From 1feb7dc46a1a5dc25bedf897a1a5134f4c409625 Mon Sep 17 00:00:00 2001 From: jenz Date: Sun, 19 Feb 2023 15:41:54 +0100 Subject: [PATCH] reducing DB queries from high priority to low or normal, also removed obsolete repository --- RaceTimer/scripting/unloze_racetimer_redux.sp | 20 +- .../scripting/unloze_player_time.sp | 4 +- .../scripting/jenz_ban_detector.sp | 8 +- nosteam_verificiation/nginx/nginx.conf | 132 ----- .../python/nosteam_checker.py | 49 -- .../python/read_access_logs.py | 90 ---- nosteam_verificiation/python/update_sb.py | 59 --- .../scripting/nosteam_verifier.sp | 451 ------------------ .../systemctl/kicklist.service | 10 - .../systemctl/nginx_collector.service | 10 - 10 files changed, 16 insertions(+), 817 deletions(-) mode change 100644 => 100755 RaceTimer/scripting/unloze_racetimer_redux.sp delete mode 100644 nosteam_verificiation/nginx/nginx.conf delete mode 100644 nosteam_verificiation/python/nosteam_checker.py delete mode 100644 nosteam_verificiation/python/read_access_logs.py delete mode 100644 nosteam_verificiation/python/update_sb.py delete mode 100644 nosteam_verificiation/scripting/nosteam_verifier.sp delete mode 100644 nosteam_verificiation/systemctl/kicklist.service delete mode 100644 nosteam_verificiation/systemctl/nginx_collector.service diff --git a/RaceTimer/scripting/unloze_racetimer_redux.sp b/RaceTimer/scripting/unloze_racetimer_redux.sp old mode 100644 new mode 100755 index 681bbcb8..d7391ebd --- a/RaceTimer/scripting/unloze_racetimer_redux.sp +++ b/RaceTimer/scripting/unloze_racetimer_redux.sp @@ -174,7 +174,7 @@ public void SQL_OnDatabaseConnect(Database db, const char[] error, any data) //create tables char sQuery[g_dLength]; Format(sQuery, sizeof(sQuery), "CREATE TABLE IF NOT EXISTS `zetimer_table_new` (`steam_auth` VARCHAR(254) NOT NULL, `name` VARCHAR(254) NOT NULL, PRIMARY KEY (`steam_auth`))"); - g_dDatabase.Query(SQL_OnConnectFinished, sQuery, _, DBPrio_High); + g_dDatabase.Query(SQL_OnConnectFinished, sQuery, _, DBPrio_Normal); } public void SQL_OnConnectFinished(Database db, DBResultSet results, const char[] error, any data) @@ -213,7 +213,7 @@ public void MYSQLCheckMapEntry() Format(sQuery, sizeof(sQuery), "ALTER TABLE `zetimer_table_new` ADD COLUMN IF NOT EXISTS `%s` REAL DEFAULT 0.000 NOT NULL", g_cMapname); DataPack hDataPack = new DataPack(); hDataPack.WriteString(sQuery); - g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_Normal); } else { @@ -227,7 +227,7 @@ public void MYSQLCheckMapEntry() Format(sQuery, sizeof(sQuery), "ALTER TABLE `zetimer_table_new` ADD COLUMN IF NOT EXISTS `%sS%i` REAL DEFAULT 0.000 NOT NULL", g_cMapname, l_iRaceCount); DataPack hDataPack = new DataPack(); hDataPack.WriteString(sQuery); - g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_Normal); } } } @@ -264,7 +264,7 @@ public void AddBinarySearchIndex() Format(sQuery, sizeof(sQuery), "ALTER TABLE `zetimer_table_new` add INDEX if not exists `%s` (`%s`)", g_cMapname, g_cMapname); DataPack hDataPack = new DataPack(); hDataPack.WriteString(sQuery); - g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_Normal); } else { @@ -273,7 +273,7 @@ public void AddBinarySearchIndex() Format(sQuery, sizeof(sQuery), "ALTER TABLE `zetimer_table_new` add INDEX if not exists `%sS%i` (`%sS%i`)", g_cMapname, i, g_cMapname, i); DataPack hDataPack = new DataPack(); hDataPack.WriteString(sQuery); - g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_Normal); } } } @@ -290,7 +290,7 @@ public void RemoveBinarySearchIndex() Format(sQuery, sizeof(sQuery), "ALTER TABLE `zetimer_table_new` drop INDEX if exists `%s`", g_cMapname); DataPack hDataPack = new DataPack(); hDataPack.WriteString(sQuery); - g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_Normal); } else { @@ -299,7 +299,7 @@ public void RemoveBinarySearchIndex() Format(sQuery, sizeof(sQuery), "ALTER TABLE `zetimer_table_new` drop INDEX if exists `%sS%i`", g_cMapname, i); DataPack hDataPack = new DataPack(); hDataPack.WriteString(sQuery); - g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_Normal); } } } @@ -755,7 +755,7 @@ public void FinishedStageRaceZone(int client) } DataPack hDataPack = new DataPack(); hDataPack.WriteString(sQuery); - g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_Normal); } //---------------------------------------------------------------------------------------------------- // Purpose: @@ -869,7 +869,7 @@ public void insertPlayerMYSQL(int client) Format(sQuery, sizeof(sQuery), "INSERT INTO `zetimer_table_new` (`steam_auth`, `name`) VALUES ('%s', '%s') ON DUPLICATE KEY UPDATE `name` = '%s'", sSID, sEscapedName, sEscapedName); DataPack hDataPack = new DataPack(); hDataPack.WriteString(sQuery); - g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, sQuery, hDataPack, DBPrio_Normal); } //---------------------------------------------------------------------------------------------------- @@ -1118,7 +1118,7 @@ public void deleteClientTime(char[] steam2, int stage) Format(l_cQuery, sizeof(l_cQuery), "UPDATE `zetimer_table_new` SET `%s` = 0.000 WHERE steam_auth = '%s'", g_cMapname, steam2); DataPack hDataPack = new DataPack(); hDataPack.WriteString(l_cQuery); - g_dDatabase.Query(SQL_FinishedQuery, l_cQuery, hDataPack, DBPrio_High); + g_dDatabase.Query(SQL_FinishedQuery, l_cQuery, hDataPack, DBPrio_Normal); } //---------------------------------------------------------------------------------------------------- // Purpose: diff --git a/discord_verificiation/scripting/unloze_player_time.sp b/discord_verificiation/scripting/unloze_player_time.sp index 77b7f61e..acfe79f5 100644 --- a/discord_verificiation/scripting/unloze_player_time.sp +++ b/discord_verificiation/scripting/unloze_player_time.sp @@ -59,7 +59,7 @@ public Action time_query_activity(Handle timer, any data) g_hDatabase.Escape(sName, sEscapedName, size2 + 1); Format(sQuery, sizeof(sQuery), "update unloze_playtimestats.player_time set `%s` = `%s` + 10, player_name = '%s' where steam_id = '%s' and ipv4 = '%s'", sServer, sServer, sEscapedName, sAuthID, sIP); //LogError("sQuery: %s", sQuery); - g_hDatabase.Query(SQL_FinishedQuery, sQuery, _, DBPrio_High); + g_hDatabase.Query(SQL_FinishedQuery, sQuery, _, DBPrio_Low); } return Plugin_Continue; @@ -117,7 +117,7 @@ public void insert_client(int client) GetClientIP(client, sIP, sizeof(sIP)); char sQuery[512]; Format(sQuery, sizeof(sQuery), "INSERT INTO `player_time` (`steam_id`, `ipv4`, `player_name`, `ze_time`, `mg_time`, `zr_time`, `jb_time`) VALUES ('%s', '%s', '%s', 0, 0, 0, 0) ON DUPLICATE KEY UPDATE `player_name` = '%s'", sAuthID, sIP, sEscapedName, sEscapedName); - g_hDatabase.Query(SQL_FinishedQuery, sQuery, _, DBPrio_High); + g_hDatabase.Query(SQL_FinishedQuery, sQuery, _, DBPrio_Low); } public void SQL_FinishedQuery(Database db, DBResultSet results, const char[] error, any data) diff --git a/jenz_ban_detector/scripting/jenz_ban_detector.sp b/jenz_ban_detector/scripting/jenz_ban_detector.sp index 10376122..9838833e 100644 --- a/jenz_ban_detector/scripting/jenz_ban_detector.sp +++ b/jenz_ban_detector/scripting/jenz_ban_detector.sp @@ -62,7 +62,7 @@ public void SQL_addEntry(int client) g_dDatabase.Escape(sName, sEscapedName, size2 + 1); GetClientIP(client, sIP, sizeof(sIP)); Format(sQuery, sizeof(sQuery), "insert into `ban_detector_steamids` (`steamid`, `name`, `ID`) SELECT '%s', '%s', bd.ID from `ban_detector` bd where bd.ip = '%s' and not exists (select bds.ID from `ban_detector_steamids` bds where bds.ID = bd.ID and bds.steamid = '%s')", sSID, sEscapedName, sIP, sSID); - g_dDatabase.Query(SQL_UpdateEntry, sQuery, client, DBPrio_High); + g_dDatabase.Query(SQL_UpdateEntry, sQuery, client, DBPrio_Low); } public void SQL_OnDatabaseConnect(Database db, const char[] error, any data) @@ -102,7 +102,7 @@ public void SQL_UpdateEntry(Database db, DBResultSet results, const char[] error GetClientAuthId(client, AuthId_Steam2, sSID, sizeof(sSID)); Format(sQuery, sizeof(sQuery), "SELECT bd.fingerprint FROM `ban_detector` bd inner join `ban_detector_steamids` bds on bd.ID = bds.ID where bds.steamid = '%s' or bd.ip = '%s'", sSID, sIP); //PrintToChatAll("sQuery: %s", sQuery); - g_dDatabase.Query(SQL_FindFingerPrints, sQuery, client, DBPrio_High); + g_dDatabase.Query(SQL_FindFingerPrints, sQuery, client, DBPrio_Low); } delete results; } @@ -123,7 +123,7 @@ public void SQL_FindFingerPrints(Database db, DBResultSet results, const char[] g_dDatabase.Escape(fingerprint, sEscapedFingerPrint, 1024); Format(sQuery, sizeof(sQuery), "select steamid, ip from ban_detector bd inner join ban_detector_steamids bds on bd.ID = bds.ID where fingerprint = '%s'", sEscapedFingerPrint); //PrintToChatAll("sQuery: %s", sQuery); - g_dDatabase.Query(SQL_checkSourcebans, sQuery, client, DBPrio_High); + g_dDatabase.Query(SQL_checkSourcebans, sQuery, client, DBPrio_Low); if (IsValidClient(client) && g_bReportedClientBanAvoiding[client]) { break; @@ -151,7 +151,7 @@ public void SQL_checkSourcebans(Database db, DBResultSet results, const char[] e //PrintToChatAll(sIP); // + 3600 for one hour to accomdate timezone difference Format(sql_statement, sizeof(sql_statement), "select authid, ip from sb_bans where ((ip = '%s' and ip is not null and ip != '') or (authid = '%s' and authid is not null and authid =! '')) and (RemoveType != 'U' or RemoveType is NULL) and (ends > UNIX_TIMESTAMP() + 3600 or ends = created) order by created desc limit 1", sIP, sSID); - g_hDatabase_sourceban.Query(sql_select_sb_bans, sql_statement, client, DBPrio_High); + g_hDatabase_sourceban.Query(sql_select_sb_bans, sql_statement, client, DBPrio_Low); if (IsValidClient(client) && g_bReportedClientBanAvoiding[client]) { break; diff --git a/nosteam_verificiation/nginx/nginx.conf b/nosteam_verificiation/nginx/nginx.conf deleted file mode 100644 index 3ed7f8ce..00000000 --- a/nosteam_verificiation/nginx/nginx.conf +++ /dev/null @@ -1,132 +0,0 @@ -user nonroot; -worker_processes auto; -worker_cpu_affinity auto; -pid /run/nginx.pid; - -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 4096; - multi_accept on; -} - -http { - ## - # Basic Settings - ## - charset utf-8; - source_charset utf-8; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - server_tokens off; - server_name_in_redirect off; - ignore_invalid_headers on; - recursive_error_pages on; - types_hash_max_size 4096; - - keepalive_timeout 65; - client_max_body_size 150m; - - ssl_protocols TLSv1.3 TLSv1.2; - ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS_AES_256_GCM_SHA384:TLS-AES-256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; - ssl_ecdh_curve secp521r1:secp384r1; - ssl_prefer_server_ciphers on; - - ssl_dhparam /etc/nginx/dhparam.pem; - ssl_buffer_size 4k; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 60m; - ssl_session_tickets off; - - ssl_stapling on; - ssl_stapling_verify on; - resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; - resolver_timeout 5s; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - fastcgi_buffers 8 16k; - fastcgi_buffer_size 32k; - fastcgi_index index.php; - - ## - # Logging Settings - ## - #the nginx file is just uploaded for the purpose of showing what the logging format is - log_format main '[$time_local] $remote_addr ' 'status code: $status body bytes: $body_bytes_sent bytes: $bytes_sent ' - 'user agent: "$http_user_agent" x forwarded: "$http_x_forwarded_for" request length: $request_length request_time: $request_time' ' request: $request ssl_protocol: $ssl_protocol ssl_cipher: $ssl_cipher'; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - log_not_found off; - - ## - # Gzip Settings - ## - gzip on; - gzip_http_version 1.1; - gzip_vary on; - gzip_comp_level 6; - gzip_proxied any; - gzip_types application/atom+xml - application/javascript - application/json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/x-httpd-php - application/xhtml+xml - application/xml - application/xml+rss - font/opentype - image/svg+xml - image/x-icon - text/css - text/plain - text/xml; - gzip_buffers 16 8k; - gzip_disable "MSIE [1-6]\.(?!.*SV1)"; - - #fancyindex_localtime on; - #fancyindex_exact_size off; - #fancyindex_name_length 100; - - ## - # Cloudflare - ## - set_real_ip_from 103.21.244.0/22; - set_real_ip_from 103.22.200.0/22; - set_real_ip_from 103.31.4.0/22; - set_real_ip_from 104.16.0.0/12; - set_real_ip_from 108.162.192.0/18; - set_real_ip_from 141.101.64.0/18; - set_real_ip_from 162.158.0.0/15; - set_real_ip_from 172.64.0.0/13; - set_real_ip_from 173.245.48.0/20; - set_real_ip_from 188.114.96.0/20; - set_real_ip_from 190.93.240.0/20; - set_real_ip_from 197.234.240.0/22; - set_real_ip_from 198.41.128.0/17; - set_real_ip_from 199.27.128.0/21; - - set_real_ip_from 2400:cb00::/32; - set_real_ip_from 2405:8100::/32; - set_real_ip_from 2405:b500::/32; - set_real_ip_from 2606:4700::/32; - set_real_ip_from 2803:f800::/32; - - real_ip_header CF-Connecting-IP; - - ## - # GeoIP - ## - geoip_country /usr/share/GeoIP/GeoIP.dat; - - ## - # Virtual Host Configs - ## - include /etc/nginx/sites-enabled/default; - include /etc/nginx/sites/*.conf; -} diff --git a/nosteam_verificiation/python/nosteam_checker.py b/nosteam_verificiation/python/nosteam_checker.py deleted file mode 100644 index a0ae75fb..00000000 --- a/nosteam_verificiation/python/nosteam_checker.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/home/nonroot/import_bans/venv/bin/python3 -from settings import (get_connection) - -def create_tables(): - with get_connection() as conn: - with conn.cursor() as cur: - sql_statement = """ - CREATE TABLE IF NOT EXISTS - `unloze_anti-spoofing`.kicklist - ( - steam_id varchar(64) not null, - ipv4 varchar(64) not null, - kick boolean default FALSE, - inserted_on datetime default now(), - primary key (steam_id, ipv4) - ) - """ - cur.execute(sql_statement) - -def select_into_recent_bans(): - with get_connection() as conn: - with conn.cursor() as cur: - sql_statement = """ - insert IGNORE - `unloze_anti-spoofing`.kicklist(steam_id, ipv4) - select - cr.steam_id, cr.ipv4 - from `unloze_anti-spoofing`.connect_restriction cr - where cr.cooldown > NOW() - """ - cur.execute(sql_statement) - -def update_kick_flag(): - with get_connection() as conn: - with conn.cursor() as cur: - sql_statement = """ - update `unloze_anti-spoofing`.kicklist set kick = true - """ - cur.execute(sql_statement) - -def main(): - create_tables() - print("new iteration") - select_into_recent_bans() - #TODO generate some fingerprints to base the kick flag being set by - update_kick_flag() - -if __name__ == '__main__': - main() diff --git a/nosteam_verificiation/python/read_access_logs.py b/nosteam_verificiation/python/read_access_logs.py deleted file mode 100644 index a6c1aa9d..00000000 --- a/nosteam_verificiation/python/read_access_logs.py +++ /dev/null @@ -1,90 +0,0 @@ -#!/home/nonroot/nginx_reader/venv/bin/python3 -from settings import get_connection - -def main(): - motd_accessed = [] - with open("/var/log/nginx/access_xenforo.log", "r") as f: - for l in f.readlines(): - if 'MOTD.html' in l: - motd_accessed.append(l) - with get_connection() as conn: - with conn.cursor() as cur: - sql_statement = """ - CREATE TABLE IF NOT EXISTS - `unloze_anti-spoofing`.requests_info - ( - ipv4 varchar(64) not null, - status_code int4, - user_agent varchar(512), - x_forwarded varchar(512), - request_length int4, - request_time int4, - body_bytes_sent varchar(64), - bytes_sent varchar(64), - ssl_protocol varchar(256), - ssl_cipher varchar(256), - inserted_on datetime default now(), - primary key (ipv4) - ) - """ - cur.execute(sql_statement) - #print('statement: ', cur.statement) - sql_statement = """ - CREATE TABLE IF NOT EXISTS - `unloze_anti-spoofing`.user_agent_history - ( - id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY, - ipv4 varchar(64) not null, - user_agent varchar(512), - inserted_on datetime default now(), - FOREIGN KEY (ipv4) REFERENCES requests_info(ipv4) - ) - """ - cur.execute(sql_statement) - #print('statement: ', cur.statement) - for d in motd_accessed: - ipv4 = d.split("] ")[1].split(" status")[0] - status_code = d.split("code: ")[1].split(" body")[0] - user_agent = d.split('user agent: "')[1].split('" x ')[0] - x_forwarded = d.split('x forwarded: "')[1].split('" request length:')[0] - request_length = d.split("request length: ")[1].split(" request_time:")[0] - request_time = d.split("request_time: ")[1].split(" content length:")[0] - body_bites = d.split("body bytes: ")[1].split(" bytes:")[0] - bytes_send = d.split("bytes: ")[1].split(" user agent:")[0].strip(" ") - ssl_protocol = d.split("ssl_protocol: ")[1].split(" ssl_cipher:")[0] - ssl_cipher = motd_accessed[0].split("ssl_cipher: ")[1].split("\n")[0] - - sql_statement = """ - INSERT IGNORE - `unloze_anti-spoofing`.requests_info - (ipv4, status_code, user_agent, x_forwarded, request_length, request_time, body_bytes_sent, bytes_sent, - ssl_protocol, ssl_cipher) - VALUES - (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s) - """ - cur.execute(sql_statement, [ipv4, status_code, user_agent, x_forwarded, request_length, request_time, body_bites, bytes_send, ssl_protocol, ssl_cipher]) - sql_statement = """ - select * from `unloze_anti-spoofing`.user_agent_history - WHERE ipv4 = %s and user_agent - = %s - """ - cur.execute(sql_statement, [ipv4, user_agent]) - res = cur.fetchall() - #print('res: ', res) - if not res: - sql_statement = """ - INSERT IGNORE - `unloze_anti-spoofing`.user_agent_history - (ipv4, user_agent) - VALUES - (%s, %s) - """ - cur.execute(sql_statement, [ipv4, user_agent]) - #print('statement: ', cur.statement) - conn.commit() - conn.close() #not sure if mysql supports with statement clauses or not but does not look like it tbh - - -if __name__ == '__main__': - main() - print('finished') diff --git a/nosteam_verificiation/python/update_sb.py b/nosteam_verificiation/python/update_sb.py deleted file mode 100644 index 55d87755..00000000 --- a/nosteam_verificiation/python/update_sb.py +++ /dev/null @@ -1,59 +0,0 @@ -import time -import requests -from settings import (get_connection, key) - -def process_queries(sql_statement): - with get_connection() as conn: - with conn.cursor() as cur: - cur.execute(sql_statement) - res = cur.fetchall() - for index, r in enumerate(res): - steam_id = r[0] - ip = r[1] - url = f"https://proxycheck.io/v2/{ip}?key={key}&asn=1" - jrequest = requests.get(url).json() - d = jrequest[ip] - try: - asn = d["asn"] - provider = d["provider"] - country = d["country"] - except Exception: - print(f'failed: {jrequest}') - continue - with get_connection() as conn: - with conn.cursor() as cur: - sql_statement = """ - insert ignore into `unloze_anti-spoofing`.connect_restriction - (country, asn, provider, steam_id, ipv4) - values (%s, %s, %s, %s, %s) - """ - cur.execute(sql_statement, [country, asn, provider, steam_id, ip]) - conn.commit() - time.sleep(2.5) - print(f'at {index + 1}/{len(res)}') - - -def main(): - sql_statement = """ - select sb.steam_id, sb.ipv4 - from `unloze_anti-spoofing`.sb_bans_shortened sb - left outer join `unloze_anti-spoofing`.connect_restriction cr on - sb.steam_id = cr.steam_id - where cr.asn is null - limit 40 - """ - process_queries(sql_statement) - sql_statement = """ - select auth, address - from `unloze_anti-spoofing`.connections sb - left join `unloze_anti-spoofing`.connect_restriction cr on - sb.auth = cr.steam_id and sb.address = cr.ipv4 - where cr.asn is null - and sb.type != 'SteamLegit' - ORDER BY RAND() - limit 950 - """ - process_queries(sql_statement) - -if __name__ == '__main__': - main() diff --git a/nosteam_verificiation/scripting/nosteam_verifier.sp b/nosteam_verificiation/scripting/nosteam_verifier.sp deleted file mode 100644 index b650fc66..00000000 --- a/nosteam_verificiation/scripting/nosteam_verifier.sp +++ /dev/null @@ -1,451 +0,0 @@ -#pragma semicolon 1 -#define PLUGIN_AUTHOR "jenz but with stuff from neons vpn checker" -#define PLUGIN_VERSION "1.0" -#define APIKEY "mfg242-532328-b34d06-5a8262" -#pragma newdecls optional -#include -#pragma newdecls required -#include -#include -#include -#include - -Database g_hDatabase; -Database g_hDatabase_sourceban; - -char g_asn[MAXPLAYERS + 1][65]; -char g_provider[MAXPLAYERS + 1][65]; -char g_country[MAXPLAYERS + 1][65]; - -public Plugin myinfo = -{ - name = "verifying nosteamers", - author = PLUGIN_AUTHOR, - description = "verifies nosteamers", - version = PLUGIN_VERSION, - url = "www.unloze.com" -}; - -//the point of this plugin is simple to handle nosteamers abusing dynamic networks instead of having a static network -public void OnPluginStart() -{ - Database.Connect(SQL_OnDatabaseConnect, "PlayerManager"); - Database.Connect(SQL_OnDatabaseConnect_sb, "sourcebans"); -} - -public void OnMapStart() -{ - CreateTimer(5.0, time_query_nosteam_select, INVALID_HANDLE, TIMER_REPEAT|TIMER_FLAG_NO_MAPCHANGE); -} - -public Action time_query_nosteam_select(Handle timer, any data) -{ - for (int client = 1; client <= MaxClients; client++) - if (IsValidClient(client) && !IsFakeClient(client)) - { - char sAuthID[32]; - GetClientAuthId(client, AuthId_Steam2, sAuthID, sizeof(sAuthID), false); - char sIP[32]; - GetClientIP(client, sIP, sizeof(sIP)); - if (!SteamClientAuthenticated(sAuthID)) - { - char sQuery[512]; - Format(sQuery, sizeof(sQuery), "select * from kicklist cr where cr.steam_id = '%s' and cr.ipv4 = '%s' and cr.kick is TRUE", sAuthID, sIP); - g_hDatabase.Query(sql_update_cooldown, sQuery, GetClientSerial(client), DBPrio_High); - } - - } - - return Plugin_Continue; -} - -public void sql_update_cooldown(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - if (results.RowCount && results.FetchRow()) - { - char sIP[64]; - GetClientIP(client, sIP, sizeof(sIP)); - char sAuthID[512]; - GetClientAuthId(client, AuthId_Steam2, sAuthID, sizeof(sAuthID), false); - char sql_statement[512]; - Format(sql_statement, sizeof(sql_statement), "delete from kicklist where steam_id = '%s' and ipv4 = '%s' and kick is TRUE", sAuthID, sIP); - g_hDatabase.Query(sql_kick_client, sql_statement, GetClientSerial(client), DBPrio_High); - } - delete results; -} - -public void sql_kick_client(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - char sIP[64]; - GetClientIP(client, sIP, sizeof(sIP)); - char sAuthID[512]; - GetClientAuthId(client, AuthId_Steam2, sAuthID, sizeof(sAuthID), false); - LogMessage("%L | %s nosteamer got kicked for dynamic IP ban avoiding(IP: %s).", client, sAuthID, sIP); - KickClient(client, "If you believe this is undeserved write a forum post on https://www.unloze.com"); -} - -public void SQL_OnDatabaseConnect(Database db, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Database error: %s", error); - return; - } - g_hDatabase = db; - char sQuery[512]; - Format(sQuery, sizeof(sQuery), "CREATE TABLE if not exists `sb_bans_shortened` (`steam_id` varchar(64) NOT NULL, `ipv4` varchar(64) NOT NULL, PRIMARY KEY (`steam_id`,`ipv4`))"); - g_hDatabase.Query(sql_insert_dummy, sQuery, _, DBPrio_High); - Format(sQuery, sizeof(sQuery), "CREATE TABLE if not exists `connect_restriction` (`country` varchar(64) DEFAULT NULL, `asn` varchar(128) DEFAULT NULL, `provider` varchar(128) DEFAULT NULL, `cooldown` datetime DEFAULT NULL, `steam_id` varchar(64) NOT NULL, `ipv4` varchar(64) NOT NULL, `inserted_on` datetime DEFAULT current_timestamp(), `cooldown_query` varchar(1028) DEFAULT NULL, `modified_on` datetime DEFAULT current_timestamp() ON UPDATE current_timestamp(), PRIMARY KEY (`steam_id`,`ipv4`))"); - g_hDatabase.Query(SQL_OnQueryCompleted, sQuery, _, DBPrio_High); -} - -public void SQL_OnDatabaseConnect_sb(Database db, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Database error: %s", error); - return; - } - g_hDatabase_sourceban = db; - for (int i = 1; i <= MaxClients; i++) - OnClientPostAdminCheck(i); -} - -public void SQL_OnQueryCompleted(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - delete results; - for (int i = 1; i <= MaxClients; i++) - OnClientPostAdminCheck(i); -} - -public int OnTransferResponse(char[] sData, int iSerial) -{ - int client = GetClientFromSerial(iSerial); - if (!client) //Player disconnected. - return; - - char sIP[32]; - GetClientIP(client, sIP, sizeof(sIP)); - - JSON_Object obj = json_decode(sData); - char sStatus[32]; - obj.GetString("status", sStatus, sizeof(sStatus)); - if (!StrEqual(sStatus, "ok") && !StrEqual(sStatus, "warning")) - { - char sMessage[256]; - obj.GetString("message", sMessage, sizeof(sMessage)); - LogError("API-Response: %s: %s", sStatus, sMessage); - obj.Cleanup(); - delete obj; - return; - } - JSON_Object ipobj = obj.GetObject(sIP); - char asn[64]; - char provider[64]; - char country[64]; - ipobj.GetString("asn", asn, sizeof(asn)); - ipobj.GetString("provider", provider, sizeof(provider)); - ipobj.GetString("country", country, sizeof(country)); - - char sql_statement[1024]; - g_hDatabase.Escape(provider, g_provider[client], sizeof(g_provider[])); - char sAuthID[512]; - Format(g_asn[client], sizeof(g_asn[]), asn); - Format(g_country[client], sizeof(g_country[]), country); - - GetClientAuthId(client, AuthId_Steam2, sAuthID, sizeof(sAuthID), false); - Format(sql_statement, sizeof(sql_statement), "insert into connect_restriction (country, asn, provider, steam_id, ipv4) values ('%s', '%s', '%s', '%s', '%s') ON DUPLICATE KEY UPDATE modified_on = now()", country, asn, g_provider[client], sAuthID, sIP); - g_hDatabase.Query(SQL_insert, sql_statement, iSerial, DBPrio_High); - ipobj.Cleanup(); - delete ipobj; - obj.Cleanup(); - delete obj; -} - -public void SQL_insert(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - char sql_statement[1024]; - char sIP[64]; - char ip_subblock[8][8]; - GetClientIP(client, sIP, sizeof(sIP)); - ExplodeString(sIP, ".", ip_subblock, sizeof(ip_subblock), sizeof(ip_subblock[])); - char sql_statement_query[1024]; - Format(sql_statement_query, sizeof(sql_statement_query), "update connect_restriction cr1 inner join (select * from connect_restriction cr3 where cr3.asn = '%s' and cr3.provider = '%s' and cr3.country = '%s' and cr3.ipv4 like '%s.%s.%s' and cr3.cooldown > CURDATE() order by cr3.inserted_on desc limit 1) as cr2 on cr1.asn = cr2.asn and cr1.provider = cr2.provider and cr1.country = cr2.country set cr1.cooldown = cr2.cooldown where cr1.ipv4 like '%s.%s.%s'", g_asn[client], g_provider[client], g_country[client], ip_subblock[0], ip_subblock[1], "%", ip_subblock[0], ip_subblock[1], "%"); - Format(sql_statement, sizeof(sql_statement), "update connect_restriction cr1 inner join (select * from connect_restriction cr3 where cr3.asn = '%s' and cr3.provider = '%s' and cr3.country = '%s' and cr3.ipv4 like '%s.%s.%s' and cr3.cooldown > CURDATE() order by cr3.inserted_on desc limit 1) as cr2 on cr1.asn = cr2.asn and cr1.provider = cr2.provider and cr1.country = cr2.country set cr1.cooldown = cr2.cooldown, cr1.cooldown_query = %s%s%s where cr1.ipv4 like '%s.%s.%s'", g_asn[client], g_provider[client], g_country[client], ip_subblock[0], ip_subblock[1], "%", "\"", sql_statement_query, "\"", ip_subblock[0], ip_subblock[1], "%"); - delete results; - g_hDatabase.Query(SQL_update_restriction, sql_statement, GetClientSerial(client), DBPrio_High); -} - -public void SQL_update_restriction(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - delete results; - char sIP[64]; - char ip_subblock[8][8]; - GetClientIP(client, sIP, sizeof(sIP)); - ExplodeString(sIP, ".", ip_subblock, sizeof(ip_subblock), sizeof(ip_subblock[])); - char sql_statement[512]; - Format(sql_statement, sizeof(sql_statement), "select * from connect_restriction where asn = '%s' and provider = '%s' and country = '%s' and ipv4 like '%s.%s.%s' and cooldown > CURDATE() order by inserted_on desc limit 1", g_asn[client], g_provider[client], g_country[client], ip_subblock[0], ip_subblock[1], "%"); - g_hDatabase.Query(sql_select_cooldown, sql_statement, GetClientSerial(client), DBPrio_High); -} - -public void sql_select_cooldown(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - //if client already has a cooldown no further action needed - //if client has no cooldown we update sourcebans copy table - if (!results.RowCount || !results.FetchRow()) - { - char sql_statement[512]; - Format(sql_statement, sizeof(sql_statement), "TRUNCATE table `sb_bans_shortened`"); - g_hDatabase.Query(sql_truncate_sb_bans_shortened, sql_statement, GetClientSerial(client), DBPrio_High); - } - delete results; -} - -public void sql_truncate_sb_bans_shortened(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error truncate: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - char sql_statement[512]; - Format(sql_statement, sizeof(sql_statement), "select distinct ip, authid from sb_bans where ip is not null and ip != '' and authid is not null and authid != '' and (RemoveType != 'U' or RemoveType is NULL) and created > UNIX_TIMESTAMP(NOW() - INTERVAL 5 DAY) and (ends > UNIX_TIMESTAMP() or ends = created) order by created desc"); - g_hDatabase_sourceban.Query(sql_select_sb_bans, sql_statement, GetClientSerial(client), DBPrio_High); - delete results; -} - -public void sql_select_sb_bans(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - char s_client_ip[64]; - GetClientIP(client, s_client_ip, sizeof(s_client_ip)); - char sql_statement[2856]; - - //in case that very last client exceeds 2700 on the last query - bool after_result = true; - Format(sql_statement, sizeof(sql_statement), "INSERT IGNORE INTO `sb_bans_shortened` (`steam_id`,`ipv4`) VALUES "); - while (results.RowCount && results.FetchRow()) - { - char sIP[64]; - char sAuthID[64]; - results.FetchString(0, sIP, sizeof(sIP)); - results.FetchString(1, sAuthID, sizeof(sAuthID)); - Format(sql_statement, sizeof(sql_statement), "%s ('%s','%s'),", sql_statement, sAuthID, sIP); - after_result = true; - if (strlen(sql_statement) > 2700) - { - Format(sql_statement, strlen(sql_statement), sql_statement); - g_hDatabase.Query(sql_insert_dummy, sql_statement, _, DBPrio_High); - Format(sql_statement, sizeof(sql_statement), "INSERT IGNORE INTO `sb_bans_shortened` (`steam_id`,`ipv4`) VALUES "); - after_result = false; - } - } - Format(sql_statement, strlen(sql_statement), sql_statement); - if (after_result) - { - g_hDatabase.Query(sql_insert_dummy, sql_statement, _, DBPrio_High); - } - delete results; - char ip_subblock[8][8]; - ExplodeString(s_client_ip, ".", ip_subblock, sizeof(ip_subblock), sizeof(ip_subblock[])); - Format(sql_statement, sizeof(sql_statement), "select cr1.* from connect_restriction cr1 inner join connect_restriction cr2 on cr1.asn = cr2.asn inner join sb_bans_shortened cr3 on cr1.steam_id = cr3.steam_id and cr1.ipv4 = cr3.ipv4 and cr1.provider = cr2.provider and cr1.country = cr2.country and cr2.ipv4 = '%s' and cr1.ipv4 like '%s.%s.%s' limit 1", s_client_ip, ip_subblock[0], ip_subblock[1], "%"); - g_hDatabase.Query(sql_select_banned, sql_statement, GetClientSerial(client), DBPrio_High); -} - -public void sql_insert_dummy(Database db, DBResultSet results, const char[] error, any data) -{ - if (!db || strlen(error)) - { - LogError("Query error dummy: %s", error); - return; - } -} - -//checks sourceban active bans to see if adding cooldown -public void sql_select_banned(Database db, DBResultSet results, const char[] error, any data) -{ - if (!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - if (results.RowCount && results.FetchRow()) - { - char s_client_ip[64]; - GetClientIP(client, s_client_ip, sizeof(s_client_ip)); - char sAuthID[512]; - GetClientAuthId(client, AuthId_Steam2, sAuthID, sizeof(sAuthID), false); - char sql_statement[1024]; - char sql_statement_query[512]; - Format(sql_statement_query, sizeof(sql_statement_query), "update connect_restriction set cooldown = DATE_ADD(now(), INTERVAL 170 DAY) where steam_id = '%s' and ipv4 = '%s'", sAuthID, s_client_ip); - Format(sql_statement, sizeof(sql_statement), "update connect_restriction set cooldown = DATE_ADD(now(), INTERVAL 170 DAY), cooldown_query = %s%s%s where steam_id = '%s' and ipv4 = '%s'", "\"", sql_statement_query, "\"", sAuthID, s_client_ip); - g_hDatabase.Query(sql_insert_dummy, sql_statement, GetClientSerial(client), DBPrio_High); - } - delete results; -} - -public void sql_select_if_exists(Database db, DBResultSet results, const char[] error, any data) -{ - if(!db || strlen(error)) - { - LogError("Query error: %s", error); - return; - } - int client; - if ((client = GetClientFromSerial(data)) == 0) - return; - char sAddress[16]; - GetClientIP(client, sAddress, sizeof(sAddress)); - if (results.RowCount && results.FetchRow()) - { - char sql_statement[1024]; - char s_country[64]; - char s_asn[512]; - char s_provider[64]; - char s_steam[64]; - char s_ipv4[64]; - results.FetchString(0, s_country, sizeof(s_country)); - results.FetchString(1, s_asn, sizeof(s_asn)); - results.FetchString(2, s_provider, sizeof(s_provider)); - results.FetchString(4, s_steam, sizeof(s_steam)); - results.FetchString(5, s_ipv4, sizeof(s_ipv4)); - Format(g_asn[client], sizeof(g_asn[]), s_asn); - g_hDatabase.Escape(s_provider, g_provider[client], sizeof(g_provider[])); - Format(g_country[client], sizeof(g_country[]), s_country); - Format(sql_statement, sizeof(sql_statement), "insert into connect_restriction (country, asn, provider, steam_id, ipv4) values ('%s', '%s', '%s', '%s', '%s') ON DUPLICATE KEY UPDATE modified_on = now()", s_country, s_asn, s_provider, s_steam, s_ipv4); - g_hDatabase.Query(SQL_insert, sql_statement, GetClientSerial(client), DBPrio_High); - //we already have the infos on the IP address so we skip the https request - } - else - { - //we have not yet saved infos on the IP so we use the https request - char sRequest[256]; - FormatEx(sRequest, sizeof(sRequest), "https://proxycheck.io/v2/%s?key=%s&asn=1", sAddress, APIKEY); - Handle hRequest = SteamWorks_CreateHTTPRequest(k_EHTTPMethodGET, sRequest); - if (!hRequest || - !SteamWorks_SetHTTPCallbacks(hRequest, OnTransferComplete) || - !SteamWorks_SetHTTPRequestContextValue(hRequest, GetClientSerial(client)) || - !SteamWorks_SendHTTPRequest(hRequest)) - { - delete hRequest; - } - } - delete results; -} - -public int OnTransferComplete(Handle hRequest, bool bFailure, bool bSuccessful, EHTTPStatusCode eStatusCode, int iSerial) -{ - if (bFailure || !bSuccessful || eStatusCode != k_EHTTPStatusCode200OK) - { - delete hRequest; - LogError("Request-Error: %d", eStatusCode); - return; - } - SteamWorks_GetHTTPResponseBodyCallback(hRequest, OnTransferResponse, iSerial); -} - - -public void resetClient(int client) -{ - Format(g_asn[client], sizeof(g_asn[]), ""); - Format(g_provider[client], sizeof(g_provider[]), ""); - Format(g_country[client], sizeof(g_country[]), ""); -} - -public void OnClientDisconnect(int client) -{ - resetClient(client); -} - -public void OnClientPostAdminCheck(int client) -{ - if(!IsValidClient(client) || IsFakeClient(client)) - return; - if (!g_hDatabase) - { - Database.Connect(SQL_OnDatabaseConnect, "PlayerManager"); - return; - } - if (!g_hDatabase_sourceban) - { - Database.Connect(SQL_OnDatabaseConnect_sb, "sourcebans"); - return; - } - resetClient(client); - char sAuthID[32]; - GetClientAuthId(client, AuthId_Steam2, sAuthID, sizeof(sAuthID), false); - char sIP[32]; - GetClientIP(client, sIP, sizeof(sIP)); - if (!SteamClientAuthenticated(sAuthID)) - { - char sql_statement[512]; - Format(sql_statement, sizeof(sql_statement), "select * from connect_restriction where steam_id = '%s' and ipv4 = '%s'", sAuthID, sIP); - g_hDatabase.Query(sql_select_if_exists, sql_statement, GetClientSerial(client), DBPrio_High); - } -} - -stock bool IsValidClient(int client) -{ - if (client > 0 && client <= MaxClients && IsClientConnected(client) && IsClientInGame(client)) - return true; - return false; -} - diff --git a/nosteam_verificiation/systemctl/kicklist.service b/nosteam_verificiation/systemctl/kicklist.service deleted file mode 100644 index 02e0f983..00000000 --- a/nosteam_verificiation/systemctl/kicklist.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=constantly updating the kicklist - -[Service] -Type=simple -User=nonroot -WorkingDirectory=/home/nonroot/nosteam_verifier -Restart=always -RestartSec=5 -ExecStart=/home/nonroot/nosteam_verifier/nosteam_checker.py diff --git a/nosteam_verificiation/systemctl/nginx_collector.service b/nosteam_verificiation/systemctl/nginx_collector.service deleted file mode 100644 index 2866580a..00000000 --- a/nosteam_verificiation/systemctl/nginx_collector.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=nginx logging collector - -[Service] -Type=simple -User=nonroot -WorkingDirectory=/home/nonroot/nginx_reader -Restart=always -RestartSec=5 -ExecStart=/home/nonroot/nginx_reader/read_access_logs.py