If you run more than one Arma Reforger server under a single community, a banned griefer rarely just disappears — they reconnect to another of your servers under a new name and keep going. Org Moderation is the LoafPanel tool that closes that gap. It quietly records every player connection across all of your organization’s Reforger servers, aggregates those connections by each player’s Reforger identity, and groups players that share an IP address so you can see “same person, different name, three servers” at a glance. It also flags VPN and proxy connections, and lets you ban one offender across every server you manage in a single action. This guide explains exactly what the feature collects, where it lives in the panel, how the alt-detection and VPN flags work, and how to ban and unban — for both the org-wide view and a single server.
What Org Moderation Does
Org Moderation is a Reforger-only feature: it works on Arma Reforger servers and nothing else. It has two surfaces that show the same kind of data at different zoom levels. The org-wide view lives on your organization’s page and spans every Reforger server in the org that your role can see. The per-server view lives on a single Reforger server and shows just that server’s connections. Both are read views built from a connection log, and both can lead into moderation actions when you have permission to manage — the org-wide view lets you ban and unban across servers, and the per-server view adds an immediate kick.
The thing that makes it org-shaped rather than just another per-server panel is that the alt-detection only works when it can compare across servers. One server can tell you who connected to it; only the org view can tell you that the same IP and the same Reforger identity reconnected to a second and third server under different names. That is the ban-evasion pattern, and it only shows up when you look across the whole org at once.
Note: Org Moderation only applies to Arma Reforger servers — it does not appear on Rust, Minecraft, or any other game.
Note: The org-wide view spans every Reforger server in your organization that your role is allowed to manage.
Note: The per-server view is the same data narrowed to one server, useful for a moderator who only looks after that one server.
How the Connection Log Is Built
You do not have to leave a dashboard open for this to work. A background collector runs once a minute, on its own, and reads the current session’s console log from each Reforger server attached to your organization. It parses the connection events out of that log and records each one as an observation: which server, the player’s Reforger identity (a GUID), the name they were using, and the IP address they connected from. The same person reconnecting many times is rolled up into a single row per identity per IP per server, with a running connect count and first-seen / last-seen timestamps — so the log stays readable instead of being a wall of duplicate lines.
Two conditions have to be true for a server to accumulate data. First, the server has to be attached to an organization — the collector only tails org-attached Reforger servers, so a standalone Reforger server that isn’t in an org will never build up a log. Second, the panel-wide collector switch has to be on (it is by default). If you open a moderation screen and it is empty, the panel will tell you which of those prerequisites isn’t met rather than leaving you guessing.
Note: Collection runs every minute in the background — connections are recorded even when nobody has the panel open.
Note: A Reforger server only builds a connection log once it has been attached to an organization.
Tip: A brand-new or freshly reset server starts with an empty log. Give it a few minutes of live players before expecting rows to appear.
The Org-Wide View: Players, Shared IPs, and Bans
Open your organization’s page in the panel. Org Moderation adds a Moderation tab to the organization’s tab row (Members / Servers / Rotations / Roles / Settings); if that row can’t be matched on your build, it falls back to a floating Moderation button in the bottom-right corner. Either way, opening it keeps the org header in place and shows the moderation panel where a tab’s content normally renders.
The org view has these tabs:
Players — every connection observed across your visible Reforger servers, aggregated one row per Reforger identity. The columns are Name, Identity (GUID), Last IP, IPs (how many distinct addresses that identity has used), Servers (how many of your servers they’ve touched), Connects, and Last seen. A search box filters by name, IP, or GUID, so you can paste a single address or identity and see everything tied to it.
Shared IPs (alts) — the alt-detection surface, covered in its own section below.
Active bans — the bans currently recorded across your visible servers, each one liftable on the server it was issued on. This tab only appears if your role can manage moderation.
Tip: Click a player row to drill into that identity’s full history — every server and IP it connected from, with the VPN/proxy details for each.
Tip: Search accepts a full IP or a full Reforger GUID, not just a name — handy when you already have one of those from a report.
Spotting Alt Accounts and Ban Evaders
The Shared IPs tab is where ban evasion shows up. It lists only the IP addresses that two or more distinct Reforger identities have connected from, within the servers you can see — in other words, addresses where more than one “player” is involved. The columns show the IP, how many identities share it, how many servers, total connects, the provider and country, and when it was last seen. Click a shared-IP row to drill into the individual identities sharing that address and the names they used. (On the per-server view, the same rows expand inline with a “Show players” toggle instead of opening a separate drill.)
A shared IP is a strong signal but not automatic proof. Two genuinely different people in the same household, or behind the same office connection, can legitimately share one address. The view helps you tell those apart: a residential shared IP with two identities using related names across several of your servers is a classic alt pattern, whereas a shared VPN or datacenter exit IP is usually coincidental — many unrelated players route through the same commercial VPN endpoint. The per-server version of this tab even separates those shared VPN/proxy exits into their own section and notes that they are usually coincidental and not treated as alts.
Tip: Treat a shared residential IP across multiple servers as your strongest alt signal; treat a shared VPN exit IP with caution.
Note: The shared-IP view is bounded to the servers your role can see — it cannot reveal players on a server you aren’t allowed to manage.
VPN and Proxy Flags
Observed player IPs are checked against an external intelligence service (proxycheck.io) and the result is shown as a badge next to the connection: a VPN flag, a proxy flag, plus the provider, country, and a risk score where available. This runs without any setup on your part — it works on the service’s free tier with no API key. A panel administrator can optionally add a key to raise the daily lookup limit, or turn the VPN/proxy checks off entirely, but as a customer you simply see the badges where they apply.
Because lookups are rate-limited and cached, not every IP will have a verdict the instant it appears. The panel is honest about this: it distinguishes an address that was checked and came back clean from one that simply hasn’t been looked up yet, so a missing badge never reads as a false “all clear”. As the background worker drains its backlog, more of your history fills in.
Note: VPN/proxy flagging works out of the box on the free tier — no API key is required for the badges to show.
Note: A connection on a VPN or proxy isn’t automatically against the rules — the badge is information for you to act on, not an automatic ban.
Tip: A high-risk proxy on a brand-new identity that’s sharing an IP with a known banned player is a much stronger case than any one of those signals alone.
Banning Across Every Server at Once
The headline action of the org view is the org-wide ban. At the top of the Moderation panel there’s a bar that lets you apply one ban across every Reforger server you manage in this organization. Opening it brings up a short form:
- Target — the player’s current in-session ID (for example
3) or a known identity GUID (for example0x1a2b3c…). - Reason — optional, up to 200 characters (for example “Ban evasion across servers”).
- Duration — pick Permanent, 1 day, 7 days, 30 days, or type a custom number of days.
The confirm button reads “Ban across N servers”, where N is the number of servers the ban will be applied to. Each ban is issued over that server’s BattlEye RCon, and the action is best-effort per server: if one server is offline or its node needs an update, the others still get the ban, and the panel reports the per-server outcome (for example “applied on 2/3 servers”) rather than failing the whole thing.
Because the target is the in-session ID, the org-wide ban is built for catching someone who is actively hopping between your servers right now. The panel keeps its own record of every ban it issues, since Reforger doesn’t reliably hold a ban list on the server itself — that record is what the Active bans tab reads from, and it’s where you lift a ban later.
Note: The target for a ban is a live in-session player ID — the simplest workflow is to ban an evader while they’re connected.
Note: A permanent ban has no expiry; a timed ban shows the date it lifts in the Active bans tab.
Tip: If a ban doesn’t apply on one of your servers, check whether that server is online and whether its node has been updated — the panel will tell you which server fell short.
Per-Server Moderation: Kick, Ban, and Unban
On an individual Reforger server, Org Moderation adds a Moderation item to the Game section of the server’s sidebar. It shows the same connection log narrowed to that one server, with Players and Shared IPs (possible alts) tabs. If you can manage moderation, two more tabs appear: Live players and Active bans.
The Live players tab reads the server’s current in-game roster (the live #players list) so you have real, current session IDs to act on. From here — or from a player row — you can:
- Kick — disconnects the player immediately. They can rejoin. The target must be online right now.
- Ban — bans the player over BattlEye RCon. You pick the live target from the roster, optionally add a reason (which is shown to the player), and choose Permanent / 1 day / 7 days / 30 days / a custom number of days. Because the ban uses the player’s current session ID, the player has to be online to ban them this way.
- Unban — lifts a recorded ban on that server. The Active bans tab lists what’s currently banned, who issued it, the reason, and the expiry, with an Unban button on each row.
Note: Kick and ban both target a current in-session ID, so the player needs to be online at the moment you act.
Note: A kick is temporary — the player can reconnect immediately. Use a ban to keep them out.
Tip: The ban reason is shown to the player, so keep it short and clear (for example “Cheating” or “Ban evasion”).
Who Can See and Use It
Access is tied to permissions, and the data is treated as sensitive because it contains player IP addresses.
For the org-wide view, reading requires the organization’s moderation view permission, and issuing an org-wide ban requires the moderation manage permission (the Active bans tab and the ban bar only appear when you can manage). What you can see is scoped: you only see the Reforger servers your role is allowed to manage. Organization owners and admins, and roles that manage all servers, see every Reforger server in the org; a role limited to a subset of servers sees only those — the moderation view never widens that boundary.
For a single server, the subuser form offers one moderation toggle: View moderation (moderation.view). Granting it lets that team member read the connection log, the shared-IP groups, and the VPN/proxy intel for that one server. It appears in the add/edit subuser form on Reforger servers, so you can give a moderator read access to a single server without granting anything else. The kick, ban, and unban actions require a separate manage permission that the panel enforces in the backend but does not currently expose as a subuser toggle in the form — so those actions stay with the server owner (and anyone holding full access), and aren’t something you can hand to a subuser through the subuser screen today.
Note: Seeing moderation data on an org needs the moderation view permission; banning across the org needs moderation manage.
Note: A custom role that’s limited to certain servers only sees moderation data for those servers — it can’t see the rest of the org.
Tip: To let someone read moderation data on just one server, add the View moderation permission to their subuser on that server rather than granting an org-wide role. (Kick/ban/unban can’t be delegated this way — they stay with the owner.)
Privacy, Audit Logging, and Retention
Connection IPs are personal data, and the feature is built to treat them that way. Every view that returns player data — the players list, the shared-IP groups, an identity’s history, an IP’s history, and the ban list — is recorded in an access log, so PII access is itself accountable. (The plain count summaries that the screens show on load are deliberately not logged, to keep that audit trail meaningful rather than full of page-open noise.) Observations are pruned automatically after 90 days, and the stored IP-intelligence records are cleaned up once the connections they came from age out, so raw addresses don’t linger indefinitely.
Note: Opening a player, shared-IP, identity, or ban view is access-logged — moderation data isn’t browsed anonymously.
Note: Connection history is kept for 90 days and then pruned automatically.
Tip: Because the log is access-audited, it’s both your alt-detection tool and a record you can point to if a ban decision is ever questioned.