From bzflag.org - Hmm, Interesting

All things BZFlag - no [OT] here please
Post Reply
User avatar
dS
Private First Class
Private First Class
Posts: 31
Joined: Wed Dec 11, 2002 7:03 pm

From bzflag.org - Hmm, Interesting

Post by dS »

Can you say "Big Brother"?

I don't know that I like this.
By: Supergoose - supergoose
Ridiculous Hacker
2004-09-25 21:26

I have no administrative power to find his IP (which he claims to change every now and then anyway), but his usual tank name is "Pat Labor has 3 Nipples!"

The hack goes like this: At specification, he is able to "hop" (change his coordinates) over another tank, where he uses his pre-equipped Shock Wave flag. He's real smart-ass, too, calling the others in the server "weak and worthless."

I've been seeing this guy do this for about a year now, and it's starting to get on my nerves. I've filed a couple reports with individual servers, but what can that really do? I want this guy's IP found and blocked!

That's all.
-Goose



By: Sean Morrison - brlcad
RE: Ridiculous Hacker
2004-09-27 12:55

He's one of the old-time faithful troublemakers. His various IPs are banned on most servers but of course not on all of them. With the next release, you'll likely be seeing a lot less of players like that as there is a new global bans system that will be in the next release. The system will allow the devs to remove extreme trouble-makers like that from most all of the public servers on demand. While server operators will be able to disable the global bans (or provide exemptions), the hope is that most will not so that such blatent disregard for other people's enjoyment of the game becomes less disruptive. This will put some heavier penalties on the cheaters and @ssclowns on servers that don't allow or want that.

Cheers!
dS
aka MadSanta
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Post by blast »

It's just a global ban. This way we can ban players that constantly cause lots of trouble on many servers. I think it's a very good idea...
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
User avatar
ducatiwannabe
Private First Class
Private First Class
Posts: 3258
Joined: Tue Aug 10, 2004 3:55 pm
Location: Planet Earth
Contact:

Post by ducatiwannabe »

gimme da ips and their banned from any server I'm admin/cop at. I think that Pat is a great guy, and that goon shouldn't have played as that. GImme da Ips :)
User avatar
Workaphobia
Master Sergeant
Master Sergeant
Posts: 252
Joined: Wed May 26, 2004 7:29 pm

Post by Workaphobia »

So long as the global bans are saved for only the worst of the worst, that idea rocks.
"Nifty News Fifty: When news breaks, we give you the pieces."
User avatar
dS
Private First Class
Private First Class
Posts: 31
Joined: Wed Dec 11, 2002 7:03 pm

Post by dS »

dw,

This isn't about Pat, multiple noses, belly buttons or whatever. But given your response, I see that you already decided this person is to be banned from multiple servers without even looking for evidence of proof. So now you are being "Big Brother" for those servers and you are relying on your personal opinion.

Again, this isn't about Patlabor221. Those who have been around awhile have heard of another person (or maybe the same) doing similar things previous to this. Pat's got pretty thick skin from what I've seen. I didn't know about this most recent deformity though, but hey, to each their own. :wink:

dS
aka MadSanta
User avatar
ducatiwannabe
Private First Class
Private First Class
Posts: 3258
Joined: Tue Aug 10, 2004 3:55 pm
Location: Planet Earth
Contact:

Post by ducatiwannabe »

oops sorry was confused, didnt have ips anyway so haven't banned anyway :/
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5196
Joined: Fri Dec 13, 2002 4:11 am

Post by JeffM »

The global ban list is a publicly viewable list ( http://www.bzflag.org/master-bans.txt). It is optonal, any server may chose to not use it by putting -nomasterban in the command line or config. It only affects public servers, not lan or private servers.

Access to the master ban list is controlled by CVS access. So there is history and logingin of every change to the ban list. Every time a ban is added, or changed the commit is shown in the bzflag IRC channel and a mail is sent to the SF bzflag cops list so any may monitor it. This is so that every addition to the list can be tracked, and those who make the change must be culpable for it. The history of changes to the file can be found at http://cvs.sourceforge.net/viewcvs.py/b ... 9&view=log

Only those who have CVS access ( mostly developers ) can commit to the banlist, so this means they have gone thru some form of trust building in the comunity.

This list is just for big bans, not for little temporary bans. Address ranges should NOT go in this list. The ban list is similar to the banlist that is in place for the list server, that is baning people who felt the need to atack the list server. So far the only ones on the list are gross cheaters.

the user in question in that post is knightmare, he has been on the list server banlist since it's inception ( it was made due to his actions), so he is also on this list.

Developers will not add to the master ban list just when someone comes into IRC and types "cheater on hepcat" that is not what the list is for. It is for repeat offenders who are going out of their way to ruin the game for others, this is for SB, and KM their like.

Again, any server can chose to ignore the master ban list. Those that do use it, have every ban that comes from the master list flaged as such, and will show so in the banlist, and ban reason messages, automaticly.

1.11.x also shows the ban, baner, and reason when a baned user attemps to connect to a server, so if you are on the list you know right away that you are, and it is from the master server.

There is allways somone in IRC, so there is a viable forum for addressing bans, as any developer can also remove a ban.

as for evicence in his case, the IP was tracked back to multiple kinghtmare IRC and bzbb posts, so we were sure it was him. The Ips were also coroborated with nidhogger, who keeps rather accurate ban lists.

if your woried about false bans then plase sign up for the bzcops mailing list and you will get a mail every time the master ban list is updated.
ImageJeffM
User avatar
dS
Private First Class
Private First Class
Posts: 31
Joined: Wed Dec 11, 2002 7:03 pm

Post by dS »

Only those who have CVS access ( mostly developers ) can commit to the banlist, so this means they have gone thru some form of trust building in the comunity.
And I have no problem trusting the developers at this point. I would question the "mostly" part though if it included some of the often over enthusiastic non developer members of this board.
the user in question in that post is knightmare, he has been on the list server banlist since it's inception ( it was made due to his actions), so he is also on this list.
While I suspect as much, I've been given no evidence to prove to me that the user is knightmare in the original post. Don't get me wrong, as I believe or at least want to believe it is, but without specifics and documented or first hand witnessed proof that it wasn't anyone else, who's to say. Again, I trust the developers to not make rash decisions and to investigate and use sound judgement. I probably should have only posted brlcad's response in the original as I am not looking to justify or glorify people like Knightmare. I am looking at the whole of the "Big Brother" idea and what that could mean or create with unintentional abuse. I thought it could provide for a rousing discussion here. That is why I brought it up. Whether I would use it or not is still up for debate, but I am probably not exactly the norm when it comes to some things.

I purposely avoided the Server Policing forum for this as I believe it to be something that all users would be interested in.

dS
aka MadSanta

PS That JeffM dood sounds like a real bad apple. Anyone know if he's ever went by the nick "Trinips" before? :D
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5196
Joined: Fri Dec 13, 2002 4:11 am

Post by JeffM »

Abuse was one of our concerns, this is why we tied it to CVS, and made it as public as posible. Geting CVS access means going thru ether Tim or Purple Cow, who will ask for any objections before hand, and generaly requires the recomendation of another developer. We also made it not just SOME developers, but any developer, and even Nid has it, so we can have an impartal non dev in there. He runs some of the most popluar well managed server out there, so many trust his judgement.

And again, any server can ignore the list. Any user baned on the list will know it comes from the list. CVS shows exactly who put the ban in place and when, so that person must answer for it. It should be a good enough system of checks and ballances to prevent us from becoming overlords.

Yeah that JeffM guy is a right bastard, I personaly hate him and and everything he does.
ImageJeffM
User avatar
SGI
Private First Class
Private First Class
Posts: 513
Joined: Mon Dec 09, 2002 7:24 pm
Location: Motown, MI, USA

Post by SGI »

Patlabor221 wrote:
Yeah that JeffM guy is a right bastard, I personaly hate him and and everything he does.

Wow somebody pist-off PAT......
BTW the master ban is a great idea, and :
How you guys (developer with CVS access) handle the IPs??
Can I send to you an Email with the server name and Reason of the Banned IP number????
User avatar
toaster
Private First Class
Private First Class
Posts: 457
Joined: Sat Feb 21, 2004 4:44 pm

Post by toaster »

PatLabor221,

If you're not allowing bans of IP ranges, how are you going to handle the dynamic IP guys? There are enough of them out there, and many of them also know how to change their hostnames.
-toaster
"So there I was, all alone, facing all of the enemy. I started driving in circles, until I had them surrounded, and then I escaped in the confusion."
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5196
Joined: Fri Dec 13, 2002 4:11 am

Post by JeffM »

Toaster dude to abbuse nature those should be hadled as local bans.

the master ban list is NOT a replacement for the local ban list, just a supliment.

It's not meant to be the end all/be all of banning, it's just something that will help some more then what we have now

Yeah that JeffM guy keeps parking in my spot. he's a totaly ass.
ImageJeffM
User avatar
toaster
Private First Class
Private First Class
Posts: 457
Joined: Sat Feb 21, 2004 4:44 pm

Post by toaster »

Well, honestly, PL, I was thinking maybe more of guys like Sp****Bob Sp***pants and a couple of others that we would consider the real problem children of the community. They would still have to be managed as local bans, then.

I've seen SB SP on several different IPs in one evening, within the same class B subnet. If the worst miscreants are the ones we have to ban locally, even though the community as a whole knows about them already, I feel that diminishes some of the utility of the global ban server.

I understand the position that it's a supplement. Just don't see how useful it will be even as a supplement if the worst offenders aren't included in it.
-toaster
"So there I was, all alone, facing all of the enemy. I started driving in circles, until I had them surrounded, and then I escaped in the confusion."
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5196
Joined: Fri Dec 13, 2002 4:11 am

Post by JeffM »

then don't use it.
ImageJeffM
User avatar
learner
General
General
Posts: 270
Joined: Sun May 11, 2003 2:06 am
Location: Maryland
Contact:

developer access and master ban lists

Post by learner »

dS wrote: And I have no problem trusting the developers at this point. I would question the "mostly" part though if it included some of the often over enthusiastic non developer members of this board.
Those folk don't have commit access. Everyone who has access to make commits to BZFlag has a fairly clear understanding of what is allowed and what is unacceptible. Regardless, that does not mean that any developer has free reign to make whatever changes they like. All changes are scrutinized by the other developers all the time. Those changes are published instantly and automatically to the IRC channel, to the mailing list, and various other places -- in this instance it's also published to a web server for all to see. The chance for abuse of this power is really no greater than the chance that the developers will make BZFlag do something unacceptible.

There's already an implicit trust as all of the devs dedicate much of their time, energy, and money to keep the game alive. The global ban list leverages this existing trust structure for the sole goal of improving the game for everyone. Players who derive their entertainment out of causing other players distress is not acceptible to most and the global banlist should help by placing a higher penalty on the most extreme trouble-makers.
dS wrote: and use sound judgement. I probably should have only posted brlcad's response in the original as I am not looking to justify or glorify people like Knightmare. I am looking at the whole of the "Big Brother" idea and what that could mean or create with unintentional abuse. I thought it could provide for a rousing discussion here. That is why I brought it up. Whether I would use it or not is still up for debate, but I am probably not exactly the norm when it comes to some things.
I quite agree that in a different situation, there might be potential for unintentional abuse. On the other hand, as I mentioned, I would strongly argue that this is not the case here. We (the developers, primary server operators, and certain actively interested players) know who the trouble makers are. We have to deal with them day to day, week to week across dozens of servers.

This wastes a lot of everyone's time. We can rather easily control the IRC channel, the wiki, this bulletin board, and a few of the most popular servers -- but not the rest of the network. The master ban list will take care of that niche problem area now saving a lot of people's time, headaches, and distress. It's more a means to protect the time and money investment of those server operators who decide that this is a "good idea" -- which after speaking with most of them, all have that I've talked to.
dS wrote: PS That JeffM dood sounds like a real bad apple. Anyone know if he's ever went by the nick "Trinips" before? :D
You'd be upset too if people kept going around saying you had three nipples when you really have four. ;-)

Cheers!
trepan
Dev Wizard
Dev Wizard
Posts: 704
Joined: Fri Feb 21, 2003 7:50 pm

Post by trepan »

dS, just be thankful I didn't get my way.

The global ban list is currently optional, I
would have made it mandatory. I'm also
very keen on mandatory registration for
the purpose of identification, and enforcing
that policy on all public servers (and even
testing the public servers to try to find any
the are cheating on that policy). This would
be done from a central DB, and not have the
passwords on the servers (Tupone is working
on something along those lines, but it will not
be mandatory, afaik).

So you can think of the global ban list as a
kindly Little Brother.
User avatar
sid6.7
Private First Class
Private First Class
Posts: 614
Joined: Mon Oct 06, 2003 9:58 pm
Location: West USA
Contact:

global list

Post by sid6.7 »

yes i know we dont have to use it....

but i would be somewhat leary of this
for public use...

we have a global ban list already here in the
forums and most of the admins know each other
and we are always passing it by SGI before it
gets listed...there is some 'human" control...

it also requires admins to cross check each other
and we add them per our experience...
but this global list has a "remote" feeling to it
and we all think abuse could happen when there
is a "remote" access issue...

yes it appears that there are some fields in the list
to record who and what but thats only after the
fact its happened...

there are others ways to make cheating harder
but most dont want it that bad...

such as removing the code from the public access

or

one idea i had but, it would be lengthy and
maybe slow down logging on and such would be to
have bzfs.exe monitor the size of bzflag.exe,
value changes inside the bzflag.exe, the size thing
could be number of lines added to the code or
number of spaces added to a line, the value
changes could be someone changing something
from "yes" to "no" or "die" to "not die" etc......

i'm not a programmer so i dont know how hard that
would be and i dont know how slow it would make
the logon since it would have to validate the
whole bzflag.exe file....rather then just a compile
number or version number like it does now?

but if there were a comparison to a sercure version
of bzflag.exe it might work?
trepan
Dev Wizard
Dev Wizard
Posts: 704
Joined: Fri Feb 21, 2003 7:50 pm

Post by trepan »

sid6.7, the idea of validating the remote client
will not work. A remote cheat client could have
a real one sitting beside it that uses to generate
the checksum value. It's even easier due to the
fact that it is an open-source game. Reread that
part if you must, open-source.

Please read learner's response with regards to
cross-checking of admins, and the human factor.
Also realize that we get notifications within a
minute or two of any file that changes within the
source code (inlcuding the global ban list). This
may help to alleviate your concerns about
verification "after the fact" of any new added
bans.
User avatar
learner
General
General
Posts: 270
Joined: Sun May 11, 2003 2:06 am
Location: Maryland
Contact:

Re: global list

Post by learner »

sid6.7 wrote:yes i know we dont have to use it....

but i would be somewhat leary of this for public use...
The global ban list makes very little sense for private servers. Aside from the big fact that rampant nuisance cheating is not exactly a problem on private servers, nobody generally knows about the server except via a circle of friends.
sid6.7 wrote: we have a global ban list already here in the forums and most of the admins know each other and we are always passing it by SGI before it gets listed...there is some 'human" control...

it also requires admins to cross check each other and we add them per our experience... but this global list has a "remote" feeling to it and we all think abuse could happen when there is a "remote" access issue...
(!) It sounds as if you're missing a very major part of what all goes on in the BZFlag community. The developers interact with the primary admins, operators, and players almost non-stop. I'm going to go out on a limb and guess you've not yet visited BZFlag's "hub" of activity? The #bzflag IRC channel on irc.freenode.net is where it all comes together.

I've never heard of this SGI fellow, but I doubt he could shoot me from the other side of the map off a double rico. *ahem* :) Sid, joking aside, there is a human touch, much interaction, and loads of discussion. The human side would not be lost in the least, we're actually involving more people in the visibility than what hits the boards here with the master ban list. And again, it's only for the very worst offenders that generally disrupt the entire network, not just one or two servers.
sid6.7 wrote: yes it appears that there are some fields in the list
to record who and what but thats only after the
fact its happened...
Again, you're missing much critical information. The file is stored in CVS. This means it's has rather tight restricted access. In fact, that access is specifically limited to the folks who are actually entrusted to maintain and improve the game. We can identify who has written every single line in the file and exactly when the change was made. Every modification is announced multiple times and intrinsically is logged. There's more to it than just what you see in the file itself.
sid6.7 wrote: i'm not a programmer so i dont know how hard that
would be and i dont know how slow it would make
the logon since it would have to validate the
whole bzflag.exe file....rather then just a compile
number or version number like it does now?

but if there were a comparison to a sercure version
of bzflag.exe it might work?
Without a closed-source core, or completely closed source game, there is no way to ensure that clients are not running modified clients. Ideas such as this have been discussed dozens of times, but they are inherintly flawed without the closed-source core. That said, there's not going to be a closed-source core any time soon and as long as they have source, they will be able to successfully answer any challenge imposed.

See you in IRC,
Cheers!
User avatar
dS
Private First Class
Private First Class
Posts: 31
Joined: Wed Dec 11, 2002 7:03 pm

Post by dS »

This is the kind of discussion I was hoping for here. most threads trying to tackle the topic of bans end up spiralling out of control, but this one has gotten good dev input and has been very informative and best of all, hasn't degenerated into a free for all.

I do see this as a plus now, where I wasn't so certain of it before.

Thanks,
dS
aka MadSanta
User avatar
the enemy
Private First Class
Private First Class
Posts: 72
Joined: Sat Aug 21, 2004 2:18 am
Location: UK

Post by the enemy »

trepan wrote:sid6.7, the idea of validating the remote client
will not work. A remote cheat client could have
a real one sitting beside it that uses to generate
the checksum value. It's even easier due to the
fact that it is an open-source game. Reread that
part if you must, open-source.
I think this is something that the Netrek (http://www.netrek.org/) people thought about. They cryptographically signed each client (with RSA encryption), so people could only use blessed clients with most servers. The clients were still open source, but most of the main servers would only accept blessed builds.

I think the challenge that the client received incorporated the server IP address and port so the client would notice if it got spoofed. It all made it much more difficult for anyone to create cheat clients, although admittedly it's not absolutely impossible for the blessed client to be convinced it's talking to a real server when it's not. But it requires someone to jump through a lot of hoops to do that.

Ah, here we go with some more detail (thanks Google!): http://www-2.cs.cmu.edu/afs/cs.cmu.edu/ ... netrek/rsa

There are certainly a lot of cheaters around, some of them very subtle. Like one earlier today on Mario's arena server called "stody" who clearly has a seer cheat (tracking me with SB as I moved around with ST behind a wall). I've also caught him with a seer cheat on that "cracked" server running dw's Spiderman map - again SB against ST. Hard to prove without an admin right there. Grr.
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5196
Joined: Fri Dec 13, 2002 4:11 am

Post by JeffM »

that's not what this thread is about. We have discussed that type of authentication before, and it just dosn't hold up in a pure opensource environement, where the client app could just fake out the rsa key since it' knows how it was made. And doing a closed source section is not a posiblity. Netreck handles it by making the key built into the binarys be closed source. We can't distribute binarys for all OSs, so it's not feasable.

Proper anti-cheating comes from having the server know when people do bad things. You can never trust a client, ever. This is the method most online games use today. You can never fully elimante cheating, even your RSA key thing can be messed with a packet sniffer/proxy. What you can do is limit what the cheater can do, and make it pointless.
ImageJeffM
Post Reply