best way of detecting an alt?

How would I go about making a system that displays possible alt accounts of a user, without it going by ip.

E.I Timmy played on my server, and then got banned. He makes an alt account on the same computer, and joins my server. How could I detect this?

Should I use a cookie or something that stores steam ids and usernames?

You could store something on the user’s filesystem and compare against that

Well now that steam uses the /common file directory for garrysmod, this means if he ran the game on the same computer, the files should be the same. Just write something in the /data directory when you ban someone with a unique code (not something obviously abusable) that you keep handy serverside, and in the case that it exists, look it up in the database to find out who it once belonged to. Or atleast I think that might work, maybe using cookies might be sneakier and a webpage (that is, if cookies are persistent in garrysmod)

Good idea, yes they are persistent

Meep also suggested using checking hl2.exe’s last-modified time, but perhaps you can find some other file that is less prone to being modified.

I’m confused.
How will you seperate the main from the alt using a cookie?
You would have to create a connection between the two somehow or anyone that has joined the server will be considered an alt… (Just want to learn)

I think cookies would be the most accurate, and the hardest to figure out how to get past if they know nothing about gmod.

Well you can store what ever information you want in a cookie, including who was the main. FYI I was talking about cookies over https, making it quite difficult to find out and remove, and having the ability to do it all via a webserver.

Would be nice to see some other concepts though, although solutions will be quite primitive.

Store some unique key clientside in SQLite, net it to the server every connect and permanently link it to that account and any account that connects with that key.

There’s also

Global.CreateClientConVar with the save option set to true

You can combine several of these methods together and re-populate the others if they get removed (malware-like behaviour)

snip read the thread

There’s also a way to detect family sharing accounts by a simple API call.

But please note that all of these methods are error-prone and counter-measurable.

  • Any sort of text written to the client is automatically shared between users on the same computer (because SteamPipe is awesome!). My relatives/flatmates could easily be legitimately playing on a shared computer without us being alts of each other.
  • Everything you store on my computer I can check, read, write and delete.
  • What if I get a new computer? These “cookies” and IDs are usually gone, at least archiving my Garry’s Mod folder is one of the least important backup actions for me.
  • Family sharing can also be used for legitimate reasons.

I know there’s always worse, but I think no matter how ignorant someone can be, they always know the wonders of reinstalling. GMod keeps kicking me out? Reinstall Windows, format the whole hard drive… yet again, all the files you stored on my drive are gone. (Though I know this is overkill. :hammered: )

What you should also think of is checking against the user’s friendlist and group list. If someone makes and plays on an alt account, they usually have some core friends added on the alt, because most of the time people still want to chat with their mates even if they are knee-deep in ban evasion. :slight_smile:
Oh and yet again, error-prone: a group of very close friends can instantly marked as an alt-account circlejerk because of the friendlists.

But these are the parts that can be machine-checked… Not the best situation. But instead of instantly preventing the user from playing, they could be flagged “suspicious” and a real-life admin, a thinking human could take care of the situation.

TL;DR: It’s hard to detect automatically.
Even at Wikipedia, the best way of detecting a sockpuppeteer is by “social engineering” and observation: if someone is very confident about, let’s say, being an anti-Tory or pro-terrorist (just two random examples), even if they are banned, their alts will visit the same articles, edit with the same language, make the same vandalist moves. IP checking and machine ID checking is just the first step. False positives and false negatives are a thing!