P2P Client Flood Detector.lua

[Corayzon]

This script detects when a dumbass is dos attacking your hub using the P2P ConnectToMe exploit. It gives stats on
how many attacks happen each minute\hour and has an average hour attack count.

I left out a few features that track the users back to the hub that is allowing the attack to take place because i couldnt
be bothered translating all the script back to PtokaX and alot of ediots will just attack them back if the script tells them
where the attacks source from.

-- Converted from cSlave 1.0 for PtokaX by Corayzon

cSlave = {}
cSlave.FloodDetection = {}
cSlave.FloodDetection.iMinCount = 0
cSlave.FloodDetection.iHourCounter = 0
cSlave.FloodDetection.iHourCount = 0
cSlave.FloodDetection.Adverage = 0
sBotName = frmHub:GetHubBotName()

Main = function()

	-- Start cSlave timer api
	SetTimer = 60
	StartTimer()

end

UnknownArrival = function(User, sData)

	-- Get command
	local _,_, sCommand, sArguments = string.find(sData, "(%S+)")

	if sCommand == "$MyNick" then

		-- Add count to flood counter
		cSlave.FloodDetection.iMinCount = cSlave.FloodDetection.iMinCount + 1
		cSlave.FloodDetection.iHourCount = cSlave.FloodDetection.iHourCount + 1
	end
end

OnTimer = function()

	-- Increment hour counter one minute
	cSlave.FloodDetection.iHourCounter = cSlave.FloodDetection.iHourCounter + 1

	-- Check if a hour has been reached
	if cSlave.FloodDetection.iHourCounter == 60 then

		-- Check if is first adverage
		if cSlave.FloodDetection.Adverage == 0 then

			-- Make hour average
			cSlave.FloodDetection.Adverage = cSlave.FloodDetection.iHourCount
		else

			-- Make hour average
			cSlave.FloodDetection.Adverage = (cSlave.FloodDetection.iHourCount + cSlave.FloodDetection.Adverage) / 2
		end

		-- Empty hour connection counter
		cSlave.FloodDetection.iHourCount = 0

		-- Empty hour counter
		cSlave.FloodDetection.iHourCounter = 0
	end

	-- Check if flood was detected
	if cSlave.FloodDetection.iMinCount > 0 then

		local iAverage = 0

		if cSlave.FloodDetection.Adverage == 0 then
			iAverage = cSlave.FloodDetection.iHourCount
		else
			iAverage = cSlave.FloodDetection.Adverage
		end

		-- Send Message to operators
		SendPmToOps(sBotName, "*** Connection Flood Detected: \r\n\r\n\t\tConnections in last minute: " .. cSlave.FloodDetection.iMinCount .. "\r\n\t\tConnections in this hour: " .. cSlave.FloodDetection.iHourCount .. "\r\n\t\tConnections in hour average: " .. iAverage .. "\r\n")

		cSlave.FloodDetection.iMinCount = 0
	end
end

[Dessamator]

Hmm, nice script, maybe it should be integrated in Ptokax's deflood.

[bastya_elvtars]

I heard that CTM floods are somewhat rare. Or isn't the CTM deflood by plop targeted to stop them?

[Corayzon]

CTM floods can be somewhat effective as a dynial of service attack. It relies on 3rd hand clients to do the port filling so one is unable to be traced though the hub being attacked directly. But that doesnt mean with some nickname logging and hublist.org checking you cant find the source client with the help of a CTM loging client.

ConnectToMe flooding is becoming quite rear because the smart ppl that dont leave exploits open for personal use are actually convincing developers to close the exploit by doing a very simple and resource friendly ip address check.

Anyways, for those of you that think u could be on the bad end of a CTM flood, this script will tell you, it u stay online long enough.

[PPK]

Originally posted by Dessamator
maybe it should be integrated in Ptokax's deflood.

Why integrate to PtokaX something what is not working on hub ?(  

[Hades]

Why though not integrate mysql stats into it?
It works very nice on ynhub.It has options for how many dayz keep mysql - very usefull.

[Dessamator]

Originally posted by PPK

Originally posted by Dessamator
maybe it should be integrated in Ptokax's deflood.

Why integrate to PtokaX something what is not working on hub ?(  

I never tried the script,   that comment was based on the assumption that it worked

[bastya_elvtars]

Originally posted by Hades
Why though not integrate mysql stats into it?
It works very nice on ynhub.It has options for how many dayz keep mysql - very usefull.

There will be such stats.

[TrIp-iN-SuN]

it's not stop that it's only show u what flood get in your hub and i need same thing stop that who can help me becsoe same body flood me

[TrIp-iN-SuN]

??