[WIP] GlobalBans - Another Global Banning System, Thoughts / Suggestions Needed.

I have been thinking about MCBans recently after they had a tonne of user information stolen from their database. All of the details are rather boring but my conclusion was that the integrity of their database of player offences cannot be trusted. The staff are also a concern but that is another story.

So I started thinking about how a global banning system fir Minecraft could be done is a more fair and open way that would require less work and manual moderation. As far as I can tell these are the problem with the current global banning systems.

1. No evidence is required - Proof is only really required when the player appeals a ban, and there is no simple way for it to be uploaded. The process generally involves creating a SQL dump.
2. Not all servers are treated as equal - A ban from a popular server will count against the player more than one from a random small server, even if the offence is the same.
3. Admins have different opinions of what is ban-able - Some will ban for breaking a single torch which others may see as unfair. These minor offences can effect the reputation of a player exactly the same as if they destroyed the entire server.
4. The appeal process is unclear - If the server admin does not explicitly put somethign like "appeal at mcbans.com" in the ban message the player has no way of knowing that is what they have to do to get back on. They also need to register and verify an account on the website to even get to the appeal process.
5. Non-descriptive and incorrect ban reasons are used - "grief" is a very common reason that is seen. It tells others nothing about what was done. Even when the message is better "greifing, flattened a house" this is still very subjective.
6. Not all servers have the same rules - Some servers allow stealing but not fly hacking, there is no way for the admins of those server to specify that they only want to block fly hackers.
7. People abuse the system - Lookup "Notch" on MCBans.

And these are the solutions I have so far

1. The plugin will require LogBlock (or HawkEye, Guardian, etc) and NoCheat to be enabled on the server. When a player is banned the evidence will be collected from the relevant plugin and uploaded to the database.
2. Instead of subtracting the servers rep from the players when they are banned, the number of bans for each offence will be counted. This gives all servers the same level of power over the system and generally makes it more fair. As well as this there will be no perma-banned players, it is totaly up to the server admin to control who is allowed on their server.
3. The data mentioned in 1 will be used to decide if the offence was a minor one or not. The server admin will be able to set a min-bans value for each of the available reasons and for each level. So if they only want to block extreme griefers and allow fly hacking they can do that very easily.
4. The ban message will not be configurable and will contain "appeal at globalbans.co.uk" simple. No account will be needed on the website to appeal to make it as simple as possible for the player.
5. Instead of letting the admin set the reason manually in game a fixed list of ban reasons will be used that they will have to choose from, this will make it possible to split the min-bans config up into a number of sections. I assume the reason people use such short reason is to stop the player from what ever it is they are doing as fast as possible which is understandable. Both numeric and keywords will be used in place of the ban reason so for example the ban command is /ban wide_load 2 which would ban me for griefing, you could also do /ban wide_load grief which would do the exact same thing.
6. As the list of ban reasons will be fixed, it will be very easy for an admin to decide which rules they want to block people for (see config file example below).
7. You can only ban people that have connected to the server in the past.

Looking at the config file is probably the best way to explain how I see this working, so here it is

Code:

api-key: change this to the one from your control panel
block-public-proxies: false
block-known-compromised-accounts: false
max-bans:
  total:
    no-data: -1
    low: 15
    medium: 5
    high: 5
  theft:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  grief:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  abuse:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  x-ray:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  fly:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  movement-speed:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  nofall:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  noswing:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  pvp-cheats:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  chat-spam:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5
  item-drop:
    enabled: false
    no-data: -1
    low: 15
    medium: 5
    high: 5

block-public-proxies
This is a problem that the current global banning systems do not address, if this option is set to true a number of DNSBLs are checked for the players IP address when they join the server. If they are found to be using a proxy they are prevented from connecting. This is only really a problem if you use /ipban.

block-known-compromised-accounts
This was what actually go me started with this idea, recently a database of free alternate accounts (500+ of them now) was made available. Anyone can use one of these accounts with no need to be shown the password (good job Mojang) to join a server. Setting this option to true would block any of these account from connecting with a message advising them to change their password. This is a very worrying development in the griefing world since it allows a player to keep connecting with a large number of accounts if they can use a few proxy servers.

max-bans
The first section (total) is the total number of bans a player is allowed to have summed across all of the enabled ban reasons. Following this each ban reason has it's own max-bans for each level of offence which can be configured how ever you like. The no-data level for each section is the number of bans the player has where no evidence could be collected, this is most likely due to LogBlock not being set somethign that it should be. This will default to -1 meaning that any number of these bans will be allowed.

Commands
The other thing that helps explain how it works is the commands so here is some stuff on the ones that are implements so far.

/globalbans reasons
This will list all of the available ban reasons with their numbers and available keywords.

[GlobalBans] Available ban reasons:
1 - Stealing from another player thief, theft, stealing, steal
2 - Destroying another players building grief, greifing
3 - Being excessivly abusive abuse, abusive, swearing
4 - Unfair mod, x-ray x-ray, xray, x-raying, xraying
5 - Unfair mod, fly fly, flymod, flying
6 - Unfair mod, movement speed speed, sprint, fakesneak
7 - Unfair mod, no-fall nofall, no-fall
8 - Unfair mod, no-swing noswing, no-swing
9 - Unfair mod, PVP cheats phpcheat, pvp, kill
10 - Unfair mod, chat spam spam, spaming, chatspam
11 - Malicious mod, item drop drop, dropping, items

It's more clear in game, the list of words in black here are the ketwords that can be used with the /ban command for that reason.

/globalbans lookup <player_name>
Gets a summery of all of the players bans, as well as the total number of servers they have connected to the been_bad_on/total_servers ratio may be useful in deciding how closely to watch them.

/ban <player_name> [reason]
Used to ban players, fairly straight forward.

/ban wide_load - This would ban the player wide_load locally only.
/ban wide_load 2 - This would ban them globally for greifing (from the list above).
/ban wide_load grief - So would this.
/ban wide_load griefing - This too.

/unban
Obvious really, removed a player form the ban list, global and local.

/whitelist <player_name>
Adds a player to the local whitelist, this will make them exempt from any checks when logging in. Does not remove a ban if one was made.

/unwhitelist <player_name>
Removes a player from the whitelist.

List o' Good Ideas Still to be Implemented

• Log the server that issued the ban as well as the player.
• As well as an appeal process, players should be able to request to be whitelisted on a server if they are over the ban limit. (this will be optional for the admin of each server)
• There should be a way for server admins to blacklist servers so that there bans will not contribute to the limit. This will also help with abuse tracking since if a lot of server blacklist the same small group of server, they are probably doing somethign wrong.
• Keep track of removed bans for informational purposes only (can be shown by the lookup command)
• Try to measure connection lag to reduce the risk of false evidence from NoCheat.
• Account on the website / system must be linked to a minecraft account.
• The validation of the Minecraft account mentioned above needs to be lightweight, possibly the random skin thing or running a server that people have to log into as part of the verification process if that proves to be too much of a pain.
• Customisable actions when someone joining is over the ban limit depending on if any admins / mods are online. Default, always kick.
• Have the admins / mods notified if someone joins that has more than 0 bans, giving a summery of which rules were broken.
• Server admins can add other servers to their group, people with bans from servers in this trusted group will also have customizable actions depending on if any admins / mods are online when they join. Default, notify only. (unless they are over the global limit too obviously)

Current To-Do List

1. Test the plugin as it is currently, this being local only.
2. Decide exactly on the list of ban reasons, changing these later will cause problems.
3. Look into ways to prevent people sending POST data to the API other than using the plugin. Restricting the requests to the IP of the server the account is linked too might be sufficient.
4. Decide on a database structure.
5. Implement the basic banning API and the plugin interface for it.
6. Test methods of verifying minecraft.net accounts.
7. Make the website functional for beta testing.
8. Fix things.
9. Add the server lists option to the website.
10. Make the website look nice.
11. More testing.
12. Fix things again.
13. Done

Current Reminder List

1. Remember not to make every ban that was ever issued available to the public since these gets used by bad people looking for accounts to crack.

@Jacek I like the idea, but if your going to have GlobalBans, you'll need a devoted ( and fair) "support team". I don't like the way MCBans deal with it themselves. You should fix this by putting a fair, just and working appeal process and support team/appeal team.

Admins should have a say in the appeal (unless they do not reply, then they don't ). Another thing is, there should be levels of Global bans. Some people may greif a bit and get Global-banned, and some may attempt to crash the server/greif towns or something else on a higher level. There should be a difference.
I agree 100% that "greif" and "griefer" etc, etc are not viable Global Ban reasons. "He greifed an entire town and flooded it with lava, Logblock confirms (x blocks broken)." is a viable reason and will reduce random global bans without valid reasons.

Logging bans from the same IP (different accounts) may also be useful to you.

One thing I noticed was "bans for jokes". If a player has never connected, then a Global Ban should not be issued. If not, then how about point system on servers? (abusing the system).

If a player has max-bans and is no-longer able to connect, they should be able to appeal to "connect-able" again.

To end off, I think this a is a great idea. I'd love to help out (if needed) and feel free to contact me if you do

I am hoping to be able to find a way to automate the appeal process as much as possible, most things should be easy to sort out really. I should be able to handle it for the first few servers at least.

That's why I came up with the whole automated severity measure thing, for griefing it will be mostly based on the number of blocks broken so destroying a whole town will result in a severity of 8 or so while breaking 7 torches would be a 1. Perhaps a better way to set the max-bans would be to have them set the max-bans for each severity level. Actually that would be a lot better. Instead of 0 to 10 use low, medium and high and the admin can set max-bans for each one. That would allow them to block anyone that ever destroyed an entire town right out but also give people that just broke a few torches a chance. Needs to be careful of overcomplicating this here !

That is why I wont be trusting people to write their own ban reasons Obviously it would be hard to tell if it was a town but it would be pretty easy to have /lookup wide_load show that I have 1 ban for "destroying another players work" and that for that ban Logblock said I broke 68 blocks and placed 4 lava sources. Maybe there could be a way to add optional notes for the ban so that if the admin wants they can add some info.

The plugin already has a local whitelist which takes priority over any bans so it would be pretty easy to work this in as part of the appeal system. Or have it separate as a whitelisting request system, which should be optional really since the admins of large server will get mad about all the emails

That is already part of the plugin, I don't think it would be that feasible to track this as part of the API since people may do something bad before the plugin is installed. Basically meaning it would be pretty trivial to bypass, which should not be too much of a problem hopefully. There has to be some trust somewhere.

Yeah that is planned already, just didn’t mention in the post since it wasn't really a solution to any of those problems.

That is very encouraging thanks ! I'd love to have someone to work with on this, I didn't really realise how large the project was when I started.

The plugin is basically done, the next part is the database and API which should be pretty easy to do just needs typing. MCBans seem to have frequent problems with server load (not surprising considering they even had their servers do the DNSBL lookup) so the communication between the plugin and the API needs to be as light and infrequent as possible.

The website needs to be made and the appeal process set up which is probably the thing which will take the most time but is also pretty straight forward.

Oh, a way to keep track of the alts database would be really useful too, the method I used to get the name list is painfully inefficient.

If you think there is anything you could do PM me and I will try to organise a proper to-do list instead of just me rambling on and messing with the plugin for a few hours a night.

awmygawd, looks epic

I agree on most of this, but I would like to make two points.


One - collecting the evidence is Pretty much impossible to do solidly - If someone builds a house there's no easy way to tell from just logs if it was grieving unless you do extensive investigation and collect ALL logs. Furthermore they can be forged (I can do that). And who will save all of this? You'll need a HUGE database. An alternative could be a simple check if he ever logged on, integration with detectors (STAB, Honeypot etcetera) to get the majority away and unfortunately again a reputation system. Which brings me to point two.

Two - Is Yogscast really as reliable as lolfun.no-ip.org? Let's be fair, it isn't, and lolfun-ish servers WILL form the majority of bans.

The doesn't mean you have to handle it as poorly as MCBans does - you could take into account

- Average Online Users
- Percent of these banned to GlobalBans (higher being worse)
- Percent of the banned ones appealing (more is worse)
- Disputeswon vs Disputes lost
- Time part of the Global Bans system
- Warnings Received by global bans
- Amount of servers "preferring" it (an option to take a servers judgement as 3 times as important for your server, perhaps?)
- Amount of servers ignoring it.


You could have the ban "points" count to categories, say, for grieving

3+ to general
3+ to griefing

By randomserver


A user server could decide to, say, only ban people with 5> for chat spamming, or warn the staff when 2> chat spammer logs on, ban if a 2> hacker comes on, ignore the rest.


That way a server can decide their own use and policies with such a system.


That's just my thoughts and ideas. Feel free to ignore my rambling. I just hope someone will do it properly

It would not have to be that intensive really, number of un-natural blocks broken that they did not place + number of dangerous blocks placed would give an idea of the scale of the damage.

Faking evidence would be a problem, but realistically only around 10% of people would know how to actually do that and be able to. Then thinking about the fact that the player that is unjustly banned with fake evidence will most likely appeal the ban it should be pretty easy to prevent it causing any problems.

As for storage, it's actually very little data. From NoCheat you can just get one number which represents the scale of the violation and for logblock there is no need to store the location of each block, the totals should do and if the player appeals more data could be requested.

If lolfun-ish server ban a player that is for an invalid reason that player should appeal and the ban will be removed. There is no reason why the bans from big servers should count against the player more than the ones form small servers.

"Disputes won vs Disputes lost" MCBans does this, it encourages server owners to argue against a dispute even if they think it is valid since it will effect their rating.

I see what you are saying, I think the way I have planned is more flexible though. What I could do is add a max-total-bans also which would allow admins to block people that are only a little bit bad in all areas.


I have some good feedback and lots of things that need implementing, I'll update the first post with the new plan a bit later on.

You could make it so disputes can still be solved peacefully if both parties agree to it

Nocheat gives lots of false positives though, most players never appeal even if not guilty. I am interested to see how you'll handle evidence, being a Php dev myself.


I'd say big servers have more experience and tend to be more serious. Exceptions are there aye, but in general small servers are a lot more likely to pull pranks with the system then large servers. Taking such things into account could also increase resistance against, say, systematical creation of false evidence and bans on small servers to get an instant ban thing going on the whim of people like, say, Zidonuke.

Alright Will you support spoutserver?

wasn't MCBouncer attempting to do this? they didn't seem to get very far, or be used very much (might have something to do with horrible plugin design).

I guess, but then the server would be encourages not to solve things peacefully.

I don't think that is a problem, you would only really ban someone if you actually saw them flying. Connection lag can cause a lot of false positives so I may be able to measure that if bukkit provides a way to get the number behind the signal thing on the player list screen. I think the reason a lot of people don't appeal is that the process is too complicated. with MCBans you have to register an account and then go through a 1 week long process of waiting for replies.

Some of the moderators on big server will have more experience yeah, but that does not mean that greifing on a large server is any worse than it is on a small server which is what giving them more of an effect is saying. Also the plugin will prevent you from banning people that are not on the server.getOfflinePlayers() list which should help to stop people messing with things.

If they live up to their promise of supporting the Bukkit API, and there are plugins similar to LogBlock and NoCheat then I will

Well you are right about the horrible plugin design

The only difference between MCBans and MCBouncer is that MCBouncer counts the number of bans instead of the rep system. They have all of the same problems and from what I saw on their ban list the reasons are even less clear.

I do think overall that it is a better option compared to MCBans because of the staff really, but still not quite how it should be (or I thin it should be anyway).

This is a great idea! As others said, you will definitely need some other members of the community to help you out. There are some loopholes you need to look into as you go. One major one would be if some other player claimed to be someone who they aren't. That's why MCBans requires you to link your account to your Minecraft account. That part shouldn't be changed. Else, you may run into some big problem. If you need any help, feel free to contact me.

I think it would be more beneficial to release a Server-group banning system. And this can be played out 2 different ways:

Option 1: A Server-Admin can create a server-group. Other servers can join this group. All bans in the group effect all servers, If a dispute happens, then it is handled on a per-server-group basis. The week link is always server-group admin and those servers in the grouping. It is *never* up to the Ban Plugin authors to manage bans.

Option 2: A Server can select their own individual trusted servers and any bans reflected on those servers are reflected onto their own server. A 'ban override' is loaded locally in case any bans from a trusted server don't want to be used. All ban management is still handled on a per-server basis.

Option 3: Mix 1 and 2 - Servers can join multiple server-groups with 'read-only' access allowing then to read bans from multiple groups but only send bans to 1 server-group. Bans are handled mixed between server-group and server-specific.

The idea here is to prevent a situation where the people who run the ban system wrongly have all the power. All of the banning happens at the server-level or the server-group level.

The best way to handle whether a player is allowed globally or not would to simply add a ban-limit on players globally. Instead of trying to have some convoluted reputation system, allow a server to force a 0-ban limit on all players ( or 1 ban, or 2 etc). If they've been banned from any server-groups they are auto-denied connection (but not banned locally) - this allows servers that want to force a ban limitation globally can still do so, but they still don't have the power to push bans 'globally' except on a group where they are a trusted server.

I will probably do the account verification he same way MCBans does, running a server that you have to sign in to. Not sure I like the idea of running a actual server just to do this though since they are pretty resource intensive and it would seriously limit the number of verifications per minute.

The other way I thought of was to generate a random skin that the player then had to set as their skin on minecraft.net. The verification script could then download the skin and check it's md5 against the one stored when it was generated. That would be very lightweight, but would only work if Mojang don't process the uploaded images in any way which they might not given their size.

I think that this would just over-complicate things for admins if they have to manually subscribe to every server ban list. A much simpler method would be the reverse, essentially everyone is in one big group by default but you, as an admin, can opt to have your server ignore bans from a list of servers. That way if people start getting tonnes of whitelist requests all from players that were banned unjustly from one server they can add it to their ignore list.

Yeah that is going to be something I want to do, nobody will have the power to globally ban someone from all servers and nobody will be able to issue bans to players that have not connected to their server. That is about as much as I can do without impacting usability as far as I can see. Plus what ever measures I put in place, I would always be able to edit the database manually if I really wanted to.

I'm going to have to put a proper to-do list together before all these awesome points get lost amongst all of the posts.

@Jacek
I wouldn't agree with the skin idea personally, since most people make their own skins and once they have uploaded them, they delete them off their local harddrive. Although the server takes up a lot of resources, it's the simplest way to do it for the users. (Since they are already used to it from MCBans.)

Well I could download their actual skin beforehand so they can easily have it back afterwards.

While the server is obviously the simplest way, it's also the lest efficient way. There has to be a better method that is still simple, well there is, I could have people enter their minecraft password

lol alright.

@Jacek - I think your method is more complicated. If a server has to manually go through and remove other servers from the main list of servers then it seems like it would take a lot of work.

Also I feel that having a 100% global system is a very poor design decision, and after seeing how MCBans runs things I will never suggest to anyone to run anything that is similar in design to this. It is too easy to get servers that will ban people randomly and without being able to control a list of trusted servers or some-such makes this idea no better than what mcbans already is in my mind

95% of servers will follow all of the guidelines and only issue serious bans. Using your method admins would have to keep track of new servers when they are registered and add 95% of the servers on the global list to their own whitelist. Using the opposite method admins would not have to know every time a new server is registered (because it will mos likely not abuse the system) and they can block servers they feel to be too strict or abusing the system which they would only really need to do if they start getting a lot of users being blocked from their server due to a large number of bans on a small number of servers. Not to mention the fact that if that 5% of bad servers start systematically banning every player that connects they will be removed from the system pretty quickly.

I don't see why a global list won't work, as long as each server admin gets very fine control over what people can be blocked for.

The point is that i should be very hard to make a invalid ban that will get counted, you would have to take the time to fake the evidence and then get the player in question to connect to the server, yeah you could bypass the plugins restrictions and send the data directly but that would require quite a bit of work since I will be putting in a number of things to prevent that. So this is how much harder it is to abuse than MCBans, and realistically how many of the bans on MCBans are invalid, probably less than 10% which statistically will have no effect on the who-can-go-on-what-server restriction at all.

@Jacek - what I'm suggesting is allowing servers to group up to share lists, a very large design difference than just sorting global bans.

MCBans has that feature already. I'd rather try to get a working global system, that has to be more useful to the average server that does not know any other servers.

Instead of a Global Banning, what I would like to see out of the community is a Local system which is stored in a record for the public to look up about your bans/ban-others. So technically you'd be allowed into any server, but the owner could probably be warned you have a ban or something. It'd be up to them to ban you if they don't want you there.

This equates to:

• Users getting banned across many servers for no reason.
• Doesn't torchure to the community in the same way as a Global system would.
• Owners are free to make their own decisions on who joins their server.
• ++

@RROD That is just MCBans with the min-rep set to 0 for the server.

Could you explain that one a bit more, how would a global system torture the community ?

Then you'll always be at the whim of poorly managed servers, and all servers will be required to trust you as the authoritative push for who is banned on that 'basic setup.' Sorry but this is a huge red-flag and a no-go in my book. I'll be boycotting your system like every other global ban as long as this is the design goal.

Will be interesting to see where this goes. Good luck!

I don't see how it's a problem to trust the bans made by poorly managed servers, stealing is stealing, it doesn't matter which server you do it on. If anything, they are more likely to not issue a ban where it is deserved.

That's a good point though, all of the reasons will default to false to force people to decide for themselves

Update: I added a list of the points I think are useful to the post, thanks for all the feedback everyone !

Also, The current list of ban-able offences is just one I came up with myself and looks like this

1. Stealing from another player
2. Destroying another players building
3. Being excessively abusive
4. Unfair mod, x-ray
5. Unfair mod, fly
6. Unfair mod, movement speed
7. Unfair mod, no-fall
8. Unfair mod, no-swing
9. Unfair mod, PVP cheats
10. Unfair mod, chat spam
11. Malicious mod, item drop

These have to be short to fit in the ban message, on the website and in game they will be shown with number from the data collected.

If you can think of anything I have forgotten please post it Also if you think any of these could be grouped into one rule then post that too I want to keep the total number down so that it fits in one chat screen (or maybe map if I get adventurous).

Me likes!

What about attempts to hack/cause malicious intent to the actual server itself?

Yeah that could be something, but what would that actually be though ? The only hacking of a server that I have ever seen is guessing the admins password, and they totally deserve that for having a bad password Maybe command spam, I have seen that done before and that has to be with malicious intent. I guess chat spam could be too, so I'll combine those two

I'm not sure would I would tag it under, attempting to "hack" or possibly go even further to say DDOS (may be a little bit farfetched). Just attempting to crack/break into a server would suffice.

CommandSpam wouldn't be the worst of it, My server (not owned by me) have had past experiences whereas people have attempted (yet failed) to hack the server.