Accounts using tokens

[Argh]

The token seems like it might be more robust

I'll concede that point, but doesn't that create an even greater incentive for people to create smurf accounts for the purpose of being disruptive? I guess what I'm trying to say here is that, if a unique id / password in the database is what's ultimately important, and the objective is to weed out people who are exploiting the engine's lack of security in various respects (of which this is a fairly minor example)... then it's probably time to get serious about the issue of smurfing in general, use a catchpa system that is lengthy enough (say, 20 words) that people will start to think twice about multiple accounts, etc., and cure the problem at its root- that it's very easy to come in and wreak havoc, and if you're on a uni NAT, then IP bans are totally unfair to the rest of people behind the NAT, etc.

Sorry in advance, I know this goes beyond the OP's complaint. Problem is, OP... this is just the tip of a very large iceberg. We should be planning for a fairly robust endgame, instead of poking fingers in the dike, imo.

[SirMaverick]

The token seems like it might be more robust

I'll concede that point, but doesn't that create an even greater incentive for people to create smurf accounts for the purpose of being disruptive? I guess what I'm trying to say here is that, if a unique id / password in the database is what's ultimately important, and the objective is to weed out people who are exploiting the engine's lack of security in various respects (of which this is a fairly minor example)...

Smurfs are not the subject of this thread. We are talking about mechanism to decide whether a user A in the lobby is the same user A in game. A secrete token/password exchanged between client and server in lobby and in game solves that problem.
If the user is a smurf or not is a complete different subject.

use a catchpa system that is lengthy enough (say, 20 words) that people will start to think twice about multiple accounts, etc.

Captchas try to prevent spamers (an thereby create more problems than they solve). Spamers try to create many accounts automatically. A smurf just needs 1.
Completely Automated Public Turing test to tell Computers and Humans Apart. Smurfs are mostly human.

[Argh]

Smurfs are not the subject of this thread.

Ultimately, yes, they are. Are we serious, about dealing with people disrupting the game population? Or do we just want to solve this one problem, which is pretty minor (compared to what other things hackers can do)?

Captchas try to prevent spamers (an thereby create more problems than they solve).

That's a pretty huge piece of un-logic there. If catchpas are so ineffective, then why are they used widely?

Smurfs are mostly human.

Which is why you make the catchpa 20 words long... so that it takes a human quite some time to make a new account, by hand, because it can't be automated. This doesn't totally eliminate the problem, it just makes it happen a lot less often.

It's the cost principle, people. When the real cost of an obnoxious behavior goes up, the amount of that activity goes down. There are very few people who are so dedicated to being obnoxious that they'd make dozens of accounts, just to ban-dodge, and then we can just ban tokens, instead of IPs, which solves a lot of problems all at once. So players use a unique token, they're seen by server / clients by that token, they get banned by that token... and new token creation is non-trivial, so they can't just smurf around the ban, but we don't have to ban IPs any more.

IOW... we can ban the clanners who pulled this stunt. But from the few things I've seen over here, it looks like this trick was spread and passed around pretty widely, fast. And I predict that it's just a small part of a very ugly chain here. This is the stuff we know about, because it's clumsy and obvious.

Why are we asking moderators to spend all of the effort on hunting people down and trying to get evidence together, when they could look up all tokens that came from that IP, and then see, very clearly, who pulls the ban-dodge from that NAT and attempts to attack again? Oh, and make the MAC address a part of the token, btw, so that people on the other side of NAT are easier to track down. Might as well get enough to at least send a friendly email to their network administrator, if they're behind a uni NAT, for example (I have no idea what IPs / IP ranges are banned atm, so I have no idea if any unis' entire playerbase is unable to log into the Official Server).

It'd solve a lot of problems at once, basically. No vet player who likes to smurf is going to have a serious problem with having to make a new smurf after a bit- they already do that anyhow. Just add a single step, to make it take a non-trivial amount of time. Voila. Bans that have real teeth, require non-trivial work to dodge, and can result in being tracked down more easily, if it needs to be taken to the formal complaint level (which I'm guessing doesn't happen often).

I guess people get upset, every time I point out that smurfing has pretty much no legitimate use, and that our bans not having a lot of teeth other than IP bans, which are hard to apply without banning entire ranges behind NAT, etc, is a very serious issue.

[lurker]

I don't think you understand what you're saying. Anything tokens can be made of can already be used for banning. There is no need to put info into tokens when the lobby server already has it.

[Argh]

OK, fair enough, educate me, then:

1. Does the Lobby server get the MAC address of all registrants?
2. Are we banning based on cross-match between MAC address and IP?
3. When a game starts, does the Lobby record who's supposed to have been in which Team, and their IP?
4. Do we need a more robust banning system, or is the real systematic issue that we have poor tools for determining (correctly) when bad behaviors occur?

I mean... I watch the arguments about this stuff, and I see a lot of anger and flailing, but it appears that we have some frustrating problems with what information is available forensically. If we already have all this information, as you suggest, then why isn't it just as easy as looking up games where these guys have pulled these stunts, looking up their IP/MAC and boom, they're gone until they and the offended party have both submitted savegames?

If we're already doing bans with pinpoint precision, fine, maybe tokens aren't the answer, and I can leave my arguments about smurfing aside. The problem here is that this is just one small fire here, and it's somewhat disquieting to see how hard-put you guys on the Moderator side seem to be at putting it out, since it sounds like you're telling me you have all the tools you need. So, where's the information process getting broken?

[aegis]

if we had the IPs of people who were spoofing in servers, we would be able to ban them.

[SirMaverick]

Smurfs are not the subject of this thread.

Ultimately, yes, they are. Are we serious, about dealing with people disrupting the game population? Or do we just want to solve this one problem, which is pretty minor (compared to what other things hackers can do)?

Smurf is a experienced player using a new account. That does not disrupting the game population. Malicious behavior, cheating etc. does.

Captchas try to prevent spamers (an thereby create more problems than they solve).

That's a pretty huge piece of un-logic there. If catchpas are so ineffective, then why are they used widely?

Where did I say they are ineffective? I said they create more problems than they solve. More info.

Smurfs are mostly human.

Which is why you make the catchpa 20 words long... so that it takes a human quite some time to make a new account, by hand, because it can't be automated. This doesn't totally eliminate the problem, it just makes it happen a lot less often.

WP: Captcha: They are used to tell humans apart from bots. You won't be able to used them to tell humans apart from "bad" humans. This is the main reason why captchas have no use here.
Besides that: Making it harder for you costumers to register/access is not a way to deal with spammers etc.

It's the cost principle, people. When the real cost of an obnoxious behavior goes up, the amount of that activity goes down.

Yes. But only if the obnoxious behavior is repeated often (like spaming). A malicious Spring player needs only 1 more account. Same cost every other user has.
To have a barrier for the malicious user you would have to make the cost higher than the actual benefit of using your system. You would exclude all users.

[Argh]

3. When a game starts, does the Lobby record who's supposed to have been in which Team, and their IP?

So, that's a no.

[SirMaverick]

MAC address

You want to do something against malicious users and trust their input?

then why isn't it just as easy as looking up games where these guys have pulled these stunts, looking up their IP/MAC and boom, they're gone until they and the offended party have both submitted savegames?

"Argh did bad things. I'll submit savegame next week."

If we're already doing bans with pinpoint precision

All they have is IP and username. Both might change with next login.

So, where's the information process getting broken?

Lobby does not know what is happening in game.

[Argh]

"Argh did bad things. I'll submit savegame next week."

It would be pretty obvious that if there was more than a few minutes delay after a complaint that the complaining party was probably not presenting an accurate case.

I mean... come on. If people are too lazy to submit their savegames when they want to talk about something people have done, that's their problem. If it's too hard for the average end-user to submit that information to a Moderator, though, that might be an issue.

A bigger issue, though- what if the Moderator doesn't have the mod or map in question? You can't view a Replay unless you have both...

You want to do something against malicious users and trust their input?

You have a better idea, given that both legitimate and malicious users are using Open Source software?

All they have is IP and username. Both might change with next login.

Well, that's a problem, and it goes back to "why aren't we requiring better authentication", which in turn arrives back at the crux, which is account creation. If I can run multiple map-hacked Spring copies in a library or computer lab somewhere, causing havok in multiple games, and it's easy and no effort to just keep creating new usernames... hmm... maybe that's a problem, until the poor Moderator bans every one of those IPs? And what if they're behind NAT? What happens then? You just ban the IP that NAT comes out of? What if that's a uni NAT for a whole student housing block?

Lobby does not know what is happening in game.

Nor can it. You can fix this loophole, but there are plenty of other ones, no doubt, that just require a little more effort.

Again... just log the players' IPs in Infolog. I don't know why this makes people twitch so much, real hackers are going to give you a fake one. And most people's firewalls give them the IPs of anybody wanting port access anyhow if you go look at the log. It's not like this is super-private information- you're basically slowing down the process and kidding yourselves about security / privacy, if you think that giving the players each others' IPs openly is a Bad Idea, imo.

[lurker]

Text.. text.. can't trust anything the lobby says.. text.. IPs are in the host infolog, bug your local dev.. text..

[aegis]

All they have is IP and username. Both might change with next login.

Yes, but giving me the IP immediately after the game will most likely allow me to catch the person or people in question.

[eyu100]

if we had the IPs of people who were spoofing in servers, we would be able to ban them.

You could ban them from connecting to the lobby, but they could have a friend observe a game and send them a modified script. They could connect to the game server and boot people without connecting their computer to the lobby.

[Auswaschbar]

if we had the IPs of people who were spoofing in servers, we would be able to ban them.

You could ban them from connecting to the lobby, but they could have a friend observe a game and send them a modified script. They could connect to the game server and boot people without connecting their computer to the lobby.

No, won't work. Also, if it would work this way, that wouldn't be a valid argument either.

[eyu100]

if we had the IPs of people who were spoofing in servers, we would be able to ban them.

You could ban them from connecting to the lobby, but they could have a friend observe a game and send them a modified script. They could connect to the game server and boot people without connecting their computer to the lobby.

No, won't work. Also, if it would work this way, that wouldn't be a valid argument either.

What do you mean?

A friend on a different computer joins a game and finds the IP address of the host. You create a program that communicates with your friend's computer and connects to the IP address as soon as the game starts (with another user's name). How would you stop that attack without using unique tokens or banning the friend from the lobby?

[Auswaschbar]

• you need to connect faster than the one you want to stole the place from. That is impossible if you take the router over another person
• even if so, banning bugusers is always a good idea, and just because there are other (more complicated ways) doesn't make it worthless to disable / punish it