I have been thinking about MCBans recently after they had a tonne of user information stolen from their database. All of the details are rather boring but my conclusion was that the integrity of their database of player offences cannot be trusted. The staff are also a concern but that is another story. So I started thinking about how a global banning system fir Minecraft could be done is a more fair and open way that would require less work and manual moderation. As far as I can tell these are the problem with the current global banning systems. No evidence is required - Proof is only really required when the player appeals a ban, and there is no simple way for it to be uploaded. The process generally involves creating a SQL dump. Not all servers are treated as equal - A ban from a popular server will count against the player more than one from a random small server, even if the offence is the same. Admins have different opinions of what is ban-able - Some will ban for breaking a single torch which others may see as unfair. These minor offences can effect the reputation of a player exactly the same as if they destroyed the entire server. The appeal process is unclear - If the server admin does not explicitly put somethign like "appeal at mcbans.com" in the ban message the player has no way of knowing that is what they have to do to get back on. They also need to register and verify an account on the website to even get to the appeal process. Non-descriptive and incorrect ban reasons are used - "grief" is a very common reason that is seen. It tells others nothing about what was done. Even when the message is better "greifing, flattened a house" this is still very subjective. Not all servers have the same rules - Some servers allow stealing but not fly hacking, there is no way for the admins of those server to specify that they only want to block fly hackers. People abuse the system - Lookup "Notch" on MCBans. And these are the solutions I have so far The plugin will require LogBlock (or HawkEye, Guardian, etc) and NoCheat to be enabled on the server. When a player is banned the evidence will be collected from the relevant plugin and uploaded to the database. Instead of subtracting the servers rep from the players when they are banned, the number of bans for each offence will be counted. This gives all servers the same level of power over the system and generally makes it more fair. As well as this there will be no perma-banned players, it is totaly up to the server admin to control who is allowed on their server. The data mentioned in 1 will be used to decide if the offence was a minor one or not. The server admin will be able to set a min-bans value for each of the available reasons and for each level. So if they only want to block extreme griefers and allow fly hacking they can do that very easily. The ban message will not be configurable and will contain "appeal at globalbans.co.uk" simple. No account will be needed on the website to appeal to make it as simple as possible for the player. Instead of letting the admin set the reason manually in game a fixed list of ban reasons will be used that they will have to choose from, this will make it possible to split the min-bans config up into a number of sections. I assume the reason people use such short reason is to stop the player from what ever it is they are doing as fast as possible which is understandable. Both numeric and keywords will be used in place of the ban reason so for example the ban command is /ban wide_load 2 which would ban me for griefing, you could also do /ban wide_load grief which would do the exact same thing. As the list of ban reasons will be fixed, it will be very easy for an admin to decide which rules they want to block people for (see config file example below). You can only ban people that have connected to the server in the past. Looking at the config file is probably the best way to explain how I see this working, so here it is Code: api-key: change this to the one from your control panel block-public-proxies: false block-known-compromised-accounts: false max-bans: total: no-data: -1 low: 15 medium: 5 high: 5 theft: enabled: false no-data: -1 low: 15 medium: 5 high: 5 grief: enabled: false no-data: -1 low: 15 medium: 5 high: 5 abuse: enabled: false no-data: -1 low: 15 medium: 5 high: 5 x-ray: enabled: false no-data: -1 low: 15 medium: 5 high: 5 fly: enabled: false no-data: -1 low: 15 medium: 5 high: 5 movement-speed: enabled: false no-data: -1 low: 15 medium: 5 high: 5 nofall: enabled: false no-data: -1 low: 15 medium: 5 high: 5 noswing: enabled: false no-data: -1 low: 15 medium: 5 high: 5 pvp-cheats: enabled: false no-data: -1 low: 15 medium: 5 high: 5 chat-spam: enabled: false no-data: -1 low: 15 medium: 5 high: 5 item-drop: enabled: false no-data: -1 low: 15 medium: 5 high: 5 block-public-proxies This is a problem that the current global banning systems do not address, if this option is set to true a number of DNSBLs are checked for the players IP address when they join the server. If they are found to be using a proxy they are prevented from connecting. This is only really a problem if you use /ipban. block-known-compromised-accounts This was what actually go me started with this idea, recently a database of free alternate accounts (500+ of them now) was made available. Anyone can use one of these accounts with no need to be shown the password (good job Mojang) to join a server. Setting this option to true would block any of these account from connecting with a message advising them to change their password. This is a very worrying development in the griefing world since it allows a player to keep connecting with a large number of accounts if they can use a few proxy servers. max-bans The first section (total) is the total number of bans a player is allowed to have summed across all of the enabled ban reasons. Following this each ban reason has it's own max-bans for each level of offence which can be configured how ever you like. The no-data level for each section is the number of bans the player has where no evidence could be collected, this is most likely due to LogBlock not being set somethign that it should be. This will default to -1 meaning that any number of these bans will be allowed. Commands The other thing that helps explain how it works is the commands so here is some stuff on the ones that are implements so far. /globalbans reasons This will list all of the available ban reasons with their numbers and available keywords. [GlobalBans] Available ban reasons: 1 - Stealing from another player thief, theft, stealing, steal 2 - Destroying another players building grief, greifing 3 - Being excessivly abusive abuse, abusive, swearing 4 - Unfair mod, x-ray x-ray, xray, x-raying, xraying 5 - Unfair mod, fly fly, flymod, flying 6 - Unfair mod, movement speed speed, sprint, fakesneak 7 - Unfair mod, no-fall nofall, no-fall 8 - Unfair mod, no-swing noswing, no-swing 9 - Unfair mod, PVP cheats phpcheat, pvp, kill 10 - Unfair mod, chat spam spam, spaming, chatspam 11 - Malicious mod, item drop drop, dropping, items It's more clear in game, the list of words in black here are the ketwords that can be used with the /ban command for that reason. /globalbans lookup <player_name> Gets a summery of all of the players bans, as well as the total number of servers they have connected to the been_bad_on/total_servers ratio may be useful in deciding how closely to watch them. /ban <player_name> [reason] Used to ban players, fairly straight forward. /ban wide_load - This would ban the player wide_load locally only. /ban wide_load 2 - This would ban them globally for greifing (from the list above). /ban wide_load grief - So would this. /ban wide_load griefing - This too. /unban Obvious really, removed a player form the ban list, global and local. /whitelist <player_name> Adds a player to the local whitelist, this will make them exempt from any checks when logging in. Does not remove a ban if one was made. /unwhitelist <player_name> Removes a player from the whitelist. List o' Good Ideas Still to be Implemented Log the server that issued the ban as well as the player. As well as an appeal process, players should be able to request to be whitelisted on a server if they are over the ban limit. (this will be optional for the admin of each server) There should be a way for server admins to blacklist servers so that there bans will not contribute to the limit. This will also help with abuse tracking since if a lot of server blacklist the same small group of server, they are probably doing somethign wrong. Keep track of removed bans for informational purposes only (can be shown by the lookup command) Try to measure connection lag to reduce the risk of false evidence from NoCheat. Account on the website / system must be linked to a minecraft account. The validation of the Minecraft account mentioned above needs to be lightweight, possibly the random skin thing or running a server that people have to log into as part of the verification process if that proves to be too much of a pain. Customisable actions when someone joining is over the ban limit depending on if any admins / mods are online. Default, always kick. Have the admins / mods notified if someone joins that has more than 0 bans, giving a summery of which rules were broken. Server admins can add other servers to their group, people with bans from servers in this trusted group will also have customizable actions depending on if any admins / mods are online when they join. Default, notify only. (unless they are over the global limit too obviously) Current To-Do List Test the plugin as it is currently, this being local only. Decide exactly on the list of ban reasons, changing these later will cause problems. Look into ways to prevent people sending POST data to the API other than using the plugin. Restricting the requests to the IP of the server the account is linked too might be sufficient. Decide on a database structure. Implement the basic banning API and the plugin interface for it. Test methods of verifying minecraft.net accounts. Make the website functional for beta testing. Fix things. Add the server lists option to the website. Make the website look nice. More testing. Fix things again. Done Current Reminder List Remember not to make every ban that was ever issued available to the public since these gets used by bad people looking for accounts to crack.