搜索
查看: 4857|回复: 8

LInux防攻击脚本2.10

[复制链接]
发表于 2009-2-14 12:33:04 | 显示全部楼层 |阅读模式 来自 中国–陕西–西安
本帖最后由 gearfox 于 2010-3-15 20:50 编辑

帖子有点儿老了 重新编辑一下吧
国外原帖地址为
http://forum.fastfrag.ro/index.php/topic,2839.0.html

WARNING: this is Linux version only. For Windows, check Shocker's AntiCSDoS.

This is experimental version, which can be used with cbooster/dproto and blocking SV_ParseVoiceData exploit.

Installing procedure (run this commands in hlds_run's directory):


Code:
wget http://hobby.sarichioi.com/cstrike/hlshield2-install.sh
sh hlshield2-install.sh

If you already installed hlshield2, just run sh hlshield2-install.sh one more time, hlshield will be updated automatically.

Differences between 2.2 and 2.3 version:

logging addeed - in hlshield.log (ensure that hlds have rights to write in the directory where hlds_run is located)
drop from server the user used by SV_ParseVoiceData exploit

Differences between 2.3 and 2.4 version:

stop hlds_fuck attacks

Differences between 2.4 and 2.5 version:

avoid false detected hlds_fuck attacks

Differences between 2.5 and 2.6 version:

new feature added: firewalling attaker ip (using iptables)

Differences between 2.6 and 2.7 version:

two more logging modes: verbose and debug

Differences between 2.7 and 2.9 version:

hlds_fuck is detected now in very early stage (this meaning that this will not be compatibile with dproto, but because dproto fix already hlds_fuck, is not very important)
better detection of hlds_fuck

Differences between 2.9 and 2.10 version:

hlds_fuck checking only for protocol 48, I hope 47 engines will not crash

If you using AMD processor, put in hlds_run a line like this:


Code:
export HLSHIELD_ARCH=amd

If you want to disable logging feature, put following line in hlds_run:


Code:
export HLSHIELD_LOG=no
For increasing verbosity you can put export HLSHIELD_LOG=2 (this will dump key in logs for rejected attacks) or even export HLSHIELD_LOG=3 (this will dump EVERY client authentication, useful for catch new kind of attacks).


Another variable enviroments:


Code:
Variable             Default value         Explanation
  HLSHIELD_REPLY       Get lost, looser!     Send a funny message to csdos attacker
  HLSHIELD_PARANOID    0                     Checking very strict userinfo string. Is not recommended, can reject real players
  HLSHIELD_FIREWALL    0                     If put 1 or 2, hlshield will send firewall command to hlfirewall daemon.



HLSHIELD_FIREWALL details:

If HLSHIELD_FIREWALL is set, hlshield will send the ip attacker to hlfirewall, then hlfirewall will run iptables command.

LEVEL 1 - iptables -A INPUT -p udp -s xxx.xxx.xxx.xxx -j DROP
LEVEL 2 - iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP

Be very careful, LEVEL 2 will block ANY access of attacker to the server, so if you will try to attack your server, you will loose remotely control of your own server.

NOTE: to start HLFirewall, just run hlfirewall.pl (as root), installed by hlshield2-install.sh. It is important to run it as root, otherwise HLFirewall will not be able to run iptables command (because iptables need administrator privilege). Of course, hlfirewall.pl can be modified to use sudo for this.

NOTE: even you run multiple cstrike servers on your machine, you need run ONLY ONE instance of HLFirewall.


Known bugs:
- there is no support for 64 bit hlds (actually i'm not sure if is needed 64 bit version)

Removed features:
- rejecting players with ` and ~ in name, this can be done easily with an amxmodx plugin.
- ban players who reconnecting too fast

If somebody found any bug in this version of HLShield, let me know.
发表于 2009-3-18 21:56:57 | 显示全部楼层 来自 中国–广东–深圳–宝安区
:D
看到了
测试看看先
回复

使用道具 举报

发表于 2009-3-21 19:49:31 | 显示全部楼层 来自 中国–江苏–常州
2.14发布呀。很久没来了。
gearf0x好么
回复

使用道具 举报

 楼主| 发表于 2009-3-21 21:02:43 | 显示全部楼层 来自 中国–陕西–西安
还好~~~~~  谢谢
回复

使用道具 举报

发表于 2009-3-21 21:17:51 | 显示全部楼层 来自 日本
跟你网盘做一个友情链接?
回复

使用道具 举报

 楼主| 发表于 2009-3-21 22:29:31 | 显示全部楼层 来自 中国–陕西–西安
行啊。。

网盘的密码我也可以告诉你

   没事儿也更新一下呗~
回复

使用道具 举报

发表于 2010-3-14 13:10:19 | 显示全部楼层 来自 中国–湖南–株洲
我也要你的网盘密码~哈哈
回复

使用道具 举报

 楼主| 发表于 2010-3-14 18:38:37 | 显示全部楼层 来自 中国–陕西–西安
本帖最后由 gearfox 于 2010-3-14 18:42 编辑
我也要你的网盘密码~哈哈
snooper 发表于 2010-3-14 13:10



哈哈  随便更新了一下版本   用linux的去试试吧
回复

使用道具 举报

发表于 2010-3-15 14:51:46 | 显示全部楼层 来自 中国–北京–北京
唉呀,没有多余的机器测试了。。。。
回复

使用道具 举报

游客
回复
您需要登录后才可以回帖 登录 | 注个册吧

快速回复 返回顶部 返回列表