Strict account games to IP/dynamic IP range

[CsThm]

Please take your time and read through this message.

Hello. I would recommend to add a feature to restrict account games to a specified IP (123.123.123.123) or specified IP range (123.123.*.*) for dynamic IPs, for more customer account safety.

Why this will be a good feature?
VAC ban and hijacked accounts. Nowadays people are trying to hijack accounts as hard as they can. I myself was hijacked some days ago even though I am extremely careful with everything (2 anti-viruses, no fake steam links, hard pw, no friends having my pw...), but this is a different story. When someone hijacks you - all you can think of is how to get your account back and to beg god that hijacker wont launch cheats and play.

That's why I came up with a solution for that what will work only in case of verified email:

You know where the "Verify Email" button is located? Anyway, when your email is verified add a new button in that place "Restrict to IP [restricted]" / "Restrict to IP [un-restricted]". When pressing that button a new window will come up and you can select:

Code:

1. Restrict to IP
2. Retrict to dynamic IP
3. Un-restrict IP

Next Cancel

3 is available only when your account is currently restricted to specified IP / dynamic IP.

Now when you press next an email is sent to you with some crazy steam code and your secret question. Also a window apears for you to enter the code and secret answer. If you type code and answer currectly and press "next" - a new window apears:

Code:

Restrict to IP:
*** *** *** *** // you have to fill in this (when pressing on it a table bar from 0 to 255 apears)
Suggested: 123.123.123.123 // current IP address

Next Cancel

or if selecting a dynamic ip:

Code:

Restrict to dynamic IP range:
*** *** - - // you have to fill in this (when pressing on it a table bar from 0 to 255 apears)
Suggested: 123.123.*.* // how your current IP starts

Next Cancel

Now when you press Next an email is sent to your verified email saying that "Your account is sucessfully restrict to specified IP. Now games can be launched only from 123.123.123.123 ip address." or if you selected dynamic ip "Your account is sucessfully restrict to specified dynamic IP range. Now games can be launched only from 123.123.*.* ip address.". Also the same message in steam pops up with a "Finish" button.

Now when your restricted IP / dynamic IP matches IP from where account is launched: games do launch the way they should.

But when IP doesnt match the restricted IP / restricted dynamic IP range: steam pomps out a message that your IP doesnt match the restricted one and that you are not allowed to launch any games (this happens just when account is launched and when trying to launch games [also don't forget to block game launchers]).

---

So community and steam developers? What do you think?

[Kailieann]

(it's restrict)

[Fuzz Bucket]

Or people could just... you know, take care of their accounts?

[CsThm]

Quote:

Originally Posted by Kailieann

(it's restrict)

thanks

Quote:

Originally Posted by Fuzz Bucket

Or people could just... you know, take care of their accounts?

Imagine this:
You have 2 anti up-to-date anti-viruses; you dont use your steam password anywhere else; you dont enter fake-steam-community links; you dont give your pw to your friends. And one day while chating around:
Sudenly a message in steam apears saying:

Code:

Someone else has entered your steam account
               [OK]

And when you press OK it logs you out of steam. So what will you think?.. Trust me... That adrenaline of "Omg, I put so much money in this games and now I am hijacked..." and that "Email verification... Please faster... Send me that ****ing change password code..." and that "Just please dont launch cheats and CS... Please dont..." will drive you nuts...
Like I said: 2 anti-viruses what are up-to-date (what do detect trojans and keyloggers); pw is used only for steam account pw; no fake-community-links; no friends have it.
Actions must be taken, and fast.

[Fuzz Bucket]

Quote:

Originally Posted by CsThm

thanks





Imagine this:
You have 2 anti up-to-date anti-viruses; you dont use your steam password anywhere else; you dont enter fake-steam-community links; you dont give your pw to your friends. And one day while chating around:
Sudenly a message in steam apears saying:

Code:

Someone else has entered your steam account
               [OK]

And when you press OK it logs you out of steam. So what will you think?.. Trust me... That adrenaline of "Omg, I put so much money in this games and now I am hijacked..." and that "Email verification... Please faster... Send me that ****ing change password code..." and that "Just please dont launch cheats and CS... Please dont..." will drive you nuts...
Like I said: 2 anti-viruses what are up-to-date (what do detect trojans and keyloggers); pw is used only for steam account pw; no fake-community-links; no friends have it.
Actions must be taken, and fast.

I've had my Steam account for almost four years now, yet I have never had a single problem with losing control over it.
In fact, I don't think I've ever lost control over any of my accounts.

[CsThm]

Well, I have it for 3 years. And this is the first time when I lost control over it. I had many "ow, this is valve, we need your account name and account pw" messages and many "free games at steam!!! http://steampowered.***.** " links, but I never gave my info to those messages and never clicked on those links.

For example who you would more prefer looking at you:
Some crazy hot super-start, or some random average person from the street? I'm not saying anything, but in CS I got my nick-name really high (sry if I wont tell you more details). I just hope you got the point - when people want - they will hack you even if it will be extremely hard work (they know that it is possible [nothing is perfect] and that's enough for them).

2 working up-to-date antiviruses. No friends have my password. I dont use my steam password anywhere else except my steam account password. So how on earth would you explain that? I was hacked and it wasn't my fault. I don't know did my anti-virses not detect some brand new unkown trojan, or is it a leak from steam data base. The point is that I am extremely careful with this, and I am not the first person who has this issue. Thank god for email verification and that we have cd-keys and our pay-pal numbers. But still, hijacker can get us vac banned cause of this. And I dont want to spend my $ on a game that I already own, cause I dont want some hijacker to remove ability of me properly using bought games by getting my account for example VAC banned.

[Fuzz Bucket]

Quote:

Originally Posted by CsThm

Well, I have it for 3 years. And this is the first time when I lost control over it. I had many "ow, this is valve, we need your account name and account pw" messages and many "free games at steam!!! http://steampowered.***.** " links, but I never gave my info to those messages and never clicked on those links. 2 working up-to-date antiviruses. No friends have my password. I dont use my steam password anywhere else except my steam account password. So how on earth would you explain that? I was hacked and it wasn't my fault. I don't know did my anti-virses not detect some brand new unkown trojan, or is it a leak from steam data base. The point is that I am extremely careful with this, and I am not the first person who has this issue. Thank god for email verification and that we have cd-keys and our pay-pal numbers. But still, hijacker can get us vac banned cause of this. And I dont want to spend my $ on a game that I already own, cause I dont want some hijacker to remove ability of me properly using bought games by getting my account for example VAC banned.

Your account was not "hacked," it was just hijacked. Your lack of security with regards to your system and/or your account does not immediately constitute "hacking" when you lose control of your account.

[CsThm]

I am as secure as I can possibly be (with exception of disabeling internet what is not a solution).

Btw I edited last post.

Also here I am not trying to discuss about "you are hijacked - you could prevent it by this and that" - like I said I done everything what is in power. Anyway, I am discussing about "if when you get hijacked", how to prevent your account from getting vac banned, by making it harder for hijacker to get you banned, so later you wont think: "**** steam and this - I paid money and I still got banned for nothing, so now I have to buy steam again... nah... non-steam is better - if someone managed to get me banned once - they will manage to make it again".

I am not supporting nonsteam. I hate nonsteam myself (if all 1.6 nonsteamers and all css nonsteamers would bought a legal version - I would finally prove that 1.6 is more popular). But back to topic: if I will get vac banned cause of some hijaker - I will use nonsteam or wont ever have anything in commen with valve and their products, cause I will think: "steam didn't gave me enough security (when they could) for my bought product, so I shouldn't waist anymore money on it". And I bet everyone of you would think the same way.

I hope you do understand what I am trying to say. If not will say it again: "I bought a product on steam. And steam should provide as much security on it as they can. Else they have a huge chance to loose their customer. And cause there is much people who trying to hijack accounts this days - I do think that they should seriosly look on this issue".

[thejuice027]

Something similar?

http://forums.steampowered.com/forum....php?t=1009040

Yours is more in depth

[CsThm]

Quote:

Originally Posted by thejuice027

Something similar?

http://forums.steampowered.com/forum....php?t=1009040

Yours is more in depth

Yes, like I said - hijacking nowadays went to a differnt level. If you have a steam account - you must have experienced a hijack attempt (will it be a message claming that valve needs your pw, or will it be a fake community link, or trojan, or keylogger...). You had to have some of this. The bad thing is that when hacker gets in and see "verified email" he can spend some time, to **** up a day for you by getting you vac banned, cuase your account is useless for him. IP verification will make things much more hard for hacker to get you banned. If you dont believe me - brows on the forums for a little bit. In every section page you will see something about hijacking and vac bans... Earlier - yes, steam shouldn't care about it cause users were buying their games again. But now people will ask themselfs: "why I need to buy it if I'll get hijacked again? - waist of money".

Steam developers, this is serious. If hackers managed to get a password what was: "yp8nf*-*etgmk*-*gl3rb*-*k3hpe*-*e2pr5" (and no - this is not a cd-key of my; this is something different what I forced in my mind [and trust me - remembering this combo isn't as easy as some word and 3 numbers after it]) while user was following all recommended safety measures and had 2 up to date anti-viruses what detect trojans and keyloggers, and what ask premission about all socket, dll and exe changes / requests / connections... What will be next? Measures must be taken.

[Instinct64]

I have had my steam account since steam was in beta and never had a problem, neither has anyone I know.

It will be very difficult already to login to your steam account if you have a good password and are not connecting using a unsecured WiFi, and then subsequently use a hack on your account.

Basically if you have some common sense the likelyhood of this happening to you is like 20000000 to 1.

I personally think the IP restrictions are a good way of adding extra security, but really its just going to cause more problems than it would solve.

(You really don't need 2 Antivirus programs, just get ESET www.eset.com)

[leveller]

I do wonder if those that lose their accounts are the same ones who befriend everyone and their dog? Or visit very dubious sites on a regular basis? Or just extremely unlucky?

Anyway, I do like the idea of added security. You can never have too much security. The more games I add to my account, therefore the more valuable it gets, the more I fear having it stolen.

My IP is 100% static, in which case if someone in India attempts to log into my account, then it should fail immediately unless I have requested an IP change by contacting Steam Support? Or manually adjusted by using a secure form with plenty of checks in place.

[CsThm]

Quote:

Originally Posted by leveller

I do wonder if those that lose their accounts are the same ones who befriend everyone and their dog? Or visit very dubious sites on a regular basis? Or just extremely unlucky?

Anyway, I do like the idea of added security. You can never have too much security. The more games I add to my account, therefore the more valuable it gets, the more I fear having it stolen.

My IP is 100% static, in which case if someone in India attempts to log into my account, then it should fail immediately unless I have requested an IP change by contacting Steam Support? Or manually adjusted by using a secure form with plenty of checks in place.

No. My point is that you can change ip or dynamic ip range from where games are allowed to be launched at your account using your email (just like chaning password or a secret question). However this feature would be useless unless you have verified email address.

[L.o.D.]

Since security features should be made mandatory, this would not work.
Not every steam user knows how to find their IP let alone set an application to a specific range of IPs.

Also, having 2 anti viruses is never good as they can conflict with each other & create problems.

[leveller]

Yes, I think we've all verified our emails now? I'm sure Steam introduced that recently?

In principle I agree with the idea, it's just a matter of how it's implemented.

---

in response to CsThm