gabemeola
commented
1 month ago @thelukethorpe I'm curious to understand your use-case. What benefit would you gain over banning the User ID?
Open thelukethorpe opened 7 months ago
gabemeola
commented
1 month ago @thelukethorpe I'm curious to understand your use-case. What benefit would you gain over banning the User ID?
thelukethorpe
commented
2 weeks ago @gabemeola Just banning the User ID allows the person hacking to easily create an alt account and keep ruining the game for others. In cases where it's obvious that someone is consistently hacking from a single location and creating alts every time they get banned, it's useful for games to be able to ban that IP.
Once hackers find out that they can safely hack from behind a Discord proxy by using alts, or, that the game they play has stopped IP banning altogether due to the issue outlined in the post above, they will absolutely abuse this. This gives them breathing room to develop hacked clients freely. The communities of hackers that form under these conditions have ruined games in the past.
thelukethorpe
commented
2 weeks ago @gabemeola something else worth mentioning is the idea of hashing a user's IP address to something unique but anonymous. That would solve the problem of being able to ban someone at a location, without actually knowing their real IP.
(This is probably better than the solution I proposed originally.)
Consider the following scenario:
Potential Solution: Any HTTP requests forwarded by a Discord proxy are signed as a deterministic function of the request body and the activity secret. This way, the "Wutt Party" backend can be sure that the request has been forwarded from a Discord proxy, and therefore won't issue an IP ban.