Dealing With Malicious Users
Online games are all about users interacting, but some interactions are made by malicious users. There are a variety of Common Security Issues which you need to know about, but this article will explain what options you have to stop malicious users from accessing your game. Unfortunately, it is impossible to permanently block a user from accessing your game, but you can implement a variety of mechanisms which can make it more difficult for malicious users to make repeat offences.
You can easily ban a single account from your server permanently, the problem is stopping a malicious user from creating more accounts and continuing to hack/spam, etc.
IP Ban
A common ban method is an IP ban, which blocks any incoming connection attempt from a specific IP address. There are issues surrounding IP bans, though. An IP can easily be spoofed, and some IP addresses change automatically. Furthermore, banning a single IP can potentially ban thousands of people from accessing your game. If used, IP bans should not be permanent. One of the few times when IP banning is useful is on multiple login attempts, where the connection can be blocked for 5-15 minutes to stop some attacks.
MAC Ban
A user's MAC address can also be used to identify a malicious user, but it, like an IP address, can easily be changed. It may be useful to match a user's MAC address to the MAC address of any recently banned accounts.
Registry
Another method is to store small data entries on the banned user's computer. A computer's registry can be edited and cleared, but due to the density of some parts of the registry it is possible to store data without the user's knowledge, and this can be a very useful mechanism for stopping access to your game.
Email Verification
Requiring users to link an email address to their account is a useful way to slow down malicious users from continuously abusing your game. Every time someone wants to create an account, you force them to enter an email address and confirm their email before they can log into the account.
A combination of these systems along with some improvisation and automated checks can allow you to create a ban system that is simply too tedious for malicious users to work through, though there will always be a way for users to regain access to your game.
Another method is to store small data entries on the banned user's computer. A computer's registry can be edited and cleared, but due to the density of some parts of the registry it is possible to store data without the user's knowledge, and this can be a very useful mechanism for stopping access to your game.
Email Verification
Requiring users to link an email address to their account is a useful way to slow down malicious users from continuously abusing your game. Every time someone wants to create an account, you force them to enter an email address and confirm their email before they can log into the account.
A combination of these systems along with some improvisation and automated checks can allow you to create a ban system that is simply too tedious for malicious users to work through, though there will always be a way for users to regain access to your game.
How To Make An MMORPG © 2010-2012
Copyright | Privacy Policy
