Country on "who" / Should player ip be hidden?

[Lauwenmark]

To make it clear: visible IP can be a security concern as long as the rest is secure. Is the CF protocol secure ? Are password transmissions crypted ? Saying that displaying the IP for players is a security thread is much like closing your door while leaving the windows wide open.

Now, if we're wanting a serious debate about security, then we need to study the problem globally, and not piece by piece.

As for the DM problem, I see no easy solution:
- If they can ban a given IP, then the other user can simply change it (not a very difficult task for most people);
- If they can ban a given character, the player can simply restart a new one.

I tend to favour the second solution, though. It's quite annoying to restart a character from scratch, more than changing an IP.

[Ketche]

In my opinion it wouldn't be good to hide the IPs from players, and DMs aren't on all the time. If there is a PKer and the player can't get the IP address, what good is that? Having the countries displayed isn't a necessity. You should make a poll.


-- Ketche, Admin of lemur.elvenrealms.net

[philc]

What does it matter if the players know the IP of the PKer? They still can't do anything about it so it's pretty useless.
Maybe there should rather be different DMs, one for roleplaying/helping newbies and one who can also do a few things with the server, like restart the server, kicking players, etc.

[Pathor]

On a mud I've been an admin on, we have from time to time problems with people breaking the few rules we have. They feel it is their right to play our mud and don't care about our rules. There are people connecting and just shouting profanities. There are people connecting telling people to try another mud instead of ours (which I don't have a problem with if they didn't spam about it). Some keep creating new characters with less fun names - <Adminname>Dickhead, etc. Our player-admins (in the mud), have the ability to read the logfiles to see from where someone has connected, to see what other characters have connected from those IP numbers etc. They can also see the IP numbers of people connected. They can (un)ban a single IP, a range of IP numbers, every name under a domain. They can (un)ban a character. There is always a message given to someone connecting from a banned domain/IP, explaining why it is banned and who to contact about it. We also have the ability to stop the creation of new characters from an ip/domain. That way we can let old characters continue to play from a popular ISP, while banning annoying people until they cool off. None of this was needed when only "mature" university students were playing on our mud, 7-10 years ago, but since then younger aged people have started to use the internet too...
If/when crossfire is discovered by these thirteen year old boys, they will start with such ... in our servers too and the commands need to be there.

But with proper logs, no normal player needs to see the IP number of the offenders and I don't think they should see the country either. The characters are from places within the CF world. There is no need to add strange countries like France.

[Lauwenmark]

Our player-admins (in the mud), have the ability to read the logfiles to see from where someone has connected, to see what other characters have connected from those IP numbers etc. They can also see the IP numbers of people connected. They can (un)ban a single IP, a range of IP numbers, every name under a domain.

Well, something similar exists in Crossfire with the ban file.
The problem is that it is often difficult to ban people using their IPs. If those are static addresses, no problem. But what if they're dynamically allocated ones, something very common for Internet home access ? Besides that, annoying kids are often clever enough to reset their connection, getting so a new IP.

They can (un)ban a character. There is always a message given to someone connecting from a banned domain/IP, explaining why it is banned and who to contact about it.

Banning a character cannot completely stop buggers - it can slow them down somewhat, though. The automated message sounds like a good idea to implement.

We also have the ability to stop the creation of new characters from an ip/domain. That way we can let old characters continue to play from a popular ISP, while banning annoying people until they cool off.

Sounds like an interesting solution - as long as it is limited in time.

[hoxu]

The problem is that it is often difficult to ban people using their IPs. If those are static addresses, no problem. But what if they're dynamically allocated ones, something very common for Internet home access ? Besides that, annoying kids are often clever enough to reset their connection, getting so a new IP.

Being able to ban a mask would be neat (172.192.0.0/12 and 172.208.0.0/14, right?)..

Moderators: I think the last three posts could be split from this topic.

[Lauwenmark]

Being able to ban a mask would not solve the problem. It would probably just end creating new ones, as 'innocent' players could end being forbidden too. IP-based ban is only a very short-term solution IMHO.

[Avion]

Being able to ban a mask would not solve the problem. It would probably just end creating new ones, as 'innocent' players could end being forbidden too. IP-based ban is only a very short-term solution IMHO.

Yes, very much so.
I have coded a Banish command which will allow DM's to banish a player by name. This will kick them off the server and enter their IP in a banish_file in var/crossfire which is checked along with the ban_file. It will also log the event as "! <DM> has banished <playername> from <IP>". As part of this the kick command now disconnects the player entirely from the server in stead of just from the character.

Yes this will not stop a player from changing IPs and coming back, but it should be sufficiently bothersome to put an end to most minor abuses.

The server admin can decide to clean this banish_file out via cron, or read through the logs to look for trends and permenantly block certain IPs in the ban_file or what ever they wish to make their policy.

I tried to balance server admin and DM powers.

Now my question to you is should player IPs be showing up in the who command? I am of the opinion that they should not.

[hoxu]

I have coded a Banish command which will allow DM's to banish a player by name. This will kick them off the server and enter their IP in a banish_file in var/crossfire which is checked along with the ban_file. It will also log the event as "! <DM> has banished <playername> from <IP>". As part of this the kick command now disconnects the player entirely from the server in stead of just from the character.

Nice.

[Lauwenmark]

Now my question to you is should player IPs be showing up in the who command? I am of the opinion that they should not.

As I see no technical or security-related reason not showing them, and as some players find those interesting to know, I think things need to stay as they're now.

There are more important problems regarding security in CF than a couple of IPs displayed or not IMO.