If I maintained a public ban list of malicious users, would you use it?

I’m getting back into the server hosting business, and I’ve discovered that the community is infested with skiddies. I figure the least I can do is curate a list of them and allow users to automatically include them into their own ban list.

The big problem with community-driven blacklists is that that they tend to struggle with either sensitivity or specificity. If it’s maintained by a single person (or a very small team of trusted contributors), it’s unlikely to block enough offenders to make much of a difference, and if it’s crowdsourced, it’s going to contain a lot of false negatives (different communities tend to be very, uh, effective at making their ban policies unique).

Suppose you could write a serverside addon that tracks bans across several communities and then submits all Steam IDs who’ve been banned from an unusual number of servers for review. That’s how crowdsourced anti-spam forum plugins and the like tend to do it, and it’s working pretty well for them. Maliciousness is a little more subjective than RE:RE:FWD: FREE VIAGRA FROM THE PRINCE OF NIGERIA though and I’m unsure if you’d be willing to dedicate the required amount of time to it in the long run. Guess you could tie it into your hosting business - that might work.

Here, “malicious” refers to actual attacks on the server. Like some kid I had yesterday who was trying to take over (and reverted to prop spamming when that failed). I realize that for the first little while, the list is going to be small. Possibly too small for anyone but me to use for the first year or so. Those Twitter blocklists started out really small too, and look how they turned out.

I’m not going to accept automated input from outside sources. That’s more potential attack surface, both on my network, and everyone else’s (suppose the server code provides some sort of remote code execution hole). If someone provides me with sufficient evidence, I might do it manually.

OK, I misworded with “the server hosting business” - I meant “the business of hosting one server”. But otherwise, that was pretty much the plan - add a !skidban command to my server independent of the existing !ban command.

Sure, but don’t ban by association. I helped write a collection of cheat scripts when I was learning GMod Lua :v:

I’d take a gander at the ban reasons and use it as a reference, but not necessarily use the bans wholesale. I think if someone else gets banned somewhere else, they should have another chance on my servers.

Not this again…

Sorry for the negativity - but there was a thread about this just less than a year ago (I think) where we all ultimately agreed that there was no correct way to do it such that it couldn’t be either abused or abusive.

Sorry for the bad news. It was a very long thread, there were a lot of suggestions, but at the end of the day, nothing was possible. (Just a heads-up now before this goes on any longer)

I think he’s a more honest person than the people I’ve seen try to curate their own, so I think it would be a fine starting point. I would never take other people’s bans wholesale though.

Works for me, the “ban list” would just be a plaintext list of SteamIDs and possibly short explanations of what kind of attack they tried. I’m not going to take the time to design auto-ban code that works with every possible ban system. That’s the server owner’s job :v:

Also, what about things like aimbots? Definitely malicious in deathmatch gamemodes like DarkRP or TTT, but what about sandboxes with weapons turned off? Why would those servers care?

Well at the moment, I’ve had this poll up all day and the votes are 17 to 4 against, so I’m not going to start that project at the moment. That’s less code for me to maintain, at least until I have an actual worthwhile list.

Even then, I’d probably wait until I have several lists, and do it Adblock Plus style where you have to subscribe to filter lists for it to have any effect (so if I were to ever go off the deep end and add people to the lists because I didn’t like them, the community could just start a different set of lists and switch to it). I may be out of touch with the GMod community at the moment, but I know me some network administration practices.

(I think I remember the thread, because I definitely remember making the comparison to Adblock Plus in this context before)

skidcheck 2.0

have you seen how well skidcheck has done? yeah not a good idea lmao

Something like this is best done between friends, not on a large scale.

I would support this as long as it’s not something like skidcheck where the bans are based off of personal hate instead of doing anything wrong.

You would have to do some really fucked up shit in order to get on the list.

Make sure you add everyone on https://glua.team/.

They are very malicious.

I think that it will be fine as long as he recommends discretion and advertises that he’s no official curtailed or anything. If he emphasizes that he’s just one guy with a list of people he deems bad, and that he doesn’t think the list is necessary for use, I don’t see a problem. It would be like me reviewing a server’s ban list - they aren’t suggesting I ban them too - they’re just documenting problems they have had in the past.

I would add a page/api, where ban systems (EG CAC/LAC) can “suggest” bans, mainly for cheaters, than for other stuff, like minges. So you atleast would have a big “trust” list.

Maybe do it like http://www.mcbans.com/ . They use a rep system, and servers can block based on rep. Each server would have a small rep they would effect, and ones that have proved to not give out crap ones get higher on rep.

No

Don’t auto ban if anything just do a sort of warn system to active admins when someone joins whose on the list.

That way they can choose to ban or not.

There’s already a list of users like you’ve proposed. Thing is, there’s a lot of people on there that shouldn’t be, and everyone hates the list because HeX is… not exactly normal.

Seems like a great idea if servers want no players.