With cordite in the air, splintered steel, shell casings and powder burns, there’s only one explanation...
Game server information & questions.

Moderators: Pardner, Joe Kari, TheDoctor

Postby TheDoctor » Sat Sep 25, 2010 11:31 am

mLy/rane's proposition could be easily implemented:

On one side, you need a web-server hosting a banlist file. Adding, deleting, commenting is done manually by whoever volunteers to maintain the list. The syntax should be bans_by_ip.pl compatible. The only thing required here is a syntax checker.

On the other side, you have for every server a bans_by_ip.pl with it's local banlist (server-specific bans, possibly an empty list). These could be hosted anywhere (on the game server, on the web server or a third computer). One would have to extend bans_by_ip.pl with the functionality to download a list via http every n minutes. One should also add a local whitelist functionality (Example: whitelist: 127.0. # allow localhost). Both things are easily implemented.

Is this what you had in mind? It is certainly a simple, low-tech solution using mostly what we already have.
User avatar
TheDoctor
Smokin' Amigo!
 
Posts: 758
Joined: Sun Jun 06, 2010 3:31 am



Postby sparcdr » Sat Sep 25, 2010 4:03 pm

Steps are noted as n.) prefixed; [url] and (n) = note suffixed.

General Considerations:
Automation -
1.) Simple batch file on Win32 using: Scheduled Tasks || UNIX-like using: Cron.

I/O -
3.) Check if bans file is locked (2)
4.) File retrieval via [Perl WWW:Curl]
Download bans.txt (2)
Download whitelist.txt (2)
5.) Bans file read (Buffer existing copy) (2)
6.) File compare (Download versus buffer) (2)
Using a module such as: [String::Diff] (Compare lists to remove redundancy)
7.) File write (Append differences to end) (2)

Logging -
8.) Append run report to a file (2)
Using: Log::Log4perl
9.) Log rotation (Append for the day, turn over the next)

Exception handling:
Catch curl status (1)
Catch read/write errors (2)
2.) Check for running instance

Central server considerations:
Dispatch -
10.) Email summarized report of all entries daily [Log4perl.Appender.Mailer -> Log::Dispatch::Email::MailSend]

Other modules to take note of:
Authen::Libwrap (TCPWrappers/Hosts File Access)

Reasoning:
1.) Sleeping infinite runtime programs are unnecessary
2.) Avoid possible locking issues
3.) Avoid possible locking/permissions issue, aid exception handling
4.) No need to say why
5.) To aid for comparison need
6.) In case one server versus the others has additional entries
7.) No need to rewrite and use extra disk i/o as a comparison was done
8.) So administrators can get a digest
9.) Prevent buildup, simplify what was actually done
10.) Central server should be aware of all of the bans which were added and make all involved admins aware to prevent abuse
sparcdr
SG Team
 
Posts: 334
Joined: Wed Jun 13, 2007 3:41 pm



Postby Bodie » Mon Sep 27, 2010 7:53 pm

We seem to be having some odd behaviour in Jeux with the script. Earlier NUB Muffin told me he could re-connect after initial removal and not be kicked, today mly observed this:

14:27 <mouly_jr> weird stuff just now
14:28 <mouly_jr> I saw wb/phantom (89.244;x;x) get kicked forom the script
14:28 <mouly_jr> he reconnect
14:28 <mouly_jr> and was not kicked
14:28 <mouly_jr> later another 89.244 connected and he was also not kciked
14:28 <mouly_jr> and later rcon addip to ban other players didn't work either

Looks like if the person reconnects during one script's cycle, it later might get ignored for some reason. I'm still trying to produce this reliably and see how the script can be bypassed - can't really nail the particular problem with it. Might be a problem with recognition - might also be a problem with kicking itself. I can't access log easily, when one of roots is online I'll try to share what script spits when ban is circumvented.

Until then, any quick ideas what's wrong?
SG names: Bodie (aka mS // Donnie).
Admin on Jeuxlinux, RAWHIDE, #sg.wars and some other servers.
User avatar
Bodie
Jeuxlinux Admin
 
Posts: 633
Joined: Thu Mar 26, 2009 7:59 pm



Postby TheDoctor » Mon Sep 27, 2010 11:36 pm

rane wrote:Until then, any quick ideas what's wrong?

No. The script is basically a continuous loop which first queries "rcon status" and then checks the IP of every player against the banlist.

I'll assume
1.) you have banned a certain IP segment (e.g. 89.244.) and
2.) you have seen the ban working once and
3.) you did not change the banlist in the meantime and
4.) a previously kicked player, reconnecting with the same IP 89.244.*.*, was not kicked again in the following 10-20 minutes

Then, the problem must be repetitive, meaning it occurs in every iteration. Because, even if kicking a player fails once, in the next loop, all IPs are checked again. As a banned player, you are not safe even if you managed to connect to the server. I speculate, either

A.) the status query fails (again a timing issue?),
B.) the status is not correctly parsed,
C.) the kick fails (still a timing issue?).

You can confirm or exclude C by checking the log whether the script did detect the unwanted player. I can test B, if you do a \condump of a manual "rcon status" when you observe faulty behavior. If A is the problem, you should have problems to query the status yourself.

Be aware, if the script misses a status, it will sleep for 30 seconds to give the server a chance to recover. If it fails to query the status for ten times (e.g. server down), it will sleep for 5 minutes. During sleep phases, no checks are done (the server is 'unprotected' during these times). As soon as a status is received, all IPs are checked again. One could call this a best effort protection.
User avatar
TheDoctor
Smokin' Amigo!
 
Posts: 758
Joined: Sun Jun 06, 2010 3:31 am



Postby Bodie » Tue Sep 28, 2010 1:22 am

Points 1-4 are correct.

5 minutes sleep caused by missing a status looks like very probable reason of the issue. All players rejoin a few times having been kicked until they eventually give up. Phantom yesterday rejoined 19 times before he gave up.

Logs say nothing is wrong. I think it wouldn't be a bad idea to include information missing the status and information about sleeping for 0.5 and 5 minutes in the log.

In the long run, if the script turns into a more complex admin tool, it could get a feature of banning people temporarily for n hours if they make x reconnections during y minutes. It'd require measuring length of g_banips if there's space for extra bans, adding a ban, measuring time and then removing the ban after that time passes. It'd be an overkill to write it now for our limited uses - but it's not a bad plan to prevent DOS-ing when the script is more widely used.

Logs from both incidents are here, for reference:

Fri Sep 24 16:31:52 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 16:37:29 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 16:37:47 2010: say ^3!^1D^7k^3!^1Y^7unus^3!, IP 89.244.199.108, was ^3kicked^7. Reference: ^3line 3^7.
Fri Sep 24 16:38:51 2010: say ^1^^8Eko^1^^1 , IP 89.244.221.74, was ^3kicked^7. Reference: ^3line 3^7.
Fri Sep 24 16:53:18 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:02:12 2010: say ^7#^5K^7o^5S^7#^5M^7aste^5R!, IP 89.244.218.253, was ^3kicked^7. Reference: ^3line 3^7.
Fri Sep 24 17:18:25 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:18:58 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:19:16 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:19:35 2010: say ^1^^8Eko^1^^1 , IP 89.244.232.34, was ^3kicked^7. Reference: ^3line 3^7.
Fri Sep 24 17:19:53 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:25:14 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:26:33 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:27:06 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:30:42 2010: say oma, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 17:43:23 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Fri Sep 24 18:22:25 2010: say ^1!^3N^1u^3B^1!^3m^1uffin, IP 84.153.184.19, was ^3kicked^7. Reference: ^3line 1^7.
Mon Sep 27 14:07:24 2010: say ^^8|WB|P^1hantom, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:50:59 2010: say ^^8|WB|P^1hantom, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:50:59 2010: say amk, IP 89.244.210.97, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:51:20 2010: say ^^8|WB|P^1hantom, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:51:20 2010: say amk, IP 89.244.210.97, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:51:42 2010: say ^^8|WB|P^1hantom, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:51:42 2010: say amk, IP 89.244.210.97, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:52:03 2010: say ^^8|WB|P^1hantom, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:52:21 2010: say ^^8|WB|P^1hantom, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:52:40 2010: say , IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:53:13 2010: say i fuck your mom , IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:53:31 2010: say i fuck your mom , IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:54:05 2010: say i fuck your mom , IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 14:56:54 2010: say console du hurensohn, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 15:27:01 2010: say console du hurensohn, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 15:27:19 2010: say console du hurensohn, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
Mon Sep 27 15:27:38 2010: say console du hurensohn, IP 89.244.203.111, was ^3kicked^7. Reference: ^3line 3^7.
SG names: Bodie (aka mS // Donnie).
Admin on Jeuxlinux, RAWHIDE, #sg.wars and some other servers.
User avatar
Bodie
Jeuxlinux Admin
 
Posts: 633
Joined: Thu Mar 26, 2009 7:59 pm



Postby TheDoctor » Tue Sep 28, 2010 9:07 pm

I've updated the script (details in second post, download link as in first post), adding the global banlist functionality.

rane wrote:5 minutes sleep caused by missing a status looks like very probable reason of the issue.

After going through the code, I was able to identify the responsible bug: the fail counter was not reset in case of a successful status query. Instead, missing statuses were added up until the limit of 10 was reached, triggering the 5 minute sleep phase.

rane wrote:I think it wouldn't be a bad idea to include information missing the status and information about sleeping for 0.5 and 5 minutes in the log.

Done.

rane wrote:It could get a feature of banning people temporarily for n hours if they make x reconnections during y minutes. It'd require measuring length of g_banips if there's space for extra bans, adding a ban, measuring time and then removing the ban after that time passes.

Using g_banIPs is a good idea I picked up. However, I followed the simpler idea to just add the last triggered IP-prefix to g_banIPs (if the value of banIPs is less than <200 characters). The script removes it's previously added IP-prefix beforehand to prevent the growth of g_banIPs.

Red agreed to try out the script for Rawhide. This gave (and continues to give) me the opportunity to test this script under real-world conditions (= lag, packet loss, ...) and to revise it.
User avatar
TheDoctor
Smokin' Amigo!
 
Posts: 758
Joined: Sun Jun 06, 2010 3:31 am



Postby ReD NeCKersoN » Wed Sep 29, 2010 2:19 am

TheDoctor wrote:Red agreed to try out the script for Rawhide.

Yep! We appreciate it Doc. Rawhide is getting hard to handle lately. 8O
Image
User avatar
ReD NeCKersoN
SG Team
 
Posts: 3245
Joined: Wed Mar 27, 2002 6:22 am
Location: VA, USA



Postby Bodie » Thu Oct 07, 2010 5:11 am

It's working great. :-)

Another idea I had would be allowing script do "dumpuser" everyone who's on the server and then letting it ban people based on GUID which is displayed there.

But that would require figuring out how to "dump" players who have spaces in their nicknames or other special characters. Because there's no "clientdump" for dump like there's "clientkick" for kick allowing to use ID instead of nickname as an attribute.
SG names: Bodie (aka mS // Donnie).
Admin on Jeuxlinux, RAWHIDE, #sg.wars and some other servers.
User avatar
Bodie
Jeuxlinux Admin
 
Posts: 633
Joined: Thu Mar 26, 2009 7:59 pm



Postby Bodie » Mon Nov 29, 2010 7:48 pm

Something is odd regarding bans.

Adding "91.2." even when there's a dot in the end results in people with "91.212" being banned nevertheless.

It looks like it doesn't respect dots at the end of the bans when checking who's eligible for a kick.
SG names: Bodie (aka mS // Donnie).
Admin on Jeuxlinux, RAWHIDE, #sg.wars and some other servers.
User avatar
Bodie
Jeuxlinux Admin
 
Posts: 633
Joined: Thu Mar 26, 2009 7:59 pm



Postby TheDoctor » Tue Nov 30, 2010 12:04 am

rane wrote:it doesn't respect dots at the end of the bans when checking who's eligible for a kick.

Confirmed. And fixed and updated (see first and second post). I've also updated and restarted the script for SB and Rawhide.
User avatar
TheDoctor
Smokin' Amigo!
 
Posts: 758
Joined: Sun Jun 06, 2010 3:31 am



Postby Bodie » Tue Nov 30, 2010 1:56 am

Thanks for the quick fix. I'll try to get an update for Jeux right away. :-)
SG names: Bodie (aka mS // Donnie).
Admin on Jeuxlinux, RAWHIDE, #sg.wars and some other servers.
User avatar
Bodie
Jeuxlinux Admin
 
Posts: 633
Joined: Thu Mar 26, 2009 7:59 pm



Postby Turk » Wed Jan 05, 2011 2:56 pm

we rent our linux servers with limited access. what can we do if anything to help us and the community. at present 17 banns and have to remove 1 to add 1 8)
Turk
Drifter
 
Posts: 20
Joined: Tue Jan 27, 2009 3:25 am



Postby TheDoctor » Wed Jan 05, 2011 3:33 pm

Turk wrote:We rent our linux servers with limited access. What can we do if anything to help us and the community?

The above script is designed so that it can run on any other computer with internet access and Perl (interpreted computer language; found on any Unix/Linux system) installed.

If you or a trusted friend have/has access to such a server, you can download, edit (=configure) and run it yourself. Otherwise, I can offer you to run the script for you (in the same way I do for Rawhide). In that I case, you would have to entrust me with your RCON password (for this sole use). Write a mail to oa.doctor@gmail.com.

The script provides it's own in-game RCON-based user interface (as described above). But it can also read an external "global" text file such as http://bb.smokin-guns.org/lists/ip_banlist.txt. (If you use IE, you need to manually copy the URL into the address bar and type in the username admins and the passwort cooperate.
User avatar
TheDoctor
Smokin' Amigo!
 
Posts: 758
Joined: Sun Jun 06, 2010 3:31 am



Postby Turk » Wed Jan 05, 2011 4:29 pm

looked great email sent thanks 8)
Turk
Drifter
 
Posts: 20
Joined: Tue Jan 27, 2009 3:25 am



Postby Bodie » Thu Feb 03, 2011 7:43 pm

It would be great if the script supported exceptions.

Something like:

1.2. -1.2.3.4 # comment

Meaning everyone who has IP starting with 1.2. is banned except for 1.2.3.4. This would allow to ban those cheaters within wide ranges provided by for example Deutsche Telekom without banning innocent people who only would need to register new address with admins to get access to the server.

For some examples, Ger Saske shares IP range with quite a few German players, Dago and Daber among them. RP Highsteric and Remover have a cheater in their range called LG Confused. NUB Ron shares provider and range with half a dozen of Israeli players. There are some nasty Greek teamkillers sharing IP range with our admin, Myrmidonas.

Are you up for some perl to update our scripts with this feature? :-)
SG names: Bodie (aka mS // Donnie).
Admin on Jeuxlinux, RAWHIDE, #sg.wars and some other servers.
User avatar
Bodie
Jeuxlinux Admin
 
Posts: 633
Joined: Thu Mar 26, 2009 7:59 pm



PreviousNext

Return to Telegraph Station

Show Sidebar
Show Sidebar

User Control Panel