[Suggestion] UID3

Started by EK.IceFlake, Feb 08, 2017, 12:06 PM

Previous topic - Next topic

EK.IceFlake

Well some nerd is ban evading on vks server and making us (the admin team) very angry. I suggest a UID3 which would return a hashed version of the players product key.

vito

What if they are using cracked version from torrents? (most of them are I am sure).
I don't really think UID3, UID4, UID5 will help, it's will be forever fight with cheaters. Make an invite system (but there is social corruption effect) or something else to keep your users clean, but any method is very dangerous to playercount, especially for new players.

KAKAN

Whatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
oh no

EK.IceFlake

Quote from: vito on Feb 08, 2017, 12:20 PMWhat if they are using cracked version from torrents? (most of them are I am sure).
I don't really think UID3, UID4, UID5 will help, it's will be forever fight with cheaters. Make an invite system (but there is social corruption effect) or something else to keep your users clean, but any method is very dangerous to playercount, especially for new players.
Well... then you got what you pay for.
However, I just thought of a problem: some people don't have any product key, due to the new microsoft digital entitlement or something.
We need something that uses some hardware code. A hard drive serial, not a volume serial (which is normal UID) would be good.

EK.IceFlake

Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then

jWeb

Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PM
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then

You don't block it. You simply change it.

EK.IceFlake

Quote from: jWeb on Feb 08, 2017, 12:57 PM
Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PM
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then

You don't block it. You simply change it.
Then you use a country ban as a last resort

Xmair

And then proxy jumps in.

Credits to Boystang!

VU Full Member | VCDC 6 Coordinator & Scripter | EG A/D Contributor | Developer of VCCNR | Developer of KTB | Ex-Scripter of EAD

jWeb

Quote from: EK.IceFlake on Feb 08, 2017, 01:36 PM
Quote from: jWeb on Feb 08, 2017, 12:57 PM
Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PM
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then

You don't block it. You simply change it.
Then you use a country ban as a last resort

And what if he's from your country? Does that mean you banned yourself?

EK.IceFlake

Quote from: jWeb on Feb 08, 2017, 01:49 PM
Quote from: EK.IceFlake on Feb 08, 2017, 01:36 PM
Quote from: jWeb on Feb 08, 2017, 12:57 PM
Quote from: EK.IceFlake on Feb 08, 2017, 12:23 PM
Quote from: KAKAN on Feb 08, 2017, 12:22 PMWhatever you do, the UID packets are sent over the client and I'm sure anyone with a bit of knowledge knows how to block that :D
Lmao the server can reject connection then

You don't block it. You simply change it.
Then you use a country ban as a last resort

And what if he's from your country? Does that mean you banned yourself?
Add yourself to a whitelist

Anyways, we are making it harder for hackers to evade, not impossible. Making that impossible is impossible

KAKAN

country ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use  file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up
oh no

jWeb

#11
Quote from: KAKAN on Feb 08, 2017, 01:56 PMcountry ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use  file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up

IO is denied on client for several good reasons. First, the file can easily be removed. Secondly, I can get nasty with it. I can write a file so huge that will occupy the whole system drive. And the user would have no idea why. Thirdly, I could write malicious files to the user's disk. And so on.

Quote from: EK.IceFlake on Feb 08, 2017, 01:53 PMAdd yourself to a whitelist

What if you have a dynamic IP address? Will you white-list that for everyone in a certain country every-time they try to connect? So they're gonna be like "hey man, I wanna play. can you let me?".

Or do you plan on avoiding that issue by creating accounts and white-listing accounts? But doesn't this defeat the purpose of having a UID in the first place?

I mean, you could make the accounts harder to obtain. Such as making registration by invitation only. And also punishing the user who invited a cheater. Making the accounts harder to obtain. Thus making the users think again before cheating or inviting a cheater.

And to that you might respond with "but then you'll have an empty server". Well isn't that the same as banning everyone who's cheating? Without a way for them to come back.

But if you reach that point then that means your server wasn't good enough to convince them to behave in order to obtain the privilege to play on it. So that's your fault.

Quote from: EK.IceFlake on Feb 08, 2017, 01:53 PMAnyways, we are making it harder for hackers to evade, not impossible. Making that impossible is impossible

You're not making i harder as long as it's in control of the client's machine.

DizzasTeR

Eh? You know as the evaders get stronger, your protection and security measures should get stronger as well. Think of every tiny information each player has unique and compare them, if the result is not 100% equal but there are small matches then log it and inspect it.

KAKAN

Quote from: jWeb on Feb 08, 2017, 02:14 PM
Quote from: KAKAN on Feb 08, 2017, 01:56 PMcountry ban is the worst thing i can think of.
These guys don't know programming, they're script kiddies, so I was thinking to use client side to save a file on the client( you can use  file class for that), and check if the file exists, if it does, ban that guy and if not, then... Atleast that's what we can do until the devs show up

IO is denied on client for several good reasons. First, the file can easily be removed. Secondly, I can get nasty with it. I can write a file so huge that will occupy the whole system drive. And the user would have no idea why. Thirdly, I could write malicious files to the user's disk. And so on.
Then, the devs should give us some Storage method( take localStorage or sessionStorage in web for ex ) with a limit of about 1MB
oh no

jWeb

#14
Quote from: KAKAN on Feb 08, 2017, 05:55 PMThen, the devs should give us some Storage method( take localStorage or sessionStorage in web for ex ) with a limit of about 1MB

The other option would be to allow servers to have a persistent storage database based on SQLite since you can limit the database size and provide a neat way of storing structured data without direct access to the storage disk since everything is isolated in the database.

Actually a feature like that should've been done in the first place.