More actions
Technofied (talk | contribs) Finished first cut of Screening Players for VPNs |
Technofied (talk | contribs) Add steps to give bypass |
||
| Line 59: | Line 59: | ||
* This again indicates the player is using a VPN or Proxy | * This again indicates the player is using a VPN or Proxy | ||
* When Googling an ISP, you are looking to see if they provide household (residential) customers with internet | * When Googling an ISP, you are looking to see if they provide household (residential) customers with internet | ||
* If they '''mostly provide''' corporate internet services, it is likely the IP address belongs/is in use by a VPN or Proxy Provider | * If they '''mostly provide''' corporate internet services, it is likely the IP address belongs/is in use by a VPN or Proxy Provider<br /> | ||
=== Step 4. Making a determination === | === Step 4. Making a determination === | ||
Now that you have checked the IP address' '''quality''' and '''Internet Service Provider (ISP)''', we need to decide whether the player was falsely flagged or not. | Now that you have checked the IP address' '''quality''' and '''Internet Service Provider (ISP)''', we need to decide whether the player was falsely flagged or not. | ||
| Line 70: | Line 67: | ||
* '''Does the IP address of the player have a good reputation?''' (Low/no Fraud Score) | * '''Does the IP address of the player have a good reputation?''' (Low/no Fraud Score) | ||
* '''Does the IP address of the player come from a reputable residential Internet Service Provider?''' (not from a Datacenter, corporate internet provider, etc.) | * '''Does the IP address of the player come from a reputable residential Internet Service Provider?''' (not from a Datacenter, corporate internet provider, etc.) | ||
In the example case of player '''Technofied''', their IP address: | In the example case of player '''Technofied''', their IP address: | ||
| Line 76: | Line 72: | ||
* Has a very problematic reputation, with a Fraud Score of 99 | * Has a very problematic reputation, with a Fraud Score of 99 | ||
* Belongs to a known corporate services internet firm (who also offers a known VPN - called Cloudflare WARP!) | * Belongs to a known corporate services internet firm (who also offers a known VPN - called Cloudflare WARP!) | ||
Sometimes it won't be clear if a person is using a VPN or proxy, or you may want a second opinion. Feel free to ask '''Technofied''' (funnily enough) at any time for assistance. | Sometimes it won't be clear if a person is using a VPN or proxy, or you may want a second opinion. Feel free to ask '''Technofied''' (funnily enough) at any time for assistance. | ||
| Line 88: | Line 83: | ||
** If the IP address is very clearly corporate/non-residential, you can conclude the player is using a VPN/proxy service still - this is because sometimes some VPN providers take care in acquiring reputable IP address blocks | ** If the IP address is very clearly corporate/non-residential, you can conclude the player is using a VPN/proxy service still - this is because sometimes some VPN providers take care in acquiring reputable IP address blocks | ||
** If this is unclear, feel free to ask Technofied again, who will look for other indicators to determine whether the IP address may belong to a VPN/proxy service or not | ** If this is unclear, feel free to ask Technofied again, who will look for other indicators to determine whether the IP address may belong to a VPN/proxy service or not | ||
If you conclude the player has been falsely flagged, please give the player the '''advancedantivpn.bypass permission node <u>temporarily</u>''' in game (i.e. for 30 days). Only provide this permanently to the player if the player repeatedly gets flagged, or is '''permitted by senior Staff''' to be using a proxy or VPN. | |||
* Generally, only Staff are permitted an indefinite exemption | |||
* If a player is likely to need it, please refer their case to Technofied for review - just to be doubly sure we aren't providing an alternative account with an exemption! | |||
== IMPORTANT == | == IMPORTANT == | ||
Latest revision as of 04:10, 6 July 2025
Introduction
Sometimes players will open a Discord Staff Support ticket claiming they have been flagged incorrectly by our VPN/proxy detection service, this guide will show you how to screen these players to determine whether they were flagged incorrectly (false positive) or if they are indeed trying to evade detection.
How to screen a player
In order to determine the liklihood of a player using a VPN or proxy, we check for two things:
- The quality of the IP address
- The Internet Service Provider (ISP)
Below are the steps you should follow to ascertain the two criteria.
Step 1. Fetch the player's IP address
Ask for the player's username if they haven't provided it already. Then, in #antivpn on the Staff Discord server, search for the player's username.
- In this example, player Technofied is the example player
- Technofied's IP address is shown as 104.28.254.140
Step 2. Check the IP address Quality
Next, navigate to the following website address, replacing IP-ADDREESS-HERE with the IP address you found in Step 1.
- https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/IP-ADDRESS-HERE
- Using the prior example, the URL would be https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/104.28.254.140
Visiting the website, you can see whether the IP address:
- Is a VPN
- Is a Proxy
- Is Fraudulent
We can see for IP address 104.28.254.140, that it returned an extremely significant Fraud Score of 99. This indicates that the IP address is very likely to originate from a VPN or Proxy.
Step 3. Check the IP address Internet Service Provider (ISP)
Next, navigate to the following website address, replacing IP-ADDREESS-HERE with the IP address you found in Step 1.
- https://whatismyipaddress.com/ip/IP-ADDRESS-HERE
Using the prior example, the URL would be https://whatismyipaddress.com/ip/104.28.254.140
Visiting the website, you can see the origins of the IP address, we are specifically looking at the ISP.
We can see for IP address 104.28.254.140, that the website returned the ISP of Cloudflare Inc.
Googling Cloudflare Inc, we can see that it is NOT a typical Residential Internet Provider, rather a corporate internet services firm.
- This again indicates the player is using a VPN or Proxy
- When Googling an ISP, you are looking to see if they provide household (residential) customers with internet
- If they mostly provide corporate internet services, it is likely the IP address belongs/is in use by a VPN or Proxy Provider
Step 4. Making a determination
Now that you have checked the IP address' quality and Internet Service Provider (ISP), we need to decide whether the player was falsely flagged or not.
In doing so, you should aim to answer the two questions:
- Does the IP address of the player have a good reputation? (Low/no Fraud Score)
- Does the IP address of the player come from a reputable residential Internet Service Provider? (not from a Datacenter, corporate internet provider, etc.)
In the example case of player Technofied, their IP address:
- Has a very problematic reputation, with a Fraud Score of 99
- Belongs to a known corporate services internet firm (who also offers a known VPN - called Cloudflare WARP!)
Sometimes it won't be clear if a person is using a VPN or proxy, or you may want a second opinion. Feel free to ask Technofied (funnily enough) at any time for assistance.
- Sometimes IP addresses may have a terrible reputation but come from a known residential ISP
- This is very common in developing countries, such as India or Vietnam where large blocks of IP addresses are abused frequently
- Generally, in this scenario, provided the player originates from a developing country - they are likely not using a VPN
- If the player originates in a developed country (i.e. United States of America), this is very rare but still possible. You may need to consult Technofied who will look for other indicators to determine whether the IP address may belong to a VPN/proxy service or not
- Sometimes IP addresses have an excellent reputation, but do not come from a residential ISP
- In these cases, you are looking for whether the IP is blatantly not residential, that is, it originates from a datacenter or obvious corporate firm
- If the IP address is very clearly corporate/non-residential, you can conclude the player is using a VPN/proxy service still - this is because sometimes some VPN providers take care in acquiring reputable IP address blocks
- If this is unclear, feel free to ask Technofied again, who will look for other indicators to determine whether the IP address may belong to a VPN/proxy service or not
If you conclude the player has been falsely flagged, please give the player the advancedantivpn.bypass permission node temporarily in game (i.e. for 30 days). Only provide this permanently to the player if the player repeatedly gets flagged, or is permitted by senior Staff to be using a proxy or VPN.
- Generally, only Staff are permitted an indefinite exemption
- If a player is likely to need it, please refer their case to Technofied for review - just to be doubly sure we aren't providing an alternative account with an exemption!
IMPORTANT
For over 99% of players, they will never be flagged by our VPN/proxy detection service, this means the portion of players we do flag are incredibly small out of the unique players we get on a day to day basis!
As such, do not rush a decision! We prefer being on the safer side, especially as those players who tend to use alternative accounts and proxies tend to have been deported or banned from our server for serious offences.
This system is in place to keep our community safe, and ultimately we won't always get it correct and may falsely flag players, but it is the trade off we make always, for the interests of our wider community.