diff options
author | Jesusaves <cpntb1@ymail.com> | 2020-12-27 17:22:50 -0300 |
---|---|---|
committer | Jesusaves <cpntb1@ymail.com> | 2020-12-27 17:22:50 -0300 |
commit | f0a170e4a61e34ff13475c4ebb4638204db9a993 (patch) | |
tree | 7053412dc0a1cbc96a783d0099debce4b664e4db | |
parent | dcaddd5132175cfc40b2bd2b7a0f6de3d5fb53d0 (diff) | |
download | server-f0a170e4a61e34ff13475c4ebb4638204db9a993.tar.gz server-f0a170e4a61e34ff13475c4ebb4638204db9a993.tar.bz2 server-f0a170e4a61e34ff13475c4ebb4638204db9a993.tar.xz server-f0a170e4a61e34ff13475c4ebb4638204db9a993.zip |
Update instructions, attempt to generate a Z-Line file at make time.
-rwxr-xr-x | .tools/initdb.sh | 3 | ||||
-rw-r--r-- | README.md | 21 | ||||
-rwxr-xr-x | server.py | 5 |
3 files changed, 17 insertions, 12 deletions
diff --git a/.tools/initdb.sh b/.tools/initdb.sh index 9d2513c..2438b5a 100755 --- a/.tools/initdb.sh +++ b/.tools/initdb.sh @@ -28,3 +28,6 @@ date +%s > version.txt echo "DB, SALT and PEM creation complete!" +wget -t 5 -c https://lists.blocklist.de/lists/all.txt -O Z-Line.txt + +echo "Z-Line populated with blocklist.de data" @@ -59,19 +59,20 @@ See also their official website: https://www.fail2ban.org The server will read (one IP per line) the files called Z-Line, G-Line and K-Line in this order during startup, and won't read them again at runtime. They will issue "bans", which causes connection to be dropped right after being -established with status 1011. - -It is advised dropping IPs at Z-Line on a firewall level, but that is not done -automatically, nor are the files distinguished among themselves. - -You can, for example, download a +established. For several reasons, you should deny problematic IPs **before** the +connection is established, not right after; So do not understimate a properly +configured fail2ban. + +The files are not distinguished among themselves, however, Z-Line.txt will be +populated with `make initdb` with blocklist.de recommendations, and K-Line can be +populated by using the `kline` server console command. G-Line remains available +for any extra ban list you might have or wish - for example, you could download [Tor Exit Nodes List](https://check.torproject.org/torbulkexitlist?ip=1.1.1.1) -and auto-fill one of the three files, while still keeping two ban lists for your -own management. +and write G-Line.txt with it to prevent access to the game from Tor. -However, keep in mind that `kline` console command will write to K-Line.txt so +Keep in mind that `kline` console command will write to K-Line.txt so autogenerating data for it is not advised. All bans expire when server restarts, -except if they have been kline'd. +except if they have been kline'd (or are otherwise listed on a -Line file.) Other suggestions (never tested): * [Blocklist DE](blocklist.de) - IP-Addresses who attack other servers/honeypots over SSH, FTP, IMAP, etc. @@ -194,9 +194,10 @@ try: elif cmd in ["status", "st"]: stdout("Total clients connected: %d" % len(clients)) stdout("Total blacklist size: %d" % len(security.blacklist)) - # TODO: Disconnect a client all these are measures - # to manually fight a DoS + # TODO: Disconnect a client (kick/dc) + # kickandban (kb) # And grant gems to an user + # Also, kick users when they are banned or klined elif cmd in ["ddos", "dcall"]: totaldc=0 for c in clients: |