←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 8 comments | 16 Oct 24 18:18 UTC | HN request time: 0.001s | source | bottom
Show context
snarfy ◴[16 Oct 24 19:21 UTC] No.41862807[source]
For UT2004, you can ban by player GUID (a hash of the CD key) or IP. With the game abandoned by Epic, a number of key generators have cropped up, which makes GUID bans useless. IP bans only go so far with VPNs costing $2 these days.

The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.

replies(12): >>41862963 #>>41863123 #>>41863371 #>>41864302 #>>41864313 #>>41864340 #>>41864577 #>>41865500 #>>41865762 #>>41866999 #>>41867262 #>>41885146 #
ghxst ◴[16 Oct 24 19:51 UTC] No.41863123[source]
This still leaves you wide open to cheaters using mobile data tethering and proxies. Have you considered more advanced network analysis? It's one of the areas I have an interest in (professionally and personally) so if you want any suggestions let me know.
replies(3): >>41863193 #>>41863298 #>>41866117 #
mouse_ ◴[16 Oct 24 20:08 UTC] No.41863298[source]
The tactic 4chan uses:

Regular IPs can post freely

VPN or mobile IPs (blacklisted) must pay for a key ($20/year) that allows posting from blacklisted IPs. Key is good for posting from one blacklisted IP, locked for 30 minutes, so users cannot share keys. That way, you can ban the user by their key, if their IP is public.

It's not a perfect solution but it seems to be the best they've found for such a situation so far.

replies(1): >>41864399 #
1. ryandrake ◴[16 Oct 24 22:18 UTC] No.41864399{3}[source]
I mean, in this case it's 4chan so who cares, but I hope we are not very slowly moving towards a troubling world with lower classes of IPs and upper class IPs. IPs should be IPs should be IPs, it shouldn't matter whether it comes from an ISP, a mobile network, a VPN, or anything else, and we shouldn't attach some kind of IP caste to providers or countries. I think we really need Internet-wide IP randomization, where you can't just block a /24 or a /16 because they're in some icky ghetto. Yes, I know there is abuse, but if this is the alternative, it doesn't seem worth the cost in terms of innocent people losing access.

EDIT: Well, I guess the tribe has spoken. Pretty surprising. I think y'all are just assuming you'll always be the ones with the "good" IPs...

replies(5): >>41864645 #>>41866228 #>>41866862 #>>41867040 #>>41868665 #
2. kbolino ◴[16 Oct 24 22:47 UTC] No.41864645[source]
We are already there and have been for a long time. Geoblocking is very common for low-effort DRM and abuse mitigation, common VPN providers are easy to detect by IP but generally frustrate and/or ignore abuse reporting (until serious illegal activity is committed), college and other institutional networks are often no better than VPNs in this regard, etc. The Internet hasn't been able to operate as a network of peers at least since it was opened up to the public.
replies(1): >>41866045 #
3. miki123211 ◴[17 Oct 24 03:02 UTC] No.41866045[source]
> until serious illegal activity is committed

What do they do in such cases?

Assuming they get the report after the fact and assuming their "no logging" promises are true, can they even do anything? They're not even supposed to know which customer did it, after all.

If their promises are false, wouldn't they reveal their hand if they handed logs over willy nilly?

replies(1): >>41869114 #
4. koito17 ◴[17 Oct 24 03:43 UTC] No.41866228[source]
Reputation matters.

On some Japanese BBSes, spammers tend to use non-Japanese IPs or data center IPs. A good chunk of the spam goes away by blocking non-Japan IPs (easy to do with BGP data) and disallowing data center IPs (these often host VPNs, scrapers, etc.) from posting.

Posting from overseas thus costs money or is not possible. The trade-off is 1-100 extra users or significantly reduced spam for little effort. It's not surprising that most website operators choose the latter.

I also know of a file uploader that recently had to block overseas IPs due to such IPs repeatedly uploading illegal content. This is an example of a few bad actors ruining things for everyone.

5. autoexec ◴[17 Oct 24 06:07 UTC] No.41866862[source]
I understand how you feel but IP blacklisting is really the only tool we have. I'd much rather deal with that than some kind of forced state level verification/ID system where even pseudonymous browsing becomes impossible.

Blocking IP ranges by country or ISP is pretty much always going to have to exist as long as certain countries and ISPs turn a blind eye to abuse.

Even with as poor a solution as IP blocks are, it's the best we have and alternatives seem worse.

6. throwaway2037 ◴[17 Oct 24 06:46 UTC] No.41867040[source]
About your edit: I think you are overlooking the Realpolitik behind running a public forum. Admins are fighting a constant war against spammers and trolls. It doesn't sound fun to me. Yes, you are right, we now live in the era of "upper class" IPs now. A bit sad, but is there a reasonable alternative?
7. fireflash38 ◴[17 Oct 24 11:40 UTC] No.41868665[source]
Ever read Pirate Cinema?

Anyway, it's a tradeoff between dealing with bad actors effectively and not impacting common users. There's a lot more bad actors than common users running into those sorts of IP bans though.

8. ◴[17 Oct 24 12:41 UTC] No.41869114{3}[source]