Sierra shutting down master servers

13468923

Comments

  • On a side note, your diagram says "auth server picks a random GUID". Is that to say that GUIDs will always be random? Because that would mean players can't be banned from servers by GUID.
  • On a side note, your diagram says "auth server picks a random GUID". Is that to say that GUIDs will always be random? Because that would mean players can't be banned from servers by GUID.
    No. Bob only communicates with the authentication server when he first makes his account. The authentication server will generate a randomish GUID when Bob creates an account, and puts it inside the certificate he uses to send to other servers.

    Bob's account is basically his certificate; it's (cryptographic) proof that the authentication server approved it. He doesn't need to communicate with the authentication server to renew it or anything else. The authentication server could even go down without affecting users who already have accounts (not that I expect it will).

    The GUID doesn't change between logins, which I think is your question. You'll still be able to ban by GUID like before.
  • This may have been posted before, but I couldn't seem to find it anywhere.

    Is there anything to prevent a user from creating more than one account? Are account creations linked to a users e-mail or IP address?

    The reason I ask is because I can envision a problem with smurfing. Just wondering.
  • The plan for the start is to allow one account creation for an IP per week. Account creation also requires at least several minutes with the game installed, so it should eat into the patience of someone generating a bunch of accounts manually too.

    If we run into issues with people generating tons of accounts to get around bans in servers, I'm sure it would be possible to come up with a mitigation strategy.
  • So, I'm too lazy to understand any of this, apparently there's a new type of master server being made, going to be hosted on tribesnext.com as a tribes2.exe?
  • Thyth,

    I know I speak for other admins on Rebels and most of the players, when I say thank you for your efforts. Also thank you for helping make it difficult for banned players to get around security.
  • I have a system coded on chaingunned.org that parses server logs and cross references every IP that appears with every GUID that appears, then stores each unique combination in a MySQL database for much faster future access. It allows for a quite accurate listing of every one of any player's smurf accounts. People with dynamic IPs can be inaccurate sometimes (like myself), but it also compares IPs that are the same/similar in the first couple blocks, so you can eyeball it and maybe figure out if it really is a smurf account by doing some manual cross-referencing. If the auth server logs the IPs of any player at every login, a pretty reliable database could be built that would allow you to track players who create multiple accounts. Some concerns could be the database getting really huge which might cause problems. The logging of IPs might also be a cause for concern for people like ViciousStarFish, so they could use it as another excuse to libel your auth server.

    Anyway, just putting it out there.
  • I have a system coded on chaingunned.org that parses server logs and cross references every IP that appears with every GUID that appears, then stores each unique combination in a MySQL database for much faster future access. It allows for a quite accurate listing of every one of any player's smurf accounts. People with dynamic IPs can be inaccurate sometimes (like myself), but it also compares IPs that are the same/similar in the first couple blocks, so you can eyeball it and maybe figure out if it really is a smurf account by doing some manual cross-referencing. If the auth server logs the IPs of any player at every login, a pretty reliable database could be built that would allow you to track players who create multiple accounts. Some concerns could be the database getting really huge which might cause problems. The logging of IPs might also be a cause for concern for people like ViciousStarFish, so they could use it as another excuse to libel your auth server.

    Anyway, just putting it out there.


    Thanks for the heads up on that system Kryand, I'll let warlovr know about it.

    By the way, I looked over on chaingunned, what's it called?
  • The login process doesn't involve any communication with the authentication server, so it can't be done there. The only IP storage I plan to have in the auth server process is the list of IP addresses and the most recent account creation time to enforce the 1 account generation per week thing.

    It might be better to implement a system like that on the individual game server side. Like, ban an IP if you've banned X accounts from that IP address. Since it can be done in the game's Torque Script interpreter (cid.getAddress() and cid.guid), I'm not terribly concerned about it.

    I set up a system like that when running my own servers for the serious offenders. I called it a viral ban. If an IP was banned, any account connected from that IP would be banned; if a GUID was banned, any IP used to connect that account would be banned. It would be easy to make the criteria more flexible, and include analysis of prior connection logs. I'd be interested to see what sort of criteria you used for IP similarity selection.

    While IP/GUID correlation could be done by the delegated community server (which players will connect to on every login), I think there are several issues with that. If you get any false positive rates (like, if a person plays at a friend's house, hotspot, or university network), that would be bad. Also, server hosts have to trust that the correlation won't be abused; I think that gives too much power to the people running the community server with too few checks.
  • Thanks for the heads up on that system Kryand, I'll let warlovr know about it.

    By the way, I looked over on chaingunned, what's it called?

    It's a private script. :)
    Only Last Gasp admins (or former admins as the case may be) have access to it.


    Edit: As for the IP similarity check, these two lines should give you the gist of it:
    $closeips[] = "`ip` REGEXP '^".$ipblocks[0].".".$ipblocks[1].".".substr($ipblocks[2], 0, 1)."'";
    mysql_query("SELECT * FROM `smurf_log` WHERE ".implode(" OR ", $closeips));
    
    PS. No they do not appear one right after another in the actual script. ;)
  • It's a private script. :)
    Only Last Gasp admins (or former admins as the case may be) have access to it.


    Edit: As for the IP similarity check, these two lines should give you the gist of it:
    $closeips[] = "`ip` REGEXP '^".$ipblocks[0].".".$ipblocks[1].".".substr($ipblocks[2], 0, 1)."'";
    mysql_query("SELECT * FROM `smurf_log` WHERE ".implode(" OR ", $closeips));
    

    I'm curious, How can you prove that you have a working script. If only you say can see it. Its pretty much saying this: "I have $10, but you do not get to see it". If you get my point.
    The plan for the start is to allow one account creation for an IP per week. Account creation also requires at least several minutes with the game installed, so it should eat into the patience of someone generating a bunch of accounts manually too.

    If we run into issues with people generating tons of accounts to get around bans in servers, I'm sure it would be possible to come up with a mitigation strategy.

    Will you make case-by-case exceptions for people who actually have the use for more than one account? Like more than one person per household?
  • Well, Last Gasp Admin =Rebels= Admin

    Oh well, warlovr may have something like this already, I'm not sure.
  • I'm curious, How can you prove that you have a working script. If only you say can see it. Its pretty much saying this: "I have $10, but you do not get to see it". If you get my point.
    I don't need to prove it, because it doesn't matter if it exists or not. It's not like Thyth would need my help or need to see mine to be able to code his own system like that. My explanation should be enough to show anyone else how to code their own version. Though, Thyth, if you would like to check it out, I'd be happy to give you access if you register an account on chaingunned.org.

    As for the case of someone playing from someone else's house, I added an IP/GUID time-line that can assist in picking out outlying IPs/GUIDs that don't truly go together.
  • Thyth,

    I think you mentioned asking me about an MVC website, then thought I may have said no, because previous to that I had posted but it was bad timing, because of post delay, I posted the question of location to you instead... (if that was all confusing forget it) because the answer is that I am about to write an MVC website this week for my publisher to begin rebuilding his site. So I could very well be helpful in this too. Further, I have done this before, delegates, etc.

    So yes, I recognize what you mean when you say it should be modular, agreed. But indulge in an answer to a question, please…

    I agree the t2 game and t2 server side should modularly interface to the web-interfaces where the user signs up, creates users, creates teams, joins and drops teams. So if I write an MVC simple login (pretend for a minute it goes like this
    1) https player web page login
    2) player picks from their players
    3) Server gens token, stored in cookie for 10 mins
    4) Player game starts and picks up that cookie to use as token
    5) the player gives token to get game list, if it passes yes they get game list
    6) user dbl clicks server, handing ticket
    7) Game server validates token to main login server via service
    8) if yes player get into game

    My Main question is, when the game client and the game server talk to an online service for all of these auth turns, the server can be http get/post, xml webserver, or info passed over tcp pipes. What the best way for t2 script to speak with a service out of those three methods? Or is the a fourth?
  • I'm curious, How can you prove that you have a working script. If only you say can see it. Its pretty much saying this: "I have $10, but you do not get to see it". If you get my point.
    No, it's not. That was enough information for me.
    Will you make case-by-case exceptions for people who actually have the use for more than one account? Like more than one person per household?
    I'd just ask them to wait a week.
  • My Main question is, when the game client and the game server talk to an online service for all of these auth turns, the server can be http get/post, xml webserver, or info passed over tcp pipes. What the best way for t2 script to speak with a service out of those three methods? Or is the a fourth?
    XML is annoying to deal with in T2, because there are no libraries built in to do so. Though, now, with a Ruby interpreter, XML data processing could be done through that.

    I've implemented HTTP GET and HTTP post as part of mini-web clients in TorqueScript. GET is dead simple to implement because the data payload is the URI. POST is more complex, but I've had to do it already for an interface to the Google online language translation form.

    But, a custom protocol might be easiest. HTTP is stateless, which necessitates maintaining state data as part of the data payload. T2's TCP objects are designed to work on line delimits. One command per line would be really easy to process and implement.

    I'm implementing an XML-RPC (over HTTP) interface for the OpenDHT based list server, but it is something I'd avoid using for anything more complicated than server listing.

    So, I'd say a custom protocol over TCP.
  • I found in my one or two attempts to do Tribes 2 script communication with a website via GET that Tribes 2 does something really dumb with URLs. I admit that I've only ever written two scripts that use that sort of communication and they were both basically the same, but I had to run the following on any GET variable sent in:
    $guid = ereg_replace("^[^0-9]*([0-9]+).*", "\\1", $_GET['guid']);
    
    Or else it wouldn't be exactly what I wanted. Maybe it's only when you try to send a %client.guid, but even so, I also had trouble when I tried to send more than one GET var at a time. For some reason, using & to separate them wasn't working.

    You probably already are aware of this and know how to get around it though, so don't mind me.
  • Did you use HTTPObject or TCPObject and your own HTTP implementation? I've found that HTTPObject and SecureHTTPObject don't work properly, so I just implement HTTP on top of the bare TCP sockets that are available in the TorqueScript.
  • I used HTTPObject, because I was actually just copying the method used by Evolution Mod's leased admin system. I didn't even know if there was anything else.
  • You can see a sample of how I did GET requests using TCP objects: http://absolous.no-ip.com/projects/tribes2/rmsBeta7.vl2

    But that uses HTTP/1.0 instead of HTTP/1.1 protocol. The two protocol versions are slightly different, but it should give you an idea of how I would send arbitrary URIs.
  • Thyth,

    Just wanted to say Thank You for all your hard work on Tribes2!

    Has a leader of the Rumble Clan, I want you to know that your efforts will not be forgotten. You should know you are saving a really cool game that is still alot of fun to play!

    Thanks Again
  • I haven't read anything about it recently, but I know some time ago there was an effort to place FireFox in Torque (by a 3rd party). I might see if I can find that project, as it might be useful if you are aiming for something somewhat more complex (in regards to an in-game browser). I think Torque script is still the best option for the simpler connections that may be needed.

    I'm curious, How can you prove that you have a working script. If only you say can see it. Its pretty much saying this: "I have $10, but you do not get to see it". If you get my point.

    As a former Last Gasp admin I can confirm that it works quite well.
  • I was just wondering, wasn't the master server suppose to be shut down 24h ago? It is still up a running.
  • As a former Last Gasp admin I can confirm that it works quite well.

    I can also confirm that it works quite well. :)
  • I'm injecting code into Tribes 2 in a pretty similar manner to Defense Turret.

    The memory space has been sufficiently modified in the game to prevent use of unmodified cheats like HM2 (it will crash instantly). A more advanced (and up to date) anti-cheat system has been discussed as part of later updates.

    Thyth and others, thanks for all your efforts on behalf of one of the greatest games ever invented.

    I strongly advocate allowing server hosts to decide whether to install anticheat scripts or systems. I really enjoy my dio, hal, and pj scripts (to name just a few, haha) and they give me no edge over other players. In my experience, DT interfered with these scripts so I've opted to keep DT off the Rebels servers. Many honest players have a lot of fun with innocuous scripts, and my strong preference has always been to let players decide whether to risk a ban by using prohibited scripts.
  • Thyth and others, thanks for all your efforts on behalf of one of the greatest games ever invented.

    I strongly advocate allowing server hosts to decide whether to install anticheat scripts or systems. I really enjoy my dio, hal, and pj scripts (to name just a few, haha) and they give me no edge over other players. In my experience, DT interfered with these scripts so I've opted to keep DT off the Rebels servers. Many honest players have a lot of fun with innocuous scripts, and my strong preference has always been to let players decide whether to risk a ban by using prohibited scripts.


    And the man surfaces. :wave:
  • Yeah 6am and the servers are up... This changes things... I know the masters "May" come down, but I doubt it. They don't want new systems to bring in new players and risk the bad press... hmmm
  • Yeah 6am and the servers are up... This changes things... I know the masters "May" come down, but I doubt it. They don't want new systems to bring in new players and risk the bad press... hmmm
    Probaly just that they're doing a graceful shutdown and haven't gotten arsed to shut them down on a... sunday!
  • I imagine Defense Turret will claim a tainted executable and scream loudly. I'm injecting code into Tribes 2 in a pretty similar manner to Defense Turret.
    So you're leaving the original executable intact and modifying the copy in memory via loader?
  • Well hopefully we've all decided to screw their master servers regardless of if they come down. Why waste our time with their barely-functional piece of crap when there's something better?
Sign In or Register to comment.