- Joined
- Dec 18, 2013
- Messages
- 52
- Reaction score
- 31
Ran Online Auto Whitelist (KUNO)
using 2 Different Host/Server
NOTE:
This feature only defends Layer 7 Attacks.
So this is useless when the attacker uses L4 Attacks
Step 1:using 2 Different Host/Server
NOTE:
This feature only defends Layer 7 Attacks.
So this is useless when the attacker uses L4 Attacks
Open your s_CLoginServerMsg.cpp
then find this:
Add this below:
C++:
//Add known if legit Client
if ( CIPFilter::GetInstance()->IsIPKnown( m_pClientManager->GetClientIP(dwClient) ) == FALSE )
{
CIPFilter::GetInstance()->AddIPKnown( m_pClientManager->GetClientIP(dwClient), true );
CIPFilter::GetInstance()->RemoveIPBlock( m_pClientManager->GetClientIP(dwClient) );
CConsoleMessage::GetInstance()->Write("Known IP added : %s", m_pClientManager->GetClientIP(dwClient) );
}
CIPFilter::GetInstance()->AddIPKnown( m_pClientManager->GetClientIP(dwClient), true );
CIPFilter::GetInstance()->RemoveIPBlock( m_pClientManager->GetClientIP(dwClient) );
Step 2:
Open your s_CLoginServer.cpp
then find this:
C++:
// Get client ip address and port
::getpeername(Accept, (sockaddr *) &sAddrIn, &nSize);
::StringCchCopy(szIp, MAX_IP_LENGTH+1, ::inet_ntoa(sAddrIn.sin_addr));
Add this below:
C++:
if ( CIPFilter::GetInstance()->IsIPBlocked( szIp ) == TRUE )
{
::shutdown(Accept, SB_BOTH);
::closesocket(Accept);
continue;
}
C++:
if( !m_bUseEventThread ) Sleep( 0 );
Add this above:
C++:
CIPFilter::GetInstance()->AddIPBlock( m_pClientManager->GetClientIP(dwClient) );
you can find this before
C++:
int CLoginServer::UpdateProc()
Step 3:
Open your s_CAgentServerSession.cpp
then find this:
then replace it with these:
C++:
case NET_MSG_IPFILTER_KNOWN_ADD_SERVERS:
{
NET_IPFILTER_KNOWN_ADD_SERVERS* netMsg = reinterpret_cast < NET_IPFILTER_KNOWN_ADD_SERVERS* > (nmg);
if ( CIPFilter::GetInstance()->IsIPKnown( std::string( netMsg->szIP ) ) == FALSE )
{
CIPFilter::GetInstance()->AddIPKnown( std::string( netMsg->szIP ) );
CIPFilter::GetInstance()->RemoveIPBlock( std::string( netMsg->szIP ) );
CConsoleMessage::GetInstance()->Write("Known IP added : %s", netMsg->szIP );
char jbuffer[255];
sprintf(jbuffer,"netsh advfirewall firewall add rule name=%s dir=in action=allow protocol=TCP localport=5101-5106,2691,26666 remoteip=%s/32",netMsg->szIP , netMsg->szIP );
system(jbuffer);
}
CIPFilter::GetInstance()->AddIPKnown( std::string( netMsg->szIP ) );
CIPFilter::GetInstance()->RemoveIPBlock( std::string( netMsg->szIP ) );
}break;
Step 4:
Open your s_CAgentServerThread.cpp
then find this:
Add this below:
C++:
if ( CIPFilter::GetInstance()->IsIPBlocked( Accept ) )
{
::shutdown(Accept, SB_BOTH);
::closesocket(Accept);
continue;
}
if ( CIPFilter::GetInstance()->IsIPKnownNew( Accept ) == FALSE )
{
::shutdown(Accept, SB_BOTH);
::closesocket(Accept);
continue;
}
Step 4:
Open your s_CFieldServerThread.cpp
then find this:
C++:
while (m_bIsRunning)
{
Accept = ::WSAAccept( m_sServer, NULL, NULL, NULL, 0 );
if ( Accept == INVALID_SOCKET )
{
nRetCode = ::WSAGetLastError();
CConsoleMessage::GetInstance()->Write( _T("ERROR:WSAAccept %d"), nRetCode );
if (nRetCode == WSAENOTSOCK || nRetCode == WSAEINTR)
{
break;
}
else
{
continue;
}
}
C++:
sockaddr_in sAddrIn;
int nSize = sizeof(sockaddr_in);
char szIp[MAX_IP_LENGTH+1] = {0};
// Get client ip address and port
::getpeername(Accept, (sockaddr *) &sAddrIn, &nSize);
::StringCchCopy(szIp, MAX_IP_LENGTH+1, ::inet_ntoa(sAddrIn.sin_addr));
if ( CIPFilter::GetInstance()->IsIPBlocked( Accept ) )
{
::shutdown(Accept, SB_BOTH);
::closesocket(Accept);
continue;
}
if ( CIPFilter::GetInstance()->IsIPKnownNew( Accept ) == FALSE )
{
::shutdown(Accept, SB_BOTH);
::closesocket(Accept);
continue;
}
If you know how to configure Login server from different host
this is what you need.
Now for setting up your Login server using different host
Just setup your loginserver.cfg change the session IP to (Main Server) IP
Make sure not to open your Main Server files port publicly.
Session port is only open to the specific IP which is the loginserver host.
~Thank you mincoms!
CREDITS:
Owner of IP Filter
You must be registered to see links
for testingMe for recoding.
You must be registered to see links
for sharingAttachments
You must be registered for see attachments list
Last edited: