NEW VERSION BELOW (POST 3)
Like I wrote here there is a getstatus exploit activly used, which could spoil the gameserver performance.
See the link above for detailed informations.
Yada from Staatsschutz released a patch for ET 2.60B to work against the exploit by responding only one getstatus query per IP all 4 seconds.
Since not everyone is happy with the patch (server is shown as laggy in HLSW aso....), I took the time to build a (quick and dirty!!!!) bash script to check the abuse of getstatus queries and block the attacking IP (even if it is spoofed) with the linux firewall iptables.
To run this script , your server need the following tools:
GNU-Tools (cat, grep aso... standard for each linux)
|View the code|
The script capture a number of tcp packets (set in the line CNT= ...)
After they were captured, the script looks for request sources, where more than a limit (ALARM=...) of "getstatus" queries are originated.
If the count from an IP hit the limit, the script check if the IP is allready blocked by IPTables.
If this isn`t done yet, the script add the "new" IP to iptables, so that packets from this IP will be dropped in the future.
How to use this:
Copy the code to a textfile on your server, make it executable (chmod +x YourScriptName)
and execute it.
last changed by schnoog am 31.01.2011 - 21:47:28