Old 5th July 2014, 21:45   #1
neralex
Major Dude
 
Join Date: Mar 2011
Posts: 576
Clearing ban-file with one hit

Is it possible in the current DNAS release to clear the banfile with on hit while the DNAS is running?
neralex is offline   Reply With Quote
Old 5th July 2014, 22:27   #2
DrO
 
Join Date: Sep 2003
Posts: 27,873
good question, i don't think i ever implemented anything for the ban handling to go with external updates. should be simple enough to get something done to match with the RIP list handling and the new action which has been added which supports a similar reloading action.
DrO is offline   Reply With Quote
Old 5th July 2014, 23:09   #3
neralex
Major Dude
 
Join Date: Mar 2011
Posts: 576
What i need is a url to clear all banned IPs with one hit, to use it with CURL. The prolem is, i'm getting since today many requests from user-agents like this in 1 or 2 seconds every time with IPs from all around the world (the most of all IPs are german IPs from germany based ISPs - looks like a proxy-IP-service based on one client-user):

PHP Code:
$banneduas=array(
    
"radio.de 2.14.5 rv:598 (iPhone 4S; iPhone OS 7.1.1; de_DE)",
    
"radio.de 2.14.6 rv:599 (iPhone 4S; iPhone OS 7.1.1; de_DE)",
    
"radio.de 2.14.6 rv:599 (iPhone 4S; iPhone OS 7.1.2; de_DE)",
    
"radio.de 2.14.5 rv:598 (iPhone 4S; iPhone OS 7.1.2; de_DE)",
    
"radio.de 2.14.3 rv:597 (iPhone 4S; iPhone OS 7.1; de_DE)",
    
"radio.de 2.14.3 rv:597 (iPhone 4S; iPhone OS 7.1.1; de_DE)",
    
"radio.de 1.18 rv:592 (iPhone 4S; iPhone OS 7.0.3; de_DE)",
    
"radio.de 1.1 rv:29 (iPhone 4S; iPhone OS 7.1; de_DE)",

    
"RMA/1.0.(compatible;.RealMedia)",

    
"Radio.de/40 CFNetwork/672.0.8 Darwin/14.0.0",
    
"Radio.de/41 CFNetwork/609.1.4 Darwin/13.0.0",

    
"MPlayer svn r34540 (Ubuntu), built with gcc-4.7",

    
"RadioClientApplication/35 CFNetwork/485.12.7 Darwin/10.4.0",
    
"NativeHost",
    
"Lavf53.32.100"
); 
Note: the list of all used user-agents is longer but i have only post some examples to show the issue.

I'm using currently a cron and a php-script with CURL to ban the IPs while the flooding my DNAS but i need a way to clear all banned IPs with one hit, because this "attack" hits my DNAS all 1 or 2 seconds. If i'm clearing the ban-file manually on the server, then the DNAS put all banned IPs in there again and again. So i must click IP for IP to remove it from the Ban-List inside the DNAS.

Here would be cool to have option inside the DNAS to ban user-agents! That wouldn't flood the banned IP-List.
neralex is offline   Reply With Quote
Old 5th July 2014, 23:27   #4
DrO
 
Join Date: Sep 2003
Posts: 27,873
there will be a 'Reload Banned List(s)' option on the server admin page in the next build. that should do what you're wanting (and can be called externally if you pass the required password on the request url if wanting to do it that way (as is mentioned in the docs for things like 'reservelist' which is the same effective thing as what has been added for banned lists).

you'd then just have to clear the contents of the file first before sending the request (i'm not keen on trying to do params to control clearing or not files or doing it on a per-stream basis (since banned and reserved lists can be done on a per-stream basis as well as the norm of the global list).

and i've added the banned lists to the SIGWINCH option for the non-Windows builds to reload via the command-line as well which only did the reserved lists previously.

Quote:
Originally Posted by neralex View Post
Here would be cool to have option inside the DNAS to ban user-agents! That wouldn't flood the baned IP-List.
that's what i was alluding to in my prior reply. though i suspect we'll have to integrate it further into the DNAS in later releases as the first version is an exact match on the user-agent (no wildcard support which i suspect will be something that will be requested) and it's not possible to auto-kick such connections when adding a user-agent to to the blocked list.
DrO is offline   Reply With Quote
Old 6th July 2014, 00:37   #5
neralex
Major Dude
 
Join Date: Mar 2011
Posts: 576
Ok your idea to clear the content of the ban-file before to save the new entries works for me with this one before i'm starting the check with the user-agents:

PHP Code:
if (file_exists('/path/to/my/file.ban')) {
    
file_put_contents('/path/to/my/file.ban''');

neralex is offline   Reply With Quote
Old 6th July 2014, 01:02   #6
DrO
 
Join Date: Sep 2003
Posts: 27,873
you can also do:

cat /dev/null >| /path/to/my/file.ban
kill -winch <pid>

as we'll also be enabling having the DNAS storing it's <pid> in a configurable file which could then be used as a read param in the 'kill' command so it's all done in a simple shell script or php or whatever as is needed.
DrO is offline   Reply With Quote
Old 13th July 2014, 06:47   #7
dopelabs
Major Dude
 
dopelabs's Avatar
 
Join Date: Oct 2006
Location: Silicon Valley
Posts: 534
Send a message via AIM to dopelabs
or you can create a newfile.php with following.

code:

<?php
if ($_GET['rmbans']) {
# The following shell script will run if ?rmbans=true is set.
exec("/local/path/to/some/shell/script.sh &");
}
?>



then you can then:

code:

$ curl -s "http://www.domain.com/newfile.php?rmbans=true" -o /dev/null



then your shell script can make a copy of the current ban file and then wipe it, followed by anything else you would want.
dopelabs is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump