User bypassing Bans

Hi,

So we got a user that we definetely don’t want on our teamspeak so we banned him. Currently our Teamspeak Bot removes the IP Bans because IP bans are not necissary in our opinion, because users can just change their ip.
I have heard at some point that teamspeak bans the hardwareid aswell but it does not seem like this because the banned user can just create a new identity and join again.
Now here is my question: Is the HardwareID ban saved in the ip ban? Or is there another reason that he can rejoin all the time? Or do you have other hepfull things about it?

Have a nice day
Mattzi

1 Like

TeamSpeak (automatically) bans the clients IP address und identity - nothing else.

Since the client can easily create a new identity or change his IP address bans are not effective if somebody knows how to prevent them.

One way to get rid of the client is to do an IP range ban.
(usually clients get 1-3 similar IP addresses by their ISP)

Well, then Teamspeak should definitely add something to prevent users from just rejoining because IP Range bans not just ban that specific user but all users that get those ips.

Well any ban method can be evaded to be honest.
To ban an IP range could ban other clients, too that’s right but the chance this happens is really low.

The reassignment of this banned IP address by the ISP to a different client which want’s to connect to your TeamSpeak server as well is really low.

That’s the only “reliable” solution right now.

You can ban their myTeamSpeak ID, that way another IP or VPN doesn’t help. But they can connect without sending their myTS ID! To prevent that you can force clients to send their myTS ID to your server which means everyone using your server needs a TeamSpeak account.

Well this user is clever enough to use things like vpns to even bypass a ip range ban but I don’t think he would get why he cant join if his hwid is banned.

This topic has already been discussed here:

Maybe you should continue the discussion there.

1 Like

Thats a possible solution but we already have thought about that aswell but many of our users don’t use myteamspeak and we don’t think thats the ideal solution then.

1 Like

At this point you should think about a different way.

A guest on your server who has permissions to annoy other clients may should not have this permissions.

You should really think about changing your permissions in this case.

2 Likes

Well he cant annoy all users but we allow unverificated users to join to talk channels because to verify you have to create a forums account.

1 Like

Unfortunately there’s no reliable (single) way how to get rid of such people.

A combination of the mentioned methods is all you can do. :roll_eyes:

1 Like

You could increase the needed security level. Temporarily at least, until the user gives up.

4 Likes

This is the answer, ontop of that you could create a timed system (PHP + Cron, or whatever you prefer) where new users cannot move from the lobby immediately until they’ve been connected for 2-5 mins unless someone drags them. If they wait the 5 mins they get allocated a server group that allows them to proceed.

Wasting the person’s time is the best bet as they usually end up giving up because in reality they’re wasting more of their own time than yours.

1 Like

Yes, TS did, and likely still does, ban on 4 things (UID, IP, MyTS & a hardware hash) when you ban a user, but all but the myTS are super easy to work around. And myTS is also not too hard. Best is higher security level, yes, this can impact your trusted users one time, but explain it to them it is to deter the trolls and most will be OK with it as long as you don’t set it to 40 or something so high it takes months to reach.

I will add that it would not be a bad idea to force having a [my]TS account, but I would put a notice on the server about that change in advance to give user time to create one if they to not have one already. Or, mention you are considering and discuss with them the pros/cons as they see it. One big pro is how integrated the new TS client is with the [my]TS account for global messaging and such.

1 Like

Since 3.0.7 it does add the hash to the database, that’s right.

What I meant was you can’t get the clients hardware hash and ban this manually, of course you can’t.

He complained about the banned client would still be able to join the server all the time.
That means he already knows how to bypass the hardware hash.

Mattzimann is forced to use the given methods and the best way is to use a combination of all these.

And yes something I didn’t mention to increase the security level.
This would affect each client and would ban the client only as long as he passes the security level generation again.
(not really effective in my mind)

At the end the only reliable solution is to change the client’s default permissions.
I know it’s a mess for public servers but any other method can be “easily” bypassed.

1 Like

Use Sinusbot and add this script to it: https://forum.sinusbot.com/resources/antiproxy-block-proxies-vpns-say-goodbye-to-ban-evading.265/

That should eliminate 90% of your problems… this script has a huge database on a remote server of almost every vpn exisiting and checks on your server if a user is joining with a ip from a vpn… you can then choose what the bot needs to do(ban,kick) instantly.

1 Like

If thats the case. Is he able to rejoin because we remove the ip ban or is he able to bypass the hardware hash ban

1 Like

If you gonna ban a user in your TeamSpeak client the server will add 2 bans to it’s database.
(3 if you select to ban his myTS ID, too)

All bans will also contain the client’s hardware hash.

You can find this hash in the server database, if you have access to it, right in the column “ban_hash”.
(never edit the database if the server is running)

If you remove the IP ban only for example this hardware ban still exists in the client’s identity ban and/or myTS ban.

Removing all will delete his hardware ban, too.

1 Like

I think @FakE is right, been years since I looked at how that part worked. But, as I stated the hardware hash is super easy to change, any script kiddie can do it.

1 Like

I said it before and will repeat it here.
There is no perfect ban system and there will not be any.
User will always find a way to avoid a ban. That’s a fact.

You have following options to solve that problem:

  • Use a high security level on your voice server
  • Put a password on your server and give it to the people.
  • Put a password on your server and assign the permission to ignore it to your member groups. But don’t tell anyone else the password.
  • Remove the possibility for Guests to move out from default channel, to write in there etc. and to subscribe any channel
  • Add a myTS ID ban and put in the word empty. From now on your users must use a valid myTS Id to join the server.
5 Likes
twitch instagram twitter facebook