PDA

View Full Version : IP address visibility discussion


Violet CLM
Mar 15, 2026, 01:44 PM
I'm diverting this from another thread where tempers were running a bit high. There's a concern that a careless server host (or remote admin) might leak someone else's IP unintentionally, rather than only maliciously.

I did some cursory research into other multiplayer games where people host their own servers instead of using the publisher's server. From what I can tell--and I don't play any of these games, so forgive me if I make a mistake here--Minecraft doesn't show client IPs by default, but does save them in a log file, and some plugins may add equivalents to the /IP command. Counter-Strike: Global Offensive shows all IPs by default in a console, but this may be disabled using the cl_hideserverip setting, similar to JJ2+'s /streaming (https://docs.jj2.plus/#:~:text=streaming%20%3Con|off%3E). Several other games allow kicking and banning by IP, but it's not clear to me how you're supposed to find the IP in the first place. Because a lot of games are run through Steam or PSN or whatever, they often have built-in (bannable) unique identifiers for players besides IP addresses, so in those cases it's not useful information to have.

A couple of the poll options are mutually exclusive, but everyone do your best~!

Violet CLM
Mar 19, 2026, 12:47 PM
It looks like there's a lot of disagreement right now, does anyone want to defend their position in words and try to convince anyone else?

AGENT CLANK
Mar 19, 2026, 01:28 PM
Hello! I'd like to share some thoughts! I pretty much understand the concern, that the IP leak can compromise the players! After all it happened during the NT! Which was long ago, but it was the only NT in which I participated. Anyway... As a host, it feels pretty handy to see IPs. It's more convenient in case of adding IPs by the command into admin (/addadminip) This command would be kinda useless if you wouldn't be able to see the IP right away. There's the argument that you can use iplog. For me that is pretty annoying - for some reason it feels like the Jazz Jackrabbit 2 just decides almost randomly to which IP log it is gonna write. It can be iplog001, iplog002, etc. Being able to see the IP right away is much more handy. For the admin thing, it may be more handy to have somekind of command which ... makes a targeted player an Admin right away. (Similiar to how Minecraft has a /op command) But still ... in the old days, I was checking IPs to see if there are some ... bad players who may compromise the server. For me personally the IPs are handy to see. But I have also opposite concern. I don't like that the player list has a Host IP shown. It may serve a similiar threat. You are on a server, take a screenshot of the playerlist, and there is the host IP visible. You may send it to some public server ... and someone uses that IP to DDOS the server. In case of host, it would be probably good to hide the IPs into a command. Like it is for clients. But it would be cool if there is a command to add admins by the other way than a IP. I still think it is important to see the IPs, but it's true that they do not need to be shown all the time. Or there could be some shortcut - hotkey, which makes the IPs visible, which may make it harder to screenshot the IPs by accident. (Something like [Tab] which shows playerlist but other key.) Shared my thoughts... thanks! Have a nice day!

Violet CLM
Apr 3, 2026, 09:54 AM
For 6.6c (https://docs.jj2.plus/#lc040326), I've made the following two changes:

The /kick and /ban commands no longer show the IP address of the kicked/banned player to remote admins who aren't allowed to use the /ip command.
This one was clear, everyone agreed this made sense.

Split the old /streaming option into new /showpasswordsandips and /modulemusiconly options, both disabled by default. As a result, unlike before, all passwords and IP addresses are now hidden/censored inside the game window. You must opt in to seeing them, by enabling this setting after opening the game.
There wasn't a consensus here, but "The visual effects of /streaming should be enabled by default" seemed like it covered all the IP visibility concerns, so now you have to opt in to seeing client IPs as the server (what was being discussed in the poll) and to seeing the server IP as a client (Clank's concern, although obviously server IPs are public information no matter what you choose), as well as all the chat stuff that was also getting hidden by /streaming.

In fact, let's go into detail, since apparently not everyone knew about /streaming to begin with.

These are now hidden by default, unless you enable /showpasswordsandips. (Previously they were shown by default unless you disabled /streaming.)
Client and server IPs in the player list
All IPs received through chat, particularly the /ip and /kick and /ban commands, except for links
The /getadminpass command
Passwords in the /login, /password, and /setadminpass commands
Passwords while joining or configuring a server in the main menu system
Admin chat

The option name "Show Passwords and IPs" feels awfully wordy (and doesn't even cover admin chat!) but I couldn't come up with anything better that would still be clear. There's the "Personally Identifiable Information" acronym, PII, but I doubt it's widely known.

Meanwhile, mp3 and ogg files are still loaded by default, unless you enable /modulemusiconly. (Previously they were loaded unless you disabled /streaming.)

Superjazz
Apr 3, 2026, 10:54 AM
[url=https://docs.jj2.plus/#lc040326]
The option name "Show Passwords and IPs" feels awfully wordy (and doesn't even cover admin chat!) but I couldn't come up with anything better that would still be clear. There's the "Personally Identifiable Information" acronym, PII, but I doubt it's widely known.


I think in this case it is only good that it is wordy, since the aim was to make it as difficult as possible for clients and servers to accidentally display ANY IPs to the world via various medias. I think it works splendidly here. (y)

EDIT: Oh right, this was about the menu option, not the command itself. But either way I suppose it is good that they're named similarly in order to stay consistent.

FabiAN[NC]
Jul 10, 2026, 04:19 PM
hi all
.
I would like to talk here about the /ip command
.
i know.. its importand for Admins to see the True identity of a jazz2 player..
but, you all also should know..
its very and very bad, for people who like role playing.. or have a second char...
i mean, always play with the same (name identity), and same (fur colors)
it can become boring, after so many years..
so i often make me some fun names, with other characters, to play, like a role play
.
but i also have to say: i would never use the name of a currently existing jazz2 player
.
i mean, i like to play with different chars (sometimes.. yes..)
hmm..
.
but this /ip command, its a bit painfull, they can identity such people in few seconds..
.
i know.. its importand for some servers
for example: Zeal Multiplayer ||1
i remember me it use the /ip command, to identity all of the <active players>
to later send a report to a website, for the statistic
if you ask me how i think about this?
i love this idea!! a lot!!
.
but anyway, what i want to say, would it be not better, if the <get ip adress of player. xy >
would be in angelscript?, then people can make there own use of it.
.
also this /ip command, could be rebuilded in a mutator in few mins..
so if the ip command would get removed, and it would be a part of angel script
i would preffer this.
then people who want to use the /ip command, also could build a own mutator for it,
i also think
it would be good if a player login as admin,
and a specific mutator is running, and this player then have the privilege to see the ip adresses in the f9 list, would be awesome, to have such a mutator
=
but the thing is, its sadly angelscript dont support, to <get ip adress of player 1-31>
but i would like that.
.
hmm.. i think this /ip command, should not exists,
it would be better if it would be a part of angel script
so that people can make there own use of it, and build a mutator
.
if this /ip command would not exists anymore,
but there would be people who want to use exacly that.
then they also could build a own mutator, to use exacly this /ip command with this way again!
~ but i would like it more, if people can make there own use of it.
.
maybe there are also people that would like to build a mutator
to save all names+ fur+ip adresses to a .asdat file
but again! angel script dont support to read out a ip adress from a player
i think it would be better if the ip thing becomes to a part of angelscript
instead of this /ip command
,
.
it would be better, if this /ip command would be Removed.
and i wish it me so much!! that it would become to a part of angel script!!
.
i would love it, to build a mutator that is able to show the IP adress from a jazz2 player
i also think, it would be better if it would be accessable via mutator,
so that people can build there own mutator, and make there own use of it!

froducish
Jul 11, 2026, 12:43 PM
;496199']...
As much as I'd also like to get IPs through AngelScript, I don't think it can be implemented in a sensible manner that would avoid leaking (why this thread was created in the first place). Suppose it was implemented using any of the below:

Make a locked down class like jjIPADDR to avoid potentially broadcasting a 4-byte integer representation. This class only lets you save the address to a file. A careless script can still open it through jjSTREAM and broadcast it.
Or what if you need something like a UID and don't care about the exact IP?

Hash the IP address. JJ2 only supports IPv4, and 4 bytes isn't a lot, so this can be easily bruteforced once the hash algorithm is known. Useless solution.
Encrypt the IP address using the server's secret key. Remote admins that need this ID must request the server for it. A careless server host might leak the secret key if the key is saved as a file.


Maybe the plus team knows something I don't, but I can't think of a good solution.

Violet CLM
Jul 11, 2026, 01:42 PM
Maybe the plus team knows something I don't, but I can't think of a good solution.
I know one thing you (probably) don't: jjSTREAM isn't allowed to open files with certain filenames, for example a script can't open admin.ini and leak the passwords. In theory, then, this hypothetical jjIPADDR could save files with predictable filenames that jjSTREAM could not open. But I'm pretty sure that if your script saves IP addresses to the disk, you want your script to be able to read those same IP addresses again? It's just broadcasting them to clients that's bad, and yes. unblockable.

Instead, let's ask "What problem are we trying to solve?"

Fabian offers two use cases, from what I can tell.

but this /ip command, its a bit painfull, they can identity [roleplayers] in few seconds..
Here's where we get into "host your own server" territory. Any server that offers the /ip command to (some or all of) its remote admins does so (one hopes) deliberately, and by joining that server, you are agreeing to let them see your IP address. If you want a roleplay server where everyone is really anonymous (except to the server, that's just how the internet works), you really need to host (or otherwise find) a server that doesn't allow /ip.

use the /ip command, to identity all of the <active players>
to later send a report to a website, for the statistic
I assume "identify" means "count" here, and Fabian wants to count how many different IP addresses are joining a given server over a given period of time, and using the number of IP addresses as a proxy for the number of distinct human beings. You don't need IP addresses for this, just UIDs! The client checks for a mymutator-uid.asdat file, and if they don't have one already, the server generates a new unused number for them and sends it to the client, who saves it as mymutator-uid.asdat.

Obviously it's possible to game this system, like a client could delete their uid file if they wanted to inflate the numbers. But a) clients can change their IP addresses too and b) why would anyone want to do that? who benefits from inflating the server's statistics with fake players?