Ok little help please. How do you know if a player is a duper or not?
I know you check IP's to see if they match. but alot are real close. How do you really know ?

TW Free Play
http://www.twfreeplay.com
telnet://12.219.136.27

quote:
Ok little help please. How do you know if a player is a duper or not?
I know you check IP's to see if they match. but alot are real close. How do you really know ?

TW Free Play
http://www.twfreeplay.com
telnet://12.219.136.27


Not too many will comment on this.

Visit slbbs.com port 2002 for a rip roaring game of TW where you also have to battle the Klingons, Romulans, Orians and the Borg.

quote:
Ok little help please. How do you know if a player is a duper or not?
I know you check IP's to see if they match. but alot are real close. How do you really know ?


Catching dupers is not a fun or easy task. There's no truly 100% effective method of catching such players at the moment. IP checking works moderately well, and there are a couple programs that will automate this task for you. One is Abraxus' dupecatcher ($7.50 registration fee the last time I checked) and another one was written by EleqTrizi'T before he shut down The StarDock (freeware, as far as I'm aware, but hard to find).

The problem with IP-based dupecatching is that its less effective against dupes using dial up connections, or augmenting a broadband connection with any of the numerous free dial up accounts such as from NetZero, Juno, etc. Since their IP address will change slightly with every new connection, most dupecatching packages won't pick up on them.

If you find IP addresses that are close, but not a perfect match, check into the player records for those players. Look for passwords that match or are very close (i.e., mom and m0m), player names that are too similar for coincidence, ship names of their ships, ship passwords, etc. Some dupers are brilliant when it comes to getting past dupecatching software, but then fall flat on their face when it comes to making each account look like its a valid one.

I've been working on a project, a 24/7 front end for TWGS, that will add MAC-level dupecatching to a sysop's arsenal, but that's still a long ways off at the moment. With very few exceptions, almost every connection to a server will have a unique Media Access Control number from the connection device (home network router, cable modem, DSL modem, etc.) so dupecatching becomes a lot easier since most of these devices don't have MAC addresses that can be easily modified.

I also have a front end program for WorldGroups sysops called First Strike, which uses this MAC-based dupecatching to a limited degree. It's still in a very much Alpha stage right now, but it works well, catching dupes at the BBS side before they can manage to connect to the TWGS server (or any other game on the BBS for that matter). Worldgroup sysops are more than welcome to take a look at that package as soon as it enters Beta development.

In the end, with current dupecatching software, it all comes down to how much sleuthing you're willing to do to catch the bad guys. And the more you spend, the more ways you'll learn of finding them, and the more ways you'll learn how they get around no-dupe policies.

Good luck!

Lisa M. Wilson
aka Rave

I just thought of this Rave, had not considered MAC based dupecatching before, I have never worked in for a big ISP, so I am not sure the answer here but, which NIC interface MAC address shows up for dial-up users? Their modem will not have a MAC address, so will it be their ISP's router? or RAS box? or what? Just curious how your solution would deal with dial up users...

Col Sanders

"Jedi do not concern me" -The Sith

quote:
I just thought of this Rave, had not considered MAC based dupecatching before, I have never worked in for a big ISP, so I am not sure the answer here but, which NIC interface MAC address shows up for dial-up users? Their modem will not have a MAC address, so will it be their ISP's router? or RAS box? or what? Just curious how your solution would deal with dial up users...


Dial up connections are the exception to the rule... hence my carefully worded comment (emphasized words in italics)...

quote:
With very few exceptions, almost every connection to a server will have a unique Media Access Control number from the connection device (home network router, cable modem, DSL modem, etc.)


Note that I don't include dial up devices such as POTS modems. In the case of the dial up users, the MAC address will likely be the final router/gateway of their provider's local point of presence network. This is why MAC address dupecatching can't work on its own... it still has to be backed up by IP checking and good old sleuthwork, though with automatic IP/netblock lookup, some of that legwork is being taken out of the equation.

Still, broadband users are rapidly growing, a trend I (along with almost every other person) expects to continue, so the threat of dupers via dial up connections will continue to diminish along with the number of dial up users that switch to broadband.

The one thing I really like about MAC level dupecatching though, is that a ban cannot be easily circumvented. You can move across the world, but if you continue to use the same cable/dsl/router that you were using when banned, you're still banned. That is what I consider a semi-effective ban (far more effective than IP banning).

Lisa M. Wilson
aka Rave

quote:One is Abraxus' dupecatcher ($7.50 registration fee the last time I checked) and another one was written by EleqTrizi'T before he shut down The StarDock (freeware, as far as I'm aware, but hard to find).


Mine's free for the asking...

Does 3-node and 4-node IP matching per game, including inactive ones.

Has a couple bugs, I believe, but if there's interest, I can let you have a copy...

Eleq's was written in Perl and not quite as user-friendly.


[url="http://alphaprime.mine.nu"]Stardock Alpha-Prime[/url]

What's yours written in?

I like the sound of a perl dupechecker.

But I like the MAC Address even better




tw@CampusParty.com
http://www.CampusParty.com
http://www.CampusClients.com

quote:
Mine's free for the asking...

Does 3-node and 4-node IP matching per game, including inactive ones.

Has a couple bugs, I believe, but if there's interest, I can let you have a copy...

Eleq's was written in Perl and not quite as user-friendly.


I'm sorry. I was under the impression the registration fee was $7.50 for your dupecatcher. I could have sworn I saw that as a price somewhere, but since that's obviously not the case, my apologies.

As for Eleq's dupecatcher, you're right, it wasn't very user friendly, but I did like the email option it had. I only used it for a couple weeks before Rant and I put up the Worldgroups front end and had to develop our own system, but it worked.

Lisa M. Wilson
aka Rave

quote:
But I like the MAC Address even better


It's not 100% effective yet--not even close--and there are still a couple major issues to resolve. Using MAC addresses only its actually less effective than regular IP matching at the moment, but combined has some pretty extensive detection and banning possibilities.

Lisa M. Wilson
aka Rave

quote:
quote:
Mine's free for the asking...

Does 3-node and 4-node IP matching per game, including inactive ones.

Has a couple bugs, I believe, but if there's interest, I can let you have a copy...

Eleq's was written in Perl and not quite as user-friendly.


I'm sorry. I was under the impression the registration fee was $7.50 for your dupecatcher. I could have sworn I saw that as a price somewhere, but since that's obviously not the case, my apologies.

As for Eleq's dupecatcher, you're right, it wasn't very user friendly, but I did like the email option it had. I only used it for a couple weeks before Rant and I put up the Worldgroups front end and had to develop our own system, but it worked.

Lisa M. Wilson
aka Rave


It was, but he did not receive enough interest in it. To continue registration. So, at least for now, it is free provided you ask him for it.



The WABBIT
ICQ# 12988803
http://www.shadowworldgame.com

quote:
I'm sorry. I was under the impression the registration fee was $7.50 for your dupecatcher. I could have sworn I saw that as a price somewhere, but since that's obviously not the case, my apologies.No need to apologize...I never made it public that I would offer it free, so you had no way of knowing.




[url="http://alphaprime.mine.nu"]Stardock Alpha-Prime[/url]

quote:
No need to apologize...I never made it public that I would offer it free, so you had no way of knowing.


Just out of curiousity, what all does your dupecatcher look at? Just IP addresses, or game records such as player passwords, ship names, similar character names?



Lisa M. Wilson
aka Rave

Right now it's just IP (either 3 or 4 node).

I never got interested in going any further...I should, though...


[url="http://alphaprime.mine.nu"]Stardock Alpha-Prime[/url]

You would be amazed at how many people we caught that were duping...just by checking their passwords and not their IP addresses. I removed hundreds of accounts myself just from password-based dupe checking at Stardock BBS, not counting any that Eleq had removed himself.

That would probably be a good option to go with next if you're looking to pursue it further Abraxus. The only flaw with checking passwords is when you get people who use a simple word like 'dog' or something similar, then you have to go to the next level and investigate IP's or whatever in that case.

Fuseblown
http://www.thestardock.com

Keeping the dupes under control is the biggest problem I've had with running a TWGS. It got so bad at one point, that I almost gave up on running the server. Open games are a dupefest nightmare and running them all closed meant setting up every player for every game which was waaaay too much work. I ended up putting a BBS in front of the TWGS to provide more extensive authentication and validation. That's always been an area where TWGS is lacking. It does not have any of the account facilities that a BBS does. Anyway, the BBS cut down on the duping problem a lot. When people are required to provide real information about themselves, they're less inclined to flagrantly create accounts. That still didn't eliminate the problem though. People use their relatives' and friends' information or even make it up. I now use IP checking and comparison of account information (including passwords) in my attempt to zero in on them. If there are questionable accounts, I'll call people on the phone if necessary to verify them. Users are required to provide a valid phone number, among other things, when they create an account. That only stops the non computer savvy ones though. You can always relay through another server or use a different dial up to get around the IP checks. There's no way to completely eliminate duping, but I've found that the system I've implemented has kept it within acceptable limits without a whole lot of effort on my part.

[url="mailto:craig@franknputer.com"]craig@franknputer.com[/url]
[url="telnet://franknputer.com"]telnet://franknputer.com[/url]
http://franknputer.com