Pretty much the title, but If I wanted to IP ban a user from my server and forums, is it possible they could bypass it by using an VPN and IP Address?
If I banned a user through their static IP/dynamic IP before they began to use a VPN and before they changed their IP Address, will the IP ban still stand since I banned their original IP?
I'm just wondering since I don't want users to be bypassing an IP Ban.
Thanks.
Edit: What would you recommend as being the most affect strategy to ban a person? Should I try to ban their first IP they had - and even though they could use a VPN, they would still be banned?
Yes this can be bypassed. If the user has more than 1 minecraft account. This is why most minecraft servers don't bother with ip bans. But If they only have 1 minecraft account they can change their ip all they want they cannot get back on since that account is also banned.
Yes this can be bypassed. If the user has more than 1 minecraft account. This is why most minecraft servers don't bother with ip bans. But If they only have 1 minecraft account they can change their ip all they want they cannot get back on since that account is also banned.
Thanks
Thread Update: Asked some more questions, sorry about that.
Edit: What would you recommend as being the most affect strategy to ban a person? Should I try to ban their first IP they had - and even though they could use a VPN, they would still be banned?
Fairly sure if they use something akin to a VPN or just flat-out get their IP changed, then I think it'd be safe to say that they're going to be able to access it again. If alt accounts are an issue you're just going to have to keep an eye out for them. I'm rusty on server knowledge and such, but if it doesn't already, you should look at something that prevents their UUID from joining if they get a name change, as it seems there are still plugins and such which still follow the old name system.
Fairly sure if they use something akin to a VPN or just flat-out get their IP changed, then I think it'd be safe to say that they're going to be able to access it again. If alt accounts are an issue you're just going to have to keep an eye out for them. I'm rusty on server knowledge and such, but if it doesn't already, you should look at something that prevents their UUID from joining if they get a name change, as it seems there are still plugins and such which still follow the old name system.
Thanks, but I believe the UUID is only unique to each player, which can work if they only have one account. But if someone had alts - they could bypass it I believe. Is there anyway to ban a user permanently maybe through their device? -so no matter what VPN, UUID, alt account, IP change, or browser they use to mask their identity, they can not log in from their device.
quote=ExplorerEze01
Thanks, but I believe the UUID is only unique to each player, which can work if they only have one account. But if someone had alts - they could bypass it I believe. Is there anyway to ban a user permanently [Emphasis added] maybe through their device? -so no matter what VPN, UUID, alt account, IP change, or browser they use to mask their identity, they can not log in from their device.
Fundamentally, no. ["Any lock that man can make, man can break" is a truism worth remembering.]
Even if you could ban a device, one could simply use a new device.
The technical difficulty with device bans is that your end (the server & associated bits) must query the user for the devive ID. What your end receives as a reply is no more trustworthy than the weakest link in the chain of transmission; at any weak point the a "clean" ID can be substituted for teh actual device ID. (In a sense this is what VPNs do for IP addresses.)
At root, all you can do is make it expensive/annoying to connect to your server: anyone reasonably tech-savy and willing to spend a bit can bypass 'blacklists'.
This is the logic behind 'whitelisting' where only vetted users are allowed to connect; the effectiveness of the vetting, however, being a product of the degree of expense/annoyance to which the server operator is willing to go. {eg. If you were only to permit connections from persons known to you in RL, from whom you recieved their connection information 'in person' (such as having a friend read you their specs over a phone) you would be secure.} [Requiring a video enabled conversation with the applicant (eg via Skype) would be another option; note, however, that – in addition to the time requirements, this level of vetting may well alienate a sizable fraction of potential players….]
Rollback Post to RevisionRollBack
"Why does everything have to be so stoopid?" Harvey Pekar (from American Splendor)
WARNING: I have an extemely "grindy" playstyle; YMMV — if this doesn't seem fun to you, mine what you can from it & bin the rest.
An ip adress is like a phone number and an ip ban is like using caller id and not answering if you recognize the phone number.
If they change their ip there is nothing about the new ip that tells you what ip they had before they changed it.
A uuid is like an id card and the uuid ban would be something like using a videophone and making somebody show their id card, having an alt account would be like having a different id card with a different name, there is nothing about the uuid of one account that connects it to the other one.
Pretty much the title, but If I wanted to IP ban a user from my server and forums, is it possible they could bypass it by using an VPN and IP Address?
If I banned a user through their static IP/dynamic IP before they began to use a VPN and before they changed their IP Address, will the IP ban still stand since I banned their original IP?
I'm just wondering since I don't want users to be bypassing an IP Ban.
Thanks.
Edit: What would you recommend as being the most affect strategy to ban a person? Should I try to ban their first IP they had - and even though they could use a VPN, they would still be banned?
Yes this can be bypassed. If the user has more than 1 minecraft account. This is why most minecraft servers don't bother with ip bans. But If they only have 1 minecraft account they can change their ip all they want they cannot get back on since that account is also banned.
Thanks
Thread Update: Asked some more questions, sorry about that.
and Bump.
Fairly sure if they use something akin to a VPN or just flat-out get their IP changed, then I think it'd be safe to say that they're going to be able to access it again. If alt accounts are an issue you're just going to have to keep an eye out for them. I'm rusty on server knowledge and such, but if it doesn't already, you should look at something that prevents their UUID from joining if they get a name change, as it seems there are still plugins and such which still follow the old name system.
Figured it was time for a change.
Thanks, but I believe the UUID is only unique to each player, which can work if they only have one account. But if someone had alts - they could bypass it I believe. Is there anyway to ban a user permanently maybe through their device? -so no matter what VPN, UUID, alt account, IP change, or browser they use to mask their identity, they can not log in from their device.
quote=ExplorerEze01
Thanks, but I believe the UUID is only unique to each player, which can work if they only have one account. But if someone had alts - they could bypass it I believe. Is there anyway to ban a user permanently [Emphasis added] maybe through their device? -so no matter what VPN, UUID, alt account, IP change, or browser they use to mask their identity, they can not log in from their device.
Fundamentally, no. ["Any lock that man can make, man can break" is a truism worth remembering.]
Even if you could ban a device, one could simply use a new device.
The technical difficulty with device bans is that your end (the server & associated bits) must query the user for the devive ID. What your end receives as a reply is no more trustworthy than the weakest link in the chain of transmission; at any weak point the a "clean" ID can be substituted for teh actual device ID. (In a sense this is what VPNs do for IP addresses.)
At root, all you can do is make it expensive/annoying to connect to your server: anyone reasonably tech-savy and willing to spend a bit can bypass 'blacklists'.
This is the logic behind 'whitelisting' where only vetted users are allowed to connect; the effectiveness of the vetting, however, being a product of the degree of expense/annoyance to which the server operator is willing to go. {eg. If you were only to permit connections from persons known to you in RL, from whom you recieved their connection information 'in person' (such as having a friend read you their specs over a phone) you would be secure.} [Requiring a video enabled conversation with the applicant (eg via Skype) would be another option; note, however, that – in addition to the time requirements, this level of vetting may well alienate a sizable fraction of potential players….]
Would a player still be IP banned if I simply banned their original IP before they changed it? Or will they stay banned?
There is no best way to ban a player.
If you ban his main account, he can log in an alt account.
If you ban their IP, you might ban an IP that some other person might use later and he will not be able to join your server.
So best option would be basically to keep banning user names, since IP bans can basically be skipped with 1 free application.
If you are rely that determined to ban some one, not thinking of consequences, I advise you to ban both the username and the IP.
Thanks everyone! And finally, sorry again, but if they changed their ip once (without any VPN, etc) - will they bypass the ban with an alt account?
If they can change their ip then an ip ban won't stop them since it checks the ip.
If they have an alt account then an uuid ban won't help since the alt account has a different uuid.
If they change both then neither type of ban will stop them.
The only thing you could do then is use a white list and hope you recognize them if they come back with an alt account and apply to join.
Just testing.
An ip adress is like a phone number and an ip ban is like using caller id and not answering if you recognize the phone number.
If they change their ip there is nothing about the new ip that tells you what ip they had before they changed it.
A uuid is like an id card and the uuid ban would be something like using a videophone and making somebody show their id card, having an alt account would be like having a different id card with a different name, there is nothing about the uuid of one account that connects it to the other one.
Just testing.
Use a VPN Blocker to VPN connections. Although, some VPN Blockers is limited to 100 connections/day.
"Life is something you force yourself to live into"