3

因此,我遇到了一个问题,即人们制作多个帐户以使帐户更好,并在游戏中拥有更多资源。

所以我的困境是,许多用户通过代理或 NATd 信息,所以如果我每个 ip 只有 1 个用户,一些合法用户将被禁止。

有没有办法(使用 Javascript 和 PHP)获取特定于计算机的 uniq 标识符(没有硬件更改,计算机硬件更改可能会更改标识符)。

任何想法或评论都会很受欢迎

(以下内容来自保罗的回应,但因不​​合适而被另一人删除。)

我不能对客户端进行太多更改,因为它是基于浏览器的游戏,因此可以获取 hwid。但是如何使用 JS 或 PHP。

添加计时器和限制以防止传输已经到位,但不会完全阻止它们,可以选择通过电子邮件发送 IP 异常。但这是缓慢而乏味的。我想知道是否有一个明确的方法可以为特定计算机(不基于 ip)生成特定的 id 或标识符,这将使多个帐户无法从同一台计算机登录,但可以从同一个 ip 登录

4

5 回答 5

1

As we are talking about a different account, probably on a different IP and client, you cannot easily find out clone accounts.

You can go for two more heuristic and gameplay options

  1. As suggested before (by @dqhendricks), divide your resources and implement your sharing etc in such a way that you can't easily help your other account with every new account. Make finding other accounts in the beginning hard/impossible, make shareable resources a higher level feature etc. Downside is that this changes the gameplay, it doesn't have to be desireable.
  2. You can perform heuristics on behaviour. There can be specific behaviour that is unwanted: only interaction with 1 other account etc. You could tweak some of the variables etc, but you could easily see suspicious behaviour. Make some sort of 'balance' calculation. Most ingame interactions have some sort of balance. Ofcourse, better players may have a good deal because they know more, or the other way around: they make a bad deal to help smaller players. But when one player only gives and never takes, it's "helping" without acutally playing itself: that might mean it's a clone

Everything with ip-adresses or client-information ($_SERVER) etc is worthless in this case as far as I'm concerned..

于 2011-05-22T07:31:30.660 回答
0

Preventing spoofed/duplicate accounts (while ensuring all legitimate accounts work) is a very difficult task -- for reasons laid out by others. In addition to trying to guard against concurrent multiple accounts, one must guard against non-concurrent multiple account usage.

The core issue isn't so much in determining where an account connected from, but being able to trust that a user only has one account -- and to this end the only "real" solution is to use a system which already provides this sort of information, such as a credit card or paypal account ;-) That is, simply prevent someone from creating a new account (although an account can have multiple aliases/profiles, but these can be trivially tracked) unless they can prove "uniqueness".

(Also consider that two people may have two different accounts on the same machine.)

Happy coding.

于 2011-05-22T07:30:02.457 回答
0

您可以防止在同一帐户(用户名/密码)上多次登录。

如果问题是他们使用许多不同的电子邮件地址等创建了多个帐户......以及新的用户名和密码,那么您可能可以使用 Cookie 来做到这一点,例如使用唯一的硬件 ID,然后您只需检查不超过基于此 hwid,一个帐户在任何时候都处于活动状态。如果硬件发生变化,则无关紧要,因为它是相对的。

澄清第一次登录的硬件 ID 是否为 1234,然后第二次登录生成相同的 hwid。如果您检查相同 hwid 的 cookie 或数据库(无论您将其存储在何处),那么您就知道它已经登录了。

如果硬件发生变化也没关系,因为它们仍然会生成相同的 hwid。

如果他们使用两台计算机,尽管硬件 ID 会有所不同,但这会起作用。

于 2011-05-22T04:17:57.850 回答
0

{可共享资源} = {总资源} - MAX(({起始资源} - {花费资源}), 0)

只使非起始资源可共享,或者使共享资源成为您直到 x 级才能获得的能力。

于 2011-05-22T04:56:28.627 回答
-1

我也运行一个在线游戏服务器。为了防止您的困境,要么修改游戏客户端以读取 MAC 地址,并且每台计算机只允许 1 个帐户。或者记录 ip,只允许将资源分配给该 ip 两次。第三个选项:不允许从同一个IP地址转移材料第四个选项:在转移资源时添加一个计时器,让他们等待10分钟的游戏时间,然后他们才能做任何事情,比如摆脱物品让别人得到

于 2011-05-22T04:18:29.537 回答