[4.2] The Auth System
#41
Posted 01 August 2012 - 10:10 AM
#42
Posted 01 August 2012 - 10:37 AM
kelt, on 01 August 2012 - 10:10 AM, said:
I wouldn't trust every server's banlist, good players get often wrongly banned by newbie admins; nevertheless you should be able to check the banlist of any group registered and use it
#44
Posted 01 August 2012 - 11:56 AM
Todd, on 01 August 2012 - 06:58 AM, said:
I wasn't talking about the age of the player. I was talking about how long the account has existed.
There's two options for delaying account enabling:
1) The back-end delays it such that a player that just made an account can't play on any servers for some amount of time determined by FS.
2) Building the facility into the server build to query the back-end to not only validate a player's account, but also to query how long the account has existed. Then the server admin can determine how long a player has to wait after creating an account before that account can play on their server.
The argument that the auth system as-is will deter hackers from taking the extra two steps it takes to create another account and return after a ban is that it takes a bit longer. That's true, but in reality it adds what? 5 minutes? 10 minutes tops? I'm talking about being able to add hours to how long before that new hacker account can play.
#45
Posted 01 August 2012 - 12:12 PM
Divinity, on 01 August 2012 - 11:56 AM, said:
There's two options for delaying account enabling:
1) The back-end delays it such that a player that just made an account can't play on any servers for some amount of time determined by FS.
2) Building the facility into the server build to query the back-end to not only validate a player's account, but also to query how long the account has existed. Then the server admin can determine how long a player has to wait after creating an account before that account can play on their server.
The argument that the auth system as-is will deter hackers from taking the extra two steps it takes to create another account and return after a ban is that it takes a bit longer. That's true, but in reality it adds what? 5 minutes? 10 minutes tops? I'm talking about being able to add hours to how long before that new hacker account can play.
Thats why I asked about hardware fingerprinting, so that you'd need to replace motherboard to make new account, if any others were banned. It would by by-passable probably, but the effort you'd need to put would be much higher.
#46
Posted 01 August 2012 - 12:21 PM
iceman, on 01 August 2012 - 10:09 AM, said:
yes, I want to update my bot since this is much better than the qkey.
http://www.urbanterr...he-server-logs/
#47
Posted 01 August 2012 - 12:35 PM
The first thing is the question whether only server admins can see the account-name of a connecting player or everybody on the server.
The second question is the one concerning the notoriety level... If the notoriety is a global thing, how can you stop abuse (i.e. idling on a private server to increase your notoriety level)?
#48
Posted 01 August 2012 - 12:43 PM
docDude, on 01 August 2012 - 12:35 PM, said:
Why just lookig the total ingame time for notoriety ? They can use the account age with the total ingame time for example. So, if you reach a new levels by idling on private server, you won't have it if you account isn't enough old ;)
#49
Posted 01 August 2012 - 12:43 PM
Hiding auth_name is useless, iirc you will be able to lookup any nickname and so the auth_name.
This post has been edited by Driller: 01 August 2012 - 01:27 PM
#50
Posted 01 August 2012 - 01:26 PM
I see the banlist of each clan seems to be public (unless I'm interpreting it wrong): http://www.urbanterr...lan_name>/bans/
My question is, would it be possible to do that in reverse; i.e. add a link to a profile listing all the banlists their auth exists on? This would make it incredibly easy to do a quick, rough check to see if a player suspected of wallhacking (but hiding it well) has been banned previously while refining his hacking technique on random overseas servers?
This post has been edited by Todd: 01 August 2012 - 01:27 PM