Request: player.ip
 

This should be a variable that is only serverside, this way it can be used by staff for things such as jailing. There are many other practical uses for this, such as logging so you can see if someone else got on an account (would help with scams). If the IP was loggable, and someone lost all of their items, you could simply check the logs, see what IP logged on, and see if there's a match on another account.

player.ip should be like player.onlinetime-something that can only be accessed serverside.

Chris

This reminds me of ipbans. This can be scripted easily with requesturl().

Yes, but that would take bandwidth off of my server. Would be much easier for this feature.

Stefan said that this type of command does not exist for security reasons which doesn't make much sense since staff can view players' ips anyways.

haha rofl

Look out, I know your IP! ZOMG!!!!!

My IP is 69.66.144.103, Stefan, you use all your little security flaws and damage me, okay? Everyone, go look up on whois who provides me with internet. I'll save you the time. Iowa Telecom. Now, what are you going to do to me? Huh?

Makes no sense at all. IPs aren't private, never have been. I guess I'll just do a whois with a requesthttp z.z

IP address info:
IP address: 69.66.144.103 (copy)
IP country: United States
IP Address state:
IP Address city: Washington
IP postcode: 52353
IP latitude: 41.307301
IP longitude: -91.744301
ISP: Iowa Telecom
Organization: Iowa Telecom

OrgName: Iowa Telecom
OrgID: IOWATE
Address: 115 South Second Avenue West
City: Newton
StateProv: IA
PostalCode: 50208
Country: US

NetRange: 69.66.0.0 - 69.66.255.255
CIDR: 69.66.0.0/16
NetName: IOWA-TELECOM
NetHandle: NET-69-66-0-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: AR.IOWATELECOM.NET
NameServer: HE.IOWATELECOM.NET
Comment:
RegDate: 2003-07-31
Updated: 2004-06-01

OrgTechHandle: ITNOC1-ARIN
OrgTechName: Iowa Telecom Network Operations Center
OrgTechPhone: +1-877-255-4837
OrgTechEmail: [email protected]


City: Story City, IA, US

This probably won't be added. It makes it too easy for server staff to reveal a player's IP address to others and possible related information about them.

Then again, if it was their intentions, they could get it anyways.

I think he means through an automated script though. One person revealing someone's IP address has to go through the hastle of /opening named person. But a simple player.chat = player.ip does not (Looped through every player, it looks like something as this is rather dangerious).

If someone's account gets hacked and they lose their items, it really shouldn't be the responcibility of the staff to return the items anyways. Players should be more secure with their data and almost 99% of account hacks have to do with unsafe internet usage.

Haha, most of that is wrong. I don't live in Washington, and my postal code isn't 52353.

Like I said, come damage me now. Hunt me down, do your worst.

If you want to keep your IP off the internet, do not use the internet!

If one of you can some how hurt me in any way by simply knowing my IP, go for it. If you can do that, I'll admit that I was wrong. Like I said, there is NO way for anyone to hurt ANYONE by just knowing their IP. You could get much more information about me if you did a whois on my domain name (and it would actually be factual information).

Staff can already access IPs, so why does this hurt? Staff are actually more likely to abuse that than players are, so why does this hurt?

I clicked on that...
D:

It's accessible by staff because it helps to control bans. With being staff is a responsibility of protecting information about players.

If someone's IP information is leaked with the current system, that means there is a staff member responsible for it, not Cyberjoueurs. Adding an IP variable makes it too easy for people to be tracked automatically.

Not only is it a case of player privacy protection, but I know there would be idiots putting "IP Address: *.*.*.*" in your profilevars, and other things which are accessed by other players. Basically, it's not hard to get a players IP with the new graal scripting engine, if you feel the need to find a player's IP, just use RC or requesthttp. Otherwise, if it's not an important enough reason to use requesthttp or RC, then it's probably something you don't need to know anyways.

Also:
Try using the search feature on the forums before requesting something, it's a good habbit to get in to.

Ill-advised; it's likely globals will request you remove any such requestURL/requestHTTP mechanism for finding IP addresses.

Use it once and remove it, that should not be a problem if you ask me.

Well, uh, what good would it do using it and just removing it, if as an admin you can already find the IP using RC?

You should not be using requestURL/requestHTTP to find the player's IP address, end of story. Simple as that.

I agree with Skyld on this one.
Thou shalt not!

You guys are quick to talk about these bogus privacy claims as if a persons' ip address was private to begin with. Most sites log your IP the moment you visit their page.

You can't do any harm to anyone by simply knowing their ip. If you infected them with a trojan and knew their ip, that would be a different story, but if you infected them with a trojan, you'd be able to read their ip regardless if you knew what you were doing.

Oh, come on. Webserver logs throw your IP into a black abyss of nothingness, but knowing Graal players it'd be abused somehow.

Cool.

So, I'll set up a website and link it to every single playerworld and log everyones IP address so that I can magically destroy their computers.


Let's get real for a moment.

You have to remember that the "anti-graal" community is very active (especially compared to any other anti-<insert mmo name here> group).

I am requesting IPs simply for the use of logging. IPs are not private, and never have been. The second you visit my web site, I have your IP. I can already get anyones IP with RC. If I wanted, I could make a list of all the players on my server with a script, then constantly read their attributes and set clientr.ip manually. It would simply be easier if you could use a variable. Staff already have access to IPs, why can't they in scripting?

Anyone else find it funny that malicious code such as code used to steal servers, etc. (client-rc is very easy to abuse if you know how to script, can make the manager set his/her rights to NULL, or set your rights to all of his/hers) is not even trying to be stopped by Stefan/Skyld/whoever, but they refuse to allow us an IP variable?

Yes, and?


They can't do anything with your ip alone. They can harm you if they had your ip and they infected you with a trojan, but if they infected you with a trojan they would have your ip regardless.

I don't see how it's a security risk to read IP's via script. It would be much more beneficial than harmless (security scripts and so forth).

It amuses me how so many people get their account 'hacked' for being idiots and doing stuff they shouldn't.

Things like security holes in Client-RC are things we already know about and are trying to solve.

The biggest problem with having people's IPs, is that, if you're a malicious person, can check to see if there is a trojan on your computer, and then abuse it. It's not a matter of infecting you with a trojan, a lot of times people are infected, but either the (depending on the version) trojan can't broadcast itself, or simply is broken in some way. But if they know your IP, they can target you directly and try to access you through what may already be on your computer, get your passwords, etc.

It's a bad idea.

Yay for NAT boxes!

Ever heard of anti-virus programs?

If you're already infected with a trojan, they already know your IP!

no...

Trojans normally try and disable Anti virus/firewalls by killing the process and corrupting the files. And yes, they can advertise an ip address. The great thing about NAT boxes is that the outside world can only see your NAT boxes global (or sometimes even local within a global) address so they can't directly access hosts inside it without port forwarding set up.

Out of curiosity ... what is a NAT box?

--

Skyld, you said this would be abused. Like I asked,
HOW CAN AN IP BE ABUSED?!

Network Address Translation box

In more basic terms, NAT takes a local address (10.x.x.x, 172.16.x.x-172.31.x.x, 192.168.x.x) and turns it into an outside address (be it another local address or more commonly - a global internet address) and sends the data. The outside world can only see the router. The great thing is: unless a session is established or port forwarding is enabled: the outside world can't access anything past it.

NAT/PAT also uses unique identifers (or source ports for PAT) to identify what data gets sent where) so IP spoofing is impossible. The even greater thing is that you can overload an address: i.e. an entire 192.168.1.0 network could use 1 overloaded global address. If you have multiple global addresses in the pool, it will use the current address until no more source ports are available and move onto the next address.

If you have multiple computers using your broadband connection at the same time (either through a router/switch combo, a router to switch combo or if you're unlucky, a router to hub connection) then chances are that your router supports NAT. If not, programs like smoothwall (Linux glory and very powerful) or Microsoft ISA (A kick ass high-end firewall. Recommended if you know what you're doing) can also act as a NAT service.

Disadvantages: some services can be hampered by the presence of a NAT. E.g. FTP. FTP uses two concurrent connections (data and control port) to transmit data. NAT screws this up.

It is not so much about "destroying their computers", but more about protecting their identity. Like I said already, making an IP variable makes it too easy to share the player's IP address with others automatically.

Maybe some people don't want their IP revealing in such a manner.

I've had experiences with IP tracing and I say that its just bogus. Most of the time, It isn't even remotely correct. (Hell Raven, You're off by 10000 miles >_< )

Also, IPs are simply an identification to your computer. Most websites, online games, and practically everything you do on the internet has in some way handled your IP.

I just think, even though this probably won't be implemented, that this could be on to something.

Another great feature of NAT: you don't know how many times you're connection runs through a nat box. Since the address effectively stops at the translation, you'll probably only be able to trace up to the ISP. Most ISPs have a very limited amount of ips to use.

Still..I want IPv6 already. With the amount of addresses it has available: NAT's won't be needed for IP address overloading. Though they could still be used for extra security.

It isn't so much that the IP is just a simple identifier, I recognise this, but some people do not understand that and do not take comfort in the fact that their identity maybe could be revealed to others. A lot of users on the internet are paranoid enough about security and privacy.

Quite some time ago, I would have thought that a player.ip variable would have been a good idea, however having been a global for some time now, I realise that players have quite a cloud of paranoia surrounding the protection of their identities.

Then what in the world would be the point of it if abusers can just disable it x-x


That statement was more senseless than the argument in this thread. People paranoid about other people knowing their IP clearly know nothing about computers. Plain and simple.

Cool, but you, and a few others, are totally missing the entire point to begin with.

People are not required to know the dangers, existant or not, of having your IP made public. Truthfully, the more careful they are with everything, the better off they are.

They have every right to be protective of anything that is considered personal information, which an IP is.

It's not an issue of how harmful an IP address could be, it's an issue that many people don't want their IPs broadcasted around an entire server due to script abuse.

And yes, they have that right, and it should be upheld.

No, it's foolish, and they only have rights to whatever Cyberjouers says they have rights to.

I'm going to assuming you're one of those that know little about computers.


No harm can come from making a string that records a players' ip.

Why? Because the only people that would be able to view it would be staff, which they can view now anyways.

There is no privacy with IPs. As already stated multiple times, most sites log your IP the moment you go to their page. No harm is done with knowing one's ip alone.