IP-based Account Locks

[sedsarq]

Polite Presentation:

 

 

 

Hi everyone, Sedsarq here. This is my first time writing on these forums, even though I've been a Tip.It visitor ever since shortly after the creation of my Runescape account, which was... ages ago... (hey, I even remember the introduction of item banking!).

 

 

 

 

 

 

 

Anyways, I came across an idea just now and was surprised actually that I didn't find any previous posts on the topic, neither here nor on the official forums. However my searching skills may not be what they should, I apologise for double posting if that should be the case.

 

 

 

 

 

 

 

Also, the reason I went through the "trouble" of creating a forum account here just to present my idea is that I'm a free player and can't post on the official forums. Therefore I would be glad if a supporter with member status would post my idea there. Thank you!

 

 

 

 

 

 

 

 

 

 

 

The Idea:

 

 

 

 

 

 

 

Well, like the subject indicates, I believe the introduction of account locks, based on your computer's IP adress, would be an improvement to the game. This means you would only have access to your Runescape account from one, or a few, select computers and greatly decrease the risk of losing your account, stuff or money to hackers and password scammers.

 

 

 

 

 

 

 

Jagex already tracks IP adresses, which you probably have noticed. When you log in they tell you which IP you last logged in from and when. So why not just add a lock function to this? The only change would be that a person sitting by a computer other than the one(s) accepted by yourself would simply be unable to log on to your account.

 

 

 

 

 

 

 

This feature could of course be optional, but honestly I don't see how it could be other than positive for everyone. I'm not suggesting an annoying and time taking security improvement like the bank PINs. Here, you wouldn't have to enter anything, except maybe that you once click a "Lock IP"-button and never have to think about being hacked again.

 

 

 

WHO'S WITH ME!? :D

 

 

 

 

 

 

 

 

 

 

 

Well?

 

 

 

 

 

 

 

Anything unclear? Did I forget anything?

 

 

 

Thank you for reading and give me your comments!

[RPGoof]

Brilliant idea. Add a list of supporters and see how many we get :D

[Evil_Sabre]

i thought you could change your ip adress simply by unplugging and plugging your computer back in...

[lauren1211]

depends on the kind of hook-up you have. i think that only works with dial-up... not with dsl or the likes.

[Brinner]

i thought you could change your ip adress simply by unplugging and plugging your computer back in...

 

 

 

 

 

 

 

yes maybe but what about some dial up users? whenever they reconnect they get a new ip address (i have dial up) and this would be just useless....they already ban people for ip addresses...

[The_Gabe]

I dont know one guy hacked my computer! took complete control of it and hacked my account with my computer's Id address could you do anything about that?

[sedsarq]

i thought you could change your ip adress simply by unplugging and plugging your computer back in...

 

 

 

 

 

 

 

I tried what you said, and it did not work. Then again, I have cable, not dial-up. Anyhow, I believe the number of dial-up users, for whom this function apparently would be pointless, is a minority (and would still have the option of not locking the IP) and the bigger part of the Runescape community would benefit from its introduction. Even if I'm wrong and dial-ups are the most common way of connecting, it's still an improvement to the others...

 

 

 

Right?

[The_Gabe]

I dont know one guy hacked my computer! took complete control of it and hacked my account with my computer's Id address could you do anything about that?

[sedsarq]

I dont know one guy hacked my computer! took complete control of it and hacked my account with my computer's Id address could you do anything about that?

 

 

 

 

 

 

 

I'm not sure if I understand, but... use a firewall?

[starsteller]

Scan your computer. Get a firewall.

[dahlwinnie]

I think it's a briljant idea

 

 

 

my sons account got hacked by a "friend" from school

 

 

 

and even tho we had the ip after we could re-log in,

 

 

 

changed the pw and all, and traced it

 

 

 

Jetix said there was nothing they could do about it.

 

 

 

So I had a talk with the boy about computer ethic and

 

 

 

that is not something you do to a friend. And my son learned a wise lesson about protecting your pw.

 

 

 

 

 

 

 

No harm done all he lost was picsels and game-time, but it did break

 

 

 

his heart and the fact that that boy got away with it still irritates me

 

 

 

Greatly

 

 

 

 

 

 

 

so IP locks (if you click that option) great idea

[Toxicologist]

I hope you realise that most people now have Dynamic IPs which changes regularly. This is also the reason why IP Bans do not work, because the banned person could either evade the ban in a few hours or they could manually change their IP.

[dahlwinnie]

I hope you realise that most people now have Dynamic IPs which changes regularly. This is also the reason why IP Bans do not work, because the banned person could either evade the ban in a few hours or they could manually change their IP.

 

 

 

 

 

 

and since I worked at an isp I know most people have

 

 

 

no clue how that works. and the trace I did

 

 

 

brought me all the way to his street, still for the reason you

 

 

 

stated (because of dail-up and dynamic IP) Jetix cannot

 

 

 

bann an adress.

 

 

 

 

 

 

 

I do get that, and suport the view they have on it, sharing a conection with several users.. if you bann one the others would be "paying" for one persons bad behavior. And I don't think that's a good idea. But....

 

 

 

 

 

 

 

That way you would know he wouldn't ever do that again :)

 

 

 

 

 

 

 

Also you can re-route to change ip's and and

 

 

 

a lot of nasty things. Fact is if you want to abuse the system

 

 

 

you'll find a way

 

 

 

 

 

 

 

unfortunatly

[sedsarq]

I think I've been unclear somewhere, or maybe I'm just tired and don't understand you guys :)

 

 

 

What I meant was not IP Blocking, just locking. You select one, or preferably a few, IP adresses (computers) to have unique access to your account. I do NOT wish to block unfamiliar IP adresses who log in to your account.

 

 

 

This way, you have nothing to gain as a hacker. Changing your IP in one way or another still doesn't grant you access to a victim's account, unless the hacker's new IP is one accepted by the victim (which I don't think happens unless it's the same computer..). So basically, what you do is that you reduce the amount of possible hackers to the people closest to you. I think most people have better friends than to hack your account. Just don't tell them your password ;)

 

 

 

Although I do see a problem now for people whose IP changes automatically every time they log on. Losing their locked IP would obviously mean losing their account. My personal solution (in case I get a computer breakdown or in other ways unable to use my ordinary computer and IP adress) would simply be to have several accepted adresses. If one goes disfunctional I can still log on from somewhere else, and in-game I could add and delete accepted IPs from a list as I wish.

 

 

 

But I suppose there should be some kind of recovery system, as there is with everything else in RS security. Or, for the automatic IP-changers, maybe there are programs out there to keep your IP static?

[sedsarq]

Feels like I'm the only one writing in my own thread right now, but who cares :)

 

 

 

 

 

 

 

I was just thinking, even though I feel it's off-topic so please don't make a big deal out of it, about the banning. Why would they ban IP adresses to begin with, and not just the accounts? Shouldn't the ban evasion issue be solved simply by making the account, not IP, unavailable for a few hours?

[dahlwinnie]

I looks like a great idea for what you just stated but

 

 

 

what if your isp have this brilliant idea to rearrange all the ip addresses (they do that from time to time, god knows why)

 

 

 

 

 

 

 

Any way you'll try to log on but it won't work, no way of knowing what your new ip will be so chances are you blocked it, you can't log on any more. Also you can't change the setting because... well the ip address is blocked, most providers here will give you an "fixed" ip address, but chances are it will be changed without you knowing it.

 

 

 

 

 

 

 

So altho I really really like the idea, for those reasons it will be hard to implement

 

 

 

 

 

 

 

Maybe set a password to change the setting?

 

 

 

But then you already log on with a password.......

[Brinner]

I think it's a briljant idea

 

 

 

my sons account got hacked by a "friend" from school

 

 

 

and even tho we had the ip after we could re-log in,

 

 

 

changed the pw and all, and traced it

 

 

 

Jetix said there was nothing they could do about it.

 

 

 

So I had a talk with the boy about computer ethic and

 

 

 

that is not something you do to a friend. And my son learned a wise lesson about protecting your pw.

 

 

 

 

 

 

 

No harm done all he lost was picsels and game-time, but it did break

 

 

 

his heart and the fact that that boy got away with it still irritates me

 

 

 

Greatly

 

 

 

 

 

 

 

so IP locks (if you click that option) great idea

 

 

 

 

 

 

 

are you sure you even a dad? i mean it your typing as bad as a 10 year old.... and its jagex not jetix....

[Kill_Thomas9]

well it sounds like a great idea. The only problem would come in where someone hacks your account before you set IP lock, and locks you out.

[Hitman247m]

i thought you could change your ip adress simply by unplugging and plugging your computer back in...

 

 

 

 

 

 

 

That only works with dial-up, most high speed connnections have dynamic IPs, determinded by your provider :lol:

[ThurinEthir]

 

I think it's a briljant idea

 

 

 

my sons account got hacked by a "friend" from school

 

 

 

and even tho we had the ip after we could re-log in,

 

 

 

changed the pw and all, and traced it

 

 

 

Jetix said there was nothing they could do about it.

 

 

 

So I had a talk with the boy about computer ethic and

 

 

 

that is not something you do to a friend. And my son learned a wise lesson about protecting your pw.

 

 

 

 

 

 

 

No harm done all he lost was picsels and game-time, but it did break

 

 

 

his heart and the fact that that boy got away with it still irritates me

 

 

 

Greatly

 

 

 

 

 

 

 

so IP locks (if you click that option) great idea

 

 

 

 

 

 

 

are you sure you even a dad? i mean it your typing as bad as a 10 year old.... and its jagex not jetix....

 

 

 

I have a rather inappropriate response to that.

 

 

 

Anyways, I believe he said you could select whether or not you want to do this. Yes, dial-up users wouldn't be able to use it, but at least people who use the same IP every time can.

[sedsarq]

OK, so the problems are starting to stack. Let's organise!

 

 

 

 

 

 

 

 

 

 

 

Problems:

 

 

 

 

 

 

 

1. An already hacked account could let the hacker lock the real account owner out.

 

 

 

 

 

 

 

2. Peoples' IPs change, due to

 

 

 

*Dial-up connection

 

 

 

*The Internet Service Providers

 

 

 

*Dynamic IPs.

 

 

 

*The users' own actions (re-plugging, re-routing, software stuff, whatever)

 

 

 

This poses the same problem as in (1), locking the user out.

 

 

 

 

 

 

 

 

 

 

 

Solutions

 

 

 

 

 

 

 

1. I'm thinking that we could have a test period, 1-2 weeks perhaps, to set the accepted IPs. During this period it will work as before: if you have the password, you have the account. There would be a list where you could either type in manually the IPs to which you grant access, or you could simply press a button: "Add Current IP". Of course, you would also be able to remove IPs from this list.

 

 

 

Now, in order to "pass the test" and limit the account access to only these IPs, each IP on the list has to accept the others. There could be two checkboxes next to each IP, "Accept" and "Decline". So what you would need to do is log on from a trusted computer, add either only your current IP to the accepted ones or several by manually typing them in, then log on from a different trusted computer and add that IP if you didn't do so already. From this second you would also have to accept the first computer's IP by clicking the "Accept" button. Now back to the first computer and accept the second one's IP. It wouldn't be as complicated as it might sound.

 

 

 

Should you now notice an IP on the list you didn't add yourself, thus an IP provided by a hacker, you press the "Decline" button.

 

 

 

In these cases where there would be a conflict, you simply deny the account IP locked access and you are only qualified to try for another test period once you have changed your password.

 

 

 

Should you choose not to enter an IP to the list, or if the Accept/Decline-boxes have not been filled in from all involved computers, it would mean that you do not wish to use the feature. However, you would be able to at any time start a new test period.

 

 

 

You should also be able to quit the feature at any time, returning to the current system, in the case that you're moving or getting a new computer or whatever the case may be.

 

 

 

The system would require you to have at least two trusted IPs, but I believe that's solely a good thing. Should you however lose access to all your trusted IPs, there could be a recovery system where you e-mail or by some runescape.com-based contact system ask Jagex for a new test period. This would be granted only if your account has been inactive for a set time, maybe a month or so.

 

 

 

 

 

 

 

2. This is a bigger issue. Now I don't know a lot about these things, but I know that you can detect location from IP adresses. Shouldn't you then be able to lock your account not to an IP, but to a region? Like my character, Sedsarq, would only be accessible from Sweden or preferably only from Stockholm. This system, in case IP-adressing works this way, would be safer seeing that you would have less chance of getting locked out. Then again, should you have a hacker in your area you wouldn't notice much difference than from how it is now. Still an improvement, though.

 

 

 

 

 

 

 

Please keep finding problems and alternate solutions! I really wish to make this viable, and if you dislike getting hacked then so should you!

[RPGoof]

Who cares if your IP changes? Just don't use this feature.

 

 

 

 

 

 

 

 

 

 

 

Many problems may rise, though:

 

 

 

 

 

 

 

1) How would you set this lock? A password locked interface like the recovery questions?

 

 

 

2) You would need a password to get there, most likely. Once you do so and type in your IP and set it locked, how would you delete it? Just get the password?

 

 

 

3) If it's programmed that you can only delete the IP from the IP you wish to be deleted, how can you delete it if you cannot access the IP? Your account would be locked to a certain IP that you can't use, and you can only use the account from that dead IP.

 

 

 

4) Since 3 may be the case, a hacker can easily get someone's IP by simply getting their password. They could then delete the IP. That would then defeat the entire purpose of this thing.

 

 

 

 

 

 

 

If none of those could happen, this thing would rule. you prolly can't understand half of it but yeah.

[elmo_killer6]

that could definately help to stop hackers

 

 

 

 

 

 

 

have only like 1 or 2 comps

[no_username4]

A huge issue would be newbs not reading the instructions(like they tend to) and(if they have dial up) they register and lose their accounts.

 

 

 

One alternate solution, not as good but much safer, is this.

 

 

 

Jagex discretely records your IP. In the eevent you get hacked and request your account back, Jagex could check your IP.

 

 

 

They would see if the request is coming from the original pc, and the account has recently been logged on by a foreign IP.

 

 

 

I had my account hacked(my fault 100%) and I would have quit runescape if I didn't get it back. At that point I didn't care about my items, I cared about my friends list and my stats.

 

 

 

Even if we can't stop item loss, increasing the likelihood of recovery would be nearly as great.

[unorclan]

What if you want to get on your account from another computer?? I think jagex thought of IP-accounts but then ppl would complain that they couldn't get on their account from a laptop/friends house/ ect.