· 6 years ago · Dec 27, 2019, 05:54 PM
1# _ _ ____ _ _____ _
2# /\ | | (_) _ \ | | | __ \ | |
3# / \ _ __ | |_ _| |_) | ___ | |_| | | | ___| |_ ___ _____
4# / /\ \ | '_ \| __| | _ < / _ \| __| | | |/ _ \ | | | \ \/ / _ \
5# / ____ \| | | | |_| | |_) | (_) | |_| |__| | __/ | |_| |> < __/
6# /_/ \_\_| |_|\__|_|____/ \___/ \__|_____/ \___|_|\__,_/_/\_\___|
7#
8# Authors: FusionCoding & Jouii
9# Version: 10.0
10# State: BETA
11# Anonymous statistics are sent to bStats.
12
13# Thank you for using AntiBotDeluxe
14# The default config requires very little to no configuration to make it fit your setup.
15
16# Version of configuration file
17# - Do not touch this number!
18version: 1
19
20###############################
21## General ##
22###############################
23
24# General configuration of the plugin
25general:
26 # The prefix for AntiBotDeluxe
27 prefix: "&7AntiBot&bDeluxe &8» &7"
28
29 # Enable or disable logging. Due to asynchronous logging this should be kept on.
30 log: true
31
32 # Enable or disable debug messages. Can be useful for troubleshooting.
33 debug: false
34
35 # Set the default language which the plugin should use.
36 # Following codes can be used: EN, DE ...
37 locale: EN
38
39 # Storage configuration
40 # Available options: File, SQL
41 storage:
42 type: File
43
44 # Console configuration
45 console-filter:
46 enabled: true
47
48 filter:
49 - "InitialHandler is pinging"
50 - "InitialHandler has connected"
51 - "Connection reset by peer"
52 - "Unexpected packet received"
53 - "read timed out"
54 - "to process!"
55 - "Empty Packet!"
56 - "bad packet ID"
57
58 # Configuration for automatic whitelisting
59 auto-whitelist:
60 enabled: true
61
62 # Time in minutes the player has to play until whitelisted.
63 # Default: 10
64 time: 10
65
66 # MySQL configuration
67 mysql-data:
68
69 # - Possible options:
70 # - mysql
71 # - mariadb
72 database-type: mysql
73
74 # Set the address and port for the database server.
75 # If no port is specified the default port is used.
76 # Specify as "address:port" if it's different.
77 address: localhost
78
79 # Set the name of the database for data to be stored in.
80 # The database has to be created already.
81 database: antibotdeluxe
82
83 # Credentials for the database.
84 username: root
85 password: ''
86
87 hikari-settings:
88 # Sets the maximum size of the MySQL connection pool.
89 # - Basically this value will determine the maximum number of actual
90 # connections to the database backend.
91 # - More information about determining the size of connection pools can be found here:
92 # https://github.com/brettwooldridge/HikariCP/wiki/About-Pool-Sizing
93 maximum-pool-size: 10
94
95 # Sets the minimum number of idle connections that the pool will try to maintain.
96 # - For maximum performance and responsiveness to spike demands, it is recommended to not set
97 # this value and instead allow the pool to act as a fixed size connection pool.
98 # (set this value to the same as 'maximum-pool-size')
99 minimum-idle: 10
100
101 # This setting controls the maximum lifetime of a connection in the pool in milliseconds.
102 # - The value should be at least 30 seconds less than any database or infrastructure imposed
103 # connection time limit.
104 maximum-lifetime: 1800000 # 30 minutes
105
106 # This setting controls the maximum number of milliseconds that the plugin will wait for a
107 # connection from the pool, before timing out.
108 connection-timeout: 5000 # 5 seconds
109
110# General configuration for caching
111cache:
112
113 # Configuration for proxy detection result caching.
114 proxy-results:
115 # Time the result will be cached in seconds
116 # Default: 2700
117 expires-after: 2700 # 45 minutes
118
119 # Configuration for blacklist caching
120 blacklist:
121 # Time the result will be cached in seconds
122 # Default: 86400
123 expires-after: 86400 # 24 hours
124
125 # Configuration for pinging
126 ping:
127 # Amount the result will be cached in seconds
128 # Default: 15
129 expires-after: 15
130
131 # Configuration for players per IP
132 players-per-ip:
133 # Amount the result will be cached in seconds
134 # Default: 21600
135 expires-after: 21600 # 6 hours
136
137
138# General configuration for connection analyzing
139analysis:
140
141 # Configure the order in which checks are ran
142 order:
143 - ConnectionsPerIP
144 - Blacklist
145 - MOTDPingDetection
146 - DeluxeCaptcha
147 - ForceRejoin
148 - ProxyDetection
149
150 # Whitelist configuration
151 whitelist:
152 # Should the whitelist be enabled?
153 enabled: true
154
155 checks:
156 # ForceRejoin - This check forces a player to rejoin once.
157 forcerejoin:
158
159 # Time in seconds the player has to wait before he attempts again
160 # - this will prevent bots from spam joining
161 # Default: 10
162 time: 10
163
164 # Set the conditions which have to be fired for this check to be run
165 # Available options: STANDARD, STANDARD_NO_PING, STANDARD_SLOW, STANDARD_BYPASS
166 # Recommended: x x x
167 conditions:
168 - STANDARD
169 - STANDARD_SLOW
170 - STANDARD_NO_PING
171
172 # Blacklist - This check compares the connection with the blacklist
173 blacklist:
174
175 # Set the conditions which have to be fired for this check to be run
176 # Available options: STANDARD, STANDARD_NO_PING, STANDARD_SLOW, STANDARD_BYPASS
177 # Recommended: - always executed
178 conditions: []
179
180 # ProxyDetection - This check detects Proxies & VPN's
181 proxydetection:
182
183 # Set the conditions which have to be fired for this check to be run
184 # Available options: STANDARD, STANDARD_NO_PING, STANDARD_SLOW, STANDARD_BYPASS
185 # Recommended: - always executed
186 conditions: []
187
188 # MOTDPingDetection - This check detects if a player has pinged the server
189 motdpingdetection:
190
191 # Set the conditions which have to be fired for this check to be run
192 # Available options: STANDARD, STANDARD_NO_PING, STANDARD_SLOW, STANDARD_BYPASS
193 # Recommended: x
194 conditions:
195 - STANDARD_NO_PING
196
197 # DeluxeCaptcha - This check forces the player to manually verify himself
198 deluxecaptcha:
199
200 # Set the conditions which have to be fired for this check to be run
201 # Available options: STANDARD, STANDARD_NO_PING, STANDARD_SLOW, STANDARD_BYPASS
202 # Recommended: x
203 conditions:
204 - STANDARD_BYPASS
205
206 # ConnectionsPerIP - This check detects Proxies & VPN's
207 connectionsperip:
208
209 # Amount of how many players are allowed to be connected from the same network
210 # - this will prevent attacks with a low proxy amount
211 amount: 2
212
213 # Set the conditions which have to be fired for this check to be run
214 # Available options: STANDARD, STANDARD_NO_PING, STANDARD_SLOW, STANDARD_BYPASS
215 # Recommended: - always executed
216 conditions: []
217
218 # Configure the different conditions that can be triggered.
219 # - This is needed for checks to be ran dependent on each situation
220 conditions:
221
222 # This condition is configurated to be triggered whenever a normal attack is detected
223 # - this means that there are multiple pings and connections per second
224 # - enum name: STANDARD
225 standard-attack:
226 # Amount of pings per second to trigger this condition.
227 # Default: 5
228 pings: 5
229
230 # Amount of connections per second to trigger this condition.
231 # Default: 35
232 connections: 35
233
234 # Time in seconds this condition will be triggered after fired.
235 # Default: 30
236 time: 30
237
238 # This condition is configurated to be triggered whenever a normal attack without pings is detected
239 # - this means that there are multiple connections, but not many pings per second.
240 # - enum name: STANDARD_NO_PING
241 standard-no-ping:
242 # Amount of pings per second to trigger this condition. <- reverted
243 # - reverted means, that this value only triggers if its below the number
244 # Default: 5
245 pings: 5
246
247 # Amount of connections per second to trigger this condition.
248 # Default: 35
249 connections: 35
250
251 # Time in seconds this condition will be triggered after fired.
252 # Default: 30
253 time: 30
254
255 # This condition is configurated to be triggered as a backup for small attacks
256 # - this means that this condition is also likely to be triggered without attacks
257 # - enum name: STANDARD_SLOW
258 standard-slow:
259 # Amount of pings per second to trigger this condition.
260 # Default: 0
261 pings: 0
262
263 # Amount of connections per second to trigger this condition.
264 # Default: 5
265 connections: 5
266
267 # Time in seconds this condition will be triggered after fired.
268 # Default: 30
269 time: 30
270
271 # This condition is configurated to be triggered whenever a bypassing attack is detected
272 # - this means that there are many connections, but no detections.
273 # - enum name: STANDARD_BYPASS
274 standard-bypass:
275 # Detection rate in %, this is a prediction of how many bots are detected.
276 # - If the rate drops below the set number, this condition will be fired.
277 # Default: 96(%)
278 detection-rate: 96
279
280 # Amount of connections per second to trigger this condition.
281 # Default: 50
282 connections: 50
283
284 # Time in seconds this condition will be triggered after fired.
285 # Default: 15
286 time: 15
287
288# General configuration for DeluxeCaptcha
289# - This system is the first public available captcha system
290# outside of the game. This system has been designed to
291# work with any kind of server. You can also use your
292# own domain for the system.
293deluxecaptcha:
294 # Should DeluxeCaptcha be enabled?
295 enabled: true
296
297 # Here you can configure the connection variables
298 # used to connect to DeluxeCaptcha.
299 connection:
300
301 # Here you can set the preferred api server
302 # - The default server used is satellite.antibotdeluxe.com.
303 # This will use our redundant API system to select the best
304 # server for you.
305 # - If you want to force an api server you can use the following syntax:
306 # country.node.satellite.antibotdeluxe.com
307 #
308 # - Available options:
309 # - us-01.satellite.antibotdeluxe.com
310 address: satellite.antibotdeluxe.com
311 port: 8080
312
313 # The standard URL that will be used is https://deluxecaptcha.com
314 # If you want to use a custom URL you will have to do a few basic steps
315 #
316 # Step 1: Go to your domains DNS area and create a new record.
317 # Step 2: Create a CNAME record with your wished domain pointing to whitelabel.deluxecaptcha.com
318 # Step 3: Enter your domain that you want to use here.
319 # Example: captcha.myserver.com
320 custom-url:
321 # Do you want to use a custom domain?
322 enabled: false
323 # Enter the URL that you want to use.
324 # WARNING: This will only work if the record exists!!!
325 url: captcha.myserver.com
326
327
328# General configuration for the Layer-7 protection
329layer-7-protection:
330 # Should the Layer-7 protection be enabled?
331 enabled: true
332
333 # Limit the amount of pings per second allowed per IP.
334 refresh-limit:
335 seconds: 5
336 limit: 3
337
338 # Configuration for server icon limits
339 server-icon:
340 # Should the server icon only be sent once per IP?
341 # - This would prevent attacks towards the icon file
342 send-only-once: true
343
344
345# General configuration for firewall integration.
346firewall-hook:
347 # Should the general firewall be enabled?
348 enabled: true
349
350 # Configuration for hooks with the machine to allow network level mitigation
351 hooks:
352 '1':
353 # Name of the hook
354 name: "IPTables & IPSet"
355 enabled: true
356 # Requires software for the hook to run
357 required-software:
358 '1':
359 name: "IPTables"
360 validation-command: "sudo iptables --version" # Requires sudo to allow non users (https://superuser.com/questions/1041621/how-to-enable-user-to-change-iptables-rules)
361 validation-response: "iptables v"
362
363 '2':
364 name: "IPSet"
365 validation-command: "sudo ipset --version" # Requires sudo to allow non users (https://superuser.com/questions/1041621/how-to-enable-user-to-change-iptables-rules)
366 validation-response: "ipset v"
367 # Commands which are ran while the server is booting.
368 firewall-commands:
369 '1':
370 command: "sudo ipset flush antibotdeluxe"
371 '2':
372 # Creates the set and sets the timeout.
373 command: "sudo ipset -N -! antibotdeluxe hash:net maxelem 150000 timeout 86400" # <- 24 hours
374 '3':
375 command: "sudo iptables -N AntiBotDeluxe"
376 '4':
377 command: "sudo iptables -F AntiBotDeluxe"
378 '5':
379 command: "sudo iptables -A AntiBotDeluxe -p tcp -m set --match-set antibotdeluxe src -j DROP"
380 '6':
381 command: "sudo iptables -D INPUT -p tcp -j AntiBotDeluxe"
382 '7':
383 command: "sudo iptables -A INPUT -p tcp -j AntiBotDeluxe"
384
385 # Commands that are run to perform action
386 action-commands:
387 add-to-firewall:
388 command: "sudo ipset -A antibotdeluxe %ip%"
389
390 remove-from-firewall:
391 command: "sudo ipset -D antibotdeluxe %ip%"
392
393
394# General configuration for proxy and VPN detection
395ip-scoring:
396 external-services:
397 '1':
398 name: "proxycheck.io"
399 action: BLACKLIST
400 enabled: true
401 connection:
402 url: "http://proxycheck.io/v2/%ip%?key=%key%&vpn=1"
403 detection-trigger: "yes"
404 automatic-placeholders:
405 key: "111111-222222-333333-444444"
406 '2':
407 name: "getipintel.net"
408 action: BLACKLIST
409 enabled: true
410 connection:
411 url: "http://check.getipintel.net/check.php?ip=%ip%&contact=%email%%flags%"
412 detection-trigger: "1"
413 automatic-placeholders:
414 email: "put.your@email.adress"
415 flags: "&flags=m"
416 '3':
417 name: "vpnblocker.net"
418 enabled: true
419 action: BLACKLIST
420 connection:
421 url: "http://api.vpnblocker.net/v2/json/%ip%"
422 detection-trigger: "\"host-ip\": true"
423 '4':
424 name: "stopforumspam.com"
425 enabled: true
426 action: KICK
427 connection:
428 url: "http://www.stopforumspam.com/api?ip=%ip%"
429 detection-trigger: "<appears>yes</appears>"
430 '5':
431 name: "teoh.io"
432 enabled: false
433 action: KICK
434 connection:
435 url: "https://ip.teoh.io/api/vpn/%ip%"
436 detection-trigger: "\"vpn_or_proxy\": \"yes\""
437 '6':
438 name: "IPQualityScore"
439 enabled: false
440 action: BLACKLIST
441 connection:
442 url: "https://www.ipqualityscore.com/api/json/ip/%key%/%ip%?strictness=%strictness%"
443 detection-trigger: "\"proxy\":true"
444 automatic-placeholders:
445 key: "111111-222222-333333-444444"
446 strictness: "1"