[WIP/ADMIN] Fishbans - A new community based global banning system

Discussion in 'WIP and Development Status' started by Fishfish0001, May 21, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Fishfish0001

    Fishbans
    Global Bans made Easy!
    This project is currently on the back burner. For now, check out what we have turned Fishbans into for now: http://forums.bukkit.org/threads/fishbans-the-global-ban-aggregator.79990/
    The pictures you are looking for are at the bottom of this post. :)
    IRC: irc.esper.net​
    Channel: #fishbans​
    Fishbans is a new type of Global Ban system that focuses on protecting users and making banning a community involvement. At the core of Fishbans is the idea that all bans require evidence, regardless of the reason, a fundamental value that is ignored in many systems, and causes users to be unfairly banned.
    Fishbans focuses on allowing any user who is signed up on the website to take action against unjust bans by providing a handy report button that allows the user to report invalid bans in under 30 seconds! Our system will compile these reports and take action against bans receiving a certain number of reports. When a ban receives 3 reports, it is automatically added to a moderator queue, where administrators can quickly review it and either approve, or remove it. If a ban continues to receive more reports, upwards of 8, the ban is automatically changed to a local ban and moved to the very top of the mod queue to be reviewed.
    This quick processing allows each person visiting the site to be involved in protecting the community. Each ban must also be accompanied by evidence. This evidence can be server logs, pictures, video, audio, or logblock/hawkeye/guardian logs. All bans must have some type of evidence uploaded within 3 days, or it will be changed to a local ban. Users can review all ban evidence, and report it if they feel it is not sufficient.
    Bans are also fixed reasons, allowing administrators to quickly ban, or block users with bans under that category from joining.
    Fishbans takes a new approach to how global bans are used. We believe that Fishbans should be a database of bans, and not the sole factor that a server admin uses to determine if a user can enter. Instead of relying on reputation, Fishbans goes solely by the number of bans that a user receives. The plugin can be configured to block users who have recieved more than x bans, or more than x bans in y days. This allows administrators to fine tune how bans are handled. Bans can also be looked up from within game, and a user can be automatically assigned a group based on the number of bans they have. That means that if someone comes on with 5 bans, you can place them in a restricted group until a moderator promotes them, lessening the risk of a spammer or griefer ruining your server.
    Fishbans is also the first global ban plugin to draw ban information from other banlists in an effort to fully provide information. Many times a user might not be banned on one global banning system, but banned on a different one. By using our resources we are able to provide all of this information in the background to the admin. (Note: These non-Fishban bans are not added to our database, they are simply reference.)
    We are open to all suggestions, and hope to expand our system and change the way global banning for Minecraft is handled.
    If you are interested in helping with this project we are looking for the following developers. Please message me if you are interested and include links to some of your work.
    PHP
    Javascript (jQuery Library)
    MySQL
    JAVA
    Thank you!
    TL;DR: Fishbans is a way for the community to manage global bans via easy reporting of invalid bans and evidence, requiring evidence within 3 days for all bans, and providing fixed reasons that are clear.
    The Homepage:
    [​IMG]
    Reporting a Ban:
    [​IMG]
    Creating an Account:
    [​IMG]
    (The image on the right changes to match the skin of the user entered for Minecraft Username.)
     
    afistofirony likes this.
  2. Offline

    Fishfish0001

    Picture of the users ban page:

    [​IMG]

    (Ignore the "Non-Premium", that wasn't supposed to be there :p)

    I will also be adding a box below the graphs to show people who connected from the same IP, and people connecting from similar IPs.
     
  3. Offline

    PandazNWafflez

    Good. Don't fuck it up like they did with McBans, Glizer, McBouncer and MineBans.
     
    Deathmarine likes this.
  4. Offline

    Fishfish0001

    Any suggestions for what to avoid or what you dislike about their systems? What do you like about their systems?

    Makes it a little easier for me to design a system that incorporates the good and fixes the bad. Thanks! :)
     
  5. Offline

    PandazNWafflez

    Well. Here's a list of things that made MCBans, Minebans, Glizer and McBouncer bad:

    • McBans got hacked twice, which included leaked passwords and valid server API keys. Solution: Have good protection.
    • McBans hired Zidonuke and Doridian, some extremely fishy(sorry about that, couldn't think of another word) individuals who had previously designed a griefing client together and sold it for commercial profit. Doridian had included a backdoor in his previous admin system to give himself admin if he wants it. Zidonuke also crashed Minecraft servers a lot. Solution: Only hire people with 100% clean backgrounds and make sure you trust them.
    • McBans gets taken down by DDoS twice a week. Solution: Make sure your website has good DDoS protection.
    • All of them are biased. Solution: Don't be biased.
    • With Glizer you would get permanently globally banned if your server ran in offline mode. Solution: Instead of doing this, in your onEnable() add
      Code:
       if (!getServer().getOnlineMode()) getServer().getPluginManager.disablePlugin(this); 
    • McBouncer has several bugs in the website. For example if you get unbanned it still tells any server requesting your ban count the amount of bans before you were unbanned. This means ban appeals don't really help at all. Solution: Make sure your website is professionally done.
    • MineBans has preset ban reasons. Solution: Don't use preset ban reasons.
    • MineBans and Glizer's websites suck. Solution: Have a good website (see below)
    And here are some things that you could generally have that are good:
    • A nice website (I have to admit, the McBans website is good for it's purpose. Simple and easy to use). Your current website looks very good.
    • A dedicated support team. The support team should not have access to admin features. Just support.
    • A dedicated dispute team. Again, no admin access.
    • Also, I would recommend not making it open-source. Open source global banning systems make it easier for griefing teams to find exploits by looking at the code.
     
  6. Offline

    Fishfish0001

    I completely agree that the security that MCbans used was unacceptable, and I was also affected by that, so its on the front of my mind. I also agree with not hiring anyone who does not have a squeaky clean background. As for the DDoS protection, it will take some work, but hopefully I can work to prevent those. I was actually thinking about having the license keys copied over to a redundant server every hour or so, and if the plugin cannot reach the main website (in the event of a DDoS), it could contact the backup site, and get somewhat accurate information.
    I was talking with someone yesterday who was interested in working with me, and I came up with a pretty good solution for this (at least in my opinion).
    1. Firstly, let me state that all bans are verified by staff, albeit not instantly. The way this will work is that reported bans will be moved to the top of the queue, where they can be delt with more quickly.
    2. If a ban receives enough bans to be removed from the global system, and changed to a local, it isn't permanent, only permanent if staff agree that it was invalid.
    3. When a ban reaches the moderation queue, it will take 3 staff (number depending on total staff in system) to approve or deny the ban. If two of the staff vote that the ban is valid, then it is. If two vote that it is invalid, then it is. This prevents one user from getting special treatment from one administrator. Once the ban is delt with, it is no longer reportable, unless the banned user opens a formal dispute with the server, or contacts support.
    For the first offline problem, that was already what my plan was, not to mention a secondary check with the API to duble check and make sure someone didn't bypass the system. I am about to begin on the APi portion, and will try to prevent such bugs. I will also have a bug tracker so people can report such bugs to us and get them fixed. I hate buggy websites as well.
    I was actually thinking about using preset ban reasons, but I'm still on the fence about it. If I am requiring evidence anyways, it wouldn't be hard to filter bans that don't match valid global ban reasons, and with the report features, people could report such invalid bans if they went through.
    I actually started the website with that in mind, I wanted something that looked good, and worked, but wasn't full of so much detail that it wouldn't be used.

    The last 3 points I agree with, the actual source code will be in private repos on Github that only the dev team can use.
     
  7. Offline

    PandazNWafflez

    Now that seems like a good, usable global banning system.

    Although I don't really see what you mean by:

    And I said the thing about preset ban reasons because you need server owners to be as precise as possible. For example if a player is banned for hacking, for the admins to look at the ban and decide on it, they really need to know what hacks (eg. if the player xrayed 5 diamonds he shouldn't really be globally banned, and it could be lag that caused seeming hacks, it's one of the things that happens on MineBans all the time. Someone gets banned for hacking, they didn't, but the admin has a NC / NCP message of a hack that was really lag), and if it was a lot of hacks, then you would have to add loads of preset reasons. Then it would get complicated and confusing, you would probably lose efficiency and users.
     
  8. Offline

    Fishfish0001

    Ban Reporting: What I was trying to say is that if someones ban gets enough reports to make it a local ban rather than a global ban, it doesn't mean that the ban is done and solved. Staff will still manually review each ban. I think that is a bit clearer.

    Ban Reasons: I see what you mean, didn't think that little bit though. It might be possible to do both. Admins can ban for a specific category (eg. hacking), and then provide additional information (x-ray confirmed, video included).
     
  9. Offline

    PandazNWafflez

    So a preset reason, then the admin can add more after the main preset?

    Also, the Ban Reporting thing makes sense now.
     
  10. Offline

    mindless728

    If you make preset reasons, then you need a way to be able to add ban reasons as some server operate much differently than others. Ie Build/Creative servers will have different rules than say a PvP server
     
  11. Offline

    Fishfish0001

    As I mentioned above, there will be categories (hacking, spamming, threats, etc.) that bans are filtered into, and then an option to add more specific details (eg. Cat: hacking. Info: flying. Video proof.)

    Pretty much!
     
  12. Offline

    mindless728

    Killer, sounds good
     
  13. Offline

    PandazNWafflez

    How's this going?
     
  14. Offline

    Fishfish0001

  15. Offline

    user_43347

    This is an open source community, you would be a like a (sorry) fish out of water. And if you're obsessed people will find exploits, they can just as easily decompile it. And just having it closed source, makes me concerned to use it, as well as making it a challenge for hackers and griefers. Also, you're in a community of open-source developers, chances are, if they find a bug, they'll point it out or help patch it.
     
  16. Offline

    Fishfish0001

Thread Status:
Not open for further replies.

Share This Page