Dealing With a Proxy Greifer

Discussion in 'Bukkit Discussion' started by Vortac, Feb 10, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Vortac

    Hello one and all!

    My server that I host through beastnode is currently the victim of a "cyber bully" if you will. It's just as the title says, I'm dealing with a proxy greifer. Which means that he has multiple accounts, and we can't even ban is IP because he just uses a proxy IP. Now i'm not networking expert but I understand why it's bad.

    I sent a message and told Beastnode about it. The best the guy could come up with is changing our host IP or port. Which is stupid, because I run a server for my YouTube subscribers. So I need that to be publicly available.

    Some of the current mods we are using such as "Logblock" and "Residence" somehow stop working very often. I believe he is part of that problem. As soon as they stop working, he's the first one there to go and cause trouble.

    Before I ask what i'm here to ask, let me tell you how I know. This person has the nerve to come onto our server forums, an admit to us what he's doing. He then tells us that he's testing for "holes" in our security. (Which we are aware of and have them in place for a reason.) He seems to enjoy playing on the server when he's not greifing, and we don't know who he is. This time, he slipped up and we caught a good majority of his duplicate accounts.

    It's a delicate situation on our end because if we piss him off, we're not sure what kind of damage he can cause with all of his apparent hacking.

    I could go on but really I only need one thing. Is there some type of mod to prevent this sort of thing from happening? I have nowhere else to turn. Beastnode can't help me, my admins and moderators are at their wits-end.... We're at a loss here.

    We have a system for accepting new people into the server. I'm not looking for those kinds of ideas so please don't recommend them. (Whitelist, etc....)

    All I want to know, is if a mod exists that prevents people from logging on if they're using a proxy. Or any other mod that could stop this annoying hacker. Thank you!
     
  2. Offline

    Dreaux

    No, not as far as I know to the proxy question.

    This is a difficult situation to fix, and ALL web-based applications can suffer these kinds of problems.

    The best you can do is keep good backups, ban every account that you can associate with him, and log IP's with logblock. You might be able to find a few alt accounts simply by associating IP's with accounts. It sucks right now, but if you keep shutting him down, he'll get bored.

    Maybe you can report the abuse to Mojang... maybe these are reported stolen accounts?

    That's all I've got. This is a tough situation.
     
  3. Offline

    hatstand

    I'm not sure if there are any ways to automatically detect if a given IP is a proxy, though using an IP blacklist outside of your minecraft server, on the actual box it's hosted on, that contains a list of known proxies, could work. A similar thing could be implemented in a plugin. The problem is identifying the proxies in the first place. You aren't the first to look for a solution to this though - Check here.
     
  4. Offline

    JohnTheRipper

    It's impossible to (fully) stop without extreme measures.

    I and the team I was on did something similar to a server a few months back, we were unstoppable due to having a proxy scraper and over 1300 alts. Eventually, we got bored, and soon after we finally let off the server died (lol).

    A whitelist would most likely be the easiest way to stop the griefer from continuing.
     
  5. Offline

    Vortac

    Well thanks anyway guys...

    The problem is only getting worse it looks like. Now he's pissed off that we're banning all his accounts, so he's stealing other peoples some how and trying to cause enough trouble so i'll take down my server for good.
     
  6. Offline

    TheBeast808

    Here is what you should do:
    Install McBans. Configure it so that if you have more than 10 alternate accounts, you can't log in. Use McBan's global ban everytime you catch him, and IP ban him.
    Download this http://dev.bukkit.org/server-mods/mcbl/. It causes some lag when people log in, but it blocks most proxies.

    This should work against him.
     
  7. Offline

    JohnTheRipper

    MCbans doesn't do anything if he's using proxies and has enough accounts... When I used to actively crack accounts, 1/2 to 3/4 of them had 100% clean rep on mcbans.com, meaning that if I used a different proxy for each one you'd never be able to combat it with mcbans.

    Mcbl, on the other hand, is a good idea if you don't mind the login lag. And it's not perfect, but it might stop your problem.
     
  8. Offline

    TheBeast808

    McBans helps me stop around 2/3rd of a griefing team when my server gets hit, so I would bet it helps stop this guy.
     
  9. Offline

    Bertware

    You could use Xauth or AuthMe as additional protection to the accounts of other players
     
  10. Offline

    Magestickown

    I'm trying to use MCBL, however it does not generate a config file on first run (??? :( )
     
  11. Offline

    jwnordquist

    i must put in - i have my fair share in grieving servers, using aver 20 alts per person on my team, and whenever they IP banned us, i ran to my router and rebooted it, since with most ISP's your IP changes when your router/modem is rebooted. so really that person could be just rebooting his modem every time he signs in, meaning the only way of IP banning him would be banning that ISP.
     
  12. Offline

    TheBeast808

    I don't know what ISPs offer service in your area, but that isn't all to common. You have a dynamic IP, most people have a static IP. Dynamic IP griefers are harder to stop, but they aren't too common.
     
  13. Offline

    Bertware

    note:
    I have a dynamic IP too, I can notice that my IP range is very small.
    This means: my IP is always like 123.456.789.xxx
    only the xxx part changes. (the 789 part does change sometimes too, however this isn't common)
     
  14. Offline

    efstajas

    I suppose those griefer teams only came to your server because of mcbans. They target servers from there alot.
     
  15. Offline

    Vortac

    Lots of information since I've posted this...

    We have evidence that he is indeed using proxies. He's pretty much told us. He's a very strange, and honest person. He has said he would leave our server alone so I gave up on this. Today however on my forums, I noticed a new user named "BannedGreifer" which is probably hes next account he'll use to send more messages. UGH! I'm gonna have to look into something. I could care less about login lag. I'm going to forward this information to my friend who hels me run the server and we'll see what he thinks.
     
  16. Offline

    JohnTheRipper

    Dynamic IPs are a lot more common than static IPs, as they save the ISP a lot of money.

    Only skids/avo wannabes target MCbans servers.

    IMHO, the best way is to ignore him and roll everything back with LogBlock or the like, he'll quit sooner or later.
     
  17. Offline

    efstajas

    All right you seem to know better. I survived a griefer shitstorm once and it turned that it happened because somebody posted our IP on teamavo's youtube channel...
     
  18. Offline

    JohnTheRipper

    I post my IP on there once in a while when I'm seeing no activity just to fool around with the griefers that come nosing around.

    Not much they can do to me other than DDoS attacks...
     
  19. Offline

    phrstbrn

    Is the player in the same country as you, or foreign? I assume you have the original IP before he started proxy hopping. You could probably construe it as harassment and tell him to buzz off, or you're going to file charges (assuming same country).

    If he is in the same country, and he thinks you're bluffing, just call the police and get a restraining order. He'll either wisen up and leave you alone, or be in a world of pain.

    If you're dealing with a foreigner, probably not much you can do, as I doubt anybody is going to extradite.

    I've had to deal with this sort of thing before, and as soon as I told the kid my next step was calling the police (I knew what city he was in by performing a whois lookup on his IP), the kid didn't try to come back after that.

    As far as technical solutions, not much you can do other than keep banning + rolling back any mess their character made. Don't bother IP banning, because it's a waste of time. I'd suggest removing all of your IP bans and just track what IP they're coming in from. Chances are the kiddie will just keep using the same proxy (or no proxy) over and over again rather than trying to find new ones, and you can ban the accounts quicker that way.
     
  20. Offline

    TheBeast808

    My server is unlisted on McBans, and we don't talk about it on our advertisement pages. They come to my server because it is creative and they can break thing instantly.

    Strange. Whenever I talk about IPs with skype friends, or help people set up hosting, they almost always have a static IP. I've only ever helped/met one person with a dynamic IP.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 23, 2016
  21. Offline

    Antariano

    Mostly depends on where you live. US / Europe, Richer european / poorer european countries, city / countryside. Basically areas where the internet is more established in everyday's life, and the infrastructure is good enough tend to have better services, static ips are an example
     
    M1sT3rM4n likes this.
  22. Offline

    Ronny Lawson

    The BlacklistCheck plugin checks every IP against DNSBLs. MCBL does the same, but it is unmaintained, and no longer works, afaik. Check here.
     
  23. Offline

    ghost0001

    I have used easy bans...look into it, maybe you can get lucky and find an updated copy. It will log all ip's of every player you have. next thing is to look at the octets of each login by a certain name. With that info, you can possibly ban a subnet from joining. this will ban others too, but this may be a necessary evil to prevent him from coming on. I too had a "proxy" griefer at one time. I used easy ban to ban his town by banning two subnets of 254 ip's. Kept him from ever coming back.
     
  24. Offline

    holsamoht

    We used to have these problems, but I solved it very easily. I got very annoyed/upset with proxy spammers crashing our server so I started trying to close loopholes as you likely have been doing. I have the habit of often googling griefer`s screen names and getting personal info from facebook/twitter or whatever, sometimes trolling them back if I felt like it... Anyways...

    From this googling, I found that many times if I googled two names together, account/password lists would come up with both names on it. I found that several proxy spammers would use dozens of names off of the same list. I set out to find as many of these lists as I could find. I ended up with over 12000 accounts/passwords that were publically available. I simply had one of our admins write a quick script to grab all the account names and added them to our ban list.

    Pretty straight forward and the proxy guys became less and less frequent as I added to our ban list. Now its been maybe a good 6-7 weeks since I last saw anyone. Shoot me a PM with a couple of the names that have been harassing you and I can try and point you toward the list of aliases they are using.
     
  25. Offline

    ghost0001

    Can i get a copy of this list? or a copy of your banned players text file?
     
  26. Offline

    chaseoes Retired Staff

    There used to be a plugin on BukkitDev that hooked into DroneBL to ban all known proxy IP's. I can't seem to find it now.

    90% of those passwords don't work anymore and you could very well be banning legit players.
     
  27. Offline

    TheBeast808

    I have a feeling that he wants the list so that he can get the accounts.
     
  28. Offline

    M1sT3rM4n

    So we can assume that griefing comes from impoverished areas, like the correlation of crime and poorer neighborhoods. :mad:

    http://dev.bukkit.org/server-mods/blacklistcheck/

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 23, 2016
  29. Offline

    Antariano

    No, it was the nazis.
     
    M1sT3rM4n likes this.
  30. Offline

    Ne0nx3r0

    The BN employee is right; if he's really causing an issue change the IP and whitelist + only give it to trusted players until you're confident this guy has moved on.

    Those are your best options, so I'll go ahead and recommend them anyway ;). Rather than log/rollback/etc I'd just offer players a self-serve protection option. Let them protect the things they want protected, and worldedit+regen any areas that get messed up. If the player can't cause any real harm to your server because it's guarded against griefing by mods/OP bans and security measures, the worst he can do is DoS it until he gets bored and moves on. If a plugin is failing you, find one that works better. This wont be your only griefer.

    Anti-griefing is largely psychological. Griefers want attention, and they come to stir up trouble purely to watch your response so they can feel like they get the acknowledgement they "deserve". What almost every anti-griefing tool really does is remove their ability to get that attention, so they leave.

    I imagine you feed this guy by responding to him on forums/ranting about him in chat/etc. You should encourage players/OPs to report/ban his accounts from your server and web site, and then move on with your day without troll feeding. Delete any threads he makes, and don't make a scene, don't inflame his response by saying he's owned or something, just ban his name and IP so he has to work a little harder to get back on the server/web site and make it clear he's not going to get the attention he wants. Initially he'll try harder, but then I imagine he'll get bored and go troll some other unlucky server.

    This method works MUCH better when you haven't already elicited a strong response as you clearly have, so keep it in mind in the future.

    I've never had an ISP who assigned static IPs. Many people wrongly assume their IP is static because it has a long lease time and their modem is always on so it hasn't changed in years, but typically if you change the MAC address (or cloned address on your router) attached to your modem and power cycle it, it'll get a new IP assigned.

    If your IP was static, you'd probably have to call your ISP every time you change your router/etc.
     
Thread Status:
Not open for further replies.

Share This Page