Proposed Global Ban List

[CaptainMurphy 0]

This is just a discussion thread that is a request to see who might be interested in a program to make Admins lifes easier.

Currently TeamDUCK uses a "BanBalancer" program that I wrote a long time ago to keep the ban lists synchronized between the servers. So if you get banned on one server it will propagate to the rest within a certain amount of time (kinda like DNS information does).

What I am proposing is a global version of this. With some tweaking we could easily design a program that would allow server admins to send their own ban lists to a server that will keep a database of all of the bans and from what servers they are banned from. What this will do is allow the server admin to also request a list from the GBL of a certain 'weight'. So if you want to synchronize your current local ban list with a GBL of a weight of 5 (meaning all player IDs that have been banned from 5 servers or more) then you can download that additional list and add it to your current one. The program will have two portions to it, the first to track YOUR OWN bans, the second to track the GBL that you want to synchronize. That way you don't have users getting banned from 100 server simply because they are on the GBL on one server and get synchronized to all of them.

As an addition, the servers would also be able to be 'graded' and 'weighted' so that you could throw out results from servers that are not graded high enough to warrant following what their administrator thinks is a valid ban.

Thos servers not able to run the program directly (linux based) would be able to still participate through a web site addition that could build the ban.txt file for them based on parameters filled into an online form.

Would any other admins be interested in this program? If so, what other features could you see being implemented into it?

[blazer01 0]

i like the idea but what will the banning include peeps that hack and Tk.ing on servers ? if so i say ya

[volkov956 0]

Not intereseted I have seen people get banned because someone does not like someones game tactics/does not talk when playing/and other minor trivial things that do not affect other users besides some Admins for some reason...

So I rather not have people banned that were not cheating/hacking. To this day My server has banned no one yet....

[cross 1]

edit..nvm...

[R0adki11 3947]

This sort of thing was proposed when OFP was the main game, now ARMA is in charge as it were. All i can see is the difficulties of managing such a list and who has access to a list, espeically if its going to contain player ids, security etc will be highly important.

My clan use to run a server and we have never banned anyone to my knowledge as yet, kicked plenty of players, but will operated the server with a few defined rules, that should be followed or face been kicked.

Although a great idea it sound, its just a matter of how it will be operated...

[STALKERGB 6]

Yeah it does sound like a very good idea and a useful tool but (to quote spiderman) "With Great Power come Great responsibilty" the only worry is like alot of things it could easily be used justto ban people you don't like etc.

Still a good idea....

[CaptainMurphy 0]

Well, I think the whole point of it is that it uses a weighted average to set the ban level. Just to clarify I will give an example of the inner workings that we have in mind.

Let me define a few items first:

Player A: Banned 3 times in the last year from GBL compliant servers. Has their name on the list 3 times in the last 2 months.

Player B: Banned 10 times in the last year from GBL compliant servers (4 @ 8mos, 4 @ 6 mos, 2 @ 1 mo). Ubanned (contested) from 5 of the same servers (4 @ 8 mos, 1 @ 6 mos). Leaving 5 bans (3 @ 6 mos, and 2 @ 1 mo).

Player C: Banned 6 times in the last 2 months from GBL compliant servers.

Ok, so now we have players with different levels of screwup.

Lets show the way server admins could use the GBL.

Server A wants to ban ANYONE that IS banned by 5 or more servers regardless of when they were banned. This would lock out users B and C.

Server B wants to ban all players that have been banned from 5 or more servers IN THE LAST 4 MONTHS. This locks out user C only.

Server C wants to be strict lockout players that are banned from 3 or more servers in the last three months.  This locks out users A and C.

That is a general capabilities if we simply track the data as related to the user. A database can keep the date, server banned from, and username. We could even add in a reason or description for the user as well as Admin comments.

When an admin of a server want to pull an updated GBL (think spam filter), they download the new file (or run the GBL service on their server) to get the latest GBL synced with their local ban list that they keep.

From the player perspective, they can also apply to contest the GBL listing if they want. Server admins have to register their servers with the list in order to get access to synchronize their list into the GBL, which includes having contact information. A player can dispute a blacklist entry with the server admin. After a deemed amount of time (community set) and after the admin has responded, the entry is either retained (admin wins the argument) or the entry is removed (player wins the argument).

It essentially works similar to spam lists for mail servers. By garnering input from hundreds of thousands of mail servers they are able to weed out the spammers. The 'black list' is then used to keep good servers from relaying for bad ones.

I just don't see many admins setting their thresh hold for lockout to 2 bans ever recorded. I could see some of them setting it for 5 bans in the last 6 months though. Once the time goes by and the user 'cleans up' then they start being allowed back on servers they weren't allowed into for a while there. But be collecting input from multiple sources, we allow the ability to show patterns with certain user IDs. Greifers could be located quicker and added to a dreaded 'BLACK LIST' of player IDs or something similar.

Also, by mirroring the system across multiple machines, we can get a level of trust built by the admins and be able to 'weight' the servers themselves over time. So when an admin gets a ton of contestings against their ban list and wins every one of them, their weight goes up.

The contesting system will still need to be worked out, but I can only envision it with a moderator type system involved in it. Where a non-involved third party rules in favor of one party or the other.

Let me know if that makes any sense. I am working on a program outline and will post it on the teamduck site shortly.

[blazer01 0]

Yeah it does sound like a very good idea and a useful tool but (to quote spiderman) "With Great Power come Great responsibilty" the only worry is like alot of things it could easily be used justto ban people you don't like etc.

Still a good idea....

same thing i wos thinking if it.s some one who we know who hacks than ya it is a good idea but if it some one a admin dus not like people than in my books its a no no {With Great Power come Great responsibilty} we have to have a set of rules that we a go buy like if we have some one whos good at flying jets and we have a admin who dus like it cuz he.s in the jet doing his job but still gets a ban becuz some admind dus not like it cuz he is in the jet and not him iv see this a lot on some BF2 Server when a admin thinks he is god and to tell ya i dut like peeps who r like that so all am saying is we need some rules that we all go by but wot if lets say i wos on and i got a ban for some thing silly as tk.ing some one how will i get unband for it ?? who do i ask ??

but ya a good idea but we need a R.O.E game rules for both sides that we all go by if this helps and stops ppl from hacking than ya go for it

its like i say if you cant play the game dut play it or ask for help

[Yoma 0]

A very nice idea.

However i don't quite understand how to make sure noone is spoofing the banlists (e.g. posing as servers that don't even exist, running mock servers to cause havoc etc)

Still, with some honest and clever management this could be a good project. You could do something along the lines of issue a certificate to serveradmins which they need to use when reporting bans. And some kind of timebased certificate issue (a serveradmin has to first prove he has admin rights on a serve and then after at least 14 days of waiting he gets the right to enter banlist, meanwhile the actual server could be logged to check if it's a REAL server)

Also each serveradmin reporting bans should have he's own game id reported (serveradmin gameid) so when people start doing bad stuff you can give penalties by entering them on banlist.

However, abuse can and will happen I think. (Nothing a bad person likes better then doing a denial of service on someone's game)

Also let's not imagine what this project would give if some bastard got around to generating valid playerid's.

Can you handle the power?  

[CaptainMurphy 0]

Oh there are absolutely some things to look into. I like the idea of the certification of servers. I was thinking of having the ID's of the admins tied into the standar player database as well so when there is a ban or dispute, their own ID is brought into the mix.

With a 'contest' feature built into the ban section, a player can contest their ban with the registered admin. I think if we set a 'weight' to the servers (something similar to a trust level) that adjusts based on the trustworthyness of their bans, we could weed out the spoofers pretty fast. It would be a work in progress of course, but man would it be nice to have a communal list of jerkoffs that like to cause havok. At least with a method to reverse the ban, you can get around the admins that like to ban just for the power trip. Plus, most of the 'better' servers will keep their own ban list seperate from a GBL unless the user REALLY screws up.

I am still working with gamespy and developing a dll to hook into the arma_server executable that allows a little more info to be collected. Hopefully leading to a better tracking of players so a ban can actually carry more weight to it with a logging of their actions.

This system could even be expanded to become a reporting system where you can report a userID for malicious activities.

Yoma, has there been anyone able to create valid ID's yet?

Oh, one simple method of making sure the server is legit (at least that it is a real server) is to watch the gamespy entry for it along with a local service on the server that has to be run in order for the server to qualify for GBL access. Could work, maybe... as long as the service correlates the information that the gamespy entry has available. If they mismatch then the server's entries become null to the GBL listing.

As far as 'power' goes, it would be more a communal power than being on one individual or group. Since every entry for a ban would be visible through a website, you could (as an admin or a user) type in a player ID and research their record of bans. Something like looking up an ebay sellers ID. It might be possible to have the service that is running on the server verify that the player was in fact on the server through the logs (could still be spoofed) or even better a DLL that hooks the info straight from the executable. That could at least make sure the player was even ON the server at the time. Some form of verification would be in order at the least. Anyone got any readily available info that could be used for that?

I can develop the web site, database tracking, SQL backend, web services for communicating with the web servers, and services on local machines, but I am not that well versed in the arma executable or the exact logging methods. I could really use a little help on that front.

[Yoma 0]

Yoma, has there been anyone able to create valid ID's yet?

I most certainly hope not.

I haven't seen it yet on Arma.

But on OFP at one time i faced a total bastard that did it in my face.

Guy was cheating on a cti (flying shilka's etc) we confronted him and he started fooling around, reconnecting with various ID's of players ingame including my own ID.

Anyway I think the project is a nice idea, and it can't hurt trying it. You could allways pull it if it turns out to hassle too many valid players.

[cross 1]

I'm not sure whether it's a good idea to publicly disclose lots of legit user IDs and maybe usernames.

Eventho you work with "registered" admins, there is no guarantee that they will not hand all the IDs over to someone else.

I don't know how exactly they can be used but I just wanted to voice a question/issue I had in mind.

cheers

[CaptainMurphy 0]

Well, technically you hand your ID over to an admin on every server you play on. Doesn't take much to amass a pretty long list of user ID's.