←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 3 comments | 16 Oct 24 18:18 UTC | HN request time: 0.639s | source
Show context
snarfy ◴[16 Oct 24 19:21 UTC] No.41862807[source]
For UT2004, you can ban by player GUID (a hash of the CD key) or IP. With the game abandoned by Epic, a number of key generators have cropped up, which makes GUID bans useless. IP bans only go so far with VPNs costing $2 these days.

The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.

replies(12): >>41862963 #>>41863123 #>>41863371 #>>41864302 #>>41864313 #>>41864340 #>>41864577 #>>41865500 #>>41865762 #>>41866999 #>>41867262 #>>41885146 #
ghxst ◴[16 Oct 24 19:51 UTC] No.41863123[source]
This still leaves you wide open to cheaters using mobile data tethering and proxies. Have you considered more advanced network analysis? It's one of the areas I have an interest in (professionally and personally) so if you want any suggestions let me know.
replies(3): >>41863193 #>>41863298 #>>41866117 #
mouse_ ◴[16 Oct 24 20:08 UTC] No.41863298[source]
The tactic 4chan uses:

Regular IPs can post freely

VPN or mobile IPs (blacklisted) must pay for a key ($20/year) that allows posting from blacklisted IPs. Key is good for posting from one blacklisted IP, locked for 30 minutes, so users cannot share keys. That way, you can ban the user by their key, if their IP is public.

It's not a perfect solution but it seems to be the best they've found for such a situation so far.

replies(1): >>41864399 #
ryandrake ◴[16 Oct 24 22:18 UTC] No.41864399[source]
I mean, in this case it's 4chan so who cares, but I hope we are not very slowly moving towards a troubling world with lower classes of IPs and upper class IPs. IPs should be IPs should be IPs, it shouldn't matter whether it comes from an ISP, a mobile network, a VPN, or anything else, and we shouldn't attach some kind of IP caste to providers or countries. I think we really need Internet-wide IP randomization, where you can't just block a /24 or a /16 because they're in some icky ghetto. Yes, I know there is abuse, but if this is the alternative, it doesn't seem worth the cost in terms of innocent people losing access.

EDIT: Well, I guess the tribe has spoken. Pretty surprising. I think y'all are just assuming you'll always be the ones with the "good" IPs...

replies(5): >>41864645 #>>41866228 #>>41866862 #>>41867040 #>>41868665 #
1. kbolino ◴[16 Oct 24 22:47 UTC] No.41864645[source]
We are already there and have been for a long time. Geoblocking is very common for low-effort DRM and abuse mitigation, common VPN providers are easy to detect by IP but generally frustrate and/or ignore abuse reporting (until serious illegal activity is committed), college and other institutional networks are often no better than VPNs in this regard, etc. The Internet hasn't been able to operate as a network of peers at least since it was opened up to the public.
replies(1): >>41866045 #
2. miki123211 ◴[17 Oct 24 03:02 UTC] No.41866045[source]
> until serious illegal activity is committed

What do they do in such cases?

Assuming they get the report after the fact and assuming their "no logging" promises are true, can they even do anything? They're not even supposed to know which customer did it, after all.

If their promises are false, wouldn't they reveal their hand if they handed logs over willy nilly?

replies(1): >>41869114 #
3. ◴[17 Oct 24 12:41 UTC] No.41869114[source]