How do you cope with multis?

[Wakish]

Multi-accounts are inavoidable.. how do you guys cope with it?
We should also keep in mind:
1) Dynamic IPs
2) Proxies

How to minimise or discourage or fight multis ?

Thanks!

[Zeggy]

Well, sometimes multis are no harm.
After all, what can multis do? They can send their other accounts resources, items, register through their own referral links.
So long as you control those properly, you can limit the harm that multis do to the game.
Put restrictions on trading, referral bonuses, etc.

1. Check for multis with only the first three parts of the IP. Maybe it won't help so much and might do more harm though, as people on a network can't play together.
2. I have no idea There are all kinds of proxies, and unless you can ban all their IPs, I dunno what you can do. There are always new proxies though.

[toto]

As well as checking IPs, try validating with cookies (sometimes, you can catch multis with a simple cookie too ), or even with a script that checks for identical passwords (before banning, though, you should check their actions incriminate them).
You should also store trades and resources which have been sent to other players, and check whether something looks suspicious. For example, set "virtual exchange rates", and check who is consistently under-selling items to one particular account.
Of course, they can also send free items in exchange for protection, but it's always good to check the multi's private messages too to check that.

[dvd871]

One of the game I run has a huge problem with multi's so what I did was to check ip addresses during signup and any matching ip's cause all accounts with the same ip addresses to be marked as disabled.  Seems harsh but it works very well.  The players creating the multi's don't contact a game admin because they can't login.  Only the legitimate players will say something.  Since we usually have a game admin that is reachable before too long, players don't have to wait very long before the real players can have accounts unlocked.  We also keep a list of accounts that are played each day and from what ip.  If any match they are flagged and disabled.  Again kind of harsh, but it keeps the multi's way down.

[Chris]

I have a different approach. There is a complex juidical system with moderators to catch potencial cheaters (basic tools to scan accounts provided) and judges to decide on punishment, plus executioners to issue minor punishments. One admin is designated to oversee the system and issue major punishments (account deletion). It works very well, since humans are more flexible than scripts, so for example I do not need to auto-ban people if they play from the same IP, moderators can check other factors as well and interrogate players if in doubt (like family members who play from the same machine). Also there is a chance to spare some cheaters and reform them to honest players (if a player plea guilty at the beginning of a trial, he can continue to play with a minor punishment only, which is a win-win situation to both me and want-to-not-be-cheater-anymore player).

Not to mention, that it saves a lot of my time since I do not need to write complicated scripts nor operate them

[Wakish]

try validating with cookies (sometimes, you can catch multis with a simple cookie too ),

Cookie thing seems a good option here 

Well, sometimes multis are no harm.
After all, what can multis do?

Personally for us "game programmers", they are not really an issue, but they do  affect and frustrate other players.. we should have a way to control multis.

[Equinox]

IP checking normally, except proxies cause the immense problem, but I always mail them and ask them to explain. If they ignore me, Ill delete all but one account (my choice which), but if they reply then I make them aware and give them the choice.

[Zeggy]

IP checking normally, except proxies cause the immense problem, but I always mail them and ask them to explain. If they ignore me, Ill delete all but one account (my choice which), but if they reply then I make them aware and give them the choice.

So you deal with them personally... very nice, I guess it givest hem a chance to explain
But it'll probably become a huge problem if you get a huge player base and lots of new players all the time.

[canibalstew]

proxies are not always bad but mostly they are as i know there is too many to block

[Equinox]

True, is the best approach until playerbase gets so large, but can hire staff to do the same and investigate on my behalf.

IP checking normally, except proxies cause the immense problem, but I always mail them and ask them to explain. If they ignore me, Ill delete all but one account (my choice which), but if they reply then I make them aware and give them the choice.

So you deal with them personally... very nice, I guess it givest hem a chance to explain
But it'll probably become a huge problem if you get a huge player base and lots of new players all the time.

[ninjainvisible]

I've found that good moderation is the key to avoiding these problems.  They respond to people accusing others by checking with tools and can then lock/message the person.  Allowing the person to say they didn't do it is key, because sometimes moderators make mistakes.

[Sakurazaki]

Well I don't have this problem yet, but on an old forum board I used to run. I usually do IP checking if something fishy is going on or if someone thinks it's a multiple account. >.> I usually pmed them (similiar to one of the statements above) and tried to get them to say why they had it. If the forum had been bigger an immediate, harsh ban of the account would have been done, but thankfully that hasn't happened.

[oblivion]

Multis can be a pain,
I created a script that made it that it would tell me if you was logging on the same as another account, And if it happens all the time, Id jail ya
If i knew it your a brother/sister then i said fair enough

So really you just wanna check the database for simler passwords aswell
E.G
say it a password was
liverpool for me..
and another account (on same ip) was Liverpoolfc
Then u know its a multi.

[raestlyn]

How about to make a game where Multis doesn't matter at all? That means no direct trading between accounts, only through auction that is easily watched over or been capped so the items can't be sold for too low prices. It works on Estiah.com pretty damn good and in the game I'm making I did consider it in every aspect of the game.

[Chris]

How about to make a game where Multis doesn't matter at all?

I just made one like that. What a relief and comfort. Almost no staff needed (only forum/chat/shoutbox moderators) also players welcomed it surprisingly well. There is no trading at all, no sending anything to other players, nothing. Only clans (but I can live with people who create multis only to increase score of their clan). Of course there are drawbacks, you can't make a game of any style this way, but still it is worth the price in my opinion.

[Aliss]

And you can try to by checking brouwser. One of my friends use mac adress to find multi accounts.

[Rimmy]

In a game though, a multi could grow big and then be attacked by a smaller multi in order to grow faster. The bigger multi will be able to recover quickly, wouldn't it?

[raestlyn]

In a game though, a multi could grow big and then be attacked by a smaller multi in order to grow faster. The bigger multi will be able to recover quickly, wouldn't it?

You can put a attack limit in the game, it will limit that kind of action easily. Say you can only attack the same person 2 times a day it won't be worth to make a multi because of that.

[codestryke]

Couple ways we deal with it.

Upon signup the host name is checked against an RBL list. If the host they are coming from is in the RBL signup is denied.

Games with an open market, PvP fighting or gambling the host is checked if they come from the same host the game blocks whatever action they are trying to perform.

Neither of these is 100% mind you. RBL's are more for spam, some RBL lists are more "itchy" then others so its REALLY easy to get on there list.

Blocking by host, if a player is determined enough they just go though a proxy.

There is a service you can get that you can query there database and it'll tell you if it's an anonymous proxy or not. One of my admin's used there free service to do some deep checking on some accounts. Problem, IMHO, with automating that type of checking is you are now dependent on another service and anonymous proxies come and go pretty quickly.

Nothing with multi's is 100%.... The bane of the web game develper....

[davidjwest]

I hadn't considered multis yet for the game I am writing, but I do remember they were a big problem in Inselkampf.

I like the idea about letting the players police the game themselves, I might use that in some form, probably easiest to code too .

 

[goodie]

I have an flags system in place.

It works rather simply, every time a user does something suspicious a flag gets raised.

For example, if they goto the registration page, with a logon cookie still set, it checks who it belongs to, and raises a flag on this account. If they go through and actually register, it raises a somewhat larger flag. If a user logs into an account, and that IP has logged into another account, another flag gets raised, if that account was logged into less than 20 minutes ago, again, a somewhat larger flag is raised.

These flags can then be looked at, those with more flags, or more 'interesting' flags, or lots of flags are looked into.

If the problem gets worse I may put in auto banning for a user with to many flags or some such. Not sure yet.

-Goodie

[jannesiera]

I have an flags system in place.

It works rather simply, every time a user does something suspicious a flag gets raised.

For example, if they goto the registration page, with a logon cookie still set, it checks who it belongs to, and raises a flag on this account. If they go through and actually register, it raises a somewhat larger flag. If a user logs into an account, and that IP has logged into another account, another flag gets raised, if that account was logged into less than 20 minutes ago, again, a somewhat larger flag is raised.

These flags can then be looked at, those with more flags, or more 'interesting' flags, or lots of flags are looked into.

If the problem gets worse I may put in auto banning for a user with to many flags or some such. Not sure yet.

-Goodie

That's intresting... Might use that .

[Tribal]

I have an flags system in place.

It works rather simply, every time a user does something suspicious a flag gets raised.

For example, if they goto the registration page, with a logon cookie still set, it checks who it belongs to, and raises a flag on this account. If they go through and actually register, it raises a somewhat larger flag. If a user logs into an account, and that IP has logged into another account, another flag gets raised, if that account was logged into less than 20 minutes ago, again, a somewhat larger flag is raised.

These flags can then be looked at, those with more flags, or more 'interesting' flags, or lots of flags are looked into.

If the problem gets worse I may put in auto banning for a user with to many flags or some such. Not sure yet.

-Goodie

That defiantly sounds good. What is stored in the login cookie?

[TheMightyBahamut]

on the game hubby and i run we check IPs, and also email and passwords.
if there are any accounts with same IP,or similar email/passwords, players are given a chance to explain.
in some cases it is the players wife/husband/son etc. in these instances, all accounts are allowed to play, PROVIDED there is no interaction between them. this includes unusual ammount of attacks/robbing. We used to have something that prevented any attacks/robbing on accounts from the same IP, but our coder went MIA, and hubby cant code, so now its all overseen in the DB.

i think it depends on what game you have and whether multis will benefit the person in any way. If it is a game where items/currency can be sent then you have to be very strict on account interaction. if there is no benefit to be gained from a multi, then you can be more relaxed about it.

[goodie]

I have an flags system in place.

It works rather simply, every time a user does something suspicious a flag gets raised.

For example, if they goto the registration page, with a logon cookie still set, it checks who it belongs to, and raises a flag on this account. If they go through and actually register, it raises a somewhat larger flag. If a user logs into an account, and that IP has logged into another account, another flag gets raised, if that account was logged into less than 20 minutes ago, again, a somewhat larger flag is raised.

These flags can then be looked at, those with more flags, or more 'interesting' flags, or lots of flags are looked into.

If the problem gets worse I may put in auto banning for a user with to many flags or some such. Not sure yet.

-Goodie

That defiantly sounds good. What is stored in the login cookie?

A 256 long string made up of random chars and md5's of peices of information (user agent, logon time ect).

Having the user agent in the cookie makes for a easy check, first thing the logon script does is check if the user agent is the same, if not they get kicked out, and another flag raised.

I was going to have the cookie change each page load but this introduced errors if players loaded several pages at once. Half of the pages got logged out. :<

-Goodie