Simple suggestion: Require email verification (and potentially phone number verification) when creating an account Reasoning: With autoban on its way (or at least still actively being worked on) there are a few things we can do to discourage malicious actors. As it currently stands, you do not need a valid or verified email to create an account. This means you can simply enter any gibberish credentials, create your account and go right into the game. The ease of recreating an account is really only a benefit to hackers, normal users would generally have no issue with verifying their email (and it would also help with account recovery issues). When you introduce obstacles like this, account recreation becomes much more of a chore and can simply burn these users out A much more radical step would be to have phone verification - This would be probably one of the best anti-ban features we could add to the server. There are many ways to screen for online or spoofed phones so that you actually have to have a real physical phone (Or at the very least this would severely bottleneck the kind of users who get through). There would also be avenues for users to take if they do not have a phone or can't verify their phone number for whatever reason - a post on the forums where a GM can create the account for the user and push it through the queue. Now, both of these suggestions come with obvious downsides: Is ease of access an important element for new user retention? You can argue it probably is, perhaps this is something we can measure with aggregate user data Is this idealistic? I know there are Xenforo addons that support email and phone verification, it would just depend on our Xenforo version. This ultimately would come down to how much time spent implementing something like this would take and if its worth it considering autoban is in development. Coupled with autoban I think this would be devastating for hackers and we would see immediate results. But fame mules: Rip fellow fame mule fanatics, the new Safety quest hurt but this would be a pretty sad Theres probably more downsides I couldn't think of, feel free to point them out
Also, another advantage of phone verification, is that they'll be able to ban phone numbers, which would further annoy hackers
i don't think people would be receptive to the idea of giving their phone numbers away to a maplestory private server. Already, there are folks who have seen their accounts hacked into because they used the same passwords on another private server. Maplestory private servers in general don't have the best cybersecurity practices, and some of them even have shady folks running the place. If i were a new player, had no clue of what to expect from mapleroyals, and was asked to provide my phone number upon signup, I'd probably err on the side of caution
Huh yea, didn't consider that. Now that you mention it, from a newcomer's perspective, this would look a bit shady... Maybe an email verification that requires answering a capcha?
Thats a great point however we already share our IP, email and passwords - and this isn't 2005, this info isn't stored in plaintext its industry standard to hash these. In any case, this is definitely a valid downside to the more extreme version phone verification
Even if the data is secured, this is still a private server run by a handful of people, newer players would be rightfully concerned to hand in a phone number. (they don't know the staff or how trustworthy they are) If you want to remain anonymous in this server, you can make an email just for it, use VPN, and never reveal your real name. But a phone number is instantly identifiable, you can find A LOT about a person from that piece of info
Worth to mention that email verifications isn't really an obstacle nowadays. With tools like 10-minutes emails or adding dots to an existing email, this won't be highly effective, unless some work was put into that. Howsoever, email creation takes less than 2 minutes to complete.
This is actually not true, Xenforo has plenty of free plugins for spam filters. You're able to use widely public email whitelists that screen pretty much every fake email out and force members that use throwaway emails to have a invalid state or awaiting approval. Also - really epic free source btw https://www.stopforumspam.com/ Feel free to browse the Xenforo repository, there are plenty of options Any easy addon that turns a 3 second task into a several minute task has more benefit than you'd think
Ingame accounts aren't related to the forum accounts, as far as I know. Therefore, XenForo's plugins won't make any difference for these.
I was talking about XenForo's add-ons. No, you cannot use them on "anything". However, this is getting out of context. I am fairly certain that the developers would be able to gather up a solution for this issue.
Well even as a veteran player I wouldn't trust the staff with my mobile number let alone my real email address even now with the issues in the team. I think you guys should do the same as well. I think you should never give out your phone number, espec in unofficial games like private servers
I've already suggested this to staff before and the points came before: 1. It would discourage new players from joining, as when you want to try out a PRIVATE server run by some unknown nobody (i.e not an actual company with certain standards regarding security) you don't want to provide too much information, as it can eventually be leaked (much more likely than say an actual game company). 2. Hackers that are bored enough to continually bypass the HWID and IP restrictions can most certainly just subscribe to some online phone service to get unlimited phone verifications and continue. 3. The server will have to purchase/setup a service that will confirm phone numbers, which is an additional cost that isn't really worth the return. I believe that the restrictions to common spots that hackers attempt to disrupt (i.e leeching spots) with ingame mechanics (Such as level restriction / quest restriction) would be much more effective as a stopgap.
I was thinking about RWT accounts and how to get them easily. Is there a way to implement a "tool" to check who Chaos'ed an item? With it you can actually check who is chaosing and then check further into the player. Obviously new accounts would be easier to catch and to verify if there are issues or abusing chaosing items. Other thing would be to stack APResets and make it undroppable, letting people to only trade them, so it might be difficult to people "scam trades" or even vote abuse to HP wash for future RWT purposes. Just a few ideas that came into my mind and I want to share with you guys.
