This is why…
Imagine, for example, if someone makes a tycoon, gets it to the front page and gets everyones IP adresses…!
You can also get someones position in the world from an IP adress which isn’t very safe and probably not allowed for a COPPA website.
An IP ban system won’t work, you can’t rely on the fact that someone’s IP address will always stay the same, and they can spoof it. Even worse, if the IP you banned is put back into rotation by the ISP and given to another router that happens to have a ROBLOX user behind them, then those users can’t join your game anymore. (slim chance, but not impossible) Also, proxy servers are a thing.
You can’t exactly. Its a very rough estimate. For example mine points to a city I don’t even live in.
Also just pointing out it takes a lot of power to actually ddos someone. dosing won’t really work. If they are really looking to shut someone down then they have a network of computers to handle it which is beyond what a ‘script kiddie’ can do. Otherwise they are paying someone online to do it for them.
… is that not the same problem?
Not the same thing as that. You can’t just download a ‘ddos’ tool and expect to shut someone’s internet down.
You can hire a botnet for like 8 dollars per hour though
Which I already pointed out. Paying somebody online to handle it.
In the past, ROBLOX made an update to the developer console that showed the server’s IP in the local log. Nearly immediately, users started DoSing servers, so it’s more than evident that delinquents, kiddies or not, have the tools they need to exploit this to the point where it becomes a serious inconvenience for others. I’d rather not wait around 'till hindsight to confirm that the same thing that happened with the server IP happens with this exploit.
wasn’t arguing whether it should be hidden or not in my last few comments. No need to continue to justify it to me.
I was just saying downloading a tool and dosing from your singular computer doesn’t work. You need a lot of effort to make it effective.
please don’t derail my thread then… there are good reasons ROBLOX doesn’t give game creators this information
We were always able to get the IP from the log files already.
(not to mention wireshark, looking at the RequestGame.ashx, …)
Unless you have a static IP (which only a select few have, most times even paying for it), sharing your IP is fine.
Fun how this thread got semi-derailed so easy, people are getting better at it
I think it’s due to the law. An IP can be used to get someone’s location and developers should not be able to locate kids playing their games. I believe this is a part of COPPA compliance.
On top of this, devs don’t need this info whatsoever.
rip ability to block skiddies using multiple accounts to annoy me and other devs in our projects, cause banning their accounts don’t do a damn thing (and there’s a mute limit in chat). I still think you guys should give us a unique client hash which is generated and stored in registry or something, regardless if people change it or not. It’s not location based, and most of the kiddies only know how to run a batch file, not the ins and outs.
Then make a feature request; that’s not what this thread is for
I think a neat way to deal with actual in game ip banning is something like roblox generates a random string that is associated with that ip address, then when they join the game it has like “ip-id” property or something, then be able to check for that, but no way to reverse the random string back to IP
That seems like a really negative reason to implement a feature; for dev-based banning.
ROBLOX has moderation and you can report inappropriate users. If you don’t want somebody following you, block them or set your following to friends only.
Pro tip: People annoy you to get a reaction/attention out of you. Stop giving a reaction and they stop having fun, thus leaving you alone.
That is neither efficient nor is it guaranteed to get results.
This will be fixed tonight.
The issue with giving out IP’s in encrypted form is that it assumes the algorithm/key will permanently remain a secret. Once the algorithm details are out, you can quickly find all 4 billion IP/encoding pairs.
A device identifier also has issues. For example, if it is in the lua api, it will be bypassed easily. Next, attackers will attempt to find targeted users’ device id’s in order to spoof them. At a minimum, device id’s would need to be place-specific and assumed to be spoofable/invalid.
It isn’t a bad idea though. It could give valuable, non-exploit data as well – for example the percentage of users that play your game on both mobile and desktop.
I don’t know a lot about hashing, but it seems that would anonymize the data sufficiently. Are there issues with hashed IPs?
Hashed IP is IP + 2 seconds of processing.