Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

System to prevent users who’ve been recently banned from joining back #523

Open
UponAnonymous opened this issue Apr 27, 2022 · 2 comments
Open

System to prevent users who’ve been recently banned from joining back #523

UponAnonymous opened this issue Apr 27, 2022 · 2 comments
Labels
blocked blocked by external influences enhancement New feature or request help wanted Extra attention is needed prio-low

Comments

@UponAnonymous
Copy link
Contributor

To give a little more context, users who’ve been banned from a server usually use VPNs or make new accounts to bypass Discords huge flaw.

So the way that could be done is a system that can detect if someone is using a VPN or any type of spoofer as well as if an account has recently been created. Both of these features could be enabled or disabled if needed, as well as the account age detector could be configured to the users specification.

For the VPN / Spoof detection could be when someone joins the server, they’re asked to follow a link to the webpage. From there the webpage can detect if they’re using anything to try and bypass.
If the user is, they get removed, if not they can either get a role or be allowed in the server.
@UponAnonymous UponAnonymous added the enhancement New feature or request label Apr 27, 2022
@zaanposni zaanposni added help wanted Extra attention is needed blocked blocked by external influences prio-low labels May 14, 2022
@zaanposni
Copy link
Owner

As discussed in discord it appears that there are already good bots out there for this purpose.

Furthermore, there are multiple issues that need to be thought through when implementing this system as there are many possibilities for false positives and false negatives.

Therefore, I am not closing this issue but rather leave it open for further discussion.

@FeroxFoxxo
Copy link
Contributor

FeroxFoxxo commented Sep 17, 2022
edited
Loading

The only way of doing this is to have a list of known VPN ip addresses that MASZ could tap into. User flow would be to require visitation of the front end to verify their address on joining, check it against a list of known (banned) IP addresses from previous verifications of users, and finally find whether it is banned, before authentication of the user (should be done on server).

http://getipintel.net/ is free and could be used. Some APIs require the site owner to have a key though, which is the major downside. Could be stored in the AppSettings model, with the feature unable to be enabled unless existing.

For a direct list of IPs to search between, rather than using an external API, you can use https://www.dan.me.uk/tornodes for TOR exit nodes, https://www.iblocklist.com/list?list=xoebmbyexwuiogmbyprb for proxies, and https://lite.ip2location.com/database/px1-ip-country for VPNs.

There is no technical way to get whether a user has a VPN through challenges, and you'll have to rely on a list like so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked blocked by external influences enhancement New feature or request help wanted Extra attention is needed prio-low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zaanposni @UponAnonymous @FeroxFoxxo