SID + Scripts page

Discussion in 'Simulator Suggestions' started by Abry, Feb 20, 2011.

Thread Status:
Not open for further replies.
  1. Abry

    Abry Member

    Joined:
    Dec 3, 2010
    Messages:
    64
    Likes Received:
    0
    Hi there,
    I played a lot on NetBattle and there was the SID (System ID I suppose).

    Why I'm asking for that?
    Because **** are now able to change IP and IP Ban is now useless (adding: tempban does not work!). If you're SIDbanned, you have to uninstall and install again the program, and that's a good weapon for children that waste their time (and ours) doing ****** things like
    You see, Piacere3. That's because Piacere, Piacere1 and Piacere2 had been bann'd.

    Here, in Italy, lots of **** are still alive. I'm sorry for this "hard request" but, as I see that some NetBattle features were added, this is a very useful one.

    And.

    Please let the auth ban an IP even if the player is not online!


    Scripts suggestion:
    can you insert the number of the lines in the script windows? It's a bit weird to copypaste on a blank .txt and save it as .html and open it with internet browser and watching the HTML of that page finding the line...
     
    Last edited by a moderator: Feb 20, 2011
  2. Crystal Moogle

    Crystal Moogle Ayaya~ Administrator Administrator

    Joined:
    Jul 19, 2010
    Messages:
    3,205
    Likes Received:
    531
    PO Trainer Name:
    Hanako
    Latios' update does the line numbers thing. That should be soon I guess.
    Until then, Notepad++ does that for you :x
     
  3. Abry

    Abry Member

    Joined:
    Dec 3, 2010
    Messages:
    64
    Likes Received:
    0
    uh, never known about *** as a bad word, sorry
     
  4. Mystra

    Mystra Active Member

    Joined:
    Jul 12, 2010
    Messages:
    1,389
    Likes Received:
    4
    Well, we need to choose something as a SID then. Any ideas?
     
  5. coyotte508

    coyotte508 Well-Known Member Administrator Server Owner Administrator Server Owner

    Joined:
    Apr 21, 2010
    Messages:
    6,363
    Likes Received:
    168
    Using the serial number of the hard drive : http://www.codeproject.com/KB/cs/hard_disk_serialno.aspx

    You can get one number like that. Then at the first time use you can store a randomly generated number, that's very unstable (rely on nanosecs several times as well as a good random number generator) so that there's extremely few possibilities that two installed programs get the same number.

    Then when sending to the client we mix those two numbers using some kind of simple algorithm, the server on the other hand can verify its not a random number (as the 'mixing' algorithm introduces some redundancy) and get the two numbers separately (or their hashed version, whatever) , and if any user logging on has one of the two numbers matching any of the two numbers of someone banned, they can't log on.

    But it has vulnerabilities as someone owning a server and quite competent in programming could get random users banned by using their number. Though if we make the particular library to provide and assert the numbers closed source and compile it on linux, mac & windows and put it on the SVN, it could work.
     
  6. Abry

    Abry Member

    Joined:
    Dec 3, 2010
    Messages:
    64
    Likes Received:
    0
    Sounds useful and so particular... I like it. And what about tempban fixing (IP, I assume)?
     
  7. Abry

    Abry Member

    Joined:
    Dec 3, 2010
    Messages:
    64
    Likes Received:
    0
    Sounds like necroposting but... is the SID going to be added? It worked well on NetBattle, so...
     
  8. Pokemonexperte-Martin

    Pokemonexperte-Martin Member

    Joined:
    May 15, 2010
    Messages:
    76
    Likes Received:
    0
    Using the hardware MAC address (unique id of a network card) should be a fine and cross-compiling option. For privacy reasons, it should be hashed before sending to the server.
    See this Stackoverflow topic for an example.

    There are still drawbacks: MAC addresses could be changed by skilled users, and since PO is open source, skilled programmers could build a modified client sending random IDs. In worst case, an attacker could send the ID of another (good) user and start a denial-of-service attack this way.

    But on the other hand, guessing a foreign MAC address would be unlikely and the whole SID idea may stop 99% of those usual ban-evading people.
     
Thread Status:
Not open for further replies.