[Mod] VPS Blocker [vps_blocker]

[Ruslan1]

will it work for minetest 0.4

[Mineminer]

Plus who in the right minds uses a VPN for a game server? Your connecting to a Minetest Server not your bank. XD

The reasons to use a VPN, as I see it:

1. Someone doesn't want other players to know their real ipaddress (for privacy reasons -- maybe doesn't want to give someone a target for a DDoS attack, etc)

As far as I am aware only the operator(s) of the server will be able to see their IPs, not even full privileged players on the game server itself can view the logs and therefore cannot see IPs.

As far as I aware the server does not send this data back to the client.

So I feels this "reason" is nullified.

The point is that you can't have the good without the bad....you can't block bad actors without also potentially blocking good actors.

As the old saying goes, you win some, you lose some, what matters more is what are you losing and how often?

Blocking VPN users as a matter of minetest server administration is the wrong way to administrate a server.
I will bet that most users that access a server will have a dynamic (non-static) IP that could change over time.

Personally I rather "lose" a number of "legit" players than deal with possibly more trolling, unprotected griefers if not even outright harmful players. Even if hypothetically speaking you are rejecting "40%" of the good players, I rather not deal with the other 60% of bad players.

As for dynamic IPs, I am on one and my rarely ever changes, even a router reboot may not even change it! Every ISP is different but even then it's lesser threat in my opinion than VPN users may pose.

[Linuxdirk]

Personally I rather "lose" a number of "legit" players than deal with possibly more trolling, unprotected griefers if not even outright harmful players.

How does blocking VPS users help with that? Better use proper protection, only manually assigned privileges, a rollback system, and strict chat moderation.

[Mineminer]

Personally I rather "lose" a number of "legit" players than deal with possibly more trolling, unprotected griefers if not even outright harmful players.

How does blocking VPS users help with that?

Because it's best automated tool at admins' disposal at this time that removes at least a decent number of risky players.

Think of it why eCommerce stores, service providers and so on block VPNs, risky countries and so on. Same idea here. Yea you will "lose some along the way" as with any automated pre-screening but let's be honest, by large how many VPN users are "legit"? As I said I almost certain there usually bad>good ratio of VPN players.

[Lejo]

Trying to answer...

Everything else is 3rd-party guesswork.

Maybe, but it's pretty accurate (in my case).

Can't be a good friend if his account is stolen and used for miscevious things. And if the accounts are that lightly protected against abuse (that is: almost not at all), then the server and its players have other problems and ought to encourage passwords first.

With all the abuse going on by governments pretending it's to prevent terrorism but in reality just pretending to do something so that older people feel safer and elect them again (with the side (?) effect of large companies getting more data for free) I feel it gets more and more important to encourage internet users to protect their privacy.

Banned players trying to rejoin is usually just a matter of a couple of hours. If said users would have been patient, there'd probably have been no reason to ban them in the first place because they'd also have known how to behave in general. A mod that puts some obstacles into the process of creating new accounts can relieve the moderators of a lot of work in those critical hours. But there's no need either to always check each IP of each already known player.

But then, wishes for mods are easy to state :-) Implementing them is much more work.

It's the Problem, I will mention multiple times in this answers.
If you have a server with players which loose everything when they get banned like normal survival servers, you don't really need such a mods as this can be used to pressurizing medium. :) And on the other side they first need stuff for grieving or other rule abuses.
But if you have for example a mini game server it doesn't matter how old the player is. The damage is the same.
About steeling players accounts: Especially on the old 0.4.17 servers are a lot of mobile players with default passwords which can be easily used. :(

TL;DR Tracking players by ip address is a waste for time -- they can change. Need some identifier that is actually "fixed/static".

The reasons to use a VPN, as I see it:

1. Someone is being nefarious and wants to reak havoc on the server (they want to hide their real ip)
2. Someone doesn't want other players to know their real ipaddress (for privacy reasons -- maybe doesn't want to give someone a target for a DDoS attack, etc)
3. Someone is accessing the server from a location that does not allow it (eg. foreign countries, businesses, etc with firewall rules--the VPN cuts through the firewall).

The point is that you can't have the good without the bad....you can't block bad actors without also potentially blocking good actors.

Blocking VPN users as a matter of minetest server administration is the wrong way to administrate a server.
I will bet that most users that access a server will have a dynamic (non-static) IP that could change over time.

Furthermore,
Tracking a player by an ip address is a lost cause.

If they must provide "login" credentials then it would not be possible to have public servers.

I think the best way to identity repeat (or new) players would be to generate a special token, a string of characters, that will uniquely identity them.

The server will maintain a list of tokens associated with players.

If someone that was banned (for bad behavior) decides to delete this token, then it does not matter as a new token will be generated and if they misbehave again that token will also be flagged.

For the token not to be flagged they will have to honor the server rules (i.e. be a good citizen).

It might even be possible to encrypt the token server-side and then store on the client's system (to prevent clients from being able to read the token or manipulate it).

That is the only, right, way to do it...in my opinion.

There are valid reasons to use a VPN sure but not on a minetest server. If your state does censorship you have different problems in my opinion.
BTW: Censorship bypassing VPNs often doesn't support UDP which is used by minetest

About token login validation login and so on: Basically a good idea but just not the goal of this mod :)
Would also need support on the client-side which makes it a lot harder to implement.

will it work for minetest 0.4

Try this old version if the new one doesn't work. Anyway I'm pretty sure it should work.

As the old saying goes, you win some, you lose some, what matters more is what are you losing and how often?

Personally I rather "lose" a number of "legit" players than deal with possibly more trolling, unprotected griefers if not even outright harmful players. Even if hypothetically speaking you are rejecting "40%" of the good players, I rather not deal with the other 60% of bad players.

As for dynamic IPs, I am on one and my rarely ever changes, even a router reboot may not even change it! Every ISP is different but even then it's lesser threat in my opinion than VPN users may pose.

Ip changing seems to be very different for the different ISPs
The stats of iphub.info tell me that you don't lose so much players.

How does blocking VPS users help with that? Better use proper protection, only manually assigned privileges, a rollback system, and strict chat moderation.

I fully agree, it just as I said before depends on the type of server what makes sense.

[Miniontoby]

Does this still works???

[Lejo]

Sure, I'm currently using it on my own server!

[redblade7]

I've been having an issue with a griefer harassing me for over a year now. He uses VPN IPs from a variety of different countries to evade my bans. He's gotten particularly obnoxious lately, and I've had to put in a number of mods to help prevent him from causing trouble. I'm trying VPS Blocker too, but I have one question - what happens after the 100th/1000th login? Will it prevent future logins to the Minetest servers or will it bypass the lookup and let anyone connect? I'd rather the former happen.