Friday, September 17, 2010

A few thoughts on policing multiplayer communities

The other day, I had someone privately confide in me that they were overwhelmed by the amount of hacker witch hunts that were going on in their multiplayer community. I won't name who brought the concern up, or the name of the community, but an interesting question follows: how do you keep hackers out of a free multiplayer game while at the same time not making it too difficult for legitimate players, especially those who play casually and do not participate in the community proper, to play the game.

Before we continue, as someone who primarily plays Doom, I will list the three major multiplayer ports and their policing policies:
  • Odamex: Bans are purely done on an IP basis. Server owners can ban an IP or a whole range of them, and can store them in a banlist kept locally on the server.

  • Skulltag: Has the same local banlist as Odamex. In addition, there is a banlist handed out by the Skulltag master server that servers are required to use. Also, the source of the port is closed to prevent cheating.

  • ZDaemon: Has the same local and global banlist as Skulltag. In addition, you are required to create an account in order to play on a public server. Account creation is automated. In addition, access to the official forums is tightly controlled, your forum account must be verified manually by an administrator.

I am of the opinion that some of these policing systems are defective. Some of them are more defective than others, but they are all either deficient or defective in some way, and I'll list the primary reason why:

Using IP addresses to ban hackers will never be a comprehensive solution

If someone really wants to play on your servers, they will find a way. If you disable their account, they will create another one. If you ban them by IP, they will proxy around it. If you figure out a way to ban all open proxies, they will find less common ones. If you require some form of real life identification, they will steal it.

However, IP bans are not entirely useless. Many firewalls and intrusion detection systems use IP bans to deal with potential attackers, by blocking IP's after X failed attempts, or by whitelisting IP ranges where users are unlikely to come from. There is also the fact that banning an IP from a server is often enough to keep less ambitious undesired players out, perhaps those who are guilty of merely annoying the patrons of the server

So IP bans do have a use. However, these controls should be made available on a server-by-server basis, as the notion of there being one "blessed" central body that is capable of professionally and timely handling accusations of hacking for an entire free game is laughable at best.

The prospect of being able to keep an accused hacker or a supremely annoying user off of all servers is an appealing one, but the usage of the IP ban far too often promotes ban ranges that cover entire /24's or /16's, often banning entire countries or continents in the vain hopes that the problem will go away. Realistically, all it means is that a hacker now needs to find a proxy outside the range, and any legitimate players inside that range are out of luck unless they take the extraordinary step of pleading to the administrators in charge to let their IP range through. Most users will not take this step and instead play something else, since getting a "master ban" on their IP means that they can not play on literally any server on the server list.

There is also the question of community drama. Skulltag and ZDaemon have one "blessed" master banlist. If servers refuse to use the master banlist, they are not allowed to be listed on the master server list. In the past, there have been several incidents where IP ranges of players have been banned by the "blessed" administration for reasons other than hacking, and yet the server administrators are powerless to whitelist these IP ranges if they decide that they would rather "risk it" or otherwise disagree with the global bans. Arguments for preserving the "purity" of listed servers is a pretty laughable when you take into consideration that even with such a master banlist, there are rampant rumors of players hacking anyway. Far more popular games such as Battlefield Bad Company 2 and Team Fortress 2 both allow the server administrator to disable their "master banlists", and many free games don't even have a master banlist at all, such as Warsow and Urban Terror.

To sum things up: Globally-enforced IP banlists don't prevent hackers from using your servers, and can victimize perfectly innocent players, either knowingly (through community drama) or not (random player who is caught in the master banlist).

A note on user accounts.

Although I am clearly not a fan of using IP banlists for global policing of multiplayer game communities, this does not mean that I am also not a fan of user account systems. In fact, I love the idea of them. First, accounts give you player verification; it's much harder to pretend that you are a specific player when you don't have their credentials. They also give you persistence; an older, established account is much less likely to be someone who is on your server to ruin other players experience. It also opens up the doors to other neat features, such as the possibility of using your account as Remote Console credentials, or Modern Warfare-style experience points (which could be used by modifications).

One common mistake I've seen from time to time is where account systems are based on a username. I personally prefer something along the lines of Steam or Quakenet's Q, which does not guarantee you a nickname, as it also doesn't force you into a nickname either and allows it to change it later. And honestly, for a free game, I think that it would be a better idea if logins were optional, so players could play anonymously.

This is the area, in my opinion, where Odamex could use some improvement. Some form of optional user authentication would allow telling the legit players from the fakes a lot easier.

An additional note: I have been asked how these views extend to attacks against a game master server itself, for example a malicious server host that spams the master server with 255 servers running bot matches that advertise hacks in the hostname. I would consider that an attack against the master server itself. Those attacks ought to be blockable at the master server level by using an X server per IP limit, or filtering out heartbeats from malicious servers at the firewall level. But you don't need a forcibly distributed master banlist for that.

No comments:

Post a Comment