[H0i]

Divinity, on 31 July 2012 - 07:47 PM, said:

Hackers don't seem to have any issues changing their IP or even GUID to evade a ban. They do that already. If you are relying on IP fidelity on your checks and trusting third party email providers to stop multiple email accounts in order to make auth successful, then I'd say it's DOA for stopping hackers beyond the drive by-hackers. The determined types won't have too much trouble coming back in minutes if you aren't putting delays on account activation.

Yes of course, but this process also takes some time. Considerably more than what was required in 4.1. If this stops the drive by hackers it already does something good.

Keep in mind people could as well register 5 accounts at the same time and switch them after being banned, avoiding the activation delay in this way. But this is where the notoriety comes in. Are they going to play on all those accounts to get a higher 'level' on all of them? I don't think so. So if the cheater is banned and comes back with a newbie account and nearly 0 ingame time, he can easily be blocked again, or the admin could just block any accounts that are newbie accounts. In the end admins will still have to put in some effort to get rid of the most persistent hackers, but it has become a lot more time intensive for the hackers and a lot less time intensive for the admins.

[luckystrikes]

Just to be clear, Is notoriety the same across all servers with auth enabled or is it specific to each individual server a player enters. If I start my own server and leave myself afk in it 24hrs a day... will I have a high notoriety upon connecting to a new server I have never played before?

This post has been edited by luckystrikes: 31 July 2012 - 09:23 PM

[/eVo/Divinity]

Would it be difficult to add this kind of logic into the system? (this is pseudocode)

client->get_account_age();
if (client->age < server->minimum_required_age) then
    client->report("Your account must be at least " . minimum_required_age . " old to connect to this server.");
    client->reject();

This post has been edited by Divinity: 31 July 2012 - 09:29 PM

[Drizzt]

So if i have a server, and i want only allow players with auth systems enabled:

/auth_notoriety 1
/auth_enable 1

It's correct?

And for manage the servers, you must know the rcon or with the authentication system enabled, you can assign privileges to users to manage the server?


Sorry for my english :/

[BRAVO]

Divinity, on 31 July 2012 - 09:28 PM, said:

Would it be difficult to add this kind of logic into the system? (this is pseudocode)

client->get_account_age();
if (client->age < server->minimum_required_age) then
    client->report("Your account must be at least " . minimum_required_age . " old to connect to this server.");
    client->reject();

I think that would be discriminatory, in the same way it would be an option to ban windows users.

[bubbleboy]

Quote

on connection to a game server your Urban Terror account name will be displayed to everyone

What's the difference between a server where you can use an alias and a 'game server' where you can't? I don't want to have to use this name but name changes are suspended.

edit - I think I might have misunderstood actually, after re-reading I think it just means your account name appears when you connect and you can still play using another name.

This post has been edited by BubbleBoy: 31 July 2012 - 11:23 PM

[icarebecauseyoudo]

thelionroars, on 31 July 2012 - 03:08 PM, said:

For server owners/operators out there who think that they have the right to choose who plays on their servers and what is appropriate behaviour, it is my strong recommendation that you ban this player, a.k.a Intrinsic.

I agree. Not sure this is the place to be discussing this though, so perhaps we could move this conversation to a more appropriate venue?

This post has been edited by icarebecauseyoudo: 01 August 2012 - 05:45 AM

[Todd]

H0i, on 31 July 2012 - 09:21 PM, said:

or the admin could just block any accounts that are newbie accounts.

If the reason you dislike the 'delayed auth activation' idea is because it may deter new players, this here will will have a much more detrimental effect.
I'm not suggesting implementing this asap, but rather down the track once the (hopefully) huge influx of new/returning players installing 4.2 has subsided, and also with the option of disabling the feature whenever an upcoming surge is expected. i.e. following each update released.
I know it's not perfect, but at least it's one extra layer of protection that can't be shortcutted conveniently by hackers (c.f. a certain qkey file). I suspect most ban evaders will quickly tire of playing their cat-mouse game after a few bans.
----------
Perhaps the 'one auth per player' is more of a rule than a feature, meaning players' extra accounts will be banned upon proof they're an alias?...not that definitive proof is realistically possible. :(


@BRAVO: I think Div is referring to the age of the ban, not the age of the player. I hope so anyway.

I don't think asking newbies to keep their pants on for a little longer before playing is too much to ask. Even if it were to be 30 minutes, would be better than nothing.


Edit: regardless, the changes that have been made already are great, really. Appreciate the time put in <3

This post has been edited by Todd: 01 August 2012 - 07:00 AM

[-21-Garreth]

What about hardware fingerprinting FrozenSands? Because most of the cheaters will still use changing IP address for griefing, so fingerprinting would make starting new accounts even harder and could be done in the background.

[bw|IceMan]

how does this translate into the log file?
yes, I want to update my bot since this is much better than the qkey.