I like this, but I have to tell you what I've been looking for in one of these services for forever.
I help develop a fairly popular webgame. One of our biggest headaches is people who are evading bans by using VPNs (public or not), VPSes, etc. Although we've outright blocked some large chunks of IPs (AWS, for instance), I've never seen a good service that identifies those specific blocks. Sometimes I go manually digging in the case of serious ban evaders, looking up the owners of specific IP blocks, but boy it'd be convenient if there was a service out there that did that.
> One of our biggest headaches is people who are evading bans by using VPNs (public or not), VPSes, etc. Although we've outright blocked some large chunks of IPs (AWS, for instance)
Please don't do this. It's perfectly legitimate to route one's traffic through other nodes one owns.
Please consider other ways of dealing with banned players — perhaps make creating an account slow and/or costly.
We've examined all the options. We already use browser fingerprinting, and that takes care of a good percentage of it, but for the truly committed there are really only two options: Blocking all VPNs, or using supercookies. I'm actually a bigger fan of the supercookie solution, but one of the other developers is staunchly against that. It's an ongoing battle.
The problem with the slow/costly account thing is that one of the big draws of our game is that there's no registration necessary. You can jump in a game instantly by pressing 'Play Now', and you just get named 'Some Ball 1/2/3/4/etc' and tossed with the registered players.
Been there, tried supercookies, found that the same users who are motivated and savvy enough to dodge browser fingerprinting are also able to dodge supercookies.
Mostly really nasty chat and working against own team. You don't see too much of it nowadays as we're very proactive about that, and have blocked all the major slurs from being typable.
Always glad to find a player in the wild! We're working hard on Next and hope to have the beta open soon.
Should be possible using the ASN id of the IP address, and I think Domaintools provides this information and some other fields as well, although their API is not free. That won't help with most VPNs though as they just rent servers from various providers, so you need some kind of active monitoring, which might be tricky to implement from a technical and legal point of view.
If you have a BGP feed, you can use that to go from IP -> ASN, otherwise, there are public bgp dumps [1]. Many networks renting servers are pretty simple to flag this way.
Or you could lookup the IP of the user on Shodan and check whether that IP is running a VPN service. Per IP lookups are free on Shodan and it's fairly simple. For example, this is how you'd do it in Python:
def is_vpn(user_ip):
import shodan
api = shodan.Shodan("API key")
host = api.host(user_ip)
for banner in host['data']:
if banner['port'] in [500, 4500]:
return True
return False
Here's an overview of the VPN services that are currently on Shodan:
Edit: I made a modification for conciseness' sake, and to include SSH in the mix as that can be used as a poor man's VPN.
def is_vpn(self, ip):
api = shodan.Shodan(self.config['keys']['shodan'])
host = api.host(ip)
return any(banner['port'] in [22, 80, 500, 4500] for banner in host['data'])
I realized it only afterwards but you can actually just look at the host['ports'] property which contains a list of ports that were found open. And you might also want to include PPTP on port 1723.
Yup, and I seriously appreciate those that do that, but it's the small providers which inevitably end up screwing us over. Some small VPS company has a vulnerable server that someone makes a VPN on, and suddenly we get a wave of ban evaders. It ends up being a constant headache.
If it's default ports, you can just probe on login and deny it. We do this for a game I've admined for, and it's in the terms of service. Common L2TP, PPTP, etc.
Scanning the defaults for open proxies with a note in the ToS is not super uncommon with some types of services. I don't recommend sweeping random visitors to your website.
I help develop a fairly popular webgame. One of our biggest headaches is people who are evading bans by using VPNs (public or not), VPSes, etc. Although we've outright blocked some large chunks of IPs (AWS, for instance), I've never seen a good service that identifies those specific blocks. Sometimes I go manually digging in the case of serious ban evaders, looking up the owners of specific IP blocks, but boy it'd be convenient if there was a service out there that did that.