Exception reported: Script execution timed out Blaming: smac_esea_banlist.smx

[borzaka]

I installed the required and recommended plugins with global banlist smac_eac_banlist.smx and smac_esea_banlist.smx. I have the socket extension as I downloaded from this repo, and copied everything to a correct folders. Well, not everything, just the required, recommended and global banlist.

L 08/31/2019 - 20:43:14: SourceMod error session started
L 08/31/2019 - 20:43:14: Info (map "de_mirage") (file "errors_20190831.log")
L 08/31/2019 - 20:43:14: [SM] Exception reported: Script execution timed out
L 08/31/2019 - 20:43:14: [SM] Blaming: smac_esea_banlist.smx
L 08/31/2019 - 20:43:14: [SM] Call stack trace:
L 08/31/2019 - 20:43:14: [SM]   [1] Line 443, Y:\SourcemodProjects\_SMDevENV\addons\sourcemod\scripting\include\string.inc::FindCharInString
L 08/31/2019 - 20:43:14: [SM]   [2] Line 175, Y:\SourcemodProjects\_SMDevENV\addons\sourcemod\scripting\smac_esea_banlist.sp::OnSocketReceive
L 08/31/2019 - 20:53:11: Error log file session closed.

[Silenci0]

Thank you for the report. At a glance, I believe the plugin is having an issue reading the data file that it is supposed to download from ESEA, but I'll need to look into this further. Did smac_eac_banlist.smx have any similar issues?

[borzaka]

No other errors regarding SMAC plugins in the logs. Thank you.

[borzaka]

I recompiled the plugins, and no errors since then regarding the Global Banlist plugins. Strange...

But the EasyAntiCheat variant is probably not working any more, because this URL is just redirects to the home page: http://easyanticheat.net/check_guid.php?id=1:1:180501949

The ESEA version looks good: http://play.esea.net/index.php?s=support&d=ban_list&type=1&format=csv

[Silenci0]

Thank you for the confirmation. I also noticed that the EasyAntiCheat module wasn't going to the address specified. Unfortunately, after digging around for a while, it seems as though this module will probably need to be sunset as it does not seem that the function for checking ids is available anymore. I'll keep looking into this.

As far as the ESEA version, I'm not sure why, but even recompiling the plugins for myself seems to not fix the issue. I had been looking into it, but I couldn't figure out the problem, which is odd that recompiling these plugins worked for you. What version of Sourcemod/Metamod are you running on your server if you don't mind my asking? I'm currently running only SM1.9 and MM1.10 on my test environment, so I'm curious to see if maybe its due to an issue with my test environment that caused that plugin to bug out.

[borzaka]

I'am using SourceMod v1.9.0.6282, and compiled with this version as well. And Metamod version is 1.10.7-git971 You still have that Exception reported: Script execution timed out error?

One thing I did is that I deleted smac.cfg and restarted the server to let the plugin auto generate it. First time I just copied that config from this repo, but contained some plugins cvar that I disabled in the first place.

[borzaka]

The error is back:

L 09/15/2019 - 23:28:31: [SM] Exception reported: Script execution timed out
L 09/15/2019 - 23:28:31: [SM] Blaming: smac_esea_banlist.smx
L 09/15/2019 - 23:28:31: [SM] Call stack trace:
L 09/15/2019 - 23:28:31: [SM]   [1] Line 443, /home/csgoretakes/serverfiles/csgo/addons/sourcemod/scripting/include/string.inc::FindCharInString
L 09/15/2019 - 23:28:31: [SM]   [2] Line 175, smac_esea_banlist.sp::OnSocketReceive

My guess is that sometimes the esea website are down, or blocks connection.

[Silenci0]

I looked into it further and, after some testing, I looked into the response I am getting back from the ESEA website and its giving me a Cloudflare header asking to do a captcha due to the connection looking suspicious, despite the fact that I could simply go to the website/link that the plugin uses and get the .csv file.

I believe what is happening is due to how the request is being formed/sent to the website, which is why we get back the Cloudflare warnings, which is why we get a script time out error. This is most likely an issue with either how we are sending the request or the socket extension itself. In either case, Cloudflare seems to think the request is suspicious and is blocking the attempt to grab the .csv file.

Since it seems like an issue with the website blocking the request, it is just a matter of figuring out how this request needs to be sent (or if we need to update the socket extension) in order to get the files we need for this plugin to work. Alternatively, it might be wise to create a manual option where instead of downloading the file via request from the plugin, we can manually download the file, put it in a specific directory, have the plugin load/read that file instead. The effect would be the same, but the method would require more work from the user. I'll look into adding that feature to this plugin, though it might take some time.

For now, it might be wise to disable this plugin since its not going to work correctly due to the website blocking it.

[borzaka]

I see the following options here:

• the plugin would download that CSV, and store it - if a new download fails it would use the downloaded version (by default this repo can come with a pre-downloaded CSV)
• use a 3rd party site/repo to upload to that CSV and the plugin would download from there - this not going to be 100% up to date, but it's something

[Silenci0]

Sorry for the late response on this, but after looking into this further and attempting to solve the issue, it seems that it might not be possible to fix at this time.

The TL;DR explanation: Cloudflare is flagging the request sent by the plugin/socket extension as suspicious/bot traffic and requires us to verify that we are not bots via captcha, which is not possible to do via plugin and, even if it were, we'd have to do this every time the plugin is used. This is what is causing the timeout errors from this plugin and blocking the download of the .csv file.

Detailed explanation: The problem is that the request being sent is rejected by Cloudflare and is flagged as bot traffic. When we use the link from the plugin to download the file from a web browser the request works just fine and the GET request looks about the same, but using anything else to open/use the same link via the GET request from the plugin looks suspicious. This is mostly due to the HTTP protocol/specification used when sending the request via the socket extension (which the plugin uses HTTP 1.0 when it looks like we need HTTP 1.1) and the request body/headers sent to the ESEA website.

As a result, Cloudflare stops the request because it views the request as illegitimate and thinks it came from a bot, which it will then prompt a captcha screen to verify that the sender is actually human. Solving it is not possible via the plugin, which makes it impossible to actually download the .csv file and results in the timeout errors. Attempting to fix the GET request does not seem to work correctly as it involves using a more updated HTTP specification as well as some trickery in the request body/header to get Cloudflare to not flag this as a suspicious request which is not possible to do via the version of socket we are using, or so I have come to understand (I'm not a web dev so I had to research and reach out to some people who are to help me figure this out).

Due to all of this, I will deprecate the plugin following the next SMAC update, at least for the time being. If it becomes possible to fix later, I may reconsider reinstating the module. The code will still remain available, but I will no longer be supporting the module.

---

As an alternative, if you really want to keep players on the ESEA list off your server, it would be better to do the following:

1. Download the Cheater's list from the ESEA website (use this link: https://play.esea.net/index.php?s=support&d=ban_list&type=1&format=csv)
2. Create (or have someone create) a DB import script to add the SteamID and Alias/Name from the .csv file to the database along with the reason as "Cheater - ESEA List" and set the duration as permanent (or whatever you deem as appropriate).
3. Test/Run the script on a test DB someplace before implementing it on your actual bans database.
4. Make a backup of your bans database and run the script.
5. Double-check if the ban DB is working and you should be good to go.

Keep in mind that this will add thousands of entries to your bans database (at the time of this writing, 16,075 entries to be precise), but it will ultimately accomplish what you want (keeping identified cheaters from playing on your server). There is also the added bonus of lessening some of the overhead on the game server caused by the use of this plugin since it only downloads the file and loads the entries into an array every map change. It does not add any of these entries into a ban list permanently and only kicks players off the server if they are discovered, so its not exactly an efficient plugin. The above alternative gives you more control and, if you want to allow someone onto the server that would otherwise be kicked via this plugin, you do not have to unload the entire plugin to do so, just remove the entry from your ban database.

The only downsides to this method is that you'll have to check back regularly for newer entries (which you could address with a comparison script between the old and new .csv files and simply add all newer entries that way), your bans database will be pretty large/bloated (which may cause its own set of issues if it becomes too big), and that its a more manual process rather than one automated via plugins/tools.

[caxanga334]

@Silenci0 How about replacing socket with system2 which appears to be able to use up to HTTP/2.

[borzaka]

@Silenci0 Could you modify the plugin to read a locale file? If a download fails, it could read a locally downloaded CSV file. And adding a note to the wiki that the user has to download a file and place to the right location manually to make the plugin work. An outdated list is better than nothing.

My custom solution if everything fails: hosting the csv file on my server, edit the url in the plugin and compile for myself.

[Silenci0]

@caxanga334 system2 looks promising and would most likely have everything needed, but it also seems to have some issues loading with some games, at least judging from the latest comments on the thread compared to the last update of the extension. I'll double-check this to get a clearer picture.

@borzaka I could see about doing that since that would probably be better than nothing for some people. It will take a little bit of time to do however. I still think it would be better to simply add the info to a ban database to cut out the use of this plugin, but I understand why people wouldn't want to do that either. In either case, let me see what can be done about that.

[caxanga334]

I can confirm system2 works on TF2 (Windows & Linux).

[Silenci0]

Reopening the issue. EAC will still not work, but I'll see what I can do with the ESEA plugin.

[caxanga334]

I started working on the ESEA module, managed to download a file from my server using system2.

192.168.1.103 - - [22/Nov/2019:17:08:04 -0300] "GET /index.html HTTP/1.1" 200 13342 "-" "SourceMod Anti-Cheat ( Game: tf | Version: 0.8.7.1 )"

Edit: Still getting captcha even with system2.

[borzaka]

ESEA is no longer allows you to download the complete CSV file: http://play.esea.net/index.php?s=support&d=ban_list&type=1&format=csv

I have pre-downloaded version from 2019. november, and I uploaded to my server and modified the script download location. So it works, but not will be updated any more :(

[Silenci0]

I was afraid of that happening, but its not unexpected considering EAC also did the same thing. Well, in that case, I guess I'll just go ahead and depreciate that plugin as well. Thank you for letting me know about the banlist.