search

BlackDemonZyT / BotSentry

Official repository for Bot-Sentry issues, information, etc..
6 stars 0 forks source link

AntiBotMode not automatically disabling #102

Closed Laurenshup closed 6 months ago

Laurenshup commented 1 year ago

For this configuration it is not working:

#-------------------------------------------------------------------------------------------------------#
#    _______    ______  ________         ______   ________  __    __  ________  _______  __      __     #
#   |       \  /      \|        \       /      \ |        \|  \  |  \|        \|       \|  \    /  \    #
#   | $$$$$$$\|  $$$$$$\\$$$$$$$$      |  $$$$$$\| $$$$$$$$| $$\ | $$ \$$$$$$$$| $$$$$$$\\$$\  /  $$    #
#   | $$__/ $$| $$  | $$  | $$         | $$___\$$| $$__    | $$$\| $$   | $$   | $$__| $$ \$$\/  $$     #
#   | $$    $$| $$  | $$  | $$          \$$    \ | $$  \   | $$$$\ $$   | $$   | $$    $$  \$$  $$      #
#   | $$$$$$$\| $$  | $$  | $$          _\$$$$$$\| $$$$$   | $$\$$ $$   | $$   | $$$$$$$\   \$$$$       #
#   | $$__/ $$| $$__/ $$  | $$         |  \__| $$| $$_____ | $$ \$$$$   | $$   | $$  | $$   | $$        #
#   | $$    $$ \$$    $$  | $$          \$$    $$| $$     \| $$  \$$$   | $$   | $$  | $$   | $$        #
#    \$$$$$$$   \$$$$$$    \$$           \$$$$$$  \$$$$$$$$ \$$   \$$    \$$    \$$   \$$    \$$        #
#                                                                                                       #
#              _________          _______  _        _______ _________ _______  _______                  #
#              \__   __/|\     /|(  ___  )( (    /|(  ___  )\__   __/(  ___  )(  ____ \                 #
#                 ) (   | )   ( || (   ) ||  \  ( || (   ) |   ) (   | (   ) || (    \/                 #
#                 | |   | (___) || (___) ||   \ | || (___) |   | |   | |   | || (_____                  #
#                 | |   |  ___  ||  ___  || (\ \) ||  ___  |   | |   | |   | |(_____  )                 #
#                 | |   | (   ) || (   ) || | \   || (   ) |   | |   | |   | |      ) |                 #
#                 | |   | )   ( || )   ( || )  \  || )   ( |   | |   | (___) |/\____) |                 #
#                 )_(   |/     \||/     \||/    )_)|/     \|   )_(   (_______)\_______)                 #
#                                                                                                       #
#                                                                                                       #
#                  Join our Discord Server if you need Support or have any doubt!                       #
#                                  https://discord.gg/uxRTwDa                                           #
#                                                                                                       #
#                      You can get some translations made by our community in:                          #
#                               https://docs.cyberdevelopment.es                                        #
#                                                                                                       #
#  Add our official Discord Bot to your DC server, the bot will send a message in your Discord Server   #
#      and in your DMs when an attack occurs to your server, with statistics related to the attack      #
#       https://discord.com/oauth[2](https://mclo.gs/vhy7aMg#L2)/authorize?client_id=75052618855599[3](https://mclo.gs/vhy7aMg#L3)1[4](https://mclo.gs/vhy7aMg#L4)8&scope=bot&permissions=8       #
#                                                                                                       #
#-------------------------------------------------------------------------------------------------------#
#
#     _____ ____  _   _ ______ _____ _____ _    _ _____         _______ _____ ____  _   _
#    / ____/ __ \| \ | |  ____|_   _/ ____| |  | |  __ \     /\|__   __|_   _/ __ \| \ | |
#   | |   | |  | |  \| | |__    | || |  __| |  | | |__) |   /  \  | |    | || |  | |  \| |
#   | |   | |  | | . ` |  __|   | || | |_ | |  | |  _  /   / /\ \ | |    | || |  | | . ` |
#   | |___| |__| | |\  | |     _| || |__| | |__| | | \ \  / ____ \| |   _| || |__| | |\  |
#    \_____\____/|_| \_|_|    |_____\_____|\____/|_|  \_\/_/    \_\_|  |_____\____/|_| \_|
#
prefix: true

# TOP FEATURE!
# Should the Google-Captcha system to un-blacklist players themselves be enabled? (Hosted by BotSentry Webservers)
# This will download a Global whitelist of IPs that completed the Google captcha from:
# https://cyberdevelopment.es/BotSentry/verify/
# 
# If you want to customize the website you can get a custom link here and shorten it if you want:
# https://cyberdevelopment.es/BotSentry/verify/custom/
#
# By default, when users get blacklisted they will get the kick message with the URL (www.notbot.es) so they can whitelist themselves.
whitelist-database-sync:
  # HIGHLY RECOMMENDED to leave it to TRUE.
  enabled: false
  # This value has been added since 9.2-THANATOS.
  # IPs from the BotSentry Webservers are not permanently saved anymore in order to keep security.
  # This determines the time in minutes an IP is stored in the whitelist on the server.
  # If a player has played the required amount of the whitelist.automatic setting (below in this file),
  # the IP will stay in the whitelist.
  cachetime: 120

# AntiBot mode generic settings
antibotmode:
  # When AntiBot mode will automatically disable during attack
  # Default values are: Disable AntiBot mode if less than 8 non-blacklisted and non-whitelisted joins in [5](https://mclo.gs/vhy7aMg#L5) seconds,
  # and stays below those 8 IPs for 3 seconds.
  # The purpose of this is to disable AntiBot-mode automatically when the 95% of the attack is mitigated
  stop:
    enabled: true
    amount: 20
    time: 5
    keep: 3
  # Conditions settings, how many % will give to a player/bot certain checks
  condition:
    # If an IP joins with 3 different usernames during an attack
    cloned:
      amount: 3
      percentage: 50
    # If an IP joins from the specified country list, it will give that % of bot to the IP
    # You can find a list of the top-countries detected bots by BotSentry in:
    # https://cyberdevelopment.es/BotSentry/publicapi/countries.php
    # There are few blocked by default, you MUST adjust it to your needs!
    # This check can be really effective to block bots, can block the 90% of the attack in 5 seconds if well-configured!
    deniedcountry:
      # When set to true, it will add the percentage to the countries inside the list.
      # When set to false, it will add the percentage to countries that are outside the list.
      denymode: true
      percentage: 50
      values: [IL, TH, RU, ID, BR, IN, CN]
    # If an IP joins from the specified continents list, it will give that % of bot to the IP
    # You can find a list of the top-continents detected bots by BotSentry in:
    # https://cyberdevelopment.es/BotSentry/publicapi/continents.php
    # There are few blocked by default, you MUST adjust it to your needs!
    # This check can be really effective to block bots, can block the 90% of the attack in 5 seconds if well-configured!
    deniedcontinent:
      # When set to true, it will add the percentage to the continents inside the list.
      # When set to false, it will add the percentage to continents that are outside the list.
      denymode: true
      percentage: 50
      values: [Antarctica]
    # If an IP joins from the specified providers list, it will give that % of bot to the IP
    # You can find a list of the top-providers detected bots by BotSentry in:
    # https://cyberdevelopment.es/BotSentry/publicapi/providers.php
    # There are few blocked by default, you MUST adjust it to your needs!
    # This check can be really effective to block bots, can block the [6](https://mclo.gs/vhy7aMg#L6)0% of the attack in 5 seconds if well-configured!
    deniedprovider:
      # When set to true, it will add the percentage to the providers inside the list.
      # When set to false, it will add the percentage to providers that are outside the list.
      denymode: true
      percentage: 50
      values: [DEPARTMENT OF AGRICULTURE WATER AND THE ENVIRONMENT]
    # If an IP joins 35 times during an attack
    usainbolt:
      percentage: 25
      amount: 35
    # If an IP is a proxy/vpn
    # This check can mitigate easily more than the [7](https://mclo.gs/vhy7aMg#L7)0% of the attack
    unknownlocation:
      percentage: 50
  # If a bot/player reach this likeliness amount, will get blacklisted
  minimumlikeliness: 50
  # The time that AntiBot mode will be enabled, don't touch it, there are other checks that makes it posible to stop antibot mode earlier.
  time: 10

# Auto Saver settings, this can be enabled to save the whitelist/blacklist every X minutes.
# Normally (before version 9.5-THANATOS) it would only save on server stop.
autosaver:
  whitelist:
    enabled: true
    interval: 60
  blacklist:
    enabled: true
    interval: 60

# Auto purger settings, to maintain things optimized automatically without need of manual interaction
# - Modes:
# · limit: purge the specified thing when the number is reached
# · afterattack: purge the specified thing after every attack ends
# · time: purge the specified thing every X amount of minutes
autopurger:
  # Whitelist auto-purging
  # Modes: afterattack/time (limit is only for blacklist and whitelist)
  whitelist:
    # In case you use limit
    amount: 200000
    # In case you use time
    time: 30
    mode: "limit"
    enabled: false
  # Server Logs auto-purging
  serverlogs:
    # In case you use time
    time: 30
    mode: "afterattack"
    enabled: false
  # Blacklist auto-purging
  blacklist:
    # In case you use time
    time: 30
    mode: "limit"
    # In case you use limit
    amount: 100000
    enabled: false
  # Bot-Sentry attack logs auto-purging
  attacklogs:
    mode: "time"
    # In case you use time
    time: 30
    enabled: false
  # Bot-Sentry slow bots logs auto-purging
  slowbotslogs:
    mode: "time"
    # In case you use time
    time: 30
    enabled: false

# MySQL settings
# Only enable MySQL when you have multiple BungeeCord instances.
mysql:
  settings:
    updateinterval: 60
  port: 3306
  username: "root"
  database: "database"
  password: "password"
  ip: "**.**.**.**"
  enabled: false

# Slow attack detection settings
# To prevent possible bypasses and breaches, this is dev-Only
# You will need to contact us in order to toggle this settings. Default ones should be perfect.
# https://discord.gg/uxRTwDa
detection:
  # Slow attack detection of non-advanced bots
  amazon:
    amount: 4
    # Toggle this to false if you use Essentials.
    sendjoinmessagelater: false
    blacklist: false
    time: [8](https://mclo.gs/vhy7aMg#L8)
    antibotmode: true
    enabled: true
    toggletime: 120
  # Slow attack detection of advanced bots (more intelligent bots)
  strangesituation:
    latency: 750
    time: [9](https://mclo.gs/vhy7aMg#L9)0
    amount: 5
    blacklist: false
    antibotmode: true
  # Slow attack detection to prevent bots from registering
  stopregistering:
    amount: 4
  # If 5 connections are established in 250 milliseconds, activate AntiBot mode
  usainjoin:
    amount: 50
    time: [10](https://mclo.gs/vhy7aMg#L10)00
  # How many usernames can play with the same IP at the same time
  dolly:
    amount: 5
    # A list of IPs that are ignored by dolly. Recommended only local IPs.
    ignoredips: [[12](https://mclo.gs/vhy7aMg#L12)7.0.0.1, 0.0.0.0]
    # If the IP should be blacklisted or kicked if they passed the amount.
    blacklist: false
  slowattack:
    # Dev-only, contact us if you have problems
    sameip:
      time: 1
      amount: 10
    # If there is a sudden increase of new players joining, enable AntiBot Mode
    spike:
      enabled: false
      # The increase which AntiBot Mode will enable on. 3 means more than 3 times as normal.
      multiplier: 3
  # If a player joins for the first time, it will get kicked by BotSentry to detect slow bot attacks.
  firstjoin:
    enabled: false
    # The time in milliseconds we keep the join data in the RAM.
    cachetime: 2[16](https://mclo.gs/vhy7aMg#L16)00000
  # The regex to compare the username with. If everything it correct, the player will proceed login
  # Check how regex works here: https://regexr.com/
  illegalname:
    regex: "[a-zA-Z0-9_]*"
  # Disables sending of the Favicon when there is an enormous amount of pings.
  # Disables it when there is a specific amount in a timeframe (in milliseconds).
  motdattack:
    amount: [20](https://mclo.gs/vhy7aMg#L20)0
    time: 1000

# AntiProxy settings. Note these settings only work when there is no AntiBot Mode.
# These settings are different from the AntiBot Mode condition settings, to allow more specific settings when there is no attack.
# These settings only apply to IPs that are not whitelisted yet.
antiproxy:
  # If the system should check for IPs when AntiBot Mode is disabled.
  enabled: true
  # If an IP should be blacklisted instead of kicked when it has been detected.
  blacklist: true
  # If an IP is a proxy/vpn, it will blacklist/kick that IP.
  unknownlocation:
    enabled: true
  # If an IP joins from the specified country list, it will blacklist/kick that IP.
  # You can find a list of the top-countries detected bots by BotSentry in:
  # https://cyberdevelopment.es/BotSentry/publicapi/countries.php
  # There are few blocked by default, you MUST adjust it to your needs!
  deniedcountry:
    enabled: false
    # When set to true, it will block the countries inside the list.
    # When set to false, it will block the countries that are outside the list.
    denymode: true
    values: [IL, TH, RU, ID, BR, IN, CN]
  # If an IP joins from the specified continents list, it will blacklist/kick that IP.
  # You can find a list of the top-continents detected bots by BotSentry in:
  # https://cyberdevelopment.es/BotSentry/publicapi/continents.php
  # There are few blocked by default, you MUST adjust it to your needs!
  deniedcontinent:
    enabled: false
    # When set to true, it will block the continents inside the list.
    # When set to false, it will block the continents that are outside the list.
    denymode: true
    values: [Antarctica]
  # If an IP joins from the specified providers list, it will blacklist/kick that IP.
  # You can find a list of the top-providers detected bots by BotSentry in:
  # https://cyberdevelopment.es/BotSentry/publicapi/providers.php
  # There are few blocked by default, you MUST adjust it to your needs!
  deniedprovider:
    enabled: false
    # When set to true, it will block the providers inside the list.
    # When set to false, it will block the providers that are outside the list.
    denymode: true
    values: [DEPARTMENT OF AGRICULTURE WATER AND THE ENVIRONMENT]

# Console filtering settings
consolefiltering:
  # Should the console be filtered when attack?
  enabled: true
  # Should the console only be filtered during attacks?
  attackonly: false
  # Should InitialHandler messages always be filtered?
  # We really recommend keeping this to true, as it defends against 1 type of exploited attack.
  initialhandler: true
  # Add here your custom messages, which will be filtered in the console.
  # Filtered messages will be removed.
  custommessages: [Typing this message in console, will be filtered!]
  # Should BotSentry filter specific console messages, per platform.
  # These messages are default per platform.
  # It is not supported to disable this setting, as some errors will occur when disabled!!!
  defaultmessages: true
  # Clear mode is when no console lines are logged at all.
  # This results in less CPU and RAM usage.
  clearmode:
    # The amount of filtered messages (both bad packets and custom messages) which is needed in the given timeframe to enable clear mode
    amount: 20
    # The timeframe in seconds it checks for
    time: 3
    # The minimum duration in seconds of clear mode
    duration: 5
    # The grace period after the minimum duration in which it keeps detecting for an enormous amount of bad packets.
    # This is in seconds and can be 0 if no grace period is necessary.
    # In the grace period these checks are performed to check if there is still a lot going on:
    # - Restart clear mode if the amount of logged messages (all) in the grace period is more than the grace avarage
    # - The grace average is calculated using: ((clearmode.amount) / clearmode.time * clearmode.grace) * 2
    grace: 1
    # Should clear mode be enabled or not?
    enabled: true

# Whitelist filtering settings
# After how many minutes playing will an IP be whitelisted. A value of 0 and lower means never.
whitelist:
  automatic: 0

# Firewall blacklisting settings
# You will need a system with IPSet and IPTables permissions in order to run this (On Unix like system, it installs it for you)
blacklist:
  firewall:
    # All the commands that will execute for internal bans
    unix:
      install: "apt-get --yes install ipset" # This command will be executed on bot-sentry enable
      load: "ipset restore -file /etc/ipset.conf" # This command will be executed on bot-sentry enable
      ipset: "ipset create -! blacklist hash:ip hashsize 4096" # This command will be executed on bot-sentry enable
      iptables: "iptables -t raw -A PREROUTING -p tcp --dport [25](https://mclo.gs/vhy7aMg#L25)565:25600 -m set --match-set blacklist src -j DROP" # This command will be executed on bot-sentry enable
      iptablesdelete: "iptables -t raw -D PREROUTING -p tcp --dport 2[55](https://mclo.gs/vhy7aMg#L55)65:2[56](https://mclo.gs/vhy7aMg#L56)00 -m set --match-set blacklist src -j DROP" # This command will be executred on Bot-Sentry disable
      save: "ipset save > /etc/ipset.conf" # This command will be executed on bot-sentry enable
    add: "ipset -! -A blacklist %1$s" # This command will be executed with the detected IP when it gets Blacklisted
    # Should internal bans be enabled?
    enabled: false
    remove: "ipset -! -D blacklist %1$s" # This command will be executed with the IP when it gets Un-Blacklisted or Whitelisted
    flush: "ipset flush blacklist" # This command will be executed when doing the command /bs blacklist clear. When setting to: '' it will run each ip through the remove command (in case there is no flush)

# Should bot-sentry logs be enabled by default?
# If you have any false positives, it will be logged, then contact us somewhere and we touch your config specifically to fix it and keep blocking bots without problem.
logs: true
log:
  attack:
    # The amount of logs there are needed for a new file to generate.
    # The lower the value, more files are generated.
    # The higher the value, more RAM is used.
    minimumsize: [100](https://mclo.gs/vhy7aMg#L100)0

# Command specific settings
commands:
  bs:
    # Should the /bs blacklist clear and /bs whitelist clear ask to confirm the request with a code?
    # Recommended if you give the permission to clear the blacklist/whitelist to a non-experienced user
    clearconfirmation: true
    accounts:
      # The amount of different IPs per page.
      defaultpagesize: 6
    notifications:
      # The refresh rate in milliseconds on which the notifications provider checks
      # for players with the botsentry.automaticnotification permission.
      permissionchecktime: 10000
      # The minimum number of bad packets in a second, to display the notifications bar.
      minimumbadpackets: 4
  bsw:
    search:
      # Amount of results per page in the Wiki search menu
      resultpagesize: 6
      # The size of the context before and after the searched word.
      # 1 meaning only one word before and after the searched word etc.
      resultcontext: 2
Laurenshup commented 6 months ago

Code has been changed that disabled AntiBotMode, this is expected to be fixed.