[SHARE] Ran Online Auto Whitelist (KUNO) using 2 Different Host/Server

MDevelopments

ExplorerSec
[VIP] Member
[VIP] Subscriber 10 Happy Years
Joined
Dec 18, 2013
Messages
52
Reaction score
33
Ran Online Auto Whitelist (KUNO)
using 2 Different Host/Server

NOTE:
This feature only defends Layer 7 Attacks.
So this is useless when the attacker uses L4 Attacks
Step 1:
Open your s_CLoginServerMsg.cpp
then find this:

Add this below:
C++: 
//Add known if legit Client
    if ( CIPFilter::GetInstance()->IsIPKnown( m_pClientManager->GetClientIP(dwClient) ) == FALSE )
    {
        CIPFilter::GetInstance()->AddIPKnown( m_pClientManager->GetClientIP(dwClient), true );
        CIPFilter::GetInstance()->RemoveIPBlock( m_pClientManager->GetClientIP(dwClient) );


        CConsoleMessage::GetInstance()->Write("Known IP added : %s", m_pClientManager->GetClientIP(dwClient) );

    }
    CIPFilter::GetInstance()->AddIPKnown( m_pClientManager->GetClientIP(dwClient), true );
    CIPFilter::GetInstance()->RemoveIPBlock( m_pClientManager->GetClientIP(dwClient) );

Step 2:
Open your s_CLoginServer.cpp
then find this:
C++: 
// Get client ip address and port
        ::getpeername(Accept, (sockaddr *) &sAddrIn, &nSize);
        ::StringCchCopy(szIp, MAX_IP_LENGTH+1, ::inet_ntoa(sAddrIn.sin_addr));

Add this below:
C++: 
if ( CIPFilter::GetInstance()->IsIPBlocked( szIp ) == TRUE )
        {
            ::shutdown(Accept, SB_BOTH);
            ::closesocket(Accept);
            continue;
        }
then find this below:
C++: 
if( !m_bUseEventThread ) Sleep( 0 );

Add this above:
C++: 
CIPFilter::GetInstance()->AddIPBlock( m_pClientManager->GetClientIP(dwClient) );

you can find this before
C++: 
int CLoginServer::UpdateProc()

Step 3:
Open your s_CAgentServerSession.cpp
then find this:

then replace it with these:
C++: 
case NET_MSG_IPFILTER_KNOWN_ADD_SERVERS:
        {
            NET_IPFILTER_KNOWN_ADD_SERVERS* netMsg = reinterpret_cast < NET_IPFILTER_KNOWN_ADD_SERVERS* > (nmg);

            if ( CIPFilter::GetInstance()->IsIPKnown( std::string( netMsg->szIP ) ) == FALSE )    
            {
                CIPFilter::GetInstance()->AddIPKnown( std::string( netMsg->szIP ) );
                CIPFilter::GetInstance()->RemoveIPBlock( std::string( netMsg->szIP ) );

                CConsoleMessage::GetInstance()->Write("Known IP added : %s", netMsg->szIP );

                char jbuffer[255];
                sprintf(jbuffer,"netsh advfirewall firewall add rule name=%s dir=in action=allow protocol=TCP localport=5101-5106,2691,26666 remoteip=%s/32",netMsg->szIP , netMsg->szIP );
                system(jbuffer);
            }
            CIPFilter::GetInstance()->AddIPKnown( std::string( netMsg->szIP ) );
            CIPFilter::GetInstance()->RemoveIPBlock( std::string( netMsg->szIP ) );
        }break;

Step 4:
Open your s_CAgentServerThread.cpp
then find this:


Add this below:
C++: 
if ( CIPFilter::GetInstance()->IsIPBlocked( Accept ) )
            {
                ::shutdown(Accept, SB_BOTH);
                ::closesocket(Accept);
                continue;
            }

            if ( CIPFilter::GetInstance()->IsIPKnownNew( Accept ) == FALSE )
            {
                ::shutdown(Accept, SB_BOTH);
                ::closesocket(Accept);
                continue;
            }

Step 4:
Open your s_CFieldServerThread.cpp
then find this:
C++: 
while (m_bIsRunning)
        {
            Accept = ::WSAAccept( m_sServer, NULL, NULL, NULL, 0 );
            if ( Accept == INVALID_SOCKET )
            {
                nRetCode = ::WSAGetLastError();
                CConsoleMessage::GetInstance()->Write( _T("ERROR:WSAAccept %d"), nRetCode );
                if (nRetCode == WSAENOTSOCK || nRetCode == WSAEINTR)
                {
                    break;
                }
                else
                {
                    continue;
                }
            }
Add this below:

C++: 
sockaddr_in    sAddrIn;
            int nSize = sizeof(sockaddr_in);
            char szIp[MAX_IP_LENGTH+1] = {0};


            // Get client ip address and port
            ::getpeername(Accept, (sockaddr *) &sAddrIn, &nSize);
            ::StringCchCopy(szIp, MAX_IP_LENGTH+1, ::inet_ntoa(sAddrIn.sin_addr));


            if ( CIPFilter::GetInstance()->IsIPBlocked( Accept ) )
            {
                ::shutdown(Accept, SB_BOTH);
                ::closesocket(Accept);
                continue;
            }
            if ( CIPFilter::GetInstance()->IsIPKnownNew( Accept ) == FALSE )
            {
                ::shutdown(Accept, SB_BOTH);
                ::closesocket(Accept);
                continue;
            }
Again, this feature only works for layer 7.

If you know how to configure Login server from different host
this is what you need.

Now for setting up your Login server using different host

Just setup your loginserver.cfg change the session IP to (Main Server) IP
Make sure not to open your Main Server files port publicly.
Session port is only open to the specific IP which is the loginserver host.

~Thank you mincoms!

CREDITS:
Owner of IP Filter
You must be registered to see links
for testing
Me for recoding.
You must be registered to see links
for sharing
 

Attachments

You must be registered for see attachments list
Last edited:
B

baby011528

Chinese Developer
Banned
Joined
Apr 6, 2019
Messages
358
Reaction score
53
Tested. adding rules success.
a reminder , dont forget to change the port in rules commands before using.
 
B

baby011528

Chinese Developer
Banned
Joined
Apr 6, 2019
Messages
358
Reaction score
53
Mharlon112 said:
But still not safe from attackers specially those who are using layer4 attacks or OVH Bypass.
Click to expand...
actually for this method , its just simply add rule from setting up the firewall let player can access to spectify port only.
its did not containt any defense or something.
it is just make some simple condition from login server , and pass it to agent server to setup the rules.
dont assume this can be secure our file from attack.

a tips for who want to setup the server. just remember that if you want yours server secure , choose the server with ddos protection.
if you have a large budget , you can get too for amazon services that really provide a good protection against these attack issue
 
Reactions: zet

fauhrur

Newbie Spellweaver
Joined
May 19, 2023
Messages
17
Reaction score
6
lol this is useless i test ddosing with this feature still have down time for online user. this methode can be done into dll and param game with same advfirewall comment.
 

MDevelopments

ExplorerSec
[VIP] Member
[VIP] Subscriber 10 Happy Years
Joined
Dec 18, 2013
Messages
52
Reaction score
33
fauhrur said:
lol this is useless i test ddosing with this feature still have down time for online user. this methode can be done into dll and param game with same advfirewall comment.
Click to expand...
That’s why I said it is not that useful. LOL
Have you tried to attack it using layer7? HAHAHAHA

You must be registered to see links

Gs ep7 ui source enjoy!
 
Last edited:

Cabalife

Junior Spellweaver
Joined
Apr 26, 2017
Messages
184
Reaction score
10
Liked and thanks for your ideas and shearing.
 
You must log in or register to reply here.