Tweet
Of course i got a sleeper, how eles do we sleep? lol
-
-
Not to try and open this thread up again, but Omi has been rebanned, and Kimp for some unforsaken reason keep's on getting into the server even though he's on the ban list, I had to ban kimp again for using muller & amebix name.Comment
-
Wicked,I was reading the server console logs and noticed that the 71;185;banned isnt working, it's spitting out 1 error because of it.
I really wish ban checks could occur at the start of every round (This means kimp would be required to reconnect 5-9 times,just to finish 1 game of CAx)
Want to get into playing Quake again? Click here for the Multiplayer-Startup kit! laissez bon temps rouler!
Comment
-
No kimp would be screwed right after the first round cause CC is disabled.
Honestly, I want to make this for you, but I simply do not understand what would be checking the banlist. If it's the server checking the ban list, then I need to be able to modify the server. If it's the QC that starts the check, then I need the source. If it's the client that does the check, you are screwed.
Also, how would this be tested? Wouldn't we need some way to defeat the ban on connection to determine if it is working correctly on round start? If there is a way to defeat the banlist on connection why couldn't that same way be used to defeat it on round start?
I think the actual solution is to determine how the banlist is being defeated to begin with and then patch the server accordingly.Last edited by MadGypsy; 08-22-2012, 05:39 AM.Comment
-
The only guys who have the knowledge / understand these things is r00k,Baker,and probably a handful of other engine coders like LordHavoc,MH,Spike,etc. Ya got to understand I have a better chance at GUESSING the price of rice in china -vs- remotely knowing anything about Quaker's "inner cog work".Originally posted by MadGypsy View Post
Example, I could add my IP to the ban list,and I myself,would fail at reconnecting. I would see 'You have been banned from this server'.I've tested it awhile recently even,on my own IP and as expected,no entry.
the utter disgust of the subject (3 years of kimp,goin on 4) leaves me even tiring of even the concept of serving up more Trucks on quakeone.com
Want to get into playing Quake again? Click here for the Multiplayer-Startup kit! laissez bon temps rouler!
Comment
-
If you have access to the physical server your game mod is running on, why let the mod handle the banning when you can let the server itself handle the banning? That way if someone's using a hacked client that reports a different IP (if that's even possible), the server can still do the ban because you can't spoof your IP to the actual server (right?). Yes I know there's proxies, but just start keeping a list of them once he connects?
Comment
-
1st....
the qc does the banning for cax. it works fine if you know how to use it, but it has limits.
for example, I do not believe you can do 71;185;banned. I believe you need at least three numbers in the ip for it to work correctly. 71;185;1;banned (I cant remember the format exactly without looking on my server but it is something like that).
Additionally, the ban file can only hold so many ips before it craps out.
kimp can be banned (and was on my servers) if you simply put the right ips in and enough of them.
of course having a dedicated server helps. crctf!Cbuf_AddText (va("say ZeroQuake GL version 1.10\n"));Comment
-
also. qsmack would solve this problem, but I do not think its supported ni cax or crctf anymore.Cbuf_AddText (va("say ZeroQuake GL version 1.10\n"));Comment
-
Mono is correct, you can only ban with 71;185;1;banned It does not allow 2 set's to ban, maybe a future fix or something rook can setup. i just tested this a few times adding only 1 set of number's at a time, 98;banned <-no work 98;18;banned <-no work and 98;18;266;banned <-success. Maybe if rook see's this post he can fix that issue to where it bans 2 set's also. Anyway, for now i have kimp's latest ip 71;185;148;banned in the ban.cfgComment
-
Solecord is correct here. You guys really need to have full root/admin access to your servers in order to successfully block hosts. Personally, I do not even bother with quake style 'bans'. My servers run on linux, so I use iptables. Other firewalls are available to Windows servers.
Time and again I hear players claim that enoch uses proxies to get around quake bans. This is not entirely true. What he actually uses is a VPN service available to him from verizon. He can simply disconnect and reconnect to said service and use one of their other IP blocks. At one time I had the ip blocks written down. I think it was 3, maybe 4 blocks total and possibly one not being verizon. Anyway, I can't remember. A simple whois on one of his "alternate" ip addresses will reveal this.
For example:
His alternate addresses will show something similar.Code:[email protected]: ~$ whois 71.185.1.1 # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=71.185.1.1?showDetails=true&showARIN=false&ext=netref2 # NetRange: 71.181.128.0 - 71.191.255.255 CIDR: 71.182.0.0/15, 71.184.0.0/13, 71.181.128.0/17 OrgName: Verizon Online LLC
Anyway, without going into ip addressing, when you issue a quake ban of..let's say, 71.185.1.x, he can simply reconnect and have a new address of 71.185.2.x which renders your quake ban ineffective. You then issue another ban on .2, he reconnects on .3 and so on. In this example, 71.185 is the network id, and everything after that is considered the possible host(s) id. If you want to ban all of his possible address, you would need to issue a ban of 71.185 (entire network id which takes care of ALL possible hosts). Apparantly quake is incapable of that right now - perhaps someone could re-engineer that.
Of course, any firewall worth its snuff is capable of dropping/rejecting packets from entire networks. The few times I've issued iptables bans on enoch, it took only 3 drop entries and he was toast. It was through this process that I was able to gather all of his ip blocks, for, when I issued the first ban on 71.185, he connected on a completely different network. I ran a whois on that, found the block, service provider (vpn ,etc), until he couldn't connect again.
By the way, quake bans do not protect your server from attacks, which is why, after a ban, the quake server often drops or goes down or whatever I keep hearing. Iptables (and others) will drop packets for the entire server, not just quake.
On another note, I've had reports that some people, after issuing a ban, are having denial of service attacks of some kind. If you are one of those people, I would recommend that if your router/firewall is capable, turn on its logging feature. Find out where those attacks are coming from. People often assume that its Enoch, but you need to be certain. I'm really not sure how an attacker is getting your individual IP addresses, but I would definitely recommend REMOVING the stat tracking link at the bottom of quakeone.com (Planet with electricity icon). This shows WAY too much information on the individuals who frequent this website. It would be trivial to associate a particular forum post to an individual's personal ip address.Last edited by Tremor; 08-22-2012, 01:53 PM.Comment
-
Holy Grail Batman. Thx man.Originally posted by Tremor View PostWant to get into playing Quake again? Click here for the Multiplayer-Startup kit! laissez bon temps rouler!
Comment
-
I gotta admit, other than posting trucks these types are pretty interesting to me because of the wealths of information available brought forth by people trying to keep the big K out. That said, perhaps it's time for another truck? Yes, I think so...
e|------------------------0---------------
B|---------------0^1----------------1----
G|---------------2------2------0^2-------
D|---------------2-------2--2-------------
A|---------------0------------------------
E|----------------------------------------Comment
-
2 problems with this picture..Originally posted by foq View PostI gotta admit, other than posting trucks these types are pretty interesting to me because of the wealths of information available brought forth by people trying to keep the big K out. That said, perhaps it's time for another truck? Yes, I think so...
1.) the tow truck is about to work its ass off to life that trailer/truck combo upright. That's a 16 ton conventional... If that trailer is empty he's somewhat ok, but i wouldnt be suprised that something is ready to snap during this upright.
2.) it's a crowley trailer, comes from the port, which means that majority of these PORT drivers are turds and drive like fok'n asshole's and DOT needs to get on them more then they do to get these PORT driver's under control.
On topic.
Tremor, thanks for the INFO but not all game server admin's have access to the system itself, obviously i run through AOW - Art Of War.Comment
-
You can ban the 71.185.xxx.xxx in CRMOD. So how is quake incapable of it? I just tested this on CRMOD on my wicked.quakeitup.com server. i switched the mod to CRMOD, then added the ban as 98.18.xxx.xxx and it works. CAx mod does not work in that form.Comment
-
//Originally posted by wicked_lord View Post
// Ban.cfg
//
// This file will be read once when the server starts up. Use it to ban ips
// permanently from your server. Up to 127 banned ips can be included, one
// per line. The format of each line should be as in the following examples
// (without being commented out or quoted of course):
//
// To ban the specific ip 24.129.6.17:
//
// "24;129;6;17;crban"
//
// To ban all ips of the form 24.129.6.xxx:
//
// "24;129;6;crban"
//
// To ban all ips of the form 24.129.xxx.xxx:
//
// "24;129;crban"
//
// Note that the ip address bytes are separated by SEMICOLONS, NOT PERIODS.
//
"98;18;crban"Comment
Comment