Proxy snort 1.8 (Updated Jan 24th, 2024)
PROXY SNORT by SPiNX
https://i.imgur.com/vO5Qewp.gif This allows admins to monitor and take action with regards to problematic proxy and VPN gamers. Hackers. https://www.netclipart.com/pp/m/287-...rt-ids-pig.pnghttps://cdn.discordapp.com/attachmen...xycheck_io.jpghttps://cdn.discordapp.com/attachmen...untry-type.jpg Effective Protection Whether you're running an internet based business, game server or blog our detection can help you mitigate the negative effects of proxy use. Change log 1.0 to 1.1 Buffer and broadcast optimization. 1.1 to 1.2 Amxx182 compatibility. 1.2 to 1.3 Fully automatic mod tagging. Tuned 64-bit Provider Field. 1.3 to 1.4 Increment tasks out to go easy on sockets and messaging. Minimize messaging and silence it with Cvar proxy_debug 0. Check VPN as well as Proxy. 1.4 to 1.5 Interfaced with the queue made on clientemp script to keep socket use controlled. Adjusted CONN string for VPN. 1.5 to 1.6 Creates an ini file to save resources not rechecking same IP repeatedly. 1.6 to 1.7 Log/Print Type Responses to admins. . CVARS: proxy_action: 0 is rename. 1 is kick. 2 is banip. 3 is banid. 4 is warn-only. 5 is log-only (silent). proxy_debug: 0 stock is off. 1-5 is increasing amounts of feedback. 1. Basic socket. Shows their ISP in console only. 3. More Socket details including buffer. ISP in yellow to all. Proxy Risk percentile. 5 includes colored text each time socket is closed to all players. sv_proxytag It's automatic based on mod type. One can however override this by adding a line to server.cfg or whatever file is executed on map change that you use. sv_proxycheckio-key https://proxycheck.io/dashboard/ OPTIONAL::Click on REGISTER on the right. Enter e-mail address. They e-mail the key. That grants 1000 polls instead of 100 into Enterprise edition of GeoIP Anonymous IP Database. The dashboard makes this especially nice. The most up-to-date versions of Proxysnort cache the results locally for optimization and to save your polls. Full display
Spoiler
Get the SMA from Github! Online compile / Amxx 182 unmodified
Spoiler
|
Re: Proxy snort
Code:
|
Re: Proxy snort
The Run time capture.
Sniffing a public IP address...85.107.66.69, ALBAyy ProxySnort 1.1 SPiNX | ALBAyy uses Turk Telekom for an ISP. No proxy found on ALBAyy, L 04/24/2020 - 03:28:10: [AMXX] Displaying debug trace (plugin "testing/proxysnort.amxx", version "1.1") L 04/24/2020 - 03:28:10: [AMXX] Run time error 4: index out of bounds L 04/24/2020 - 03:28:10: [AMXX] [0] proxysnort.sma::@read_web (line 248 ) 85.107.66.69:46013:reconnect Sniffing a public IP address...85.107.66.69, ALBAyy ProxySnort 1.1 SPiNX | [TUR] ALBAyy uses Turk Telekom for an ISP." ProxySnort 1.1 by SPiNX | [TUR] ALBAyy's risk is 0. ProxySnort 1.1 by SPiNX | [TUR] ALBAyy's risk is 0. telnet proxycheck.io 80 Trying 104.26.9.187... Connected to proxycheck.io. Escape character is '^]'. GET /v2/85.107.66.69?key=public-6p1jr4-812285-047606&inf=1&asn=1&risk=2&days=30&tag=Alliedm odders,TUT HTTP/1.0 Host: proxycheck.io HTTP/1.1 200 OK Date: Sat, 25 Apr 2020 15:43:44 GMT Content-Type: application/json Connection: close Set-Cookie: __cfduid=d527092090ea20d3986a4dd897927f9a6158 7829423; expires=Mon, 25-May-20 15:43:43 GMT; path=/; domain=.proxycheck.io; HttpOnly; SameSite=Lax Cache-Control: max-age=2678400, s-maxage=10 Expires: Sat, 25 Apr 2020 15:43:54 GMT Vary: Accept-Encoding X-Powered-By: PHP/7.3.7 CF-Cache-Status: MISS Set-Cookie: __cflb=04dToZ2WKDQycavj4XaJcdNDqUiWEHNXq6ZzQ6 TaBf; SameSite=Lax; path=/; expires=Sat, 25-Apr-20 16:13:44 GMT; HttpOnly Server: cloudflare CF-RAY: 58992e642eb24969-STL cf-request-id: 02539b574d000049696e194200000001 { "status": "ok", "85.107.66.69": { "asn": "AS47331", "provider": "Turk Telekom", "continent": "Asia", "country": "Turkey", "isocode": "TR", "region": "Izmir", "regioncode": "35", "city": "Izmir", "latitude": 38.4127, "longitude": 27.1384, "proxy": "no", "risk": 0 } }Connection closed by foreign host. Risk field is end of buffer. Cell copy was trying to grab past end of buffer. |
Re: Proxy snort 1.2 (Updated 10/08/2020)
About the tag, you could use http://www.amxmodx.org/api/amxmodx/get_modname to catch all mods.
Code:
new mod_name[32] I use this in a different plugin: Code:
for (new admin=1; admin<=32; admin++) |
Re: Proxy snort 1.2 (Updated 10/08/2020)
Thank you for the tips pizzahut. Made some changes.
|
Re: Proxy snort 1.2 (Updated 10/08/2020)
Uploaded thoroughly tested plugin with the enhanced Pizzahut code to catch all mods and to not be in the ubiquitous demo-mode by default. Only admins see the messages now.
Some ISP's use 64 characters. Since I worked that part over, the run-times on that trivial Provider poll should be a thing of the past as well as the truncation. |
Re: Proxy snort 1.3 (Updated 12/25/2020)
Dear djearthquake,
We have accepted your plugin and added it to our website here: https://proxycheck.io/plugins/ under the Source Engine tab. |
Re: Proxy snort 1.3 (Updated 12/25/2020)
i have it installed on my server but it does not block the vpn that i want. And how i can see the detailed logs it doing under /cstrike/addons/amxmodx/logs* dont find any thing specific to proxysnort.
i hope you can advice so i can find something usefull |
Re: Proxy snort 1.3 (Updated 12/25/2020)
Quote:
Code:
formatex(constring,charsmax (constring), "GET /v2/%s?key=%s&inf=1&asn=1&risk=2&days=30&tag=%s,%s HTTP/1.0^nHost: proxycheck.io^n^n", Ip, token, tag, authid); |
Re: Proxy snort 1.3 (Updated 12/25/2020)
One could also just blacklist that AIN on Dashboard without touching source.
Locally what is logged you can search for by keyword proxy. Code:
log_amx("%s, %s uses a proxy!", name, authid) Thank you for testing. |
All times are GMT -4. The time now is 08:38. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.