Proxy snort 1.8 (Updated Jan 24th, 2024) - Page 5

galebhasis · 07-17-2021 , 17:14 Re: Proxy snort 1.3 (Updated 12/25/2020)

Quote:

Originally Posted by DJEarthQuake

Try CVAR proxy_debug 0. I've updated it. Thank you for heads up!

OMG u rock dude this plugin is saving our server!

DJEarthQuake · 07-17-2021 , 17:20 Re: Proxy snort 1.4 (Updated 07/17/2021)

Glad you found script useful. Proxy_debug 0 will make it near silent. Download 1.4. The new copy blocks VPN. 1.3 and lower only did proxy. Each time the socket closed it was sending that colorful text message, now only on proxy_debug 5. It will run much smoother now.

DeNeDe · 08-22-2021 , 15:00 Re: Proxy snort 1.5 (Updated 08/05/2021)

So i've used this today.. Everything installed properly. i've entered my server with my normal ip, looked at the logs and i saw how it checked the ip and said no proxies used..good
Then i entered the server again while my vpn was connected and ... it said no proxies detected
I've checked my vpn ip on the service site, in the dashboard and indeed it says Proxy.

DJEarthQuake · 08-23-2021 , 05:15 Re: Proxy snort 1.5 (Updated 08/05/2021)

It has been corrected. Thank you. That is also why the SteamIDs were not showing on Dashboard any longer.

**HamletEagle** · 08-23-2021 , 08:35 Re: Proxy snort 1.5 (Updated 08/23/2021)

I'm interested in reviewing this, but I'd like someone to confirm that it works before I start checking the code.

Shadows Adi · 08-23-2021 , 10:32 Re: Proxy snort 1.5 (Updated 08/23/2021)

Code:

ProxySnort 1.5 by SPiNX:Starting to open socket!
08/23/2021 - 16:48:47: Invalid CVAR pointer
08/23/2021 - 16:48:47: [AMXX] Displaying debug trace (plugin "test.amxx", version "1.5")
08/23/2021 - 16:48:47: [AMXX] Run time error 10: native error (native "get_pcvar_num")
08/23/2021 - 16:48:47: [AMXX] [0] test.sma::@write_web (line 229)
ProxySnort 1.5 by SPiNX:reading the socket
08/23/2021 - 16:48:47: Invalid CVAR pointer
08/23/2021 - 16:48:47: [AMXX] Displaying debug trace (plugin "test.amxx", version "1.5")
08/23/2021 - 16:48:47: [AMXX] Run time error 10: native error (native "get_pcvar_num")
08/23/2021 - 16:48:47: [AMXX] [0] test.sma::@read_web (line 414)

Fix:

PHP Code:


			
if(get_pcvar_num(g_clientemp_version))



->>



if(g_clientemp_version && get_pcvar_num(g_clientemp_version))

Or you can check if cvar exists.

And it also doesn't show the risk:

Code:

ProxySnort task input time = 5.000000
Checking connected user if not a bot
Sniffing a public IP address...192.40.57.227, Adi
ProxySnort 1.5 by SPiNX:Starting to open socket!
ProxySnort 1.5 by SPiNX:Is socket writable?
ProxySnort 1.5 by SPiNX:Yes! Writing to the socket of Adi
ProxySnort 1.5 by SPiNX:reading the socket
ProxySnort 1.5 by SPiNX:reading the socket
Proxy sniff...192.40.57.227|STEAM_0:0:195136759
08/23/2021 - 17:01:25: [test.amxx] Adi, STEAM_0:0:195136759 uses a proxy!
No proxy found on Adi, STEAM_0:0:195136759
ProxySnort 1.5 SPiNX | Adi uses Performive LLC for an ISP.
ProxySnort 1.5 by SPiNX | Adi's risk is 0.
Dropped Adi from server
Reason: Kicked :"Anonymizing is NOT allowed!"

GET Request:

Code:

{
    "status": "ok",
    "192.40.57.227": {
        "asn": "AS46562",
        "provider": "Performive LLC",
        "continent": "Europe",
        "country": "Netherlands",
        "isocode": "NL",
        "region": "North Holland",
        "regioncode": "NH",
        "city": "Amsterdam",
        "latitude": 52.3716,
        "longitude": 4.8883,
        "proxy": "yes",
        "type": "Compromised Server",
        "risk": 100,
        "attack history": {
            "Total": 22,
            "Login Attempt": 22
        }
    }
}

Fix:

On line 363

PHP Code:


			
copy(risk, charsmax(risk), proxy_socket_buffer[containi(proxy_socket_buffer, "risk") + 5])



->>



copy(risk, charsmax(risk), proxy_socket_buffer[containi(proxy_socket_buffer, "risk") + 7])

In rest, it seems to work as intended.

DeNeDe · *Last edited by DeNeDe; 08-23-2021 at 10:44.*

More issues would be that it might lag the server doing all those checks in the background? Won't be better to use the geoip module integration instead?
i've seen geoip has now databases for vpn/proxies detection too..also for ASN(s)

Shadows Adi · 08-23-2021 , 11:40 Re: Proxy snort 1.5 (Updated 08/23/2021)

Quote:

Originally Posted by DeNeDe

More issues would be that it might lag the server doing all those checks in the background? Won't be better to use the geoip module integration instead?
i've seen geoip has now databases for vpn/proxies detection too..also for ASN(s)

GeoIP Module doesn't support this.

DJEarthQuake · 08-23-2021 , 22:33 Re: Proxy snort 1.5 (Updated 08/23/2021)

Thanks @Shadows Adi. Native find_plugin_byfile was needed later down the line when companion plugin, clientemp, is tested and disabled.

Run-time error happens occasionally. I had to use copyc and end it on the end of buffer bracket.

krisztian2 · 11-24-2021 , 13:24 Re: Proxy snort 1.5 (Updated 09/25/2021)

Dear DJEarthQuake!

This plugin is not work for me.
But in amxx plugins list the plugin status is running.
I created an account on proxycheck and I set API key in this plugin cvar.