IP Ban By DataBase

[own_prox]

first off excute this:

USE [GunzDB]
GO
/****** Object: StoredProcedure [dbo].[spGetLoginInfo] Script Date: 08/09/2009 07:13:25 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO


/* LoginInfo 얻어옴 */
ALTER PROC [dbo].[spGetLoginInfo]
@UserID varchar(20)
AS
SET NOCOUNT ON
DECLARE @IP VARCHAR(40)
SELECT @IP=LastIP FROM LOGIN(NOLOCK) WHERE UserID=@UserID
DECLARE @IP2 VARCHAR(40)
SELECT @IP2=IP FROM ipbans(NOLOCK) WHERE IP=@IP
IF @IP = @IP2
BEGIN
RETURN 1 -- Wrong Password
/* UPDATE ACCOUNT SET UGradeID = 253 WHERE UserID = @UserID -- Ban Any New Accounts */
END
SELECT AID, UserID, Password FROM Login(nolock) WHERE UserID = @UserID

Second Excute This:

USE [GunzDB]
GO

/****** Object: Table [dbo].[ipbans] Script Date: 08/09/2009 07:22:30 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

SET ANSI_PADDING ON
GO

CREATE TABLE [dbo].[ipbans](
[UserID] [varchar](20) NULL,
[IP] [varchar](20) NULL
) ON [PRIMARY]

GO

SET ANSI_PADDING OFF
GO

then just simply go into the table ip bans add there ip and they will be ip banned you dont really have to enter a userid
oh i could'nt be asked to find the return for banned theres too many stored processes to look though oh and if they make another account they will still be banned

 

[nanowarior]

1st post!,
Awesome u saved my day, Much easier.

 

[Wucas]

My only thought.

Ip banning is almost useless today.

 

[Linear88]

Thanks a lot.

@BetrayedAcheron: HWID Bans are better, requires coding though. >.>

 

[diosz]

nice ^^
now i go to do a panel or something for this and now i can add IP's more easy =D

 

[Wucas]

Thanks a lot.

@BetrayedAcheron: HWID Bans are better, requires coding though. >.>

or on installation you could plant custom ids in the registry and if that id is on a blacklist you could killzor loading xD

 

[Linear88]

Oh, is there any way to return the "This User ID is banned from Gunz Online" message instead of the Wrong Password message?

 

[97819589]

Wow ... nice release! Thanks

 

[Goldoracko]

lol will be usefull whit this XD

<?php
include "config.php";
?>
<?php
$ip = ''.($_SERVER['REMOTE_ADDR']);
?>
<?php
$query = mssql_query("SELECT * FROM ipbans WHERE IP = '$ip'");
if (mssql_num_rows($query) == 1)
{
include "bannedip.php";
exit();
}
?>

 

[Linear88]

That was from the MPOG website of DarkGunz, wasn't it?

 

[MicroManiacs]

Good job steven.

 

[own_prox]

why not make a php file called banned.php and use this instead of what u said and just include 'banned.php'; that you don't want people to access who are ip banned

<?php
include "config.php";
if (mssql_num_rows(mssql_query("SELECT * FROM ipbans WHERE IP = '$_SERVER['REMOTE_ADDR'];'")) >= 0)
{
$message = "The Ip ".$_SERVER['REMOTE_ADDR']." Is Banned From This Gunz Server";
?><center><b><?php
echo $message;
die();
}
?>

oh and for the banned message i have no clue i think its a asm job ill look into it later

and thanks for the nice replys


Hwid's are easy to get i can get them via my dll file but i don't know how to send to server side

 

[ProGunzsoul]

GG , Good Job Steven

Hackers = IP Ban

 

[ThePhailure772]

USE [LG_GunZ]
GO

/****** Object:  Table [dbo].[firewall]    Script Date: 08/09/2009 14:09:02 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

SET ANSI_PADDING ON
GO

CREATE TABLE [dbo].[firewall](
	[IP] [varchar](20) NULL,
	[AID] [int] NULL,
	[Reason] [varchar](50) NULL
) ON [PRIMARY]

GO

SET ANSI_PADDING OFF
GO

USE [LG_GunZ]
GO
/****** Object:  StoredProcedure [dbo].[spGetLoginInfo]    Script Date: 08/09/2009 14:09:43 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
/* LoginInfo ??? */
ALTER PROC [dbo].[spGetLoginInfo]
	@UserID		varchar(20)
AS
SET NOCOUNT ON

DECLARE @IPaddr	  varchar(50)
DECLARE @Firewall varchar(50)

SET @IPaddr = (SELECT LastIP FROM Login(nolock) WHERE UserID = @UserID)
SET @Firewall = (SELECT ip FROM firewall WHERE ip = @IPaddr)

if(@IPaddr = @Firewall)
BEGIN
	UPDATE Account SET UGradeID=253 WHERE UserID=@UserID
END		
BEGIN
	SELECT AID, UserID, Password FROM Login(nolock) WHERE UserID = @UserID
END

Did this back at GameNao.

 

[Solaire]

dbo.GetAccountInfo.

 

[dacharles]

anyone have the original function? xD

 

[Creativity]

Will be helpful, thanks

 

[Guy]

or on installation you could plant custom ids in the registry and if that id is on a blacklist you could killzor loading xD

What if I spoof my registry-based ID to that of another user, and get said user banned?

why not make a php file called banned.php and use this instead of what u said and just include 'banned.php'; that you don't want people to access who are ip banned


oh and for the banned message i have no clue i think its a asm job ill look into it later

and thanks for the nice replys


Hwid's are easy to get i can get them via my dll file but i don't know how to send to server side

1) The script still initializes, which allows potential for say, someone who is flooding your website/server to still fulfill an HTTP request or similar.

2) That should be do-able without modifying the match server daemon.

3) While hardware ID's are easy to access via varying means (Registry keys, CPUID instruction, Windows API calls, system volume information, hard-drive serial, etc), they're unreliable. If a user sells their machine, or otherwise gives it up, you're banning a potential customer. Not to mention, the prescribed method you've been using to fetch IDs is easily spoofable.

 

[Linear88]

Wouldn't this act like an exploit?

Example:
Three accounts: Admin, Hacker and Hacker2

Hacker is IP Banned.
Hacker logs in to his second account, Hacker2.
Hacker gets autobanned on Hacker2.
Admin - LastIP column is 0.0.0.0.
Hacker attempts to login to Admin on his first try, and it fails: Wrong Password.
Admin is not autobanned yet.
However, on every failed try, the LastIP is updated.
Admin - LastIP column is updated to Hacker's IP.
Hacker attempts to login to Admin, again, and it fails: Wrong Password.
Admin is now autobanned as the LastIP column matches Hacker's IP.

 

[Phoenix]

Wouldn't this act like an exploit?

Example:
Three accounts: Admin, Hacker and Hacker2

Hacker is IP Banned.
Hacker logs in to his second account, Hacker2.
Hacker gets autobanned on Hacker2.
Admin - LastIP column is 0.0.0.0.
Hacker attempts to login to Admin on his first try, and it fails: Wrong Password.
Admin is not autobanned yet.
However, on every failed try, the LastIP is updated.
Admin - LastIP column is updated to Hacker's IP.
Hacker attempts to login to Admin, again, and it fails: Wrong Password.
Admin is now autobanned as the LastIP column matches Hacker's IP.

Sweet. No one woulda thought of that xD