ExMachinae Posted September 27, 2017 Posted September 27, 2017 Hi, I've played several games from home without issue, but was trying to play on my laptop at the library and got a banned message. This is the IP: [redacted] It says it was supposed to expire in 2015 but apparently didn't. My BYOND key: ExMachinae
Scheveningen Posted September 27, 2017 Posted September 27, 2017 The ban is not based off of an IP-based ban. Your point about it being you using the library IP does not seem applicable here. I assume there's a more apt explanation than it being the internet provider your library uses?
ExMachinae Posted September 28, 2017 Author Posted September 28, 2017 I don't know what you mean? The ban references "cytraladox" which I assume is someone else's key. I was playing yesterday from home, didn't do any of the things in the ban (chucklefucking, griefing, something about "buttsecks and cum" in crayon) when I tried to log in while connected at the library I got that ban message. It seems like an IP ban because my very first time playing SS13 was a couple days ago from the library and couldn't log in to Colonial Marines, got a ban message right away talking about multi-keying. That ban seems to persist once I tried to log in from home. I've been playing on Aurora Station from home only, but today tried to log in from the library and got the ban message. The ban is now persisting at home as well. It's very confusing because I'm brand new to SS13 but can't seem to play on a lot of servers from what I believed was logging in from a public IP. I tried Aurora while I was home over the weekend and started figuring things out and having fun, now I seem to be banned for something someone did in 2015.
Scheveningen Posted September 28, 2017 Posted September 28, 2017 Allow me to explain then. The original ban you are referencing is an old ban applied to an account banned from late 2015, simply for a severe case of griefing. Over the course of two years our system has caught 16 bypass attempts of the ban. Make that 17. I'll go over the 17th one in a second because I find that interesting. Not counting bypass attempt #17, the mirror system has caught four particular CIDs (over 16 bans this narrows it down a lot) consistently in combination with less consistent IP swap-ups as the CIDs were changed, either by changing hardware of the computers directly or said computers being swapped out for new ones. The CID your laptop possesses has been consistent with catching past bypass attempts. At least five out of the 16. Connecting this back and forth pretty much implies there is some pretty intensive attempts at ban dodging, especially since some of the accounts that attempted to bypass the original ban were day zero or day one accounts being created before attempting to join the server. How do we know it's ban dodging that took place? Well, when IPs to a particular ckey is dynamic, it means it's either a laptop or a wiseguy using a proxy. Laptop more likely than proxy. Now when it comes to CIDs but the IP remains the same, it means there's either multiple physical computers or something special. Since there's more IP generations historically than CID ones, we will mostly lean on it either being the dynamic-IP call with some interesting links in history with other physical computers in the far-off past. Maybe someone sold you an old laptop previously and griffed spessmans with it? I dunno. As part of our job we have to err on the side of caution over this sort of thing. But! As for #17, the interesting part that sells my theory here is that the IP does change again when you made the access attempt (because it's a laptop, I'd hazard a guess!), except this time it is a couple stone throws from your library's IP location, unsurprisingly and reasonably so. In the same area, really, since this is a public appeal I won't divulge in specifics about that, as you have a right to privacy to not have me go on about that. So I'm inclined to believe you, though you must understand our hesitation in trying to leave some bans in place especially considering the amount of bypass attempts we see here. I make no promises but I'll shoot this in the general direction of the server host and see if he can make an exception, and also discuss if this is something we should be lifting. It's a matter of precaution, it's nothing personal. I also probably have a couple details wrong in relation to technical things, I know only a general grasp on this sort of thing and it's all mostly only patterns to me. Also, I'm editing out the IP you listed in the OP, mostly because we know you made the access attempt, you don't have to tell us (we appreciate it anyway), and we'd rather not risk other people trying to do guesswork on your real life location. Largely just to be considerate, I should've done it earlier but I didn't catch it in the main post and realize soon enough I should've fixed it for you.
Skull132 Posted September 28, 2017 Posted September 28, 2017 Well here's the interesting thing. Your computer ID changed once over the last few days. And that's what got you banned. It's generated by BYOND and shouldn't change unless you swap out machines or do some major internals work on your PC. Like swapping out hard drives. Will discuss with admins and see what they want to do about this.
ExMachinae Posted September 28, 2017 Author Posted September 28, 2017 It's late and I gave all that one read-over, but I think maybe I have an idea of what's going on. My laptop is a Windows 7 VM on VMWare Fusion running on my MBP. That might explain the hardware changes and similarities to previous banned CIDs? I also play on my desktop at home, which is not the IP listed in my first post. I'm not sure if that counts as a hardware change? I would think the system would allow/take into account people playing on different machines but all I know about it is what I was able to process from Scheveningen's explanation. I understand erring on the side of caution, and I appreciate the quick and detailed responses.
Scheveningen Posted September 28, 2017 Posted September 28, 2017 Laptops are pretty notorious for switching IPs up anytime you pack it up to use elsewhere, so don't worry too much about the IP changes.
Skull132 Posted September 28, 2017 Posted September 28, 2017 [mention]ExMachinae[/mention] if you're using a VM, is it running pirated windows? Cuz that might explain. Or the simple fact that it is a VM might also explain it.
ExMachinae Posted September 28, 2017 Author Posted September 28, 2017 [mention]Skull132[/mention] it's not pirated, but an enterprise license. I was thinking because it's a VM that might make the 'hardware' seem similar to other VMs that might have been used by griefers.
Skull132 Posted September 28, 2017 Posted September 28, 2017 Skull132 it's not pirated, but an enterprise license. I was thinking because it's a VM that might make the 'hardware' seem similar to other VMs that might have been used by griefers. Both are possible. Unfortunately the BYOND method of providing the hash isn't 100% unique. Anyways, since your other connections don't match any bans, I'll just lift the specific mirror. You should be good to connect now. If not, reply or leave me a PM and I'll investigate further. Though be careful with that VM, I'm currently keeping the other mirrors active so if you show up with the clashing CID again, you might will get caught out again.
ExMachinae Posted September 29, 2017 Author Posted September 29, 2017 Awesome thanks! I’ll only use my desktop from now on.
Recommended Posts