Graal Forums - Scripted IP Banning

Graal Forums (https://forums.graalonline.com/forums/index.php)

- Code Gallery (https://forums.graalonline.com/forums/forumdisplay.php?f=179)

- - Scripted IP Banning (https://forums.graalonline.com/forums/showthread.php?t=134260126)

Scripted IP Banning

Well editing the text file gets pretty tedious.

File Manager -> Navigate to Folder -> Edit as Text -> Add IP and Comment.

Ideally I'd prefer to see /openaccess ip:xxx.xxx.xxx.xxx but this will have to do until then.

The bare-bones of an IP Banning script:

PHP Code:


		
			
function onCreated() {
  setTimer(1);
}

function onTimeout() {
  if (this.timedipbans.size() > 0) {
    for (temp.ip: this.timedipbans) {
      if (timevar2 > getIPReleaseTime(temp.ip)) {
        ipUnBan(temp.ip);
      }
    }
    setTimer(60);
  }
}

public function ipBan(ip, comment, noupdate) {
  if (!(ip in this.ipbans)) {
    this.ipbans.add(ip);
  }
  this.comment.(@ip) = comment;
  this.trigger("saveData", "");
  if (!noupdate) saveIPBanned();
}

public function ipBanTimed(ip, comment, seconds) {
  if (!(ip in this.ipbans)) {
    this.ipbans.add(ip);
  }
  if (!(ip in this.timedipbans)) {
    this.timedipbans.add(ip);
  }
  this.comment.(@ip) = comment;
  this.release.(@ip) = timevar2 + seconds;
  this.trigger("saveData", "");
  saveIPBanned();
  setTimer(1);
}

public function ipUnBan(ip) {
  if (isIPBanned(ip)) {
    this.ipbans.remove(ip);
    this.timedipbans.remove(ip);
    this.comment.(@ip) = "";
    this.release.(@ip) = "";
    this.trigger("saveData", "");
    saveIPBanned();
    return true;
  }
  return false;
}

public function getIPBans() {
  return this.ipbans;
}

public function getIPBanComment(ip) {
  return this.comment.(@ip);
}

public function getIPReleaseTime(ip) {
  return this.release.(@ip);
}

public function isIPBanned(ip) {
  return (ip in this.ipbans);
}

function loadIPBanned() {
  temp.lines.loadlines("levels/ipbanned.txt");
  for (temp.line: temp.lines) {
    if (temp.line.starts("#") || temp.line == "") continue;
    if (temp.line.positions(".").size() == 3) {
      ipBan(temp.line, "", true);
    }
  }
  saveIPBanned(); 
}

function saveIPBanned() {
  temp.lines = {
    "###################################",
    "# Automatically generated IP Bans #",
    "###################################",
    "",
  };
  for (temp.ip: getIPBans()) {
    temp.comment = getIPBanComment(ip);
    if (temp.comment) {
      if (temp.lines[temp.lines.size()-1] != "") {
        temp.lines.add("");
      }
      temp.lines.add("#" SPC temp.comment);
      temp.lines.add(temp.ip);
      temp.lines.add("");
    } else {
      temp.lines.add(temp.ip);
    }
  }
  temp.lines.savelines("levels/ipbanned.txt", 0);
}

I've provided a load/save function but they are fairly basic, you'll have to write your own to format it the way you like and take any comments into consideration.

I'd like to add 'time-length' features to it but that can be in V2 of it. The bans and comments could also be stored in SQL table. Anyway enjoy.

Should the script be a class joined to a player or in a DB?

* Scripts should only identify players uniquely via their account name, nickname or community name. Any other attempt to track a player such as through their IP address, PCID or by planting corrupt files in their system could constitute a criminal offence. Servers are strictly forbidden from using any sort of method to store or retrieve the player's IP address or PCID with script.

eh?

Quote:

Originally Posted by Imperialistic (Post 1592361)

The code doesn't get or provide any IPs. IP bans exist, they are provided by the gserver. It's just that it's a real hassle to update the TXT file to manage these bans. This makes it easier.

Quote:

Originally Posted by Entrok (Post 1592353)

Should the script be a class joined to a player or in a DB?

Read the script, and the variables it uses then make a decision of which you think would be more effective.

Details like that were purposely left out because the one's using it should know enough to connect the missing dots. Servers uploading this should have their rights figured out and trust established so it's not used against them.

Quote:

Originally Posted by Imperialistic (Post 1592361)

This rule is broken on every server I've ever worked for, and for good reason.

Quote:

Originally Posted by Imperialistic (Post 1592361)

Point is made but... Graal is like 35% Developer Platformer 35% Copyrighted stuff that most likely does not belong to them and 30% rule breaking. That's what makes graal fun.

V2: Added basic time banning, there's some redundancy with the arrays. That'll be resolved when I switch it to SQL storage.

Love the work Jerret, just amused how funny it is how Graal Admins don't keep up with their own rules.

Had issues with the script Jerret put on Classic iPhone so made my own adaptation which provided some error checking. Depending on jerrets next version, will either improve this or implement changes to his next version.

This is based on what Jerret created but ended up starting from scratch using his as a reference point while scripting with style I am used to. Made my version as a backend, allowing for a simple frontend to be created. Provided example of NPC commands (RC) but can be adapted to be done anywhere.

Ultimately should move the hasright checking to DBNPC itself but that's for the next version =]

PHP Code:


		
			
function onCreated() {
  const ipbantick = 60;
  setTimer(1);
}

function onTimeout() {
  for (ip : this.ipban.getdynamicvarnames()) {
    
    if (this.ipban.(@ip)[0] == "permanent")
      continue;
    
    this.ipban.(@ip)[0] -= ipbantick;
    if (this.ipban.(@ip)[0] <= 0)
      unIPBan(ip,"Released by the system","system");  
  }
  setTimer(ipbantick);
}

/* Add/Modify an IP ban */

public function IPBan(ip, time, comment, admin, overwrite) {
  /* Work out ban time */
  temp.ban = banTime(time);
  if (temp.ban[0] == 0)
    return "Invalid time specified: "@time;
  
  /* Check IP given */
  temp.check = checkIP(ip);
  if (temp.check[0] == 0)
    return temp.check[1];
  
  if (comment = "")
    return "Must provide a reason for the IP ban";

  //Checks done: lets ban an IP!
  temp.ipstring = iptostring(ip);
  
  if (this.ipban.(@ipstring).size() > 2)
  {
    if (!overwrite)
    {
      temp.ret = format("%s has already been banned. Set overwrite as true to overwrite this entry",ip);
      return temp.ret;
    }
    else 
     temp.modified = true;
  }
  else
    this.ipban.(@ipstring) = new[4];

  /* set the ban */
  this.ipban.(@ipstring) = {temp.ban[0], temp.comment, temp.admin, temp.ban[0]};

  if (temp.modified)
    temp.ret = format("%s modified the IP Ban for %s. Now banned for %s with reason: %s",
      admin, ip, temp.ban[1], comment);
  else
    temp.ret = format("%s has IP banned %s for %s with reason: %s",
      admin, ip, temp.ban[1], comment);
  
  savelog2("ipbans.txt",temp.ret);
  this.trigger("saveData","");
  updateIPBans();  
  return temp.ret;
}

/* Remove an IP Ban */
public function unIPBan(ip, comment, admin) {
  if (admin == "system")
    temp.ipstring = ip;
  else
    temp.ipstring = iptostring(ip);
    
  if (this.ipban.(@ipstring).size() < 1)
    return "given IP address is not banned: "@ip;
  if (comment == "")
    return "Must provide a reason to unban ip";
  this.ipban.(@ipstring).clear();
  this.trigger("saveData","");
  updateIPBans();
  temp.ret = format("%s has unbanned the IP %s reason: %s",admin,ip,comment);
  savelog2("ipbans.txt", temp.ret);
  return temp.ret;
}
  
public function updateIPBans() {
  temp.lines = {
    "###################################",
    "#           Automatically generated IP Bans            #",
    "###################################",
  };
  
  for (ip : this.ipban.getdynamicvarnames()) {
    if (this.ipban.(@ip).size() < 1)
      continue;
    temp.lines.add("# Ban Reason: "@this.ipban.(@ip)[1]);
    temp.lines.add("# Banned for: "@this.ipban.(@ip)[3]);
    temp.lines.add("# Banned by: "@this.ipban.(@ip)[2]);
    temp.lines.add(stringtoip(ip));
    temp.lines.add("");
  }
  temp.lines.savelines("levels/ipbanned.txt", 0);
  return 1;
}
  
public function listBans() {
  for (t : this.ipban.getdynamicvarnames()) {
    if (this.ipban.(@t).size() < 1)
      continue;  
    temp.list.add(stringtoip(t));
  }
  return temp.list;
}
  
  
/* Return with ban time*/

function banTime(time) {
  switch (time) {
    case "minute":
      temp.bantime = 60;
      temp.timereport = "a minute (testing)";
      break;
    case "hour": 
      temp.bantime = 3600; 
      temp.timereport = "an hour";
      break;
    case "day": 
      temp.bantime = 3600 * 24; 
      temp.timereport = "a day";
      break;
    case "week": 
      temp.bantime = 3600 * 24 * 7; 
      temp.timereport = "a week";
      break;
    case "month": 
      temp.bantime = 3600 * 24 * 30; 
      temp.timereport = "a month";
      break;
    case "year": 
      temp.bantime = 3600 * 24 * 365; 
      temp.timereport = "a year";
      break;
    case "permanent": 
      temp.bantime = "permanent"; 
      temp.timereport = "a very long time";
      break;
    default:
      temp.bantime = int(time);      
      if (temp.bantime > 0)
        temp.timereport = "a custom time of " @time@" seconds";
      else
        temp.bantime = 0;
      break;
  }
  temp.ret = {temp.bantime, temp.timereport};
  return temp.ret;
}

/* Verify whether given IP address can be banned */
function checkIP(ip) {
  temp.tokens = ip.tokenize(".");

  // Check if IP address is private 
  temp.private = {"10", "127", "172.16", "192.168"};
  for (t : temp.private) {
    if (ip.starts(t)) {
      temp.ret = {0, format("IP Ban Error: %s is in a private address class", ip)};
      return temp.ret;
    }
  }
  
  // Not enough octets: needs to be x.x.x.x
  if (temp.tokens.size() != 4) {
    temp.ret = {0, format("IP Ban Error: Invalid IP address given: %s. 4 octets expected (x.x.x.x)",ip)};
    return temp.ret;
  }
  
  for (i=0; i<temp.tokens.size(); i++) {
    
    if (temp.tokens[i] == "*")
      continue;
      
    if (temp.tokens[i] != int(temp.tokens[i])) {
      temp.ret = {0, format("IP Ban Error: Invalid IP address given: %s. An IP address can only contain numbers!",ip)};
      return temp.ret;
    }
    
    // An octet needs to be above 0 and less than 255
    if (temp.tokens[i] > 255 || temp.tokens[i] < 0) {
      temp.ret = {0, format("IP Ban Error: Invalid IP address given: %s. An octet value must be between 0 and 255",ip)}; 
      return temp.ret;
    }
  }
  
  return 1;
}

public function iptostring(ip) {
  temp.toks = ip.tokenize(".");
  temp.ipstring = toks[0] @"_"@ toks[1] @"_"@ toks[2] @"_"@ toks[3];
  return temp.ipstring;
}

public function stringtoip(ip) {
  temp.toks = ip.tokenize("_");
  temp.ipstring = toks[0] @"."@ toks[1] @"."@ toks[2] @"."@ toks[3];
  return temp.ipstring;
}

Example of my NC commands

PHP Code:


		
			
    case "ipban": {
      if (!player.hasright("rw", "levels/ipbanned.txt")) {
        sendtorc("You do not have IP Ban rights, "@player.account);
        return;
      }
      temp.ret = IPBans.ipBan(params[1], params[2], params[3], player.account, params[4]);
      sendtorc(temp.ret);
      break;
    };
    
    case "listipbans": {
      if (!player.hasright("rw", "levels/ipbanned.txt")) {
        sendtorc("You do not have IP Ban rights, "@player.account);
        return;
      }
      temp.ret = IPBans.listBans();
      sendtorc(temp.ret);
      break;
    };
    
    case "unipban": {
      if (!player.hasright("rw", "levels/ipbanned.txt")) {
        sendtorc("You do not have IP Ban rights, "@player.account);
        return;
      }
      temp.ret = IPBans.unIPBan(params[1],params[2],player.account);
      sendtorc(temp.ret);
      break;
    };
   
   case "rebuildipbanlist": {
      if (!player.hasright("rw", "levels/ipbanned.txt")) {
        sendtorc("You do not have IP Ban rights, "@player.account);
        return;
      }
      temp.ret = IPBans.updateIPBans();
      if (temp.ret)
        sendtorc("IP Bans list has been regenerated");
      else
        sendtorc("Issues generating IP bans list");
      break;
   };

I will probably use one of these when I complete my newest project.

Could add this as a feature of the Client RC.

Quote:

Originally Posted by Rufus (Post 1593191)

Could add this as a feature of the Client RC.

The problem is that it is a security issue to have the file writable with script, and that there's flaws with the file itself that would allow you to lock out an entire server with a single line / IP Ban.

I'd much rather see true openaccess support for IP bans due to how ineffective PC bans actually are.

openaccess support would be great (there should be a command like "/check 192.168.1.1" where the second part is the IP and it would list any bans applying so you could easily find stuff like "192.168.1.*"—not sure if it's a good idea to ban like this anyway, though, since that can cover a lot of people (e.g. the entire state of Iowa under my old ISP had the same two first IP parts))

Wasnt this illegal and kuji got banned for it when he made an IP banning script?

Quote:

Originally Posted by MrOmega (Post 1593405)

Wasnt this illegal and kuji got banned for it when he made an IP banning script?

The code provided doesn't handle the IP bans; they already exist and are supported by the GServer. This is just something fancy so it's not as difficult to manage the IP bans.