deflood

[plop]

Originally posted by Dj_OcTaGoN
Yeah it works great, thanx!

Now to another thing...Is it possible PtokaX can cause Deflood THINK users are searchflooding?
Lately in one of our hubs a lot of users including a lot of our OPs got banned for seachflooding...this have happened 3 times now.

cheers // Dj_OcTaGoN

search for

iMaxSrch = 4

and increase it a bit.
i have a small  hub with no dowloads so it was a bit of a guess 2 put in on 4.

plop

[Meka][Meka]

Originally posted by plop

Originally posted by Meka][Meka

Originally posted by plop

----------------------------------------------------------------------
-- V4.5.4
-----
-- added filter for nemesis (thx some mystery guy).
----------------------------------------------------------------------

funny thing is, i dont see any fix for nemesis....

thats the name i guessed from the msg shown in the chat.
why don't you send/show me nemesis and give the right name for the flooder i fixed.

plop

ok paste what the flood looked like, and what u did to fix it, and maybe i can help u out ;)

[blackwings]

One of my Ops got banned for using a hub flooder when she didn't, can you check for a possible bug in the "fake nick version" check?

 Emily - 217.215.***.** - 11/02/04 21:08:02 - banned for using a hub flooder!! (fake nick version)

[plop]

Originally posted by blackwings
One of my Ops got banned for using a hub flooder when she didn't, can you check for a possible bug in the "fake nick version" check?

 Emily - 217.215.***.** - 11/02/04 21:08:02 - banned for using a hub flooder!! (fake nick version)

how about a wrong raw command on her side?

plop

[blackwings]

hmm, it does seem to be a bug in the fake nick check., because now two users that didn't use a hubflooder.
I noticed one thing that at the same time they got banned for fake nick flooder, they also got kicked by RoboCop for advertising.
And it wasn't a adress is a spam message, both time these two users chatted in the main chat and was just
mentioning the adress(I was reading the chat both times when it happend). So Now I'm thinking if there is some kind of conflict
between RoboCop and deflood? I don't really care if advertiser get banned, but it is a bug and you should take a look on it.

[plop]

Originally posted by blackwings
hmm, it does seem to be a bug in the fake nick check., because now two users that didn't use a hubflooder.
I noticed one thing that at the same time they got banned for fake nick flooder, they also got kicked by RoboCop for advertising.
And it wasn't a adress is a spam message, both time these two users chatted in the main chat and was just
mentioning the adress(I was reading the chat both times when it happend). So Now I'm thinking if there is some kind of conflict
between RoboCop and deflood? I don't really care if advertiser get banned, but it is a bug and you should take a look on it.

can you try running some other script for a week or so, so we can find out if it's deflood or RC.
it's all a bit weird as i never heared other ppl complain about this.

plop

[blackwings]

can't do that at the moment, my hub is in a sensitive state now and I don't want to start messing around with new scripts.

anyway plop, could you add this one to the bad tag list? = ']['??M?LiT?

And there seem to be also a new spam hub flooder, one thin it is it spams the main chat, deflood spam protection kicks in, but I think this need to be checked anyway.

EDIT: does your script descriptionsaver.lua(the script that logs new hub flooders) slow down the hub?

[plop]

Originally posted by blackwings
can't do that at the moment, my hub is in a sensitive state now and I don't want to start messing around with new scripts.

anyway plop, could you add this one to the bad tag list? = ']['??M?LiT?

And there seem to be also a new spam hub flooder, one thin it is it spams the main chat, deflood spam protection kicks in, but I think this need to be checked anyway.

EDIT: does your script descriptionsaver.lua(the script that logs new hub flooders) slow down the hub?

change line 434, remove the "owned you".
deflood slows the hub down a lot more, as it uses fulldata mode.
there are several new flooders, but there's also a new deflood on the way.
yesterday i started on deflood 5.0 and it works different but more effective.
i'm still in doubt about a couple parts which should be added and i'm gone need some folks who dare 2 help me tweak it.
every1 willing 2 help me on this can send me an email and i'll inform them how they can get there hands on it.

plop

[blackwings]

Originally posted by plop
change line 434, remove the "owned you".
deflood slows the hub down a lot more, as it uses fulldata mode.
there are several new flooders, but there's also a new deflood on the way.
yesterday i started on deflood 5.0 and it works different but more effective.
i'm still in doubt about a couple parts which should be added and i'm gone need some folks who dare 2 help me tweak it.
every1 willing 2 help me on this can send me an email and i'll inform them how they can get there hands on it.

plop

I have a hub with about 100 user and I have a fast internet connection, will I notice anything at all if I use the descriptionsaver?

and the thing with helping you tweak the new deflood 5.0, in what way did you had in mind that people could help you?

[plop]

Originally posted by blackwings
I have a hub with about 100 user and I have a fast internet connection, will I notice anything at all if I use the descriptionsaver?

depends on your server/hdd.
but it's not much of a load.

Originally posted by blackwings
and the thing with helping you tweak the new deflood 5.0, in what way did you had in mind that people could help you?

there are several settings which need 2 be checked, i just made guesses here.
as my hub isn't public and on top of that allready secured by ppk, i 1st of all have no need 2 run deflood and 2nd it wouldn't do anything because of the fixes inside ptokax.
the tests should be on normal use without flooders and flooding with users in the hub.
this goes for tiny hub's 2 as big as possible.
and quiet hubs to hub's with ppl who can't stop talking.
basicly all types of hub's possible.
pref trying as many different hub flooders as possible (i don't any supply flooders).
it shouldn't be a problem if you wanna help but don't have any flooders, i hope the other testers who have are willing 2 help here.

plop

[blackwings]

Originally posted by plop

Originally posted by blackwings
I have a hub with about 100 user and I have a fast internet connection, will I notice anything at all if I use the descriptionsaver?

depends on your server/hdd.
but it's not much of a load.

I have =
AMD XP2400+ 2.0GHz
512 MB DDR(266Mhz)
Windows XP
Seagate Barracuda 7200.7 120GB 7200RPM UATA/100 8.5ms 25dB 8MB
10Mbit dl & ul speed

so with that hardware, fast internet connection, only about 100 users, will I notice anything? Like few extra second to login, small lag in mainchat etc?

[bastya_elvtars]

Seagate Barracuda 7200.7 120GB 7200RPM UATA/100 8.5ms 25dB 8MB

brrrrrrrr  :D

[blackwings]

Originally posted by bastya_elvtars

Seagate Barracuda 7200.7 120GB 7200RPM UATA/100 8.5ms 25dB 8MB

brrrrrrrr  :D

I know that SATA or SCSI are faster, but mine is ok for a UATA :P

[blackwings]

I got this error message from your descriptionsaver.lua script =
Syntax error: `for' table must be a table
stack traceback:
   1:  function `save' at line 15 [file `C:\ptokax\scripts\descriptionsaver.lua']
   2:  function `DataArrival' at line 36 [file `C:\ptokax\scripts\descriptionsaver.lua']

Syntax error: attempt to index global `HugeTable' (a nil value)
stack traceback:
   1:  function `DataArrival' at line 26 [file `C:\ptokax\scripts\descriptionsaver.lua']

I also use "deflood4.5.4"

[plop]

Originally posted by blackwings
I got this error message from your descriptionsaver.lua script =
Syntax error: `for' table must be a table
stack traceback:
   1:  function `save' at line 15 [file `C:\ptokax\scripts\descriptionsaver.lua']
   2:  function `DataArrival' at line 36 [file `C:\ptokax\scripts\descriptionsaver.lua']

Syntax error: attempt to index global `HugeTable' (a nil value)
stack traceback:
   1:  function `DataArrival' at line 26 [file `C:\ptokax\scripts\descriptionsaver.lua']

I also use "deflood4.5.4"

there should be some newer version on my site, but currently i rather have you run the alpha of deflood 5.
so far it kills all flooders i have without using any description.
but i'll check things out, and i know i have a even newer version which isn't on my site yet.

plop

[blackwings]

Originally posted by plop
there should be some newer version on my site, but currently i rather have you run the alpha of deflood 5.
so far it kills all flooders i have without using any description.
but i'll check things out, and i know i have a even newer version which isn't on my site yet.

plop

Is the alpha version "stable" enough? I mean so it won't ban everyone, create connection/login problems or making the hub very slow? If it is stable, than I could help you tweak the deflood 5.0.

[plop]

Originally posted by blackwings
Is the alpha version "stable" enough? I mean so it won't ban everyone, create connection/login problems or making the hub very slow? If it is stable, than I could help you tweak the deflood 5.0.

it's lighter 2 run, works faster, smaller.
but the danger comes from the tweaking, if you make those settings 2 open it could indeed ban the whole hub.
but the way i have it running i couldn't get myself banned from a dc++ client.
with deflood 4.x this was easy 2 do.

plop

[blackwings]

Originally posted by plop
it's lighter 2 run, works faster, smaller.
but the danger comes from the tweaking, if you make those settings 2 open it could indeed ban the whole hub.
but the way i have it running i couldn't get myself banned from a dc++ client.
with deflood 4.x this was easy 2 do.

plop

hmm, if you can set the proper settings (so the script won't ban everyone), you can send the deflood 5.0 alpha to me in PM, or maybe email me. then i can help you with tweaking the script

[imby]

hello, how can i get it to stop spamming my chat logs?

[21:48] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 21:48:33 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[21:50] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 21:50:44 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[21:53] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 21:53:04 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[21:55] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 21:55:08 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[21:57] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 21:57:23 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[21:59] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 21:59:33 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[22:01] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 22:01:48 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[22:04] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 22:04:00 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[22:06] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 22:06:20 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[22:08] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 22:08:39 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[22:10] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 22:10:59 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)
[22:12] <-OPChat-> [Reg]Fxxxxxxxxx - 62.16.xxx.148 - 11/22/04 22:12:04 - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)

^ every two minutes from the same user/ip. only seems to disconnect them. this is how it is set up:

----------------------------------------------------------------------
--                 Config part.
----------------------------------------------------------------------

----------------------------------------------------------------------
---- name of the bot.
Bot = "[Security]"
----------------------------------------------------------------------

----------------------------------------------------------------------
---- maximum msg's stored from the user.
iMaxStored = 6
----------------------------------------------------------------------

----------------------------------------------------------------------
---- maximum amount of warnings before it bans for chat flooding.
iMaxWarn = 3
----------------------------------------------------------------------

----------------------------------------------------------------------
---- location/name of the log file.
fFile = "flood.log"
fFolder = "logs"
----------------------------------------------------------------------

----------------------------------------------------------------------
---- filter levels. use 1 for everything but OP's, nil for the table with level numbers.
iMode = 1
tMode = { [-1] = 1 }
----------------------------------------------------------------------

----------------------------------------------------------------------
------- do what to flooders.
---- use nil for disconnect, 1 for a kick, 2 for a ban, 3 for a tempban, 4 for a timeban.
iKill = 4
---- if timeban then how many minutes.
iTimeBan = 15
---- time the tempban on bad IP's in the dc active setup should last 
---- (don't make it 2 long, mostly this check hits on bad settings but it could be a flooder
---- but keep it above 5 so the automatic reconnect from dc++ doesn't make it flood your opchat/logs).
iConnect = 10
----------------------------------------------------------------------

----------------------------------------------------------------------
---- maximum amount of times an ip can connect per xx seconds (table flush timer).
iMaxCon = 5
----------------------------------------------------------------------

----------------------------------------------------------------------
---- the table for banning by description (["search string"] = number).
tDesc = { 
	["Ruri_Ruri"]=1, 
	["R u r i_ R u r i "]=2, 
	["TEAMELITE"]=3, 
	["F8X0R"]=4, 
	["KNUCKLES"]=5, 
	["OPZONE"]=6,
	["K-N-U-C-K-L-E-S"]=7, 
	["Meka_Meka"]=8, 
	["O-M-E-G-A"]=9, 
	["OMEGA"]=10,
	["HaX0R"]=11, 
	["HaXOR"]=12, 
	["Anime&Music"]=13 
}
----------------------------------------------------------------------

----------------------------------------------------------------------
---- name of the opchat so the output of this script shows up there instead of it's own window.
---- comment this for own window (aka place -- before it like this text has).
sOpchat = "-OPChat-"  -- fill in the name here if you use a scripted opchat.
--sOpchat = frmHub:GetOpChatName()     -- uncomment this and make the above a comment if you use the ptokax build-in opchat.
--sOpchat = nil    ---- uncomment this if you want deflood to show the notification in it's own window.
----------------------------------------------------------------------

----------------------------------------------------------------------
---- table with user levels or names of seperate users which should see the notifications from defloods kicks/bans.
tNotUs = nil -- uncomment this for the old style (all op's)
tNotUs = {
   ["Dissection"] = 1 -- name of the user.
}
----------------------------------------------------------------------

----------------------------------------------------------------------
---- filter away msg's (use nil to disable, 1 to enable).
AWAY = 1
----------------------------------------------------------------------

----------------------------------------------------------------------
---- don't check the next IP's on fake $ConnectToMe's.
---- (for hub owners who are behind a NAT router)
tIPs = { 
	["127.0.0.1"] = 1, 
	["127.0.0.2"] = 1 
}
----------------------------------------------------------------------

----------------------------------------------------------------------
---- known bad shares from flooders.
tBadShare = {
	[166430355311] = 1,
	[715112427375] = 2,
	[24772828362] = 3,
	[74324433643] = 4
}
----------------------------------------------------------------------

----------------------------------------------------------------------
---- max amount of times someone can do $GetNickList before deflood treads it as a flooder.
iMaxGetNick = 5
----------------------------------------------------------------------

----------------------------------------------------------------------
---- max amount of the searches a user can do (flush interval is halved here).
iMaxSrch = 4
----------------------------------------------------------------------

----------------------------------------------------------------------
---- explain the script what seconds, minutes, hours and day's are.
iSec = 1000
iMin = 60 * iSec
iHour = 60 * iMin
iDay = 24 * iHour
----------------------------------------------------------------------

----------------------------------------------------------------------
---- time between table flushes.
---- 10 * sec == 10 sec memory
---- 2 * hour == 2 hour memory
iFlushTime = 10 * iSec
----------------------------------------------------------------------

----------------------------------------------------------------------

Am using 4.5.4

[QuikThinker]

Get the dickhead 2 put the correct ip in the ip box or ban the ip temporarily.

[blackwings]

Originally posted by QuikThinker
Get the dickhead 2 put the correct ip in the ip box or ban the ip temporarily.

Sure, the user should be told to put the correct IP in the active mode box, but it seems like you didn't notice the real problem
behind the spam in the op chat. The pronlem is that even if he has "iTimeBan = 15" (he has chosen to use timeban
when deflood kicks), the user get back every 2nd/3rd minutes, which is like standard auto reconnect by DC++.
So I agree that something is wierd with the "ByeBye" function in deflood, because it seems just to disconnect,
even if the timeban is chosen.

[plop]

the user should indeed read the pm deflood sends.
but iTimeBan isn't used on the CTM filter, it's iConnect.
that it keeps sending that msg might be caused by the full data mode deflood runs in, but never tested this.
but you can easely make it stop spamming your opchat, just let deflood use it's own window.


@blackwings: the default settings are safe, the danger comes from tweaking.

@every1 willing 2 help testing deflood 5.0, send an email 2 lua@plop.nl and i'll tell you how you can get your hands on it.
i really need ppl who help me with this, i can't do it on my testhub.

plop

[imby]

the user(s) indeed should, but let's face it. a lot don't.


it's in it's own window. just after a week or so it gets excessive and more difficult to read :)


Couldn't one (me) just stick 'user:TempBan()' for every 'user:Disconnect()' / 'user:TimeBan(iConnect)' to solve this in i assume this part of the script:

  user:SendPM(Bot, "You have the wrong IP in the active settings from your DC client!!\r\n"..
			"You have set it to "..ip..", the IP you should have set it on is: "..user.sIP..".\r\n"..
			"For Safety reasons you are now banned for "..iConnect.." minutes\r\n"..
			"For more info about how to setup active mode you should look at the next website's:\r\n"..
			"Default router setup manual: --->  [URL]http://www.plop.nl/lua_tools/dc-active.zip\r\n[/URL]"..
			"Specialized router manuals: ---> [URL]http://www.portforward.com\r\n[/URL]"..
			"Official dc++ faq: ---> [URL]http://dcplusplus.sourceforge.net/faq/faq.php?display=faq&faqnr=11&catnr=2&prog=1&lang=en&onlynewfaq=1[/URL] |")
		   msg = user.sName.." - "..user.sIP.." - "..date().." - time banned for a wrong ip in the $ConnectToMe, but this could be a hub flooder!! (bad/fake ConnectToMe)"
		   StoreLog(user.sName, msg)
		   if CheckLevel(user) then
			if iKill then
			   user:TimeBan(iConnect)
			else
			   user:Disconnect()
			end
		   else
			user:Disconnect()
		   end
		else
		   user:SendPM(Bot, "An IP contains 4 numbers seperated by 3 dots. Your correct IP is "..user.sIP.."|")
		   user:Disconnect()
		end
		return 1
	   end
	end

I take it you only want those with a good scripting knowledge to help you test this out?

[bastya_elvtars]

now TGA main got flooded

deflood 5.0 alpha4 blocked these team elite f**ers successfully

gj plop

[Meka][Meka]

Originally posted by bastya_elvtars
now TGA main got flooded

deflood 5.0 alpha4 blocked these team elite f**ers successfully

gj plop

oh yeh blocked so well that u have 7000+ users and

* Santa DEFLOOD IS SHIT!
* Santa HEH
* Santa ']['?AM?LiT?
* Santa DEFLOOD IS SHIT!
* Santa HEH
Santa is having a deep minded monologue!
* Santa ']['?AM?LiT?
* Santa DEFLOOD IS SHIT!
* Santa HEH
* Santa ']['?AM?LiT?
* Santa DEFLOOD IS SHIT!
* Santa HEH
Santa is having a deep minded monologue!
* Santa ']['?AM?LiT?
* Santa DEFLOOD IS SHIT!
* Santa HEH
* Santa ']['?AM?LiT?
* Santa DEFLOOD IS SHIT!


Lots of this ;D


compliments of nemesis ;-) (for plop)