Raised This Month: $202 Target: $400
 50% 

Proxy snort 1.5 (Updated 08/23/2021)


Post New Thread Reply   
 
Thread Tools Display Modes
Plugin Info:     Modification:   ALL        Category:   Server Management       
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 03-18-2020 , 23:19   Proxy snort 1.5 (Updated 08/23/2021)
Reply With Quote #1

PROXY SNORT by SPiNX

This allows admins to monitor and take action with regards to problematic proxy and VPN gamers. Hackers.




Effective Protection
Whether you're running an internet based business, game server or blog our detection can help you mitigate the negative effects of proxy use.


Change log
1.0 to 1.1 Buffer and broadcast optimization.
1.1 to 1.2 Amxx182 compatibility.
1.2 to 1.3 Fully automatic mod tagging. Tuned 64-bit Provider Field.
1.3 to 1.4 Increment tasks out to go easy on sockets and messaging. Minimize messaging and silence it with Cvar proxy_debug 0. Check VPN as well as Proxy.
1.4 to 1.5 Interfaced with the queue made on proxysnort.sma. Adjusted CONN string for VPN.
.
CVARS:
proxy_action: 1 is kick. 2 is banip. 3 is banid. 4 is warn-only. 5 is log-only (silent).
proxy_debug: 0 stock is off. 1-5 is increasing amounts of feedback. 1. Basic socket. Shows their ISP in console only. 3. More Socket details including buffer. ISP in yellow to all. Proxy Risk percentile. 5 includes colored text each time socket is closed to all players.
sv_proxytag It's automatic based on mod type. One can however override this by adding a line to server.cfg or whatever file is executed on map change that you use.
sv_proxycheckio-key https://proxycheck.io/dashboard/ Click on REGISTER on the right. Enter e-mail address. They e-mail the key.

That grants 1000 polls instead of 100 into Enterprise edition of GeoIP Anonymous IP Database.




Get the SMA from Github!
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty a beauty cold and austere, like that of sculpture..." -Bertrand Russell

Last edited by DJEarthQuake; 08-23-2021 at 05:18. Reason: Interfaces with Clientemp's queue to eliminate socket module over-drive.
DJEarthQuake is offline
Old 04-03-2020, 19:22
iceeedr
This message has been deleted by iceeedr. Reason: Lots of bullshit for nothing
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 04-04-2020 , 09:56   Re: Proxy snort
Reply With Quote #2

Code:
Run time error 4: index out of bounds @read_web (line 231) (line 247)
Provider and Risk buffers did it. Code is being remade.
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty a beauty cold and austere, like that of sculpture..." -Bertrand Russell

Last edited by DJEarthQuake; 05-02-2020 at 10:17.
DJEarthQuake is offline
Old 04-04-2020, 19:33
iceeedr
This message has been deleted by iceeedr. Reason: Lots of bullshit for nothing
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 04-05-2020 , 16:17   Re: Proxy snort
Reply With Quote #3

The Run time capture.
Sniffing a public IP address...85.107.66.69, ALBAyy
ProxySnort 1.1 SPiNX | ALBAyy uses Turk Telekom for an ISP.
No proxy found on ALBAyy,
L 04/24/2020 - 03:28:10: [AMXX] Displaying debug trace (plugin "testing/proxysnort.amxx", version "1.1")
L 04/24/2020 - 03:28:10: [AMXX] Run time error 4: index out of bounds
L 04/24/2020 - 03:28:10: [AMXX] [0] proxysnort.sma::@read_web (line 248 )
85.107.66.69:46013:reconnect
Sniffing a public IP address...85.107.66.69, ALBAyy
ProxySnort 1.1 SPiNX | [TUR] ALBAyy uses Turk Telekom for an ISP."
ProxySnort 1.1 by SPiNX | [TUR] ALBAyy's risk is 0.
ProxySnort 1.1 by SPiNX | [TUR] ALBAyy's risk is 0.


telnet proxycheck.io 80
Trying 104.26.9.187...
Connected to proxycheck.io.
Escape character is '^]'.
GET /v2/85.107.66.69?key=public-6p1jr4-812285-047606&inf=1&asn=1&risk=2&days=30&tag=Alliedm odders,TUT HTTP/1.0
Host: proxycheck.io

HTTP/1.1 200 OK
Date: Sat, 25 Apr 2020 15:43:44 GMT
Content-Type: application/json
Connection: close
Set-Cookie: __cfduid=d527092090ea20d3986a4dd897927f9a6158 7829423; expires=Mon, 25-May-20 15:43:43 GMT; path=/; domain=.proxycheck.io; HttpOnly; SameSite=Lax
Cache-Control: max-age=2678400, s-maxage=10
Expires: Sat, 25 Apr 2020 15:43:54 GMT
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.7
CF-Cache-Status: MISS
Set-Cookie: __cflb=04dToZ2WKDQycavj4XaJcdNDqUiWEHNXq6ZzQ6 TaBf; SameSite=Lax; path=/; expires=Sat, 25-Apr-20 16:13:44 GMT; HttpOnly
Server: cloudflare
CF-RAY: 58992e642eb24969-STL
cf-request-id: 02539b574d000049696e194200000001

{
"status": "ok",
"85.107.66.69": {
"asn": "AS47331",
"provider": "Turk Telekom",
"continent": "Asia",
"country": "Turkey",
"isocode": "TR",
"region": "Izmir",
"regioncode": "35",
"city": "Izmir",
"latitude": 38.4127,
"longitude": 27.1384,
"proxy": "no",
"risk": 0
}
}Connection closed by foreign host.

Risk field is end of buffer. Cell copy was trying to grab past end of buffer.
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty a beauty cold and austere, like that of sculpture..." -Bertrand Russell

Last edited by DJEarthQuake; 05-02-2020 at 10:17. Reason: Findings...
DJEarthQuake is offline
pizzahut
Senior Member
Join Date: Oct 2004
Old 10-28-2020 , 06:10   Re: Proxy snort 1.2 (Updated 10/08/2020)
Reply With Quote #4

About the tag, you could use http://www.amxmodx.org/api/amxmodx/get_modname to catch all mods.
Code:
new mod_name[32]
get_modname(mod_name, charsmax(mod_name))
set_pcvar_string(g_cvar_tag, mod_name)
Another thing, you're printing messages to everyone. IMHO it should go to admins only.

I use this in a different plugin:

Code:
for (new admin=1; admin<=32; admin++)
	if (is_user_connected(admin) && is_user_admin(admin))
		client_print(admin, print_chat, "(to admins) This is a test.")

Last edited by pizzahut; 10-28-2020 at 14:39.
pizzahut is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 10-28-2020 , 18:07   Re: Proxy snort 1.2 (Updated 10/08/2020)
Reply With Quote #5

Thank you for the tips pizzahut. Made some changes.
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty a beauty cold and austere, like that of sculpture..." -Bertrand Russell

Last edited by DJEarthQuake; 12-26-2020 at 22:26.
DJEarthQuake is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 01-18-2021 , 07:36   Re: Proxy snort 1.2 (Updated 10/08/2020)
Reply With Quote #6

Uploaded thoroughly tested plugin with the enhanced Pizzahut code to catch all mods and to not be in the ubiquitous demo-mode by default. Only admins see the messages now.
Some ISP's use 64 characters. Since I worked that part over, the run-times on that trivial Provider poll should be a thing of the past as well as the truncation.
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty a beauty cold and austere, like that of sculpture..." -Bertrand Russell
DJEarthQuake is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 01-19-2021 , 07:00   Re: Proxy snort 1.3 (Updated 12/25/2020)
Reply With Quote #7

Dear djearthquake,

We have accepted your plugin and added it to our website here: https://proxycheck.io/plugins/ under the Source Engine tab.
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty a beauty cold and austere, like that of sculpture..." -Bertrand Russell
DJEarthQuake is offline
pakgamerz
AlliedModders Donor
Join Date: Aug 2017
Old 01-30-2021 , 16:06   Re: Proxy snort 1.3 (Updated 12/25/2020)
Reply With Quote #8

i have it installed on my server but it does not block the vpn that i want. And how i can see the detailed logs it doing under /cstrike/addons/amxmodx/logs* dont find any thing specific to proxysnort.

i hope you can advice so i can find something usefull
pakgamerz is offline
pizzahut
Senior Member
Join Date: Oct 2004
Old 01-31-2021 , 06:04   Re: Proxy snort 1.3 (Updated 12/25/2020)
Reply With Quote #9

Quote:
Originally Posted by pakgamerz View Post
i have it installed on my server but it does not block the vpn that i want. And how i can see the detailed logs it doing under /cstrike/addons/amxmodx/logs* dont find any thing specific to proxysnort.

i hope you can advice so i can find something usefull
You need to add vpn=1 to the parameters which are used here:

Code:
formatex(constring,charsmax (constring), "GET /v2/%s?key=%s&inf=1&asn=1&risk=2&days=30&tag=%s,%s HTTP/1.0^nHost: proxycheck.io^n^n", Ip, token, tag, authid);

Last edited by pizzahut; 01-31-2021 at 06:26.
pizzahut is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 01-31-2021 , 06:08   Re: Proxy snort 1.3 (Updated 12/25/2020)
Reply With Quote #10

One could also just blacklist that AIN on Dashboard without touching source.

Locally what is logged you can search for by keyword proxy.

Code:
log_amx("%s, %s uses a proxy!", name, authid)
Further details are on Dashboard of proxycheck.io.

Thank you for testing.
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty a beauty cold and austere, like that of sculpture..." -Bertrand Russell

Last edited by DJEarthQuake; 01-31-2021 at 06:58. Reason: obvious typo
DJEarthQuake is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 12:08.


Powered by vBulletin®
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Theme made by Freecode