Raised This Month: $12 Target: $400
 3% 

Proxy snort 1.8 (Updated Jan 24th, 2024)


Post New Thread Reply   
 
Thread Tools Display Modes
Plugin Info:     Modification:   ALL        Category:   Server Management       
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 03-18-2020 , 23:19   Proxy snort 1.8 (Updated Jan 24th, 2024)
Reply With Quote #1

PROXY SNORT by SPiNX

This allows admins to monitor and take action with regards to problematic proxy and VPN gamers. Hackers.




Effective Protection
Whether you're running an internet based business, game server or blog our detection can help you mitigate the negative effects of proxy use.


Change log
1.0 to 1.1 Buffer and broadcast optimization.
1.1 to 1.2 Amxx182 compatibility.
1.2 to 1.3 Fully automatic mod tagging. Tuned 64-bit Provider Field.
1.3 to 1.4 Increment tasks out to go easy on sockets and messaging. Minimize messaging and silence it with Cvar proxy_debug 0. Check VPN as well as Proxy.
1.4 to 1.5 Interfaced with the queue made on clientemp script to keep socket use controlled. Adjusted CONN string for VPN.
1.5 to 1.6 Creates an ini file to save resources not rechecking same IP repeatedly.
1.6 to 1.7 Log/Print Type Responses to admins.
.
CVARS:
proxy_action: 0 is rename. 1 is kick. 2 is banip. 3 is banid. 4 is warn-only. 5 is log-only (silent).
proxy_debug: 0 stock is off. 1-5 is increasing amounts of feedback. 1. Basic socket. Shows their ISP in console only. 3. More Socket details including buffer. ISP in yellow to all. Proxy Risk percentile. 5 includes colored text each time socket is closed to all players.
sv_proxytag It's automatic based on mod type. One can however override this by adding a line to server.cfg or whatever file is executed on map change that you use.
sv_proxycheckio-key https://proxycheck.io/dashboard/ OPTIONAL::Click on REGISTER on the right. Enter e-mail address. They e-mail the key.

That grants 1000 polls instead of 100 into Enterprise edition of GeoIP Anonymous IP Database.

The dashboard makes this especially nice.
The most up-to-date versions of Proxysnort cache the results locally for optimization and to save your polls.

Full display
Spoiler

Get the SMA from Github!

Online compile / Amxx 182 unmodified
Spoiler
is NOT advised. Sockets are liable to be BLOCKING meaning low performance.
__________________

Last edited by DJEarthQuake; 01-26-2024 at 11:42. Reason: Added command to test IP instead of wait to connect.
DJEarthQuake is offline
Old 04-03-2020, 19:22
iceeedr
This message has been deleted by iceeedr. Reason: Lots of bullshit for nothing
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 04-04-2020 , 09:56   Re: Proxy snort
Reply With Quote #2

Code:
Run time error 4: index out of bounds @read_web (line 231) (line 247)
Provider and Risk buffers did it. Code is being remade.
__________________

Last edited by DJEarthQuake; 05-02-2020 at 10:17.
DJEarthQuake is offline
Old 04-04-2020, 19:33
iceeedr
This message has been deleted by iceeedr. Reason: Lots of bullshit for nothing
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 04-05-2020 , 16:17   Re: Proxy snort
Reply With Quote #3

The Run time capture.
Sniffing a public IP address...85.107.66.69, ALBAyy
ProxySnort 1.1 SPiNX | ALBAyy uses Turk Telekom for an ISP.
No proxy found on ALBAyy,
L 04/24/2020 - 03:28:10: [AMXX] Displaying debug trace (plugin "testing/proxysnort.amxx", version "1.1")
L 04/24/2020 - 03:28:10: [AMXX] Run time error 4: index out of bounds
L 04/24/2020 - 03:28:10: [AMXX] [0] proxysnort.sma::@read_web (line 248 )
85.107.66.69:46013:reconnect
Sniffing a public IP address...85.107.66.69, ALBAyy
ProxySnort 1.1 SPiNX | [TUR] ALBAyy uses Turk Telekom for an ISP."
ProxySnort 1.1 by SPiNX | [TUR] ALBAyy's risk is 0.
ProxySnort 1.1 by SPiNX | [TUR] ALBAyy's risk is 0.


telnet proxycheck.io 80
Trying 104.26.9.187...
Connected to proxycheck.io.
Escape character is '^]'.
GET /v2/85.107.66.69?key=public-6p1jr4-812285-047606&inf=1&asn=1&risk=2&days=30&tag=Alliedm odders,TUT HTTP/1.0
Host: proxycheck.io

HTTP/1.1 200 OK
Date: Sat, 25 Apr 2020 15:43:44 GMT
Content-Type: application/json
Connection: close
Set-Cookie: __cfduid=d527092090ea20d3986a4dd897927f9a6158 7829423; expires=Mon, 25-May-20 15:43:43 GMT; path=/; domain=.proxycheck.io; HttpOnly; SameSite=Lax
Cache-Control: max-age=2678400, s-maxage=10
Expires: Sat, 25 Apr 2020 15:43:54 GMT
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.7
CF-Cache-Status: MISS
Set-Cookie: __cflb=04dToZ2WKDQycavj4XaJcdNDqUiWEHNXq6ZzQ6 TaBf; SameSite=Lax; path=/; expires=Sat, 25-Apr-20 16:13:44 GMT; HttpOnly
Server: cloudflare
CF-RAY: 58992e642eb24969-STL
cf-request-id: 02539b574d000049696e194200000001

{
"status": "ok",
"85.107.66.69": {
"asn": "AS47331",
"provider": "Turk Telekom",
"continent": "Asia",
"country": "Turkey",
"isocode": "TR",
"region": "Izmir",
"regioncode": "35",
"city": "Izmir",
"latitude": 38.4127,
"longitude": 27.1384,
"proxy": "no",
"risk": 0
}
}Connection closed by foreign host.

Risk field is end of buffer. Cell copy was trying to grab past end of buffer.
__________________

Last edited by DJEarthQuake; 05-02-2020 at 10:17. Reason: Findings...
DJEarthQuake is offline
pizzahut
Senior Member
Join Date: Oct 2004
Old 10-28-2020 , 06:10   Re: Proxy snort 1.2 (Updated 10/08/2020)
Reply With Quote #4

About the tag, you could use http://www.amxmodx.org/api/amxmodx/get_modname to catch all mods.
Code:
new mod_name[32]
get_modname(mod_name, charsmax(mod_name))
set_pcvar_string(g_cvar_tag, mod_name)
Another thing, you're printing messages to everyone. IMHO it should go to admins only.

I use this in a different plugin:

Code:
for (new admin=1; admin<=32; admin++)
	if (is_user_connected(admin) && is_user_admin(admin))
		client_print(admin, print_chat, "(to admins) This is a test.")

Last edited by pizzahut; 10-28-2020 at 14:39.
pizzahut is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 10-28-2020 , 18:07   Re: Proxy snort 1.2 (Updated 10/08/2020)
Reply With Quote #5

Thank you for the tips pizzahut. Made some changes.
__________________

Last edited by DJEarthQuake; 12-26-2020 at 22:26.
DJEarthQuake is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 01-18-2021 , 07:36   Re: Proxy snort 1.2 (Updated 10/08/2020)
Reply With Quote #6

Uploaded thoroughly tested plugin with the enhanced Pizzahut code to catch all mods and to not be in the ubiquitous demo-mode by default. Only admins see the messages now.
Some ISP's use 64 characters. Since I worked that part over, the run-times on that trivial Provider poll should be a thing of the past as well as the truncation.
__________________
DJEarthQuake is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 01-19-2021 , 07:00   Re: Proxy snort 1.3 (Updated 12/25/2020)
Reply With Quote #7

Dear djearthquake,

We have accepted your plugin and added it to our website here: https://proxycheck.io/plugins/ under the Source Engine tab.
__________________
DJEarthQuake is offline
pakgamerz
AlliedModders Donor
Join Date: Aug 2017
Old 01-30-2021 , 16:06   Re: Proxy snort 1.3 (Updated 12/25/2020)
Reply With Quote #8

i have it installed on my server but it does not block the vpn that i want. And how i can see the detailed logs it doing under /cstrike/addons/amxmodx/logs* dont find any thing specific to proxysnort.

i hope you can advice so i can find something usefull
pakgamerz is offline
pizzahut
Senior Member
Join Date: Oct 2004
Old 01-31-2021 , 06:04   Re: Proxy snort 1.3 (Updated 12/25/2020)
Reply With Quote #9

Quote:
Originally Posted by pakgamerz View Post
i have it installed on my server but it does not block the vpn that i want. And how i can see the detailed logs it doing under /cstrike/addons/amxmodx/logs* dont find any thing specific to proxysnort.

i hope you can advice so i can find something usefull
You need to add vpn=1 to the parameters which are used here:

Code:
formatex(constring,charsmax (constring), "GET /v2/%s?key=%s&inf=1&asn=1&risk=2&days=30&tag=%s,%s HTTP/1.0^nHost: proxycheck.io^n^n", Ip, token, tag, authid);

Last edited by pizzahut; 01-31-2021 at 06:26.
pizzahut is offline
DJEarthQuake
Veteran Member
Join Date: Jan 2014
Location: Astral planes
Old 01-31-2021 , 06:08   Re: Proxy snort 1.3 (Updated 12/25/2020)
Reply With Quote #10

One could also just blacklist that AIN on Dashboard without touching source.

Locally what is logged you can search for by keyword proxy.

Code:
log_amx("%s, %s uses a proxy!", name, authid)
Further details are on Dashboard of proxycheck.io.

Thank you for testing.
__________________

Last edited by DJEarthQuake; 01-31-2021 at 06:58. Reason: obvious typo
DJEarthQuake is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 19:31.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode