-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatic Proxy Detection #17069
Automatic Proxy Detection #17069
Conversation
RIP NikNak |
Didn't I already have a talk with shadowlight about the questionable reliability of Ipintel. I tested it a fair amount of times and it doesn't flag obvious ones in certain cases and in other cases it just error'd when presented with a virtual hosting IP. I rate it 4/10 for usefulness and correctness. |
Can you make a note that this isn't perfect and should only be used as a detection guide as well, not as the sole evidence of a ban. |
This will MURDER any player connecting from a dynamic IP or from behind heavy NAT, no matter do they use proxies or not. These "spam IP lists" are really fucking unreliable - one infected PC gets all the dynamic subnet flagged, same with NATed IPs. |
log_admin("Failed Login: [key] [computer_id] [address] - IP intel rated [res.intel*100]% likely to be a bad ip.") | ||
message_admins("<span class='adminnotice'>Failed Login: [key] [computer_id] [address] - IP intel rated [res.intel*100]% likely to be a bad ip.</span>") | ||
|
||
. = list("reason"="IP_INTEL", "desc"="\nYour IP [address] was rated [res.intel*100]% likely to be a bad IP (spammer/proxy). The highest allowed to connect is [config.ipintel_rating_max*100]%.\nThis rating was retrieved [res.cacheminutesago] minutes ago on [res.cachedate] and refreshes in [(config.ipintel_save_bad*60)-res.cacheminutesago] minutes.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I'm really not sure about this actually denying people.
Maybe start with just logging results and see what kind of positive/negative detection rates we get.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OMG, did you fucking not see the OP, mainly the final checkmark.
Like holy shit if you aren't gonna read, don't fucking comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's okay to be upset
if what oranges says is true (and im inclined to believe him) then i'm not sure how much i want this |
What's the point of checking everyone? Only brand new ckeys are worth checking. |
This system is in use by other people, goon, and another server. Just fucking fine. Also, "These spam ip lists" Is rather generic. Everybody is kinda lumping this in with every other bad ip list service, without any info on this. Stop talking out of your ass. As for why i check everyone, it's because I actually read the FAQ of the server, mainly the part about how it passively does port scan and automatic proxy attempts to the requested ip after reporting back the score, and for this reasons, values shouldn't be cached or trusted for too long as they might change. |
Do you plan on finishing this? |
I'm cleaning the PR list of all the "work in progress" stuff, I will reopen this upon request |
|
||
/datum/subsystem/ipintel/Initialize(timeofday, zlevel) | ||
enabled = 1 | ||
. = ..() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this subsystem is basically my OOP solution to the original hacky way i checked if the world had just started to avoid checking round start reconnects.
It has its failures, as it means there is a small window after world start where somebody could be a fresh connection, but never get checked, but at least its not more snowflake added to world/New()
var/datum/ipintel/cachedintel = SSipintel.cache[ip] | ||
if (cachedintel && cachedintel.is_valid()) | ||
cachedintel.cache = TRUE | ||
return cachedintel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
todo: make this refresh cached minutes ago.
@ninjacha that doesnt stop cids and stickybans |
Will niknak ever truly be put out of a job? Tune in next month to find out |
stale? |
It's pending the MC change since the MC change has a freeze attached to it so i'm spending all my coding time on that. |
Unfrozen |
reopen when you're ready to continue work on it |
Literally working on it right now. |
Notifies admins when connections come from known proxies and likely proxies by checking for known spammer ips (as proxies are used to spam emails/forums) using GetIpIntel.net
GetIpIntel.net returns a real number(ie: float), between 0.000 and 1.000, of their likely hood to be a proxy/spammer/infected host.
Todo: