deflood

[plop]

-----------------------------
-- V4.3
-----
-- added protection against GetNickList floods (thx to psf8500).
-- added protection against fake MyInfo's with random chars (thx to psf8500).
-- added protection against fake IP's on ConnectToMe (thx to psf8500).
-- changed removed the need for 2 versions of deflood, mode can be set from the script now.
-- changed made it optional to set what to do with flooders (no need 2 mod the script anymore).


it can be found on my website.

plop

* note 2 the mods: delete any post which has nothing 2 do with the development of deflood.

[plop]

---------------------------------------------
-- V4.3.1
-----
-- changed the amount of times a user can do $GetNickList can be set from the config.
-- added table with imune IP's on the fake $ConnectToMe's (some hubowners need this).

plop

[(=CyberPimp=)]

Great work and It works fine, just 1 question. Does the header use memory, it?s a quite big header. Sould I cut the header off? ?(

Sorry I had to edit this, i?m haveing problem with connect to me hub flooder, some of my users can?t get in unless thay are passive.  

[psf8500]

About fake $ConnectToMe's it is possible for users to innocently send the wrong IP.

Try entering a random IP in Settings in DC++ for example.

Instead of sending "You are now banned on suspision of using a hub flooder!!" to people who send invalid ConnectToMe's maybe you should send them a message saying what IP they should be using.

If there IP is wrong they won't be able to download anyway so it'll be helping them

[(=CyberPimp=)]

Yep It?s just a problem helping solving this cos most ppl have routers here in iceland and thay want to be active. But I think of something to make this work.

[blackwings]

Originally posted by psf8500
About fake $ConnectToMe's it is possible for users to innocently send the wrong IP.

Try entering a random IP in Settings in DC++ for example.

Instead of sending "You are now banned on suspision of using a hub flooder!!" to people who send invalid ConnectToMe's maybe you should send them a message saying what IP they should be using.

If there IP is wrong they won't be able to download anyway so it'll be helping them :)

and the "GetNickList flood", can a innocent user get banned for that? Like is there a DC client that might update the User list to often???

[plop]

a timeban with a reason showing info about active mode and the correct ip 2 be used should indeed solve it.
gone build 4.3.2 in a couple mins.

@ (=CyberPimp=): pls don't ever strip the header, it's only 2.44KB.
lua may be a scripting language, it's compiled the moment you start it.
comments like the header is aren't needed 2 run the script and are therefor dropped from memory.
and not 2 forget i somethimes have 3-4 updates per day on it with the same version number (i'm trying 2 avoid this now) on which the comments/header is the only proof for the version.

plop

[(=CyberPimp=)]

When I say header I meen the version number texts, thats not requiured to run the script but it is a good to know text. It would be best to have the vesion on a another file and relese the files in a zip file or som. But if it doesent take memory it don?t matter, you know whats best.

[plop]

---------------------------------------------
-- V4.3.2
-----
-- changed the $ConnectToMe has now only the option to do a timeban of x minutes.
-- instead of showing "you banned" it gives the correct IP and links to some site's
-- with info about how to setup active mode while being behind a router.
----------------------------------------------------------------------

@ (=CyberPimp=): even if it would take memory it's neglactible.
it wouldn't reduce the preformancea and compaired with other languages the 2.4KB is a fraction.
ptokax starts processing the script on dataarival, thats halfway the script.
now on many other scripting languages you would be right, like php/html.

plop

[(=CyberPimp=)]

ok tanx, thats good to know

[plop]

Originally posted by (=CyberPimp=)
ok tanx, thats good to know

yw.

plop

[uffetjur]

Nice Opti Your script is worth a golden star

[Herodes]

Originally posted by uffetjur
Nice Opti Your script is worth a golden star

hmm. ... somthing is wrong .. Lol

[plop]

Originally posted by uffetjur
Nice Opti Your script is worth a golden star

ploppy ~= opti

lol

plop

[Reefa]

Hello mate,

It seems some of our modem users are still getting kicked for the fake connectToMe...

Even one of the ops was having trouble  and he had nothing in his IP box!

Can anything be done?

Thanks,

Reef

[plop]

Originally posted by Reefa
Hello mate,

It seems some of our modem users are still getting kicked for the fake connectToMe...

Even one of the ops was having trouble :P  and he had nothing in his IP box!

Can anything be done?

Thanks,

Reef :)

the connecttome is only for clients which work in active mode.
if you leave it empty it won't send an ip, which has the result that it doesn't work.
no ip == nothing 2 connect 2.
same for dailup, they need 2 fill in there ip if they wanne work in active mode.

plop

[Reefa]

lol ok thanks!

[NotRabidWombat]

Leaving the IP field blank should default to the IP used by your network device. You probably should check for private IP ranges that are incorrect rather than malicious.

10.0.0.0 / 8
172.16.0.0 / 12
192.168.0.0 / 16

-NotRabidWombat

[plop]

Originally posted by NotRabidWombat
Leaving the IP field blank should default to the IP used by your network device. You probably should check for private IP ranges that are incorrect rather than malicious.

10.0.0.0 / 8
172.16.0.0 / 12
192.168.0.0 / 16

-NotRabidWombat

but incorrect settings is a human factor on something which could be malicious.
there are 2 things humans can do wrong here by accident, set the private ip in the settings or the wrong wan ip.
this last happens a lot on ppl whith dynamic ip's.
but either way doing the extra check you suggested is a nice thing 2 do, it can show them precisely what they are doing wrong.

plop

[NotRabidWombat]

What I am mean is those three IP ranges can _not_ be malicious. They simply will not resolve outside of a private network.

-NotRabidWombat

[Reefa]

Sup man!

Would it be possible to make OPs and VIPs immune from the fake ConnectToMe check?

Thanks,

Reef

[blackwings]

or maybe even remove the ConnectToMe, some like some users doesn't understand even if the bot tells them about it.

EDIT: or for us that have reg hubs, that only non regged users get checked for ConnectToMe.

[(=CyberPimp=)]

it?s no problem removeing ConnectToMe if that?s what you want. Just remove the following code from the script:

  elseif strsub(data, 1, 12) == "$ConnectToMe" then
      local s,e,ip = strfind(data, "(%S+):%d+|$")
      if ip and tIPs[user.sIP] == nil then
         if ip ~= user.sIP then
            user:SendPM(Bot, "You have the wrong IP in the active settings from your DC client!!\r\n"..
               "You have set it to "..ip..", the IP you should have set it on is: "..user.sIP..".\r\n"..
               "For Safety reasons you are now banned for "..iConnect.." minutes\r\n"..
               "For more info about how to setup active mode you should look at the next website's:\r\n"..
               "Default router setup manual: --->  [URL]http://www.plop.nl/lua_tools/dc-active.zip\r\n[/URL]"..
               "Specialized router manuals: ---> [URL]http://www.portforward.com\r\n[/URL]"..
               "Official dc++ faq: ---> [URL]http://dcplusplus.sourceforge.net/faq/faq.php?display=faq&faqnr=11&catnr=2&prog=1&lang=en&onlynewfaq=1[/URL] |")
            msg = user.sName.." - "..user.sIP.." - "..date().." - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (fake ConnectToMe)"
            StoreLog(user.sName, msg)
            user:TimeBan(iConnect)
            return 1
         end
      end

[blackwings]

(=CyberPimp=), thanx, but that's just a temporary solution for me. The best thing for me, would be if the ConnectToMe was only checked on unregged users.

[(=CyberPimp=)]

I can?t see your point, why have it at all if it?s only for non reg.