The Major BBS Forums (Archive)

dspain wrote:

Drex wrote:Yeah Mud Magic needs a lot of work. Thinking of other handy things a utility that writes the IP (say into the company slot and can't be editted) and then an option only to allow 3 of the same IP's to connect at a time....some thing like the Control module. (for WG2.0)

i have one that allows X amount of connections per IP and also utilities to list clients, etc.....

i think Rick has something similiar to that too as did adventurecomm.

Duplicate IP Control manual wrote: WHAT IS DUPLICATE IP CONTROL?

Duplicate IP Control is a simple but powerful utility that lets you specify
how many connections can come from a single IP address. Once the threshold
is reached, Duplicate IP Control can disconnect one of the sessions. It
also can warn users who repeatedly offend, and optionally, ban them once
they reach an abuse threshold. Some users can be exempted from the limits.

CONFIGURATION

There are a few things you'll want to configure before starting.

1. Security

Duplicate IP Control allows you to specify a key that a user may possess to
exempt him/her from the connection threshold. Users with this key can login
from the same IP as many times as they wish. If you want to set this key,
set DIPCXKEY.

The module also allows you to specify a ban-op that can access the module's
menu, run reports, and work with the ban lists. Sysops will always have
access to the module's menu. If you'd like to specify a key to let non-Sysop
users access the module, set DIPCMKEY.

2. Duplicate IP Control

One thing you must check before starting is the WHICHTCP setting. This
setting specifies which TCP/IP product you are using - Galacticomm's ICO or
Vircom's Major TCP/IP. Set this correctly.

NUMSESS allows you to specify how many duplicate sessions may exist. Set
this value between 0 and 10. Setting this to zero effectively disables
the module's duplication checks, although it will continue to check against
banned IP address lists.

SESS2KIL lets you specify which session gets killed when the limit is
reached. This would either be the first (oldest) or last (current/newest)
session. You can also set it to None and not automatically disconnect users.

STOREVIO allows you to choose whether or not to store offending IP addresses.
If you say YES, you can then choose to set auto-ban thresholds.

If STOREVIO is YES, you can set AUTOBAN to YES to have the module ban
IP addresses that exceed BANLIMIT, which can be set to 0 through 100. Like
NUMSESS, if you set BANLIMIT to 0, it will never ban, but it will continue
to log the offending IP addresses.

VIOLIFE lets you choose how long to store a record of a duplicate IP. If
low, you will 'forget' about the violation sooner, leading to a reduced
likelihood of an autoban. Set it higher to increase likelihood of a ban.
Similarly, BANLIFE sets how long a ban will last. Each allow a setting of
0 which will never expire a violation/ban until you remove it.

There are other logging, auditing, and notification settings as well.

COMMANDS

The module's main menu allows a few options to the sysop and ban-op.

You can view reports on violating IPs, users, and banned IPs. You can
remove an IP or user from the violation list, and you can delete a ban.

You may also manually ban an IP address.

Questman wrote:

Duplicate IP Control manual wrote: WHAT IS DUPLICATE IP CONTROL?

Duplicate IP Control is a simple but powerful utility that lets you specify
how many connections can come from a single IP address. Once the threshold
is reached, Duplicate IP Control can disconnect one of the sessions. It
also can warn users who repeatedly offend, and optionally, ban them once
they reach an abuse threshold. Some users can be exempted from the limits.

CONFIGURATION

There are a few things you'll want to configure before starting.

1. Security

Duplicate IP Control allows you to specify a key that a user may possess to
exempt him/her from the connection threshold. Users with this key can login
from the same IP as many times as they wish. If you want to set this key,
set DIPCXKEY.

The module also allows you to specify a ban-op that can access the module's
menu, run reports, and work with the ban lists. Sysops will always have
access to the module's menu. If you'd like to specify a key to let non-Sysop
users access the module, set DIPCMKEY.

2. Duplicate IP Control

One thing you must check before starting is the WHICHTCP setting. This
setting specifies which TCP/IP product you are using - Galacticomm's ICO or
Vircom's Major TCP/IP. Set this correctly.

NUMSESS allows you to specify how many duplicate sessions may exist. Set
this value between 0 and 10. Setting this to zero effectively disables
the module's duplication checks, although it will continue to check against
banned IP address lists.

SESS2KIL lets you specify which session gets killed when the limit is
reached. This would either be the first (oldest) or last (current/newest)
session. You can also set it to None and not automatically disconnect users.

STOREVIO allows you to choose whether or not to store offending IP addresses.
If you say YES, you can then choose to set auto-ban thresholds.

If STOREVIO is YES, you can set AUTOBAN to YES to have the module ban
IP addresses that exceed BANLIMIT, which can be set to 0 through 100. Like
NUMSESS, if you set BANLIMIT to 0, it will never ban, but it will continue
to log the offending IP addresses.

VIOLIFE lets you choose how long to store a record of a duplicate IP. If
low, you will 'forget' about the violation sooner, leading to a reduced
likelihood of an autoban. Set it higher to increase likelihood of a ban.
Similarly, BANLIFE sets how long a ban will last. Each allow a setting of
0 which will never expire a violation/ban until you remove it.

There are other logging, auditing, and notification settings as well.

COMMANDS

The module's main menu allows a few options to the sysop and ban-op.

You can view reports on violating IPs, users, and banned IPs. You can
remove an IP or user from the violation list, and you can delete a ban.

You may also manually ban an IP address.

Questman wrote:

Drex wrote:Yeah Mud Magic needs a lot of work. Thinking of other handy things a utility that writes the IP (say into the company slot and can't be editted) and then an option only to allow 3 of the same IP's to connect at a time....some thing like the Control module. (for WG2.0)

I have a module like that - Duplicate IP Control.

Drex wrote:

Questman wrote:

Drex wrote:Yeah Mud Magic needs a lot of work. Thinking of other handy things a utility that writes the IP (say into the company slot and can't be editted) and then an option only to allow 3 of the same IP's to connect at a time....some thing like the Control module. (for WG2.0)

I have a module like that - Duplicate IP Control.

Great program Rick, the only problem (a user mentioned to me) is that if they have 3 accounts online and freeze up they can no longer log in and us the Kill Ghost Account module. Any way around this problem?

Drex wrote:

Questman wrote:

Drex wrote:Yeah Mud Magic needs a lot of work. Thinking of other handy things a utility that writes the IP (say into the company slot and can't be editted) and then an option only to allow 3 of the same IP's to connect at a time....some thing like the Control module. (for WG2.0)

I have a module like that - Duplicate IP Control.

Great program Rick, the only problem (a user mentioned to me) is that if they have 3 accounts online and freeze up they can no longer log in and us the Kill Ghost Account module. Any way around this problem?

Questman wrote: I'm not sure I follow - can you describe what you mean by "freeze up" (is this the system freezing for some reason, like an error in a module?) and use the Kill Ghost Account module (what is that module? who/what kind of users want to use it?)

dspain wrote: although i do have the old ghost kill source code, ill browse through it see why it wouldnt recognize a user.

Drex wrote:Some get timeouts tcp/ip errors and they can't do anything (now) before they could login with another account and kill thier own account online with the correct account password.

Questman wrote:

Drex wrote:Some get timeouts tcp/ip errors and they can't do anything (now) before they could login with another account and kill thier own account online with the correct account password.

So something unrelated to DIPC occurs; normally, the user comes back on and uses the Ghost Kill tooling to kill their prior login. But DIPC overrides, and is more strict.

Perhaps I should add an option to allow the session coming on to kill the previous session? Would that help? Obviously it would only let you kill your OWN logins; if you had > max sessions from an IP but multiple users, you can't boot someone else...

Drex wrote:Well no need for extrawork on my part, I am satisfied with the work around and the module itself.

Questman wrote:We have to get folks off the DOS version eventually.

Questman wrote:We have to get folks off the DOS version eventually.

dspain wrote: i think compiling a catch in majorbbs.exe to do like NT does and if you logon with a userid already online prompt for password to disconnect, that way it never leaves the logon state which is where your IP control will pick up.


Login: Sysop

Sorry, But That User-ID Is Currently Connected, Please Type The
Password To End The Ghosted Connection.

Password: ********

Disconnecting %s .....

Welcome Back %s .....

Questman wrote:Duplicate IP Control has a new version coming out.

So far, the following features were added:

- A "showips" global command that shows channel #, username, ip address, # of current violations for the IP, and last violation date. The global can be turned off, restricted by class, and its character configured (defaults to =showips).

- A Duplicate IP Control menu option that shows the same as the showips.

- The ability for users who are currently logged in but 'ghosted' to enter their password to end the previous login session. This will not cause them to be caught by the IP rules, as those will be applied after the previous session was knocked off. This works in Worldgroup 2 DOS, as well as the 3.2/3.3 version (although this functionality is built into those versions).

Currently considering adding:

- Option to log all sign-ups w/ date, time, username, IP, e-mail to the audit trail and/or a log (text) file
- Option to log all logins w/ date, time, username, IP to the audit trail and/or a log (text) file
- Option to switch the user's class once their IP is banned (or once their userid is banned) so that they can not log back in from another IP once they've reached a ban point. This would revert to the previous class once their ban is remove or expires.

Are any of these three options useful or interesting to any users or prospective users of Duplicate IP Control?

Are there any bugs that you are aware of with the operation of the module, or the Sysop menu?

Questman wrote:Duplicate IP Control has a new version coming out.

So far, the following features were added:

- A "showips" global command that shows channel #, username, ip address, # of current violations for the IP, and last violation date. The global can be turned off, restricted by class, and its character configured (defaults to =showips).

- A Duplicate IP Control menu option that shows the same as the showips.

- The ability for users who are currently logged in but 'ghosted' to enter their password to end the previous login session. This will not cause them to be caught by the IP rules, as those will be applied after the previous session was knocked off. This works in Worldgroup 2 DOS, as well as the 3.2/3.3 version (although this functionality is built into those versions).

Currently considering adding:

- Option to log all sign-ups w/ date, time, username, IP, e-mail to the audit trail and/or a log (text) file
- Option to log all logins w/ date, time, username, IP to the audit trail and/or a log (text) file
- Option to switch the user's class once their IP is banned (or once their userid is banned) so that they can not log back in from another IP once they've reached a ban point. This would revert to the previous class once their ban is remove or expires.

Are any of these three options useful or interesting to any users or prospective users of Duplicate IP Control?

Are there any bugs that you are aware of with the operation of the module, or the Sysop menu?

dspain wrote:

Questman wrote:We have to get folks off the DOS version eventually.

i try to push it on customers but they feel its more stable than any of the others.

Questman wrote:

dspain wrote: i think compiling a catch in majorbbs.exe to do like NT does and if you logon with a userid already online prompt for password to disconnect, that way it never leaves the logon state which is where your IP control will pick up.


Login: Sysop

Sorry, But That User-ID Is Currently Connected, Please Type The
Password To End The Ghosted Connection.

Password: ********

Disconnecting %s .....

Welcome Back %s .....

I recommend against patching the existing majorbbs.exe, even though it's the obvious easy low-hanging fruit. Simply because once we open that box it's difficult to close it, and then you have a nightmare of various exes...

I wrote this into DIPC last night. It works the same way NT's does; it actually works on NT too, but it's not very helpful since NT does it natively, but so what. Once I clean it up a bit more I'll push out a new version of DIPC with this feature.

I also will add Dan's request for a global that lists IPs - I already have the struct array holding this info so it's quite simple to implement.

I have a few other features long planned. Once all are implemented we'll make it v1.00.

I haven't been keeping the codebase compatible with BBSV6 or WG1. If there's interest in that I'd have to revert. v0.9.0 I think works with BBSV6... Frankly, though, I think anyone on BBSV6 or WG1 should upgrade to WG2. Its the same basic system but there are some enhancements to the API that are worthwhile.

Stoneslinger76 wrote:Would it be possible in the next version to add max ip by user class?

eg
demo 1 IP
normal 2 IP
PAY 4 IP

Also a who's on by IP and uid.

dspain wrote:

Stoneslinger76 wrote:Would it be possible in the next version to add max ip by user class?

eg
demo 1 IP
normal 2 IP
PAY 4 IP

Also a who's on by IP and uid.

theres a text var to show client IP

Stoneslinger76 wrote:

dspain wrote:

Stoneslinger76 wrote:Would it be possible in the next version to add max ip by user class?

eg
demo 1 IP
normal 2 IP
PAY 4 IP

Also a who's on by IP and uid.

theres a text var to show client IP

I know the varaible, what I mean is DupeIP allow for users in higher class levels to be possible to have 3 or 4 similtaneous conections before being banned and demo user has 1 IP maximum.

Questman wrote:No, the password-to-logoff feature does not wait until login; it intercepts the login handler. It does exactly what the Ghost Kill module does.

It doesn't count until the user is logged in for DIP purposes.

Ragtop wrote:Think I am going to need this app soon. Starting to get a few dupe accounts on. I have looked around some boards but haven't been able to find it. Where can I get it and how much is registration?

Ragtop wrote:Hey Questman,
Did you get my email about registering this module along with the others we had talked about? The docs don't say where to send the registration fee so I will need that from you. Will send it as soon as you let me know.
Thanks,
Ragtop

Questman wrote:Yeah, it's only $25.

That's a good idea - to separate maximum dupes by class.

Questman wrote:I should have put 0.9.2 online for upgrade. I'm on 0.9.3 - I just need to put the metrics queries in the menu - and then I can put it out.

But I need someone who is running v3.3 to help me first by installing a small internal DLL and seeing if your BBS starts with it.

ccs wrote:

Questman wrote:No, the password-to-logoff feature does not wait until login; it intercepts the login handler. It does exactly what the Ghost Kill module does.

It doesn't count until the user is logged in for DIP purposes.

My ver of this program stopped working. Do you have an updated release?

Joe

Questman wrote:Sure - are you a DOS user or NT?

Send me a note - info at elwynor dot com