We are in internal network of one ISP. It is basically a big LAN.
We all have private IPs (192.168.x.x) and they are fixed - we do not use DHCP Server but everyone have got one fixed IP. The connection to internet depend on second VPN conenction to our ISP server and do not depend on IP.
The problem is that everyone can easily change his IP in his network settings and our provider does not care much about this but anyway it is supposed to be one fixed IP per user.
The problem comes when I try to ban someone - he easily can change his IP address and nickname and get back.
Mine idea is to force users to obey that policy - they must use only their original IP address. Because of that I am thinking about variant of using their IP as password.
This way I will register new users with their IP. If someone is banned he will not be able to change his IP and get back.
Basically what I will achieve is same as forcing registration from administrators to in order users to be able to access the hub, but will make this task more easyer on admin side - there will be no need to ask for desired password and telling the user how to enter it and on user side - there will be no additional action needed.
Is this possible?
Tell me what you think, please
QuoteOriginally posted by BAlexandrov
Tell me what you think, please
this is not a hard2do script
if ya make a hub every user will be assigned his IP to.
if he logs in with a bad IP, it can cause disconnect.
not hard 2 do, want it? ;)
Suuure :)
If you can do it - when user connect to supply his IP as password would be just great.
users wont become registered, but their ip will be linked 2 their names
they can change nick but not ip
edit
and 1 more thing
do u wanna check users from within that iprange only?
Quoteusers wont become registered, but their ip will be linked 2 their names
they can change nick but not ip
Okay but the script itself will make a file with ip-nick pairs or I have to make it (it is not problem to generate it but it would be difficlt to add to it (the hub is not on my computer))
Quoteand 1 more thing
do u wanna check users from within that iprange only?
I already have a script that limits user IPs to specified range by -- easyranger -- tezlo, I found it in this forum. If you want you can incorporate these changes in it:
-- easyranger
-- tezlo
ipRanges = {}
denyMsg = "
You dont belong here."
function compute(ip)
local s, e, a, b, c, d = strfind(ip, "^(%d+).(%d+).(%d+).(%d+)$")
if s then return a*16777216 + b*65536 + c*256 + d end return 0
end
function checkrange(table, ip)
return foreachi(table, function(id, tmp)
if (%ip >= tmp[1]) and (%ip <= tmp[2]) then return tmp end
end)
end
function load(name, data)
ipRanges[name] = ipRanges[name] or {}
gsub(data, "(%S+) %- (%S+)", function(s, e)
s, e = compute(s), compute(e)
tinsert(ipRanges[%name], { s, e })
end)
end
function Main()
local f = openfile("ranger.dat", "r") assert(f, "ranger.dat")
local file = read(f, "*a") closefile(f) gsub(file, "%[(%S+)%]([%c%d%s%-%.]+)", load)
end
function NewUserConnected(user)
local ip, isp = compute(user.sIP)
for name, range in ipRanges do
if checkrange(range, ip) then return end
end user:SendData(denyMsg) user:Disconnect()
end
--ranger.dat
--[LAN]
--192.168.112.0 - 192.168.117.255
--[LOCAL]
--127.0.0.1 - 127.0.0.255
i know easyranger
but i asked if i should limit the IPs that can connect to 192.168.0.0-192.168.255.255 - should i?
second: when you install my script, restart the hub. it joins a nick to an IP so nick change is possible, IP change not
dead entries will be removed in a cusom time if needed
I can stay with easyranger's script because it works just as I need - to restict access to specified range and this range to be configurable (as is in ranger.dat now but it can change in time)
I don't see reason to dublicate this functionality but if you want, or if it is uncompatible with your idea then do it.
Can you describe me the algorithm that you think to implement.
It will associate nick with IP and cashe it somewhere? cleaning of this cashe in specified timeout is not needed, but it would be good to be able to delete single entry from it manually for any case.
This way if they continue to be not registered users it is most easy for badguy to change both IP and nickname and come back. If I enforce administrator based registration, then linking of nick-IP is not needed - I will be able to ban the nickname.
There are two sollutions for this - one is my original idea to register nicks with IP as their password and a script to supply the IP for password upon logging in.
There is another variant - Can I register nicks with empty password (currently I do not see a way)? Then when user log in he will be authenticated autamtically and then your IP will check if he have correct IP.
hi, how about modify this one?
code:
-----------------------------------------------------------------------
-- OP-protection script
-- From an idea of Wo??eL, developed by sebastiannielsen, piglja, VidFamne and TiM? TrAVelleR
-- If someone get hold of an OP's password and try to connect as an OP, he's get banned.
--
-- Add the IPs and names below, and the first IP must correspond to first OP, and so on,
-- and if any of the OPs has dynamic IP, only enter "dynip" as IP.
-- Implented security, if [OP]blaster has IP 123.456.789.012, and he is trying to access [OP]sebastian's or [OP]admin's account, he is banned.
-- unless you have writen "dynip" to disable IP-check for that OP.
ops = { "nick1", "nick2", "nick3" }
ips = { "123.456.789.0", "dynip", "dynip" }
function User(user)
for i,v in ops do
if ((user.sName == user) and (not user.sIP == ips))
or ((user.sName == user) and (not ips == "dynip")) then
else break
end
end
user:Ban()
Unban(user.sName)
user:Disconnect()
end
-----------------------------------------------------------------------
end of code
Uh. This script is a VERY bad idea.
1) Any user in the hub can discover any other users password.
2) Any user can easily alias as any other user by switching their IP / arp poisoning / IP spoofing / etc.
You may want to consider IP as a secondary authentication for users ie: a user enters the password and may only come from this IP. You may also want to consider a download blocker / chat blocker for unregistered users.
Either way, blocking annoying people on a LAN is not easy. I know this from expierence after running one for 2 years. My best solution was mac address identification through netbios (nbtstat if you want to dos). I only used this tactic on the most annoying users, to keep others guessing how I was blocking.
-NotRabidWombat
This is my ver...
-- FixIP by bastya_elvtars(the rock n' roll doctor)
-- made for BAlexandrov
-- fixip users cant change their IP inside a LAN
-- code from: userinfo by NightLitch, usercleaner by plop, userwelcome by RabidWombat, lawmaker by bastya_elvtars :P
Bot="IPChecker"
checkops=1 -- 1 to check ops ips, 0 to not
autoclean=1 --set 1 to automatically clean the ip database every day to prevent growing huge
weeks=5 -- users being offline for this amount of weeks will be cleaned out
-------- only scripters (and my) zone below :D
function Main()
if checkops==1 then
OpConnected=NewUserConnected
CleanDay = date("%Y. %m. %d.")
end
end
function NewUserConnected(user)
local iptable=LoadUserInfo("ips.dat")
if not iptable[user.sName] then
iptable[user.sName]=user.sIP
SaveUserinfo(iptable,"ips.dat")
elseif iptable[user.sName]~=user.sIP then
user:SendData(Bot,"BadIP! Please update your IP to ".. iptable[user.sName])
user:Disconnect()
end
iptable=nil
Clear()
end
function DataArrival(user,data)
if autoclean == 1 then
if CleanDay ~= date("%Y. %m. %d.") then -- user cleaning trigger, works as a timer without a timer
CleanDay = date("%Y. %m. %d.")
Cleaning()
end
end
end
function SaveUserinfo(table,file)
writeto(file)
for a,b in table do
write(a.."|"..b.."\n")
end
writeto()
end
function LoadUserInfo(file)
local table={}
readfrom(file)
while 1 do
local line=read()
if line == nil then
readfrom()
break
else
local _,_,nick,item=strfind(line,"([^|]+)|(.+)")
table[nick]=item
end
end
readfrom()
return table
end
function Cleaning()
local x=clock()
SendToAll(Bot, "IP info database cleaner started. This might take long, so please be patient!")
local juliannow = JulianDate(SplitTimeString(date("%Y. %m. %d. %X")))
local oldest = weeks*7*1440
local Count2,Count = 0,0
local Seen=LoadLastSeen()
local iptable=LoadUserInfo("ips.dat")
for a,b in iptable do
Count = Count+1
if Seen[a] then
local julianu=JulianDate(SplitTimeString(Seen[a]))
local diff=juliannow-julianu
local hours, mins= floor(diff) * 24 + floor(frac(diff) * 24), floor(frac(frac(diff)*24)*60)
local usrtime=hours*60+mins
if (usrtime) > oldest then
Count2 = Count2 +1
Seen[a] = nil
iptable[a]=nil
SaveUserinfo(iptable,"ips.dat")
SaveSeen(Seen)
end
else
Seen[a] = date("%Y. %m. %d. %X")
end
end
if Count ~= 0 then
SendToAll(Bot,"This cleanup took "..clock()-x.." seconds, during that "..Count.." users were processed, "..Count2.." of them were deleted.|")
end
SaveSeen(Seen)
iptable=nil
Seen=nil
Clear()
end
function LoadLastSeen()
local Seen={}
readfrom("lastseen.dat")
while 1 do
local line = read()
if line == nil then
break
end
local s,e,name,date = strfind(line, "(.+)$(.+)")
if name then
Seen[name]=date
end
end
readfrom()
return Seen
end
--------------------------------------------------------------------- saving last seen date
function SaveSeen(Seen)
writeto("lastseen.dat")
for a,b in Seen do
Seen[a]=b
write(a.."$"..b.."\n")
end
writeto()
end
-- Split a specific Time string into its components
-- New Format: D. M. Y. HR:MN:SC" - 24hr time
-- return: Y,M,D,HR,MN,SC HR is in 24hr format
function SplitTimeString(TimeString) --
--local s,e,Y,M,D,HR,MN,SC = strfind(TimeString, "([^.]+). ([^.]+). ([^.]+). ([^:]*):([^:]*):(%S*)");
-- 14/09/2004 16.23.25
local grab=function(TimeString)
if strfind(TimeString,"/")then
local _,_,D,M,Y,HR,MN,SC=strfind(TimeString,"([^/]+).([^/]+).(%S+) ([^:]+).([^:]+).([^:]+)")
return D,M,Y,HR,MN,SC
elseif strfind (TimeString,"%d%-%d") then
local _,_,D,M,Y,HR,MN,SC = strfind(TimeString, "([^-]+).([^-]+).(%S+) ([^:]+).([^:]+).(%S+)")
return D,M,Y,HR,MN,SC
elseif strfind (TimeString,"%d%d.%d%d.%d%d%d%d%s+") then
local _,_,Y,M,D,HR,MN,SC = strfind(TimeString, "([^.]+).([^.]+).(%S+). ([^:]+).([^:]+).(%S+)")
return D,M,Y,HR,MN,SC
else
local _,_,Y,M,D,HR,MN,SC = strfind(TimeString, "([^.]+). ([^.]+). ([^.]+). ([^:]+).([^:]+).(%S+)")
return D,M,Y,HR,MN,SC
end
end
local D,M,Y,HR,MN,SC=grab(TimeString)
D = tonumber(D)
M = tonumber(M)
Y = tonumber(Y)
HR = tonumber(HR)
--assert(HR < 24)
MN = tonumber(MN)
--assert(MN < 60)
SC = tonumber(SC)
--assert(SC < 60)
assert(HR < 24);
assert(MN < 60);
assert(SC < 60);
return D,M,Y,HR,MN,SC
end
function JulianDate(DAY, MONTH, YEAR, HOUR, MINUTE, SECOND) -- HOUR is 24hr format
local jy, ja, jm;
assert(YEAR ~= 0);
assert(YEAR ~= 1582 or MONTH ~= 10 or DAY < 4 or DAY > 15);
--The dates 5 through 14 October, 1582, do not exist in the Gregorian system!");
if(YEAR < 0 ) then
YEAR = YEAR + 1;
end
if( MONTH > 2) then
jy = YEAR;
jm = MONTH + 1;
else
jy = YEAR - 1;
jm = MONTH + 13;
end
local intgr = floor( floor(365.25*jy) + floor(30.6001*jm) + DAY + 1720995 );
--check for switch to Gregorian calendar
local gregcal = 15 + 31*( 10 + 12*1582 );
if(DAY + 31*(MONTH + 12*YEAR) >= gregcal ) then
ja = floor(0.01*jy);
intgr = intgr + 2 - ja + floor(0.25*ja);
end
--correct for half-day offset
local dayfrac = HOUR / 24 - 0.5;
if( dayfrac < 0.0 ) then
dayfrac = dayfrac + 1.0;
intgr = intgr - 1;
end
--now set the fraction of a day
local frac = dayfrac + (MINUTE + SECOND/60.0)/60.0/24.0;
--round to nearest second
local jd0 = (intgr + frac)*100000;
local jd = floor(jd0);
if( jd0 - jd > 0.5 ) then jd = jd + 1 end
return jd/100000;
end
function frac(num)
return num - floor(num);
end
function Clear()
collectgarbage()
flush()
end
this affects all users, will rewrite for your range if needed, but without an exact answer...
Sorry for the late answer guys, but I don't had time.
I see now there are two scripts, I will review them and choose the winner :-P
(I am programmer too anyway ;))
Just give me couple of days.
above script edited, had an error, i was just lazy 2 grab it carefully lol