Forlix FloodCheck
 

This SourceMod addon (for CS:S, DOD:S and TF2) provides general purpose flood and exploit protection. Chat- and radio-flooders will get the message "No spam!" and be blocked for a certain amount of time. Players flooding the server using a flooding-script such as with ma_timeleft, will be kicked instantly, and temporarily banned on the second flooding attempt. The plugin integrates very smoothly with the game, as it also takes care of chat and radio deadtimes that are imposed by the engine itself. The plugin fixes practically all important server crashing exploits and bugs for servers not using sv_cheats (no server should enable cheats anyway).

The plugin exposes the native "IsClientFlooding" which can be used by other plugins to ignore chat commands while a player is flooding.

More detailed features:

• Blocks a lot of dangerous console commands, some of which are capable of crashing the server in certain situations
• Prevents server crashes caused by people sending many incorrect rcon passwords. For best protection it is recommended to block the servers TCP port (default 27015) via firewall.
• Players having control characters such as line breaks or CS:S color codes in their name will not be allowed to connect (also blocked are &names&, names containing only spaces, or zero-length names)
• Player names within the joined-the-game, change-name and disconnect messages are cleaned from control characters so they do not mess up the chat
• Chat messages containing control characters will be blocked
• Players using voice_loopback (makes them hear their own voice stream, used by HLDJ and other playback tools) will be muted automatically. This cuts down about 90% of the music-spam on a server
• Disconnect reasons are filtered for control characters and truncated to a reasonable length. This fixes exploits where using malformed disconnect messages, a client was able to crash or disconnect other clients. As a side effect, this also fixes the Steam disconnect messages ("No Steam Logon", "STEAM UserID is already in use on this server", ...) that had line breaks in them and thus messed up the chat and server logs
• Connect spammers will be IP-banned for a short time, so any attempt will only cause max. 3 joined-the-game lines on the server (when using the default convar values). IP-ban removal is enforced by the plugin, fixing the bug where some temporary bans would not get removed by the server itself

Changes in v1.1: (2009/04)

• Improved spam-detection algorithm
• Radio messages are now included in the calculation and are blocked as well

Changes in v1.2: (2009/05)

• Fixed bug in .inc file that caused malfunctions in dependent plugins when unloading floodcheck

Changes in v1.3: (2009/07)

• Further improved the spam-detection algorithm
• Command-flooders can now automatically be banned on the second try
• Added ConVar to set or disable the temporary banning time
• Almost all possible client commands are now included in the check for flooding

Changes in v1.35: (2009/08 )

• ConVar limits and defaults modified to more suitable values
• Changed some ConVar descriptions to be more accurate
• Chat messages now included in hard-flood detection (chat triggers count twice)
• Now marks some known, lag-causing server commands as cheat

Changes in v1.4: (2009/08 )

• Added support for TF2 and DOD:S radio commands
• Added more commands to be marked as cheat (includes dump_entity_sizes)
• Game detection now done by mod-dir instead of game description

Changes in v1.54: (2009/12)

• Added ConVar to exclude SourceMod chat triggers from spam detection
• physics_budget (causes all physics props to freeze) now blocked
• Added protection against Rcon crash exploit (Bad Password...)
• Blocks some more crash causing commands (prevents the half-connected crashes)
• Now checks names and chat messages for unprintable chars (color codes, line breaks, etc.)
• Zero-length names are also detected (Players appearing as "unconnected")
• My servers have been running with this nonstop - without crash - for over a month now

Changes in v1.7: (2010/05)

• Added ConVar to automatically mute players using voice_loopback
• Added reliable connect-spam protection that IP-bans clients for a short time
• Player names in the &name&-style or containing only spaces will no longer be allowed to connect
• Malformed player names are now cleaned up in connect/disconnect/changename messages
• Disconnect reasons now filtered and truncated to reasonable length (fixes exploits where one clients disconnect causes all clients to disconnect or even crash)
• Fixed chat messages of maximum length not being read in correctly
• Fixed non-ingame clients sending radio/say commands causing error in flood detection
• More meaningful kick messages for bad player names

Configuration ConVars:

The default values for all of these convars have already been very well chosen.
You should modify them only with good reason and if you are sure what you are doing.

forlix_floodcheck_chat_interval (default 4)
- Minimum average interval in seconds between a players chat- and radio-messages (0 to disable)

forlix_floodcheck_chat_num (default 3)
- Player is considered spamming after undershooting <forlix_floodcheck_chat_interval> this many times

forlix_floodcheck_hard_interval (default 2)
- Time in seconds in which <forlix_floodcheck_hard_num> commands are allowed (0 to disable)

forlix_floodcheck_hard_num (default 200)
- Maximum number of client commands allowed in <forlix_floodcheck_hard_interval> seconds

forlix_floodcheck_hard_ban_time (default 2880)
- Number of minutes a client is banned for when hard-flooding twice in a row (0 to disable)

forlix_floodcheck_connect_interval (default 5)
- Time in seconds in which <forlix_floodcheck_connect_num> connects are allowed (0 to disable)

forlix_floodcheck_connect_num (default 2)
- Maximum number of connects allowed in <forlix_floodcheck_connect_interval> seconds

forlix_floodcheck_connect_ban_time (default 50)
- Number of seconds a client is IP-banned for when connect-flooding

forlix_floodcheck_exclude_chat_triggers (default 1)
- Excludes (1) or includes (0) SourceMod chat triggers in the chat flood detection

forlix_floodcheck_mute_voice_loopback (default 1)
- Mute players enabling voice_loopback (1) or allow its use (0)

forlix_floodcheck_version
- Version tracking (don't modify this)

Get the most recent version at:
:arrow: http://forlix.org/gameaddons/floodcheck.shtml

Re: Forlix FloodCheck v1.0
 

Good call. This is also installed in Kigen Anti-cheat.

Re: Forlix FloodCheck
 

Seems like the best antiflood plugin. Handles the radio spam as well.

Re: Forlix FloodCheck
 

Nice plugin, thanks for your work!

We are currently using the following for the convar's...Anyone else find any better results using anything different?

forlix_floodcheck_chat_interval "1"
forlix_floodcheck_chat_num "5"
forlix_floodcheck_hard_interval "1"
forlix_floodcheck_hard_num "4"
forlix_floodcheck_hard_ban_time "1440"
forlix_floodcheck_version "1.4"

Re: Forlix FloodCheck
 

Edit: The above settings work great for spammers, however players that utilize the 's' 'd' 'f' 'g' or auto-buy scripts would be banned, the below settings work better.

forlix_floodcheck_chat_interval "4"
forlix_floodcheck_chat_num "3"
forlix_floodcheck_hard_interval "2"
forlix_floodcheck_hard_num "20" (15-25 works best)
forlix_floodcheck_hard_ban_time "1440" (24 hours)
forlix_floodcheck_version "1.3"

Re: Forlix FloodCheck
 

I use the default settings, although I think I'm going to increase the hard_num parameter, some people still get kicked for buying binds and stuff at 25...
Note: You shouldn't modify the version cvar (its 1.4 in your first post), the plugin handles this.

Re: Forlix FloodCheck
 

Yeah, I was just farting with the config trying to figure out what it was, as you had it listed as a configuration convar...Once I loaded it and saw what it was, I changed it..

As you said, Could you possibly increase the hardnum maximum? We are still having a few minor issues with buy scripts :}

Most appreciated, and great work! 2 w00ts :}
-Adam

Re: Forlix FloodCheck
 

Alright, here's the new version, hard_num now defaults to 200, min is 10 and max is 750, that should suffice. The buy scripts I checked out have around 10 commands per button press, so even when pressing their button in quick succession it wont kick you too soon, you'd have to manage 10 times a second.
The floodscript I found on the net sends 150 commands per buttonpress, you now have to press twice to get kicked with that. To get the clients to overflow or stuff like that, you usually hit that button very often, so this shouldn't be an issue.

Re: Forlix FloodCheck
 

In what file do I put the convars?

Re: Forlix FloodCheck
 

Awesome, works great now man :)

Good job!