Troubles with designing a ban system using DataStore and MessagingService

Programming
, ,
#1

For a project I am working on we want to implement a ban system to prevent hackers and cheaters from playing the game. Currently, to ban a player I set a flag in the player’s data table to indicate whether or not the player is allowed to join a server. I want to be able to set this flag even if I am not in the cheater’s server or when the cheater is offline. I also want to make sure the risk of data loss is minimal. I have come up with an idea on how to tackle this problem, but I want to get some more opinions to ensure my methodology is safe.

My idea describes 3 scenarios:

  1. The cheater is online in a server I am also in.
  2. The cheater is online in a server that is full, so I can only join other servers.
  3. The cheater is not playing the game.

For the first scenario I would be able to directly edit the flag as the cheater’s data is loaded. Then I can kick the cheater. For the second scenario I would use MessagingService to notify other servers that I want to set the ‘banned’ flag in the cheater’s save data. Then, each server would check if the cheater is online in that server and if so, edit the flag for me and kick the player. For the third scenario I would have to load the cheater’s data in the server I am in, change the flag, and then save the data again.

Combining these steps gets a little tricky though, because if scenario 1 is not true, then I would have to assume that both scenarios 2 and 3 are true because I do not think there is a good way to check if either scenario is true. So my final algorithm is as follows:

  1. Check if the player is online in my server. If so, edit the player’s data and kick the player.
  2. If 1. is not true, load the player’s data from the DataStore, set the ‘banned’ flag, and save the data again.
  3. Use MessagingService to notify all other services.
  4. In each notified server, check if the player is online and if so, set the ‘banned’ flag in the player’s data.

For scenario 1 and 3 this algorithm should be safe and not cause any data loss. However, for scenario 2 there might be some issues. What happens when the player leaves right after I have loaded their data in my server, but before I save the flag change? I assume this would become the latest version that is stored and thus overwrite a couple minutes of data of the cheater. Could there also be a scenario where this wipes confirmation of any purchases that the cheater might have made right as I ban them?

If anyone knows if my current idea is safe or if there is a better approach, please let me know!

#2

I designed a ban system with the parameters you listed, utilizing DataStores & Messaging Service. I was able to figure this out by simply creating “global” datastore for the game, taking advantage of the 260k (soon to be 400k) character count. I would then load the global data every join, and check the user ID against the table & kick them if found. I save the ID into the table & use UpdateAsync for the saving method.

I was commissioned to create this system for Freeze Tag in which they had the issue of joining the player they wished to ban, but were met with the player leaving & their DataStore didn’t take IDs. My system allows you to ban a player in server with their name OR user ID, and you can utilize the player ID to ping all the servers in your game & ban the user if they happen to be in another server. You cannot use the name of a player to ping all the servers and let them know to ban the player.

Source:

Download:

1 Like