicious files to the user's disk. And so on.
Quote from: EK.IceFlake on Feb 08, 2017, 01:53 PMAdd yourself to a whitelist
What if you have a dynamic IP address? Will you white-list that for everyone in a certain country every-time they try to connect? So they're gonna be like "
hey man, I wanna play. can you let me?".
Or do you plan on avoiding that issue by creating accounts and white-listing accounts? But doesn't this defeat the purpose of having a UID in the first place?
I mean, you could make the accounts harder to obtain. Such as making registration by invitation only. And also punishing the user who invited a cheater. Making the accounts harder to obtain. Thus making the users think again before cheating or inviting a cheater.
And to that you might respond with "
but then you'll have an empty server". Well isn't that the same as banning everyone who's cheating? Without a way for them to come back.
But if you reach that point then that means your server wasn't good enough to convince them to behave in order to obtain the privilege to play on it. So that's your fault.
Quote from: EK.IceFlake on Feb 08, 2017, 01:53 PMAnyways, we are making it harder for hackers to evade, not impossible. Making that impossible is impossible
You're not making i harder as long as it's in control of the client's machine.
Eh? You know as the evaders get stronger, your protection and security measures should get stronger as well. Think of every tiny information each player has unique and compare them, if the result is not 100% equal but there are small matches then log it and inspect it.
Quote from: jWeb on Feb 08, 2017, 02:14 PMQuote from: KAKAN on Feb 08, 2017, 01:56 PMcountry ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up
IO is denied on client for several good reasons. First, the file can easily be removed. Secondly, I can get nasty with it. I can write a file so huge that will occupy the whole system drive. And the user would have no idea why. Thirdly, I could write malicious files to the user's disk. And so on.
Then, the devs should give us some Storage method( take localStorage or sessionStorage in web for ex ) with a limit of about 1MB
Quote from: KAKAN on Feb 08, 2017, 05:55 PMThen, the devs should give us some Storage method( take localStorage or sessionStorage in web for ex ) with a limit of about 1MB
The other option would be to allow servers to have a persistent storage database based on SQLite since you can limit the database size and provide a neat way of storing structured data without direct access to the storage disk since everything is isolated in the database.
Actually a feature like that should've been done in the first place.
Local Storage won't help, and devs wont do it anyway.
Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PMWell... then you got what you pay for.
You may code good system of white/black/grey lists of subnets, you may code invitation system, but dreaming about vcmp devs will make something for this case it's totally worg way. Nobody will care about your server, only you have to.