ANTIBAN and whitelisting clarification

[cosmos]

If a group has the ANTIBAN permission shouldn't any user in that group be immune from a host/ip/master ban? i know that attempting to ban while the player is in the game is prevented but a test I ran with one of my admins where i banned the entire ip range he connects from before he joined the server did not produce expected results.

he was unable to login until the ban was removed even though his user group has ANTIBAN. my understanding of whitelisting users in bzflag was that if they were in a group with ANTIBAN privs they would be able to join the server even if an ip ban existed for their ip range. This is very handy when dealing with problem users who have access to large ip space where only a widespread ban is effective but could block legitimate players. furthermore players without static ips can be whitelisted easily.

am I reading this section of the code right?

// check against ban lists
bool playerIsAntiBanned = playerData->accessInfo.hasPerm(PlayerAccessInfo::ant
iban);
in_addr playerIP = playerData->netHandler->getIPAddress();
BanInfo info(playerIP);
if (!clOptions->acl.validate(playerIP,&info) && !playerIsAntiBanned) {


does that not state that if the connecting player DOES NOT have antiban perms he is denied but if he DID HAVE antiban perms it would not satisfy the if clause and thus not process the code pertaining to blocking banned users being denied?

[SportChick]

Cosmos, We've been using antiban and until recently, I thought it worked perfectly. I had one guy that we had whitelisted (i.e., given antiban privileges) who was able to join just fine for a long time, but then when we banned his sister, he got banned too. His sister was banned using an straight IP ban. The others we have whitelisted successfully are joining despite a hostban. Perhaps that's a clue into what's wrong.

[I_Died_Once]

I'm gonna risk getting flamed and shunned by alot of people here with this theory... please forgive me in advance....

Now, I could be wrong - but the root problem here does not sound like its a "whitelist" or "permission" issue.

Now that I have some experience under my belt in running Planet MoFo the past few months, allow me to add this in. I've found that when you have a trouble player, and you IP ban them... if someone comes along almost instantaneously saying "Oh, you banned my cousin/sister/brother/uncle/shop class teacher/garbage man/best friend" Chances are its the same person. I could be wrong in THIS instance, I could have been wrong in other instances... but the whole ordeal just reeks of it.

Now, as far as the whitelisting goes... I';m thinking along the lines of the group file, groups, and permissions are all to do with global recognition. Local IP bans are done locally, and I am thinking that a local IP ban overrides anything to do with global. Even though the user logging in has all sorts of permissions and belongs to so many groups... they're still logging in from a banned IP address. I could be wrong about this, too, now....

[cosmos]

I'm gonna risk getting flamed and shunned by alot of people here with this theory... please forgive me in advance....

Now, I could be wrong - but the root problem here does not sound like its a "whitelist" or "permission" issue.

Now that I have some experience under my belt in running Planet MoFo the past few months, allow me to add this in. I've found that when you have a trouble player, and you IP ban them... if someone comes along almost instantaneously saying "Oh, you banned my cousin/sister/brother/uncle/shop class teacher/garbage man/best friend" Chances are its the same person. I could be wrong in THIS instance, I could have been wrong in other instances... but the whole ordeal just reeks of it.

Now, as far as the whitelisting goes... I';m thinking along the lines of the group file, groups, and permissions are all to do with global recognition. Local IP bans are done locally, and I am thinking that a local IP ban overrides anything to do with global. Even though the user logging in has all sorts of permissions and belongs to so many groups... they're still logging in from a banned IP address. I could be wrong about this, too, now....

I wish we lived in a perfect world I probably have a bit of a unique situation with Hepcat that is causing me to go down the whitelist path at all and quite simply that is a steady rash of troublemakers including a few that have access to enormous ip ranges making single ip and even class c bans near innefective while at the sametime causing innocent players alot of hassle when caught up inadvertantly in bans. we have tried forcing registration and other measures but it is only half effective and eventually causes more work and admin involvement trying to explain registration to new users, why we are doing this and then of course the 35% who refuse to register. in the end alot of players are frustrated with registration issues and leave, registered regular players get annoyed constantly trying to help the new players and not being able to play a decent ctf because the teams are almost always unbalanced etc etc.

The only workeable solution IMHO is the registered player whitelist capability. I can ban a very large range to stop an aggressive troublemaker and still allow the legitimate players to access our server. A small side effect may be increased user registration if players are forced to register to get whitelisted.

i did not spend a long time looking at the antiban code last night but if it is due to a likely issue of not having the global group info when the banlist checking is done it is probably not a huge deal to modify or worst case use a local group.

and i certainly do not see a reason to flame anyone over this

[I_Died_Once]

and i certainly do not see a reason to flame anyone over this

I'm expecting someone to come along and go "Hey! That was MY SISTER they banned! She would NEVER do anyhitng LIKE that, you... you... you meanie-head! Are you trying to accuse me of something? Why, I've never! Its because of the color of my skin, isn't it?!?!?!"


...or some such nonsence. I wouldn't put it past some people anymore.

Have you guys ever had any issues with or dealt any to do with a player that goes by "Abid" ???

[cosmos]

and i certainly do not see a reason to flame anyone over this

I'm expecting someone to come along and go "Hey! That was MY SISTER they banned! She would NEVER do anyhitng LIKE that, you... you... you meanie-head! Are you trying to accuse me of something? Why, I've never! Its because of the color of my skin, isn't it?!?!?!"


...or some such nonsence. I wouldn't put it past some people anymore.

Have you guys ever had any issues with or dealt any to do with a player that goes by "Abid" ???

An ip ban is never removed because someone insists it wasnt them or their buddy was messing around etc. In very rare occasions we have but in that case the regular player has 4 young children and it was quite obvious they were goofing around behind dads back. Only a select group of core admins at Hepcat can permanently ban someone. Cops can ban for a maximum of one day and regular admins can ban for long durations but never permanently--i will probably refine this to limit their bans to one month. Thus the offendor can always come back and play properly and they will not be banned again. If someone is a repeat offendor they will make it to our masterban list and are done for good.

Abid is currently teetering on the verge of getting more than his lame little butt bargained for. Not only has he played unfairly, capped his own flag, persistent tk, and fought with both players and admins alike but in the past week he began attacking and harrassing at least one particular cop and at the same time kept begging to be made an admin. It culminated in me banning him which was apparently only the beginning of our hassle with Abid. Emails to my account, /reports, and spammed messages varying from lame veiled DDOS threats to racist slurs aimed at the cop he was harrasing before his ban. Ive banned at least 3 ip ranges so far. I will eventually be willing to deal with the incredible hassle, loss of my personal time, and aggrivation of chasing him down with his isp(s) if it continues past this weekend.

--cosmos

[Guest]

You guys are deviating, so I will to.
Can't Abid be put on the global master ban list?

[optic delusion]

Please, can abid be put on the global ban list?
Here's my story.
As soon as dvnkler/starwars got banned, two players sign into my new league site "tahir" and "haque". They both have the same IP, but gmail and yahoo addresses.
Just as suddenly, those names disappear, they have not visited the site, since one day before the appearance of abid.
I think it's DVNkler-DVN-starwars, I haven't banned abid myself, hoping to be able to prove this, but I haven't been able to prove it yet.
He uses IP's that vary all over the place. Usually begins with 68.219 or 68.209 but also 205.152 and 65.81 and 68.211

These are the oldest IP's I have
68.211.55.183, tahir/haque and
68.211.48.2 - ABID
that initially linked him to starwars, for me
that's Atlanta Georgia right?

Here's another name I have for a 68.209 address
Tariq al Abbas Mujhadeen Jihad -- spammer-- only showed up once, right after strwars got banned

[TD-Linux]

I think I know the problem.

When an IP is banned, nobody on that IP can join. Not even if they have ANTIBAN. However, if that person with that IP is on and has ANTIBAN, the server will see that and will refuse to ban that IP. If you banned an admin's sister while the admin was not on, the admin's ANTIBAN would not prevent the IP from being banned.

Once, on HT's BZLAND, I banned a person who had a bad callsign. It also, by chance, happened to ban all of the bots/loggers running on the server machine. This happened because I accidentally interchanged the bantime and minutes. That shouldn't have happened, though. I cannot verify if they were the same IP, as I lost the player's IP and do not have access to the IP logs.

[Guest]

So, basically, the problem is that you can only give an account the ANITBAN, not an IP. And there are multiple players on an IP, only one has ANTIBAN, so not the whole IP is protected, so the IP can be banned, and when it is, the account with ANTIBAN cannot even sign on...

[SportChick]

CBG, I'm not sure that what you described is actually what is happening. Tupone is going to look at the code and try and sort out what is actually happening v. what should be happening.

Thanks, Tupone!