Multiple Steamid same playerid

[matt-alton]

Hello,

I have noticed an issue across my servers where multiple steamids have the same playerid. I am using cod4x guid format. Unless a guid generator is being used I would expect playerids to be unique. Can anyone help determine why I am seeing this behaviour or outline scenarios where this would happen?

I am happy to discuss this confidentially and privately with a NDA if there is an overarching security clause preventing public discussions around auth related components.

Regards, Matt.

[geplaza22]

yo lo plantearia de la misma forma pero al revez... el ID de jugador tienes varios Guids. eso pasa cuando los jugadores saben que usan trampas y esconden su guids original para que si los banneas sea un guids que no es de ellos y por eso los cambian. yo en mis servidores tengo el concepto si nada haces no tienes nada que esconder. asi ke si no to esto. no lo pienso y banneo de forma inmediata. a los que cambian su guid, ip. etc. yo juego hace años y nunca eh cambiado mi datos. espero esto te ayude en algo

[matt-alton]

Hello,

I get the concept of how to look at this but it becomes a problem when multiple players have the same playerid making it difficult to properly associate actions to individuals in b3. My question is on how the playerid is generated when a steamid is present and whether the steamid has any influence on the GUID or whether Steam has any integrity checking to ensure the GUID is the one generated during installation.

I feel like I have answered my own question with the above thoughts and how my b3 setup uses cod4x guid and not Steam,

Regards, Matt.

[geplaza22]

a mi me ah pasado muchas veces. que tramposos ingresan al servidor. y mientras usen un modificado de guid. se tendra que seguir banneando. pero segun mi experiencia, es un jugador usando el modificador. porque siempre es el mismo steamid asi que mi opcion es bannearlo con todas la herramientas posibles. B3, simplebanlist. incluso uso Codrcon control. que me facilita mucho la administracion. por ejemplo te motrare un caso. que por suerte se termino por aburrir y ya no ingreso mas al servidor

^4Client {[?]} 190.83.65.126:28960 ^4left this server from slot 10 with playerid 2310346614457689596 ^4Client {[?]} 190.83.65.126:28960 ^4left this server from slot 10 with playerid 2310346617188488361 ^4Client {[?]} 190.83.65.126:28960 ^4left this server from slot 10 with playerid 2310346614357359308

[diamante0018]

In my opinion the issue should be tackled differently. Since the cod4x client does not have stable UUIDs (does not force user to associate forum account for example) trying to use a Steam ID is useless because they can get a new one.

You should do the following but not specifically in any order.

Stop using B3. It's outdated and running on an ancient python 2 version. You should move to IW4M since it's in active development/support and runs on modern platforms like net core.

You should stop relying on steam IDs and use IP addresses and steam IDs as fall back. Disable VPNs to ensure people can't evade bans.

[matt-alton]

@diamante0018 B3's ancient Python2 code has been a problem to me for a while. I tried to update it to Py3 but the scope of change just really wasn't worth the effort for the expected return. I run it in containers to limit any security scope vulnerabilities.

Moving to IW4M is a nice option on the face of it but comes with complexities due to how long I've been using b3 and a large amount of administrative overhead to start on a new platform.

My database currently has:

• 161298 unique players
• 7031 active bans
• 54450 warnings, tempbans or lifted bans against players all forming intelligence on our decision making
• 320 accounts with clan tags
• 91 clan accounts with varying elevated permissions

All these numbers set me up for several weeks of issues without a way to migrate accounts from B3 to IW4M. If IW4M meets my evaluation criteria I will move to it and particularly if it gets around a problem I have from py2 and the handling of non standard ASCII characters.

Steam ID isn't a viable identifier and this is something I contributed a small fix to on the auto record functionality in PR #403.

Known VPNs are blocked on my servers with the use of a IP reputation database plugin - this is one change that made a huge difference when we were going through a rough patch with persistent cheats around 1-2 years ago.

Regards, Matt.

[diamante0018]

Well, that's interesting you mentioned that.

Migration between databases is not easy I know. But if you think you could come to terms with migrating only for example "unique players" and "currently banned users" it could be possible. I used IW4M once and when using Sqlite and one of the external programs to open the database it was possible to manually alter it and for example enter new data.

Penalties other than bans like warnings might be possible to migrate but I am unsure.

I think all other data is not compatible with IW4M and can't be migrated.

Cod4x could consider seeking solutions that include players linking their steam account (or discord account since it supports discord integration) and use that stable UUID instead

[matt-alton]

The minimum transfer for me would be the players and bans but if absolutely neccessary I could drop everything and start again.

I've done a lot of server work over the years to make my B3 work as fast as possible and as a result the infrastructure is complicated to make a single database performant on servers running in the US, UK and France. Any system I use must be compatible with MySQL, must be a client/server model for data collection and must be container compatible.

Time is my main problem though and my work keeps me occupied too much to be able to think about rearchitecting my COD4 servers.

"Cod4x could consider seeking solutions that include players linking their steam account (or discord account since it supports discord integration) and use that stable UUID instead"

My instinct on this is it would be a nice to have however, is unlikely to happen. Something like what Plutunium do on other CoD titles would be required but given the age of CoD4 I just don't see CoD4x ever going there because the ROI simply isn't there and you'd need another fork to implement such a system further segmenting the remaining community.

Regards, Matt.