Old 11th July 2009, 09:31   #1
DoppelD
Junior Member
 
Join Date: Jul 2009
Posts: 3
SUBNET Ban with Shoutcast ?

Hi there ,

after looking around a bit , i didn't found the Answer to this Question :

Is there a way to ban a complete Subnet , eg. 84.128.0.0 - 84.128.255.255 ??

I tried usind the sc_serv.ban file by adding this line :
84.128.0.0;255;Manual Add

Seems to have no Effect , even after restarting the Server.

(Server runs on Windows 2003 Server)

Thank you for any Hints !

Cheers from Germany
DoppelD is offline   Reply With Quote
Old 11th July 2009, 13:01   #2
Nick@ss
Moderator
 
Nick@ss's Avatar
 
Join Date: Nov 2004
Location: Streamsolutions Headquarters
Posts: 11,953
Did you actually ban the subnet in the admin interface?

Ban an Entire Subnet
Type in the Subnet:
...0-255

if you did and its not working (which it should be) you can do this at your own personal firewall.
Nick@ss is offline   Reply With Quote
Old 11th July 2009, 13:42   #3
DoppelD
Junior Member
 
Join Date: Jul 2009
Posts: 3
Yeah , i already did this in the Shoutcast Web-Interface , but with this i can only Ban the last number from the IP.

I need to ban the LAST TWO Numbers......

Sounds like it only works with an Firewall :-(
DoppelD is offline   Reply With Quote
Old 11th July 2009, 13:58   #4
Nick@ss
Moderator
 
Nick@ss's Avatar
 
Join Date: Nov 2004
Location: Streamsolutions Headquarters
Posts: 11,953
out of interest are you running winamp / shoutcast in administrator mode as there are some recent updates that may stop your ban file being written to.
Nick@ss is offline   Reply With Quote
Old 11th July 2009, 17:06   #5
DoppelD
Junior Member
 
Join Date: Jul 2009
Posts: 3
I'm running Shoutcast on my VPS with SAM4.

And , if i understood right , yeah , i mostly use the Admin Console to Kick/Ban....

Unfortunealy , there's no FW out there for windows 2003 which allows me to administer my server , after installing an FW.

So i have to live with the one anoying A** !

Anyway , thanks for your help (excuse for my BAD English)
DoppelD is offline   Reply With Quote
Old 28th January 2016, 02:25   #6
sqgl
Senior Member
 
sqgl's Avatar
 
Join Date: Sep 2008
Location: Australia
Posts: 186
Can we please have some clarity on the limits of the server software? Is what the OP requested possible or is it not?

Have same problem. The offender is an Amazon bot. Have no access to firewall because I pay someone to run my server professionally and their helpdesk is stumped also. They can only ban the last octet with a wildcard. The second last octet has to be typed once for each of the 255 instances. Unfortunately Amazon just changes to another range and it would require thousands of lines of banfile to block them unless (like the OP requested) I can specify something like 123.123.0.0.

Ideally we could go one step further and specify something like 123.24-95.0.0 because that is how large some of the Amazon address-space ranges are.

Remixing listener requests of ambient tracks live http://RePlayScape.com
sqgl is offline   Reply With Quote
Old 28th January 2016, 02:30   #7
sqgl
Senior Member
 
sqgl's Avatar
 
Join Date: Sep 2008
Location: Australia
Posts: 186
Now I see that AOL (who own shoutcast) own a piece of Amazon so maybe someone here can actually explain why this bot has targeted stations like mine?

Remixing listener requests of ambient tracks live http://RePlayScape.com
sqgl is offline   Reply With Quote
Old 28th January 2016, 02:43   #8
djSpinnerCee
Forum King
 
djSpinnerCee's Avatar
 
Join Date: Aug 2004
Location: Hollis, Queens/The Bronx, NYC
Posts: 3,478
there are limits to the dnas, it is not a firewall -- in your case, the ban file, as far as i know will only block listen requests, not requests for other dnas pages like index.html or 7.html -- so if your bot is hitting other pages, you may get no satisfaction.

from a performance standpoint, you really need to block those annoyances at the gateway, or on the system running the dnas.

on a windows system (may work on *nix, but never tried it) you can create host routes for the entire network or individual hosts that point to a non-existent router. the requests will come in for a while, but getting no response, the requesting host will eventually give up (think minutes).
djSpinnerCee is offline   Reply With Quote
Old 28th January 2016, 12:48   #9
sqgl
Senior Member
 
sqgl's Avatar
 
Join Date: Sep 2008
Location: Australia
Posts: 186
Quote:
there are limits to the dnas, it is not a firewall -- in your case, the ban file, as far as i know will only block listen requests, not requests for other dnas pages like index.html or 7.html -- so if your bot is hitting other pages, you may get no satisfaction.
It is only the listen requests that are bothering me. They consume a lot of bandwidth.

from a performance standpoint, you really need to block those annoyances at the gateway, or on the system running the dnas.

My stream/server provider cannot do that because they have other customers who may wish to allow legitimate listeners from Amazon.

What is particularly bad about these bots is that when I go offline I get more bandwidth consumed than is possible doing the arithmetic using my max-listeners count. So it appears this very persistent bot consumes about 40 times more during the reconnects than during listening!

Remixing listener requests of ambient tracks live http://RePlayScape.com
sqgl is offline   Reply With Quote
Old 28th January 2016, 18:26   #10
djSpinnerCee
Forum King
 
djSpinnerCee's Avatar
 
Join Date: Aug 2004
Location: Hollis, Queens/The Bronx, NYC
Posts: 3,478
in your situation you have no choice but to use the dnas -- do you have access to the dnas admin interface?

i would start there and start banning individual ip addresses or at least the largest wildcard you can, even if it's the last octet only. your abuser does not have an endless ip address supply, more likely a dynamic ip that can change, the range is not likely the full subnet range.

just hit 'em as you see 'em, be just as aggresive as they are.
djSpinnerCee is offline   Reply With Quote
Old 29th January 2016, 07:00   #11
sqgl
Senior Member
 
sqgl's Avatar
 
Join Date: Sep 2008
Location: Australia
Posts: 186
Quote:
the range is not likely the full subnet range.
Unfortunately it is. We are talking about the giant called Amazon afterall.

52.24.*.* ---> 52.95.*.*
and
54.144.*.* ---> 54.255.*.*
That is 28,305 three-octet subnets (ie 7,217,775 addresses)
Maybe even more if there are other ranges.

So far the helpdesk has banned four subnets (each one being 3 octets, one wildcard only, because DNAS does not allow 2 octets, 2 wildcards). That is 1020 three-octet subnets. The helpdesk has written a script that adds offending 2 octet subnets to my ban list but that list is getting really large (with those 1020 new lines so far). They are reading this thread FWIW.

I take it that since AOL bought Shoutcast we cannot expect improved functionality on this in future?

Remixing listener requests of ambient tracks live http://RePlayScape.com
sqgl is offline   Reply With Quote
Old 31st January 2016, 11:19   #12
sqgl
Senior Member
 
sqgl's Avatar
 
Join Date: Sep 2008
Location: Australia
Posts: 186
Is there a way to prevent banned users from even appearing in my logfiles?

Unfortunately the Amazon bot tries every second of the day, rendering my logfiles unusable because they are so large.

Remixing listener requests of ambient tracks live http://RePlayScape.com
sqgl is offline   Reply With Quote
Old 31st January 2016, 12:36   #13
dopelabs
Major Dude
 
dopelabs's Avatar
 
Join Date: Oct 2006
Location: Silicon Valley
Posts: 521
Send a message via AIM to dopelabs
too bad you are on windows... this could be easily resolved with iptables....

iptables -A INPUT -p tcp --dport 8000 -s 123.201.0.0/255.255.0.0 -j DROP

would drop all incoming tcp packets from 123.201.*.* to port 8000

or you can simply turn off the logging you dont want.

see the following:

http://wiki.shoutcast.com/wiki/SHOUT...rver_2#Logging

and

http://wiki.shoutcast.com/wiki/SHOUT...W3C.29_Logging

or if you REALLY wanted to you could post process all your logfiles and remove the lines which contain aws host/ip's (but thats just silly)
dopelabs is offline   Reply With Quote
Old 3rd February 2016, 13:51   #14
sqgl
Senior Member
 
sqgl's Avatar
 
Join Date: Sep 2008
Location: Australia
Posts: 186
Quote:
too bad you are on windows... this could be easily resolved with iptables..
I stream via a professional service in New York which runs DNAS on Linux boxes. They cannot filter traffic out in the OS because it would affect other customers.

However, your tip is useful to have on the record for others who find their way onto this thread.

Remixing listener requests of ambient tracks live http://RePlayScape.com
sqgl is offline   Reply With Quote
Old 3rd February 2016, 20:22   #15
dopelabs
Major Dude
 
dopelabs's Avatar
 
Join Date: Oct 2006
Location: Silicon Valley
Posts: 521
Send a message via AIM to dopelabs
it would not effect other customers if they put rules in place only on the port your shoutcast server is running on. but generally they don't put in rules on shared hosting servers.

one solution would be to run your own vps. schoutcast can run on a pretty lean system granted you have the network capacity.
dopelabs is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > SHOUTcast > SHOUTcast Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump