AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   New Plugin Submissions (https://forums.alliedmods.net/forumdisplay.php?f=26)
-   -   Proxy snort 1.8 (Updated Jan 24th, 2024) (https://forums.alliedmods.net/showthread.php?t=322186)

galebhasis 07-17-2021 17:14

Re: Proxy snort 1.3 (Updated 12/25/2020)
 
Quote:

Originally Posted by DJEarthQuake (Post 2753004)
Try CVAR proxy_debug 0. I've updated it. Thank you for heads up!

OMG u rock dude this plugin is saving our server!

DJEarthQuake 07-17-2021 17:20

Re: Proxy snort 1.4 (Updated 07/17/2021)
 
Glad you found script useful. Proxy_debug 0 will make it near silent. Download 1.4. The new copy blocks VPN. 1.3 and lower only did proxy. Each time the socket closed it was sending that colorful text message, now only on proxy_debug 5. It will run much smoother now.

DeNeDe 08-22-2021 15:00

Re: Proxy snort 1.5 (Updated 08/05/2021)
 
So i've used this today.. Everything installed properly. i've entered my server with my normal ip, looked at the logs and i saw how it checked the ip and said no proxies used..good
Then i entered the server again while my vpn was connected and ... it said no proxies detected
I've checked my vpn ip on the service site, in the dashboard and indeed it says Proxy.

DJEarthQuake 08-23-2021 05:15

Re: Proxy snort 1.5 (Updated 08/05/2021)
 
It has been corrected. Thank you. That is also why the SteamIDs were not showing on Dashboard any longer.

HamletEagle 08-23-2021 08:35

Re: Proxy snort 1.5 (Updated 08/23/2021)
 
I'm interested in reviewing this, but I'd like someone to confirm that it works before I start checking the code.

Shadows Adi 08-23-2021 10:32

Re: Proxy snort 1.5 (Updated 08/23/2021)
 
Code:

ProxySnort 1.5 by SPiNX:Starting to open socket!
08/23/2021 - 16:48:47: Invalid CVAR pointer
08/23/2021 - 16:48:47: [AMXX] Displaying debug trace (plugin "test.amxx", version "1.5")
08/23/2021 - 16:48:47: [AMXX] Run time error 10: native error (native "get_pcvar_num")
08/23/2021 - 16:48:47: [AMXX] [0] test.sma::@write_web (line 229)
ProxySnort 1.5 by SPiNX:reading the socket
08/23/2021 - 16:48:47: Invalid CVAR pointer
08/23/2021 - 16:48:47: [AMXX] Displaying debug trace (plugin "test.amxx", version "1.5")
08/23/2021 - 16:48:47: [AMXX] Run time error 10: native error (native "get_pcvar_num")
08/23/2021 - 16:48:47: [AMXX] [0] test.sma::@read_web (line 414)

Fix:
PHP Code:

if(get_pcvar_num(g_clientemp_version))

->>

if(
g_clientemp_version && get_pcvar_num(g_clientemp_version)) 

Or you can check if cvar exists.

And it also doesn't show the risk:
Code:

ProxySnort task input time = 5.000000
Checking connected user if not a bot
Sniffing a public IP address...192.40.57.227, Adi
ProxySnort 1.5 by SPiNX:Starting to open socket!
ProxySnort 1.5 by SPiNX:Is socket writable?
ProxySnort 1.5 by SPiNX:Yes! Writing to the socket of Adi
ProxySnort 1.5 by SPiNX:reading the socket
ProxySnort 1.5 by SPiNX:reading the socket
Proxy sniff...192.40.57.227|STEAM_0:0:195136759
08/23/2021 - 17:01:25: [test.amxx] Adi, STEAM_0:0:195136759 uses a proxy!
No proxy found on Adi, STEAM_0:0:195136759
ProxySnort 1.5 SPiNX | Adi uses Performive LLC for an ISP.
ProxySnort 1.5 by SPiNX | Adi's risk is 0.
Dropped Adi from server
Reason: Kicked :"Anonymizing is NOT allowed!"

GET Request:
Code:

{
    "status": "ok",
    "192.40.57.227": {
        "asn": "AS46562",
        "provider": "Performive LLC",
        "continent": "Europe",
        "country": "Netherlands",
        "isocode": "NL",
        "region": "North Holland",
        "regioncode": "NH",
        "city": "Amsterdam",
        "latitude": 52.3716,
        "longitude": 4.8883,
        "proxy": "yes",
        "type": "Compromised Server",
        "risk": 100,
        "attack history": {
            "Total": 22,
            "Login Attempt": 22
        }
    }
}

Fix:

On line 363

PHP Code:

copy(riskcharsmax(risk), proxy_socket_buffer[containi(proxy_socket_buffer"risk") + 5])

->>

copy(riskcharsmax(risk), proxy_socket_buffer[containi(proxy_socket_buffer"risk") + 7]) 

In rest, it seems to work as intended.

DeNeDe 08-23-2021 10:40

Re: Proxy snort 1.5 (Updated 08/23/2021)
 
More issues would be that it might lag the server doing all those checks in the background? Won't be better to use the geoip module integration instead?
i've seen geoip has now databases for vpn/proxies detection too..also for ASN(s)

Shadows Adi 08-23-2021 11:40

Re: Proxy snort 1.5 (Updated 08/23/2021)
 
Quote:

Originally Posted by DeNeDe (Post 2755958)
More issues would be that it might lag the server doing all those checks in the background? Won't be better to use the geoip module integration instead?
i've seen geoip has now databases for vpn/proxies detection too..also for ASN(s)

GeoIP Module doesn't support this.

DJEarthQuake 08-23-2021 22:33

Re: Proxy snort 1.5 (Updated 08/23/2021)
 
Thanks @Shadows Adi. Native find_plugin_byfile was needed later down the line when companion plugin, clientemp, is tested and disabled.


Run-time error happens occasionally. I had to use copyc and end it on the end of buffer bracket.

krisztian2 11-24-2021 13:24

Re: Proxy snort 1.5 (Updated 09/25/2021)
 
Dear DJEarthQuake!

This plugin is not work for me.
But in amxx plugins list the plugin status is running.
I created an account on proxycheck and I set API key in this plugin cvar.


All times are GMT -4. The time now is 10:33.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.