me_codematrix
发布于 2025 年 12 月 30 日
Simon_Hypixel slikey hytale,在账户管理部分中,当前显示的ID是服务器端将会检测的ID,还是说每个游戏档案都拥有自己的ID?
slikey
发布于 2025 年 12 月 30 日
游戏账户ID将不会被传输至服务器。游戏档案是完全独立的游戏授权,且服务器无法在玩家不主动创建连接的时候建立连接。
_Hawkon
发布于 2025 年 12 月 30 日
如果服务器可以封禁游戏账户,岂不是更好?
ItsJustReeses
发布于 2025 年 12 月 30 日
同意!
作为过来人,如果我不想让某个用户回来,那么我就不会让那个用户回来。
作为一个服主,一想想他们总是会使用小号登录来绕过封禁,就觉得有点可怕。
slikey
发布于 2025 年 12 月 30 日
不。因为那样做不会解决任何事情。如果我们那样做的话,大家可能就会使用多个游戏账户而不是单独的游戏账户。结果是,服务器面临的问题将会一致,但是我们将会拥有更多低安全性、更容易被盗号的账户。
通常玩家会有一个启用双重验证和安全措施的主账户,然后还有一堆使用邮箱+密码验证,安全性很差的小号。
我们确保玩家可以在同一个安全环境下创建多个游戏档案,以避免整个问题。如果服务器想要封禁玩家而不是某个游戏档案,那么你就需要不同的白名单方式——账户与档案的争议并不是你想要的解决方案。
ItsJustReeses
发布于 2025 年 12 月 30 日
说实话,硬件ID封禁将会是最完美的方法——恕我直言。
但实际情况是,你面对的是一群恶意举报的用户,而这所有的根源则在于我在自己的项目中削弱了10%的武器强度。
确保特定的用户无法进入我的服务器,就是在保护你所支持的开发者,以及服务器的用户们。
说实话,在这个问题上,我们应该都有一致的看法。只是在正确的解决方案上有所分歧。
你们有没有针对这类极端用户的方案?我相信Hypixel的社区内肯定也遇到了不少这种用户。我这种小型服务器项目都遇到过。
如果必须我们自己实现,这样也没关系。至少感谢你们给出了我们的选择。我将会随机应变,来看看服务器上线后会发生什么。
slikey
发布于 2025 年 12 月 30 日
我会和我们的安全工程师讨论一下。我理解这么做的必要性,但我也不希望封禁是永久性的——在绝大多数情况下,封禁是一种有效的惩罚手段。
在一些极端情况下,如果真有用户做出了卑鄙的事情违反了服务器规定,我们仍然可以通过“违反服务条款”来封禁其它账户。
这里有很多实施方面的考虑,但是最终我们需要去观察问题,然后展开一场猫捉老鼠的游戏。我相信我们能找到办法,将这类问题减少80%到90%。
原文:
发布于 2025 年 12 月 30 日
Simon_Hypixel slikey hytale,在账户管理部分中,当前显示的ID是服务器端将会检测的ID,还是说每个游戏档案都拥有自己的ID?
slikey
发布于 2025 年 12 月 30 日
游戏账户ID将不会被传输至服务器。游戏档案是完全独立的游戏授权,且服务器无法在玩家不主动创建连接的时候建立连接。
_Hawkon
发布于 2025 年 12 月 30 日
如果服务器可以封禁游戏账户,岂不是更好?
ItsJustReeses
发布于 2025 年 12 月 30 日
同意!
作为过来人,如果我不想让某个用户回来,那么我就不会让那个用户回来。
作为一个服主,一想想他们总是会使用小号登录来绕过封禁,就觉得有点可怕。
slikey
发布于 2025 年 12 月 30 日
不。因为那样做不会解决任何事情。如果我们那样做的话,大家可能就会使用多个游戏账户而不是单独的游戏账户。结果是,服务器面临的问题将会一致,但是我们将会拥有更多低安全性、更容易被盗号的账户。
通常玩家会有一个启用双重验证和安全措施的主账户,然后还有一堆使用邮箱+密码验证,安全性很差的小号。
我们确保玩家可以在同一个安全环境下创建多个游戏档案,以避免整个问题。如果服务器想要封禁玩家而不是某个游戏档案,那么你就需要不同的白名单方式——账户与档案的争议并不是你想要的解决方案。
ItsJustReeses
发布于 2025 年 12 月 30 日
说实话,硬件ID封禁将会是最完美的方法——恕我直言。
但实际情况是,你面对的是一群恶意举报的用户,而这所有的根源则在于我在自己的项目中削弱了10%的武器强度。
确保特定的用户无法进入我的服务器,就是在保护你所支持的开发者,以及服务器的用户们。
说实话,在这个问题上,我们应该都有一致的看法。只是在正确的解决方案上有所分歧。
你们有没有针对这类极端用户的方案?我相信Hypixel的社区内肯定也遇到了不少这种用户。我这种小型服务器项目都遇到过。
如果必须我们自己实现,这样也没关系。至少感谢你们给出了我们的选择。我将会随机应变,来看看服务器上线后会发生什么。
slikey
发布于 2025 年 12 月 30 日
我会和我们的安全工程师讨论一下。我理解这么做的必要性,但我也不希望封禁是永久性的——在绝大多数情况下,封禁是一种有效的惩罚手段。
在一些极端情况下,如果真有用户做出了卑鄙的事情违反了服务器规定,我们仍然可以通过“违反服务条款”来封禁其它账户。
这里有很多实施方面的考虑,但是最终我们需要去观察问题,然后展开一场猫捉老鼠的游戏。我相信我们能找到办法,将这类问题减少80%到90%。
原文:
me_codematrix: @Simon_Hypixel @slikey @hytale Is the account ID that is currently available under the account management section the ID that will be used on the server side, or does every game profile have its own ID?
slikey: Account IDs will not be transmitted to the servers. Game Profiles are totally independent game licenses and servers can't determine a connection without the player actively creating such an association.
_Hawkon: Would it not be better if servers could account ban?
ItsJustReeses:
Agree with this!
As someone whos done this song and dance, if I don't want a user to come back, I don't want THAT user itself to come back.
Them just logging into an alt to avoid the ban is a bit... scary to think about as a server owner.
slikey:
No, because that would not actually solve anything. If we did that, people would simply use multiple accounts instead of a single account. The result is that the problem is exactly the same for servers but now we have many accounts that are less secure and more easily compromised.
Usually players have one "main" account with 2FA and proper security and then a bunch of alt account with email + simple password and overall bad security maintenance.
We make sure that players can create multiple profiles under one security umbrella and avoid that whole problem. If servers want to ban people rather than profiles, you need a different whitelist method - accounts vs profiles are not the solution you want.
ItsJustReeses:
Honestly. Hardware ID bans would be the "perfect" method. IMHO
But your talking to a guy whos been the target of a swatting, all because I nerfed a weapon by 10% in my own project.
Making sure a specific user CANNOT join my own server, is protecting the devs your supporting AND it's users.
Honestly I think we both agree that at the very least it is an issue. Just disagree on the right solution.
Do you guys have a plan for extreme users like that? I'm sure y'all had your fair share of that type of community for Hypixel. Even my tiny project did.
If we have to make it ourselves, that's fine. Thanks for giving us that option at the very least
I'll just play it by ear and see what happens when we launch our server.
slikey:
I'll float it with our security engineers. I understand the need but I also don't want bans to be final like that - mostly bans are a good way to add a punishment.
Extreme cases where the user actually broke the law for some despicable things we could still fish out account bans due to TOS violations.
There are many implementation considerations here but ultimately we need to observe the problems and let the cat and mouse game commence. I am sure we can figure out something that reduces the problem by 80-90%.
slikey: Account IDs will not be transmitted to the servers. Game Profiles are totally independent game licenses and servers can't determine a connection without the player actively creating such an association.
_Hawkon: Would it not be better if servers could account ban?
ItsJustReeses:
Agree with this!
As someone whos done this song and dance, if I don't want a user to come back, I don't want THAT user itself to come back.
Them just logging into an alt to avoid the ban is a bit... scary to think about as a server owner.
slikey:
No, because that would not actually solve anything. If we did that, people would simply use multiple accounts instead of a single account. The result is that the problem is exactly the same for servers but now we have many accounts that are less secure and more easily compromised.
Usually players have one "main" account with 2FA and proper security and then a bunch of alt account with email + simple password and overall bad security maintenance.
We make sure that players can create multiple profiles under one security umbrella and avoid that whole problem. If servers want to ban people rather than profiles, you need a different whitelist method - accounts vs profiles are not the solution you want.
ItsJustReeses:
Honestly. Hardware ID bans would be the "perfect" method. IMHO
But your talking to a guy whos been the target of a swatting, all because I nerfed a weapon by 10% in my own project.
Making sure a specific user CANNOT join my own server, is protecting the devs your supporting AND it's users.
Honestly I think we both agree that at the very least it is an issue. Just disagree on the right solution.
Do you guys have a plan for extreme users like that? I'm sure y'all had your fair share of that type of community for Hypixel. Even my tiny project did.
If we have to make it ourselves, that's fine. Thanks for giving us that option at the very least
I'll just play it by ear and see what happens when we launch our server.slikey:
I'll float it with our security engineers. I understand the need but I also don't want bans to be final like that - mostly bans are a good way to add a punishment.
Extreme cases where the user actually broke the law for some despicable things we could still fish out account bans due to TOS violations.
There are many implementation considerations here but ultimately we need to observe the problems and let the cat and mouse game commence. I am sure we can figure out something that reduces the problem by 80-90%.
最后编辑:
