I'm told that /ban_ip should accept wildcards (e.g. so that we can ban entire netblocks, not just a single IP in some griefer's /16 VPN IP pool), but nothing seems to work:
[ERROR] not an IP: 39.95.108 [ERROR] not an IP: 39.95.108. [ERROR] not an IP: 39.95.108.. [ERROR] not an IP: 39.95.108.* [ERROR] not an IP: 39.95.108.??? [ERROR] not an IP: 39.95.108.0/24 [ERROR] not an IP: 39.95.108.1/24 [ERROR] not an IP: 39.95.108.1-254 [ERROR] not an IP: "39.95.108." [ERROR] not an IP: "39.95.108.*"
cold be that it got changed when the ban options got an overhaul.
was maybe no longer considered relevant with the ability to block user accounts ... for that to work however the user has to be online (and uplinked of course)
IP range bans can be done everytime however
<replace this line with the file content>
<replace this line with the file content>
-Feedback-
who did told you that ?
no idea if this is even a feature in the ban function
To be fair, it was an "I think" from @AndyP, I just ran with the suggestion; trying to make it work.
In the past I used it to ban someone.
But that was way back, before the access-lists got overhauled to accept, name, account AND ips.
so .. the function might not be there anylonger.
and isnt it a problem if you ban a too big part ?
basically you could kill the customers of one ISP in a specific area .. or am i wrong there ?
In theory, yes casting a wide net could block non-abusive users. In practice, almost none of our users login from similar netblocks. In experience, 95%+ of users frequently changing their IP, are abusive players.
The alternative is worse though: in the past week alone, an inability to block griefers have directly resulted in our server's uptime going from a trend of 99-98% down to under 94%: griefers intentionally crashed the server 29 times over the course of 4 days. Caused primarily because there's no effective in-game mechanics to hinder abuse: there is no cost to create accounts, no way to filter accounts based upon age (createdAt) or upgraded status, no way to apply any sort of skill mechanic (e.g. to require that users "earn" the right to fly (or spawn) larger/multi-core ships, earn skills/credits necessary to use more advanced features (e.g. logic), etc. At best, we'd catch someone, ban then, and they'd create a new account, login again and kill the server (logic bomb, known exploit - they've used small multi-core ships, and other exploits, in the past), rinse, repeat, etc... The griefers are using VPN services to change their IP, or simply restarting their cable modem to force an IP change.
Right now we're blocking griefers at the network layer (e.g. iptables), so anyone that tries connecting simply sees no server. Blocking at the application (e.g. game) layer would be more preferred, as we could at least throw a message back to the person connecting, so they would have something to work with; e.g. a non-abusive user gets a ban notice, they could reach out to us, instead of their client simply hanging when trying to connect. Blocking at the application layer also gives us better visibility of legitimate access attempts; is the same user retryting w/ the same IP, is it a new IP, what's the IGN or SM account name used, etc.
-confirmed-
i do get the point ^^
cold be that it got changed when the ban options got an overhaul.
was maybe no longer considered relevant with the ability to block user accounts ... for that to work however the user has to be online (and uplinked of course)
IP range bans can be done everytime however