Forum

Results 1 to 10 of 10
  1. #1
    Join Date
    December 2013
    Posts
    4

    Question enhancement to ban system

    Dear community,

    i'm a software developer an administrator of a Teamspeak 3 server and as the most administrators i get frustrated by the lack of reliability of our banning system.
    Banning by IP and ID is of cause a good step and in most situation is great, but it does not go far enough.
    Generating a new ID is a work of 5 seconds and gaining a new IP address (if not static) can be done by just restarting the router. In terms of "i don't want or can't restart my router"-people most likely use a VPN service.
    Of cause you can ad a certain security level as a connection criteria and hope that the as***le is too lazy to wait, but more than often you make yourself and your community problems by doing that (even though this is a great function against trolls).
    On my Server (even though i have a needed security level of 30) i got 4 individuals which don't get bored by waiting and my ban list slowly fills quite hard. One of them with the least amount of bans have 9 of them.
    9 bans since 2 weeks… Sure not much but these people are poison for my servers community.

    Here is my suggestion for solving this issue:

    Couldn't we add a non-changable and encrypted ID for your TS3 installation?
    You install TS3, it takes some client specific data of the current system like systems registration date or first boot timestamp, puts some spice to it by using some of the systems hardware information like:
    - serial ID of the hard drive it is installed on
    - the user-name
    - NICs serial number
    - a.s.o.

    After doing that it should be encrypted and saved.

    Now:
    If the user starts the client it should the these information and validate it. If these data are invalid, it should tell the user that its installation ID was manipulated and the user has to reinstall the TS3 client.
    I don't think that this would add any problems to the community, looking at the fact that a non-as***le user would never come to the idea to bypass a ban and would not manipulate his installation ID.

    The ban should now be changed so the admin can decide to ban either the installation ID, IP, ID or combination of them.

    Hope for constructive feedback.

    YS,

    rLingling

  2. #2
    Join Date
    June 2008
    Posts
    17,939
    This is a bad idea and needs the agreement of every user to use their hardware ID's!!
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  3. #3
    Join Date
    December 2013
    Posts
    4
    Well the "agreement" is at most 3 sentences in the EULA, so i don't see a problem with that.

  4. #4
    Join Date
    June 2008
    Posts
    17,939
    But we do see a problem with that.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  5. #5
    Join Date
    January 2010
    Location
    Secret Base in Arctic Region
    Posts
    1,671
    Right, this is Teamspeak and not the NSA (or any of the 15 other intelligence agencies ).
    Also, if you use this kind of key, you have to save it, thus it can be manipulated or cracked (like passwords, not by everyone, but it can).

    Things you can do for the moment (besides security level) include restricting the default group and/or usinf server- /temp passwords.

  6. #6
    Join Date
    May 2012
    Location
    The 3rd dimension
    Posts
    956
    Not much you can do except update your server to the latest version and keep banning them. If you have a public server it is more difficult to deal with people than a closed server. I recommend that since you have a required security level of 30, most people will not bother joining, so you might as well go ahead and lock guests down to not be able to message people, poke people, join other channels etc. That way you can create an "I need assistance" channel and if you happen to notice them you can manually check and see what they want, if they are a troll ban them. If you take my advice, you should be ok hopefully.

  7. #7
    Join Date
    April 2014
    Posts
    30
    a good idea for u is probably a range ban. u can range-ban every vpn-hoster's ip. (no one using this service will be able to connect to our server then). And u can range-ban the users if they only get new ip's from their hosts. This can also ban other people, but the chances are very small. This would be the best way for you, i think
    Example: I banned the IP-Range "50.7.*.*" because this is the IP-Range of one VPN-Hoster's. Of course there are a few services like that out there. But it won't take as many bans to get them banned permant^^
    To check the IP-Range [link=http://www.whoisxy.com]here[/link]

  8. #8
    Join Date
    April 2014
    Posts
    30
    Why don't you range-ban them

    here is my ban just for the HotspotShield-VPN Service and one online Service, but i forgot the name of it:

    (74\.115\.[0-7]\.[0-9]+|85\.237\.22[2-3]+\.[0-9]+|204\.14\.7[2-9]\.[0-9]+|23\.27\.[0-9]+\.[0-9]+|50\.7\.[0-9]+\.[0-9]+|173\.245\.67\.[0-9]+)
    (check that "Regular Expression" when creating that ban.)

    so this is just one entry in my banlist banning a lot of people trying to use one of those services. The idea behind: u're hiding something if you are using a VPN connection, so i don't let them join my server with those ip-addresses at all.

    You also can range ban their home-ip adress, if they are stupid enough to use them, but i think thy'll probably use a VPN-connection

    Oh, just a hint^^-> If they are stupid enough to come back with the same name over and over again, just ban their names *lol*
    That way their UID and IP are not relevant, because u banned only the username the try to connect with xDDD
    Simply create a new ban and write their name into the name-box. Thats it

    Hope this helps you

  9. #9
    Join Date
    March 2014
    Posts
    12
    IP banning is bad practice. I have dynamic IP, as a lot of people, and one day I might not able to connect to he server as "my" IP was banned.

  10. #10
    Join Date
    May 2012
    Location
    The 3rd dimension
    Posts
    956
    I am a firm believer in banning known and popular VPN IP ranges. Although I would not give out my entire list though because people would know what to avoid very easily and quickly.

    While banning residential addresses may not be optimal due to dynamic addresses being obtained by innocent people and being banned by their previous user's actions, sometimes it is all you can do. You have to think of your server, you cannot fail to act just because of the potential results in the possible future. What I will say is due to the way the ban system works, you should be able to remove the IP ban and leave the ID based ban (do not edit it once it is auto-created) and the person is unlikely to come back.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Weblist enhancement ideas
    By Screech in forum Suggestions and Feedback
    Replies: 12
    Last Post: May 8th, 2018, 03:58 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •