[Mod] VPS Blocker [vps_blocker]

User avatar
Lejo
Member
Posts: 714
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

[Mod] VPS Blocker [vps_blocker]

by Lejo » Post

Vps Blocker
This mod checks the ips of the player for vpns, proxys, or other hosting services. These clients will be blocked
It gets the information from proxy-check websites like iphub.info

Installing
First you need to add vps_blocker to secure.http_mods to allow http requests.
Set the kick message:
vps_kick_message = "You are using a proxy, vpn or other hosting services, please disable them to play on this server."

Commands
Use /vps_wl (add or remove) (name) to allow people using vps.

Checkers
Paste the keys to the minetest.conf

iphub.info
To use iphub.info you need to register there(recommend)
You get 1000 requests/day for free
iphub_key = 123

getipintel.net
You must set an own contact email for getipintel.net
Please first go to the webpage and read what it's used for!
getipintel_contact = example@example.com

proxycheck.io
For a higher request limit 1000 instead of 100 requests and dashboard register at there webpage
proxycheck_key = 1-2-3-4

License
The idea for the mod is taken from https://github.com/red-001/block_vps but it's a complete redo of it.

License: MIT
depends: none

Download
Source
Last edited by Lejo on Mon Jul 13, 2020 15:09, edited 2 times in total.

User avatar
Nathan.S
Member
Posts: 1032
Joined: Wed Sep 24, 2014 17:47
GitHub: NathanSalapat
IRC: NathanS21
In-game: NathanS21
Location: Bigsby Texas
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by Nathan.S » Post

I feel it's unlikely somebody will go out and buy a VPN just to bypass an IP ban, but I guess if somebody is having trouble with players doing that this could be useful. I do like that you implemented a way to allow people that do use a VPN to still connect if the admin/mods know they are a good player.
I record Minetest videos, Mod reviews, Modding tutorials, and Lets plays.
Check out my website, and brand new Minetest Modding Course

User avatar
Linuxdirk
Member
Posts: 2634
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by Linuxdirk » Post

In the current state this is illegal when processing data from users inside the European Union.

User avatar
rnd
Member
Posts: 220
Joined: Sun Dec 28, 2014 12:24
GitHub: ac-minetest
IRC: ac_minetest
In-game: rnd

Re: [Mod] VPS Blocker [vps_blocker]

by rnd » Post

How about writing complete sentences?
"In the current state this is illegal" + "because REASON - with citations to EXACT points", when processing...
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT

wziard
Member
Posts: 127
Joined: Mon Oct 29, 2018 19:12

Re: [Mod] VPS Blocker [vps_blocker]

by wziard » Post

Linuxdirk wrote:In the current state this is illegal when processing data from users inside the European Union.
Filtering by IP is not 'processing a user's data' though...

User avatar
Linuxdirk
Member
Posts: 2634
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by Linuxdirk » Post

wziard wrote:
Linuxdirk wrote:In the current state this is illegal when processing data from users inside the European Union.
Filtering by IP is not 'processing a user's data' though...
IPs are considered as personal user data. Forwarding personal user data to an external service without informing the user about this and having the user consenting to this before forwarding the data is illegal according to the GDPR.

User avatar
Lejo
Member
Posts: 714
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: [Mod] VPS Blocker [vps_blocker]

by Lejo » Post

Linuxdirk wrote:IPs are considered as personal user data. Forwarding personal user data to an external service without informing the user about this and having the user consenting to this before forwarding the data is illegal according to the GDPR.
The Problem of this is the system of the mod:
It starts checking on prejoin so that the player can be kicked when fully joined.
If they need to accept first they can play until then.
The best way would be in my opinion to add it to the registering information of 0.5 so that the checking will be done after this.

Do you have another idea?

User avatar
Linuxdirk
Member
Posts: 2634
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by Linuxdirk » Post

Lejo wrote:
Linuxdirk wrote:If they need to accept first they can play until then. [...] Do you have another idea?
Maybe have a formspec that reappears on closing it until the decision was made. At bare minimum you need to fully inform the user what data will be transferred and to what service the data will be transferred and why the data will be transferred.

Best would be waiting for 5.0.0 with it's better API calls for when people join so you can intercept joining. Not exactly sure how to do that though.

User avatar
Lejo
Member
Posts: 714
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: [Mod] VPS Blocker [vps_blocker]

by Lejo » Post

Update:
Nastyhosts sadly doesn't work anymore.
As an alternative I added getipintel.net and proxycheck.io

redblade7
Member
Posts: 312
Joined: Sun Feb 15, 2015 07:14
IRC: redneonglow redblade7
In-game: redblade7 redblade7_owner

Re: [Mod] VPS Blocker [vps_blocker]

by redblade7 » Post

Why is it called VPS Blocker? Most servers are hosted on VPSes. Shouldn't it be called VPN Blocker?
-redblade7, admin of: THE CREATIVE GARDENS (creative), THE VALLEYS (sandbox), and THE DIGITAL FARMS (farming/hunger/shops)

Mineminer
Member
Posts: 150
Joined: Mon Mar 05, 2018 04:05

Re: [Mod] VPS Blocker [vps_blocker]

by Mineminer » Post

Linuxdirk wrote:
Fri Feb 01, 2019 11:17
wziard wrote:
Linuxdirk wrote:In the current state this is illegal when processing data from users inside the European Union.
Filtering by IP is not 'processing a user's data' though...
IPs are considered as personal user data. Forwarding personal user data to an external service without informing the user about this and having the user consenting to this before forwarding the data is illegal according to the GDPR.

Unless you set your server to "Warn" or higher logging every flipping Minetest server is recording your IP. So is the routers/exchanges on the way there regardless if you use this mod or not. In my opinion the GDPR is a real mixed bag at it's implementation.

So if someone complains about the GDPR compliance about my server I will gladly remove them from the server entirely, give them any information requested (where their data goes and what for, etc within reasons). But that the extent I am going to be concerned about unless it's standardized otherwise and there are mods/features to do such to further be concerned about the GDPR.

User avatar
VanessaE
Moderator
Posts: 4542
Joined: Sun Apr 01, 2012 12:38
GitHub: VanessaE
IRC: VanessaE
In-game: VanessaE
Location: Western NC
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by VanessaE » Post

redblade: I already raised that issue before. Kinda got shut down. :-)

Mineminer: ...and in my case, if they complain about GDPR ..well.. ANYthing, they can take their remarks to the US government, where I live. Oh, wait, they can't. GDPR has no force outside the EU. The server's in France, but since I run it, as far as I know, that means it's "headquartered" here, not there. Then again, I'm not a business, so it doesn't apply anyway, regardless.

Besides, only a complete and utter idiot of a server admin would disable logging of IPs -- at the very least error logs may need to record it. That is just plain basic network management. You can't maintain a firewall without IP records to refer to, also. To say nothing of how DDoS protection services handle them.

In Minetest, there isn't a lot of choice as to what gets logged to where, but it's possible to scrape the main log, and separate-out some stuff into other log files if you have a bit of bash skill. You can for example suss-out things like player counts, private messages, and yes, IP addresses.

GDPR is a complete clusterfuck in my opinion.
You might like some of my stuff: Plantlife ~ More Trees ~ Home Decor ~ Pipeworks ~ HDX Textures (64-512px)

Mineminer
Member
Posts: 150
Joined: Mon Mar 05, 2018 04:05

Re: [Mod] VPS Blocker [vps_blocker]

by Mineminer » Post

VanessaE wrote:
Mon Jul 13, 2020 15:31
redblade: I already raised that issue before. Kinda got shut down. :-)

Mineminer: ...and in my case, if they complain about GDPR ..well.. ANYthing, they can take their remarks to the US government, where I live. Oh, wait, they can't. GDPR has no force outside the EU. The server's in France, but since I run it, as far as I know, that means it's "headquartered" here, not there. Then again, I'm not a business, so it doesn't apply anyway, regardless.

Besides, only a complete and utter idiot of a server admin would disable logging of IPs -- at the very least error logs may need to record it. That is just plain basic network management. You can't maintain a firewall without IP records to refer to, also. To say nothing of how DDoS protection services handle them.

In Minetest, there isn't a lot of choice as to what gets logged to where, but it's possible to scrape the main log, and separate-out some stuff into other log files if you have a bit of bash skill. You can for example suss-out things like player counts, private messages, and yes, IP addresses.

GDPR is a complete clusterfuck in my opinion.

Completely agreed, that why I don't worry about it beyond what I said. I understand that people are concerned about their data but also their responsibilities to ask about these things before joining if possible. My full email is on the server list description in case people have questions/concerns or whatever even if they don't know me here or on Reddit. Therefore it's their job to avail those facilities.

User avatar
Linuxdirk
Member
Posts: 2634
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by Linuxdirk » Post

VanessaE wrote:
Mon Jul 13, 2020 15:31
GDPR has no force outside the EU.
The GDPR does apply outside Europe // The whole point of the GDPR is to protect data belonging to EU citizens and residents. The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not, known as “extra-territorial effect.”

https://gdpr.eu/companies-outside-of-europe/
VanessaE wrote:
Mon Jul 13, 2020 15:31
GDPR is a complete clusterfuck in my opinion.
It is, but we all have to deal with it.

User avatar
Lejo
Member
Posts: 714
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: [Mod] VPS Blocker [vps_blocker]

by Lejo » Post

Linuxdirk wrote:
Mon Jul 13, 2020 17:22
It is, but we all have to deal with it.
Than just inform them about sending ips to third-party wesbites.
I just add it to the server info

Mineminer
Member
Posts: 150
Joined: Mon Mar 05, 2018 04:05

Re: [Mod] VPS Blocker [vps_blocker]

by Mineminer » Post

Linuxdirk wrote:
Mon Jul 13, 2020 17:22
VanessaE wrote:
Mon Jul 13, 2020 15:31
GDPR is a complete clusterfuck in my opinion.
It is, but we all have to deal with it.

I haven't heard a game server with at least no business intentions gone to court/getting arrested over this. Until I "hear" otherwise I frankly not to worry about it so much.

I am here running a game server not a profitable business.

User avatar
VanessaE
Moderator
Posts: 4542
Joined: Sun Apr 01, 2012 12:38
GitHub: VanessaE
IRC: VanessaE
In-game: VanessaE
Location: Western NC
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by VanessaE » Post

Linuxdirk wrote:
VanessaE wrote:GDPR is a complete clusterfuck in my opinion.
It is, but we all have to deal with it.
No. No we don't.

Those who wrote the GDPR can claim all they want that they get to control others outside the EU, but that's how all government entities (and big corporations) act when they think they have power... until someone with more actual power puts them in their place, that is.

Besides, you need to read more about it. From the link you just gave:
https://gdpr.eu/companies-outside-of-europe/ wrote: Exceptions to the rule

There are two important exceptions we should note here. First, the GDPR does not apply to “purely personal or household activity.” So if you’ve collected email addresses to organize a picnic with friends from work, rest assured you will not have to encrypt their contact info to comply with the GDPR (though you might want to anyway!). The GDPR only applies to organizations engaged in “professional or commercial activity.” So, if you’re collecting email addresses from friends to fundraise a side business project, then the GDPR may apply to you.

The second exception is for organizations with fewer than 250 employees. Small- and medium-sized enterprises (SMEs) are not totally exempt from the GDPR, but the regulation does free them from record-keeping obligations in most cases (see Article 30.5).
I do not run nor am I associated, partnered, etc. with any business in any way in regards to any kind of commercial Minetest activity. Like most of the rest of us here I'm sure, it's a strictly personal hobby, which I happen share with others on a "take it or leave it" basis, including allowing a few people to run their own servers on "my" hardware on a limited basis.

One could stretch things I suppose, and make the specious argument that my paying for a dedicated server machine to run Minetest game instances on constitutes an association with the server host, or that the few donations I've received somehow make the entire endeavor commercial. Or they could hypothetically count my activities as a business because the domain name I maintain was once used in a commercial capacity, but that was long before even Infiniminer (the project generally regarded as the progenitor for the entire block sandbox game genre) existed, let alone Minetest, or that other Microsoft block game. ;-) Or, really, REALLY stretch things, and argue that it's a commercial endeavor because most of my Minetest instances have Dan's/my currency mod installed (and hence a form of money exists).

Even if those arguments had merit, there are only about a dozen people associated with running my servers including myself i.e. admins, moderators, etc. Even if you could count those people as employees, it's still way under the 250 limit.

Hell, even the guy who runs that commercial Minetest server hosting operation probably doesn't have nearly that many "employees".

And even on top of all of that, "records" are not permanently stored on my servers. Debug logs only go back one week, player data/accounts last 6 months from the last login, etc. The only thing that's kept permanently is that which is needed to run the worlds long-term. I.e. the worlds' map databases, mods and their settings, and so on.

So the EU can go shove their GDPR where the sun doesn't shine.
Mineminer wrote:I haven't heard a game server with at least no business intentions gone to court [...]
See above. That's why it hasn't gone to any court. :-)
You might like some of my stuff: Plantlife ~ More Trees ~ Home Decor ~ Pipeworks ~ HDX Textures (64-512px)

Sokomine
Member
Posts: 4131
Joined: Sun Sep 09, 2012 17:31
GitHub: Sokomine

Re: [Mod] VPS Blocker [vps_blocker]

by Sokomine » Post

Regardless of the laws as such, it might be worth a discussion if banning VPS/VPN users from joining really helps a server. Does it? Players who get banned loose access to all they have achieved in the game. They could (and sometimes do) still cause trouble and drama in chat but won't have ressources to do much more than that.

Perhaps the mod could be extended a bit: Under normal circumstances, don't do anything. In those situations where high alertness of the moderators is needed (i.e. a player got banned that day and may return, spamming chat with really undesirable text), have a second mode that can be activated by a moderator. In that mode, check new players after joining the server for the first time and only award them the necessary privs (shout, interact) after it turns out that they're not using a vps/vpn. Already known players do not need to be checked again.

Granted, that'd be much more effort, but it'd also be safer for users. It's not the MT servers and their operators that I'm worried about here - and even if - what could they do with an IP? - but who knows what the IP-check-services do? If you need a registered account in order to use them, the services do know that IP x wanted to join a MT server at time y, and they may combine that information with similar checks from other servers.

Sadly it's not easy to check weather a new player is a serious one or just a banned ex-player out for trouble. Any intelligence tests may be failed by real human beeings due to lack of language skills or just beeing too new and thus too unfamiliar with the game, while repeating them would be too easy for an ex-player. New players may also prefer to do some sightseeing first and start much later on with building. Or they may follow their friends and try to build something small and chaotic together with best intentions. It's not easy :-(
A list of my mods can be found here.

Mineminer
Member
Posts: 150
Joined: Mon Mar 05, 2018 04:05

Re: [Mod] VPS Blocker [vps_blocker]

by Mineminer » Post

Sokomine wrote:
Wed Jul 22, 2020 20:29
Regardless of the laws as such, it might be worth a discussion if banning VPS/VPN users from joining really helps a server. Does it?

Sadly it's not easy to check weather a new player is a serious one or just a banned ex-player out for trouble.

Sure it is, in bulk of cases, using a VPN/VPS/etc are used so they can't be traced back as easily so I think personally it's does more benefit to the Operators than it does harm blocking "real" players.

Plus who in the right minds uses a VPN for a game server? Your connecting to a Minetest Server not your bank. XD

Beside you are aware that VPNing into a game server lowers latency right?

User avatar
Linuxdirk
Member
Posts: 2634
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by Linuxdirk » Post

Sokomine wrote:
Wed Jul 22, 2020 20:29
Sadly it's not easy to check weather a new player is a serious one or just a banned ex-player out for trouble.
Yes, as long as there is no central account registration that needs extra steps (mail address not from a known disposable mailbox hoster and mail verification, and/or chat/voice/video verification, or ultimately paid registration only) everyone can simply chose a new nickname and password and can log on again.

For this mod: People can easily disable their proxy and reconnect their internet router (usually a new IP is assigned in most countries upon reconnecting the hardware or there is a special site from the ISP where one can request a new IP to be assigned) and absolutely no traces are left that they were another user before.

The best that can be done is check the IANA lists wich registry handles the range the IP is from and then check the registry’s database which ISP is the range assigned to. So you know what ISP a player is using and based on this you can assume from what country they connect, but that’s it.

This mod, like all other mods that ban players based on connection based information (namely the IP address), only fulfills one purpose: letting the admin live in a fool’s paradise.

Mineminer
Member
Posts: 150
Joined: Mon Mar 05, 2018 04:05

Re: [Mod] VPS Blocker [vps_blocker]

by Mineminer » Post

Linuxdirk wrote:
Wed Jul 22, 2020 20:53
Yes, as long as there is no central account registration that needs extra steps (mail address not from a known disposable mailbox hoster and mail verification, and/or chat/voice/video verification, or ultimately paid registration only) everyone can simply chose a new nickname and password and can log on again.

For this mod: People can easily disable their proxy and reconnect their internet router (usually a new IP is assigned in most countries upon reconnecting the hardware or there is a special site from the ISP where one can request a new IP to be assigned) and absolutely no traces are left that they were another user before.

Yes but most kiddies won't know that, their parents won't let them and even if they could it doesn't always works. The ISP configures how "long" an IP lasts so if it say for 4 hours then the "lease" will lasts for that 4 hours "cycle", checks to see if the IP is still in use and if it is, "lease" again for another 4 hours and so on.

As for "requesting" resets, I sure this is only can be done up to a point or they will be incurring admin charges or something. No sane ISP is going to let people reset their IPv4s without some safely nets.
Linuxdirk wrote:
Wed Jul 22, 2020 20:53
This mod, like all other mods that ban players based on connection based information (namely the IP address), only fulfills one purpose: letting the admin live in a fool’s paradise.

While it's insanity to think this mod is a silver bullet, I do not agree with this statement. Players shouldn't be using a VPN, VPS and so on for gaming and if they are usually it's for malicious intents due to the fact it's "easy to throw away". Even to "resetting the router" trickery.

User avatar
Lejo
Member
Posts: 714
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: [Mod] VPS Blocker [vps_blocker]

by Lejo » Post

I know that blocking vpns/proxies is not automaticly blocking all bad players.
Anyway it help preventing players who want to bypass a ban.

Yes you can change your ip very-very easiely. Anyway the ip than will still route to the same place so you can get location (about) of the player. So manual checks could prevent that too. That could also be automatic but I think this is a way to extreme action in view of privacy.

About banning only new people: Basicly a good idea but the problem is you can just pick some random accounts on the serverlist and steel them cause some wont have a password or a very bad one. Or you just use a account of a friend.

User avatar
Linuxdirk
Member
Posts: 2634
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: [Mod] VPS Blocker [vps_blocker]

by Linuxdirk » Post

Lejo wrote:
Thu Jul 23, 2020 17:02
Anyway the ip than will still route to the same place so you can get location (about) of the player.
Absolutely not. You can get their ISP with some work and you can get the handover point to the tier 2 provider network with some more work.

While the ISP stays the same the handover point can change depending on where the ISP does the handover for certain IP blocks. So the best validated thing you have is the name of the city where their ISPs handover point is located.

Everything else is 3rd-party guesswork.

Sokomine
Member
Posts: 4131
Joined: Sun Sep 09, 2012 17:31
GitHub: Sokomine

Re: [Mod] VPS Blocker [vps_blocker]

by Sokomine » Post

Mineminer wrote: Beside you are aware that VPNing into a game server lowers latency right?
Oh, yes, you're right. I hadn't thought about that.
Lejo wrote: About banning only new people: Basicly a good idea but the problem is you can just pick some random accounts on the serverlist and steel them cause some wont have a password or a very bad one. Or you just use a account of a friend.
Can't be a good friend if his account is stolen and used for miscevious things. And if the accounts are that lightly protected against abuse (that is: almost not at all), then the server and its players have other problems and ought to encourage passwords first.

With all the abuse going on by governments pretending it's to prevent terrorism but in reality just pretending to do something so that older people feel safer and elect them again (with the side (?) effect of large companies getting more data for free) I feel it gets more and more important to encourage internet users to protect their privacy.

Banned players trying to rejoin is usually just a matter of a couple of hours. If said users would have been patient, there'd probably have been no reason to ban them in the first place because they'd also have known how to behave in general. A mod that puts some obstacles into the process of creating new accounts can relieve the moderators of a lot of work in those critical hours. But there's no need either to always check each IP of each already known player.

But then, wishes for mods are easy to state :-) Implementing them is much more work.
A list of my mods can be found here.

neoh4x0r
Member
Posts: 82
Joined: Wed Aug 29, 2018 20:16
GitHub: neoh4x0r

Re: [Mod] VPS Blocker [vps_blocker]

by neoh4x0r » Post

TL;DR Tracking players by ip address is a waste for time -- they can change. Need some identifier that is actually "fixed/static".
Mineminer wrote:
Wed Jul 22, 2020 20:38
Plus who in the right minds uses a VPN for a game server? Your connecting to a Minetest Server not your bank. XD
The reasons to use a VPN, as I see it:
  1. Someone is being nefarious and wants to reak havoc on the server (they want to hide their real ip)
  2. Someone doesn't want other players to know their real ipaddress (for privacy reasons -- maybe doesn't want to give someone a target for a DDoS attack, etc)
  3. Someone is accessing the server from a location that does not allow it (eg. foreign countries, businesses, etc with firewall rules--the VPN cuts through the firewall).
The point is that you can't have the good without the bad....you can't block bad actors without also potentially blocking good actors.

Blocking VPN users as a matter of minetest server administration is the wrong way to administrate a server.
I will bet that most users that access a server will have a dynamic (non-static) IP that could change over time.

Furthermore,
Tracking a player by an ip address is a lost cause.

If they must provide "login" credentials then it would not be possible to have public servers.

I think the best way to identity repeat (or new) players would be to generate a special token, a string of characters, that will uniquely identity them.

The server will maintain a list of tokens associated with players.

If someone that was banned (for bad behavior) decides to delete this token, then it does not matter as a new token will be generated and if they misbehave again that token will also be flagged.

For the token not to be flagged they will have to honor the server rules (i.e. be a good citizen).

It might even be possible to encrypt the token server-side and then store on the client's system (to prevent clients from being able to read the token or manipulate it).

That is the only, right, way to do it...in my opinion.

Post Reply

Who is online

Users browsing this forum: No registered users and 8 guests