Dont Ip Ban do this (Long)
First
ip bans dont work 99% of users have a virtual/dynamic ip
so think about all those trial apps that deny you after the time expires
then think how you can expand on that when that
app must connect to a server to be used like a fps does
My Suggestion is this
drop a registery key with a unique id / coded value given by the server
on the first installation of the game
that would identify a particular computer with a crossfire application and a set of accounts server side
haveing been installed on it that key/id is not removed on uninstall of the game
Secondly its position maybe moved or copyed in the registry to a new position
on a update so that a new crack would have to be made
if it is ever figured out by a hack/crack
Payoff:
Then whenever a user is banned for hacking ie.. caught in replay
Not just that account is banned / deleted
but also that users unique id is added to a hacklist all accounts useing that id
are banned ie... all his accounts that he made on that computer are banned
including his non smurf zp account
Prevention:
now whenever the user makes a new account
he is Not prevented from doing so he makes a account logs on
however he is purposfully Not immediatly rebaned or prevented
from starting the application
Why:
the game on start sends the unique id to the server
the server then sees that this person has previously been banned
now the server ie... the devs whoever hold all the cards
now the devs can track a known hacker watch him in game see if hes in
a hacking clan see what hacks he uses or
the server can auto set a random date within the next couple hours or days
to auto ban his account again the reason is that its better that the server
bans then the client the client cant be trusted to even prevent the application from
executing
Another reason is this makes it harder for the client code to be cracked / disassembled
to boot you cant just delete the key and make your own because the server assigns it
(To make it even more difficult )
you could have one key that has the id and one key that is just a flag that shows
if the game has ever been installed
case1:
if the flag shows it has and the key has been deleted
the client exe knows somethings fishy
and if the client knows it can tell the server
case2:
if the flag shows that its never been installed before
and thiers a unique id that doesnt match any account then it
then the server knows somethings fishy as well
this could instead be a hidden file or what not
Note:
just for him to make a new account now he'll need a crack
so now not only does he need a hack he needs a new crack after each update
a new crack will be required because after each new update the place were the
id is at may have changed positions so the how would the crack know were the
server will place it
or
he could reinstall windows
thats a heavy price to pay for the avg script kiddie every time he's banned
if a user ever reinstalled windows
then a new id would be placed on his computer
but when he loged in his old id would be linked to his account
if its not on the ban list and his name and password was correct and not on the ban list
just change all accounts with the old id to the new id
or reversed tell the client to change the comps id value back to its old value
you have to think what a non hacker will do vs what a hack will do
and limit the hacks options server side
will a non hack reinstall the game occasionally yes
will a non hack reinstall windows once in a great while yes
will a non hack seek to alter critical game files no
will a non hack care if all his accounts are linked by a unique id that no one ever see's no
will a hack seek to use a script progi to alter game files definatly
will a hack want to reinstall windows every time hes banned no
will a hack want to reinstall the game every time hes busted if he thinks it will work prolly
will a hack want to make seperate smurf accounts for hacking seperate from his main most definatly
ip bans dont work 99% of users have a virtual/dynamic ip
so think about all those trial apps that deny you after the time expires
then think how you can expand on that when that
app must connect to a server to be used like a fps does
My Suggestion is this
drop a registery key with a unique id / coded value given by the server
on the first installation of the game
that would identify a particular computer with a crossfire application and a set of accounts server side
haveing been installed on it that key/id is not removed on uninstall of the game
Secondly its position maybe moved or copyed in the registry to a new position
on a update so that a new crack would have to be made
if it is ever figured out by a hack/crack
Payoff:
Then whenever a user is banned for hacking ie.. caught in replay
Not just that account is banned / deleted
but also that users unique id is added to a hacklist all accounts useing that id
are banned ie... all his accounts that he made on that computer are banned
including his non smurf zp account
Prevention:
now whenever the user makes a new account
he is Not prevented from doing so he makes a account logs on
however he is purposfully Not immediatly rebaned or prevented
from starting the application
Why:
the game on start sends the unique id to the server
the server then sees that this person has previously been banned
now the server ie... the devs whoever hold all the cards
now the devs can track a known hacker watch him in game see if hes in
a hacking clan see what hacks he uses or
the server can auto set a random date within the next couple hours or days
to auto ban his account again the reason is that its better that the server
bans then the client the client cant be trusted to even prevent the application from
executing
Another reason is this makes it harder for the client code to be cracked / disassembled
to boot you cant just delete the key and make your own because the server assigns it
(To make it even more difficult )
you could have one key that has the id and one key that is just a flag that shows
if the game has ever been installed
case1:
if the flag shows it has and the key has been deleted
the client exe knows somethings fishy
and if the client knows it can tell the server
case2:
if the flag shows that its never been installed before
and thiers a unique id that doesnt match any account then it
then the server knows somethings fishy as well
this could instead be a hidden file or what not
Note:
just for him to make a new account now he'll need a crack
so now not only does he need a hack he needs a new crack after each update
a new crack will be required because after each new update the place were the
id is at may have changed positions so the how would the crack know were the
server will place it
or
he could reinstall windows
thats a heavy price to pay for the avg script kiddie every time he's banned
if a user ever reinstalled windows
then a new id would be placed on his computer
but when he loged in his old id would be linked to his account
if its not on the ban list and his name and password was correct and not on the ban list
just change all accounts with the old id to the new id
or reversed tell the client to change the comps id value back to its old value
you have to think what a non hacker will do vs what a hack will do
and limit the hacks options server side
will a non hack reinstall the game occasionally yes
will a non hack reinstall windows once in a great while yes
will a non hack seek to alter critical game files no
will a non hack care if all his accounts are linked by a unique id that no one ever see's no
will a hack seek to use a script progi to alter game files definatly
will a hack want to reinstall windows every time hes banned no
will a hack want to reinstall the game every time hes busted if he thinks it will work prolly
will a hack want to make seperate smurf accounts for hacking seperate from his main most definatly
Comments
-
thats is exactly the point
take ur pick
one ban links to all of a users accounts used from that computer
and then forces them to reinstall windows or find a crack that is up to date
just to make a new one
or
a ip ban on thier computer that only requires them to shut off thier
computer then turn it back on then log onto thier alt account
.
.
.
"I dont beileve in a no win Scenario"
-capt Kirk- -
they could always grab the MAC of the pc that that game is installed on and block it BUT it's very easy to change a MAC address too
Now if they really wanted to do something, they could do like some of the pay poker sites do.
On installation, the server queries your PC for the CPU serial number and it is stored with your profile and if you are ever caught cheating, the only way you can come back is either by replacing the CPU or getting on an entirely different PC.
really, no matter what they do there is a way around it -
Okay, I might have lost you in a bit at times, even if the account is banned or deleted he can't enter the account to begin spy over the guy's shoulder on his character, plus even with all the things you say, it's like a contract, there is a loop-hole so you think a lot before you decide to suggest it, that what happens to lawyers, they get tricked very easily, so lets say the lawyer is the server and the person who signed with the lawyer is the person who is hacking (Hacker) and the contract is the hack shield. The lawyer would begin to tell the Hacker what the contract's rules are and agrees, then he gets destroyed in-game then makes a hack that is up to date every time he plays, that is a loop-hole into the contract and can be used at his own. The hack can be updated as the contract gets updated over and over and he still can hack.
Changing addresses isn't hard, ip address, MAC address, dynamic address, and then there is ip hider that also changes. So he can change it and the changing old to new will be only old and he can still be out that.
(I might have lost yeah when I read so if I'm wrong please quote and red highlight and explain so I realize what I missed)
Yeah it's long, read it! =| -
well its just a rough idea it could be ironed out better but
basically the idea is that
when you when you register a account the first time
the client drops a file or reg key into your computer
that key is sent by the server ie like a unique id
the server keeps a record of it in that account
like this is the id number for this users installed computer i sent him it
the server asks for a id whenever you make a account
if thiers a valid one on your comp
because you have already installed the game and made a account once before
that one is used as well for the new account
in otherwords each account made uses the same key on the computer
so lets say your a hacker kiddie
now you could delete the id key with a crack
then make a new account well say account (B)
this way you fool the server right ?
but then say you log onto account (A) because the server gave you a new
id for account (B) and thats the id on your computer for cf
the server goes Oh this id doesnt match the old id ???
so the server does this instead of just going error ect...
{
ill record that id and link it to this account as well
then tell the client to change the id to the new account
ill also search all the accounts with either id already
and make sure both are linked to those accounts
}
so essentially doing this means that when the person logs back into either account
both accounts are linked to both of the id's on the servers database
ie the server knows and if a account is ever deleted
every account the guy has made on that computer
can be incrementally searched for and also deleted or banned / dissallowed to log in
so all his existing accounts are deleted from the server
now
he decides ill just start over and make a new account
first ill uninstall crossfire and reinstall if he knows thiers some kinda protection
if he doesnt its worse for him he's wasting his time makeing a new account
lets say he does
he could uninstall the game but ...
the hidden id file or reg id key isnt removed on unistall
so
the lil guy needs a crack to get rid of it period
before he creates a new account
other wise his new account will have the same id
because it will be sent from the client to the server when he makes a new account
so your actually forceing him to find a crack
that or reinstall windows lol ya
if you can force a hack to go that far i think its great
unfortunatly
the client is not secure period.., i dont care if its ip mac whatever it cant be trusted
you can only make this difficult all information from
the client to the server can be forged that is the bottom line
thus any future bans on new accounts
the best you can hope for is
that you can make it as difficult as possible
keeping a goal of forceing a crack to prevent your ban system from working by
changing the location of the id or even altering it at update time
to be to be able to easily break future cracks to the id key
is far superior then relying on a mac ban or a ip ban
wow i spent a long time writeing this i wonder if a dev will ever see this
either way they should just spend money on the network code and not let the client
send the damn compromised information to the other clients simulation in the first place
then you wouldnt need the bans in the first place -
-
anything that is placed on a remote machine (your pc) can be removed/modified/etc
if you have ever visited a poker site such as say pokerstars, when you join the server polls your pc for certain info that is unique to that machine (cpu sn)
that number is also set into the main pokerstars server so that NO OTHER ACCOUNTS can be made from that pc,
the only way around their security is to have several computers OR replace the cpu in your pc if you want multiple accounts.
there are a lot of people that have more than one pc but not many people are going to have a stockpile of cpus to swap out to make new accounts.
so if z8/g4/smilegate/xtrap/whoever were to set up a system like that it would put a serious damper on cheaters since not only would they lose an account but the pc they originally used to join would also be banned/blocked
much better system than any ip ban or registry entry or placing a files -
anyways sumed up
if you wanna crack it thats fine but one screw up
and im going to delete every account you made
not just that smurf hack account but your zp accounts too
and its not so easy to just make a brand new account you
need to do some work first
if i make it even simpler
another option to ip or mac ban at the least ip ban is total fail
mac ban is fail if hack spends 5 minutes to look up how to defeat it
?
so its a different idea alltogether -
>>if you have ever visited a poker site such as say pokerstars,
>>when you join the server
>>polls your pc for certain info that is unique to that machine (cpu sn)
>>that number is also set into the main pokerstars server
>>so that NO OTHER ACCOUNTS >>can be made from that pc,
^^^^^^^^^^^^^^^^^^^^^^^^^^^
"you still cant grasp the concept can you ?"
so your promoting this
which IS A example of exactly what your talking about
a machine which is a client which Can be compromised
just cause thier isnt a crack yet doesnt mean their wont be
and who knows if thier isnt already in this case that crack
would not be shared with the public
well who sends that information to the poker site the client
and if the clients poker program is compromised
and the call never reaches the cpu
but instead the hacked program intercepts the call
and then sends back fake cpu data to the poker server ?
how many accounts can be on that computer then ?
its not easy but its possible if its on the client it can never
be 100% thats all their is to it
if they can implement that system great for now
but theoretically once that system is defeated its defeated
and its just incentive in a game for it to be pub cracked
trying to make the client 100% secure is fail
it shouldnt ever be expected to be secure
the best you can do is make a system that constantly forces
the hackers to keep up with you not you keeping up with them
ie treat the client like it might already be hacked -
Contact thier ISP and have their accounts blocked from crossfire server IP's permanently.
No reinstall or new pc can even log on to crossfire again?
prob solved!
if the ISP wont cooperate and they have a large number of hackers on their accounts (say brazil ISP's) for instance then perm block the isp and all it's customers?
stop playing and get serious they r stealing your income and our kills! -
ok as you say theoretically, sure NOTHING is perfect. I totally agree with that.
BUT why don't you check out pokerstars and see how many cheaters they have.
Proof of concept, IT WORKS
as we all know, z8/g4/smilegate/xtrap DOESNT
since you seem to like to type walls of text, why don't you put your pixels to good use and code something and send it through the channels and maybe, if it works, you can get a paid job with z8/g4/smilegate/xtrap
just sayin' -
Hacker!
Maybe not on but I do not know where to submit a report on hackers
The point is that a hacker Astern1 he uses the speed hack in the crossfire, and it ****es me off he'll go somewhere for me and that's what it is that we all write to him about some reports, but I do not know where they are made so I write here on the forum .. . -
xlightwavex wrote: »My Suggestion is this
drop a registery key with a unique id / coded value given by the server
on the first installation of the game
that would identify a particular computer with a crossfire application and a set of accounts server side
haveing been installed on it that key/id is not removed on uninstall of the game
That would be illegal and against EULA's privacy agreement.
Scanning/monitoring computer activity (as in how many accounts a user does from his own PC and how he uses his PC in that purpose or any other purpose) its illegal and its considered privacy offense by the law.
Trial/activation software its a different thing and they have the right to limit the use of their own software, as in one installation of the game, but not to monitor how you use your PC and if you make an account or not from that PC.
Unless i understood wrong what you are trying to say, and i tried hard to understand and make some sense from your post lol.
Categories
- All Categories
- Z8Games
- Off-Topic - Go To Game OT Forums
- 1 Z8 Forum Discussion & Suggestions
- 16 Z8Games Announcements
- Rules & Conduct
- 5.2K CrossFire
- 954 CrossFire Announcements
- 942 Previous Announcements
- 2 Previous Patch Notes
- 1.4K Community
- 122 Modes
- 600 Suggestions
- 85 Clan Discussion and Recruitment
- 274 CF Competitive Forum
- 19 CFCL
- 26 Looking for a Team?
- 703 CrossFire Support
- 52 Suggestion
- 116 Bugs
- 29 CrossFire Guides
- 166 Technical Issues
- 47 CrossFire Off Topic