Archive for Linux

tehjay | February 9, 2009
No comments

HOWTO: OpenArena Dedicated Sever – Linux

Open Arena is an amazing Open Source arena based first person shooter. It is based on the quake 3 engine, and has a lot of fast gameplay.

You are going to need your own server running linux. A shell account will not do, the admin will probably disable your account, and most likely you won’t have access to enough resources to run a dedicated game server. So I am going to assume you either have a computer sitting beside you running linux, or a virtual machine either on your pc, or hosted on a server somewhere. You will not be able to run the dedicated server on your own machine, without changing some of the server flags.

The first thing you will need to do is download the latest version of the OpenArena, which can be done here. Any download link will do, the windows and the linux binaries are both packaged together.

I recommend uploading the archive to your server, then uncompressing it, instead of uncompressing it on your computer then uploading it, just to save some time and bandwidth.

Once you have everything uploaded and uncompressed on your server, you will need to go into the baseoa directory and create a file called server.cfg

Your server.cfg file is going to look something similar to this:


sv_hostname "My OA server"
sv_maxclients 16
sv_master1 "dpmaster.deathmask.net"
sv_maxPing 150
sv_minPing 0
sv_pure 1
sv_maxRate 25000
sv_fps 20
sv_allowdownload 1

sv_privateClients "2" // slots substracted from sv_maxclients
sv_privatePassword " "

capturelimit 8
timelimit 15
fraglimit 35

set rconPassword "" // for remote ingame servercontrol

g_motd ""
g_quadfactor 4
g_inactivity 0
g_allowvote 1

//If you want to use unlagged functionality (since 0.7.6)
g_delagHitscan 1

//Special modes since 0.7.6:
//g_instantgib 1
//g_rockets 1
//g_vampire 0.25 //25%
//g_regen 5 //5 health per sec.

//Gametypes
// 0 = Free For All
// 1 = Tourney
// 3 = Team Deathmatch
// 4 = Capture The Flag
// 8 = Elimination
// 9 = CTF Elimination
// 10 = Last Man Standing
// 11 = Double Domination
// 12 = Domination
g_gametype 0

set d1 "map aggressor; set nextmap vstr d2"
set d2 "map oa_dm1; set nextmap vstr d3"
set d3 "map oa_dm2; set nextmap vstr d4"
set d4 "map oa_dm3; set nextmap vstr d5"
set d5 "map oa_dm4; set nextmap vstr d6"
set d6 "map kaos2; set nextmap vstr d7"
set d7 "map oa_dm5; set nextmap vstr d8"
set d8 "map oa_rpg3dm2;set nextmap vstr d9"
set d9 "map oa_shouse; set nextmap vstr d1"
wait
vstr d1 // start loop at d1

The main portions you are going to want to worry about are:

sv_hostname – Sets your viewable hostname in the serverlist
sv_maxclients – Sets the maximum ammount of clients allowed to connect to your server
sv_privateClients – Sets the ammount of slots held for private use (sv_maxclients – sv_privateClients = total clients)
sv_privatePassword – Sets the password for the private slots
capturelimit – Sets the capture limit in CTF
timelimit – Sets the time limit
fraglimit – Sets the frag limit
set rconPassword – Sets the rcon passsword for admin usage
g_motd – Sets the message of the day
g_gametype – Sets the gametype, the current option is 0, Free for All aka Deathmatch

The last portion is the confusing bit. This is where you setup the actual map rotation.


set d1 "map mapname1; set nextmap vstr d2"
set d2 "map mapname2; set nextmap vstr d3"
set d3 "map mapname3; set nextmap vstr d1"
wait
vstr d1 // start loop at d1

Basically what you are doing here is setting up a loop. d1 is set, with the next map being d2 and so on. You can do this with as many levels as you want, you just have to make sure to make the last map link to the first map, or the loop will not work.

Once you have your server.cfg file saved, go back into the root OpenArena directory and start up your server like this:

./oa_ded.i386 +set dedicated 2 +exec server.cfg

You may want to run this process inside of a screen session. There are alot more things you can do, this is just the basics for getting your own OpenArena dedicated server setup. Enjoy

Category: Linux | Tags: , , ,
tehjay | June 3, 2007
No comments

HOWTO: Slow down and log bruteforce attacks on your Debian system

This howto is going to assume you have a working Debian or Debian based system currently running. It is also intended to be copied and pasted directly into your telnet/ssh window.

The package I am going to be using is called fail2ban. Fail2ban scans log files and bans IP addresses that produce too many failed login attempts. It then updates firewall rules to reject the attackers IP address.

Step 1: Installing the fail2ban package

Type or copy and paste the following into your server.

apt-get install fail2ban

Once this is done, you are now setup and now you have to setup the configuration files.

Step 2:

Edit /etc/fail2ban/fail2ban.conf

nano -w /etc/fail2ban/fail2ban.conf

Your fail2ban.conf should look something like this (the commented lines have been removed)

[Definition]
loglevel = 3
logtarget = /var/log/fail2ban.log
socket = /tmp/fail2ban.sock

Step 3:

Edit /etc/fail2ban/jail.conf

nano -w /etc/fail2ban/jail.conf

Your jail.conf should look something like this (again comments have been removed)

[DEFAULT]
ignoreip = 127.0.0.1
bantime = 18000
maxretry = 3

backend = polling
destemail = youremail@domain.com
action = iptables[name=%(__name__)s, port=%(port)s]
mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]

[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6

[apache]

enabled = false
port = http
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 6

[apache-noscript]

enabled = false
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6

[vsftpd]

enabled = false
port = ftp
filter = vsftpd
logpath = /var/log/auth.log
maxretry = 6

[proftpd]

enabled = false
port = ftp
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6

[wuftpd]

enabled = false
port = ftp
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 6

[postfix]

enabled = false
port = smtp
filter = postfix
logpath = /var/log/mail.log

[couriersmtp]

enabled = true
port = smtp
filter = couriersmtp
logpath = /var/log/mail.log

[courierimap]

enabled = true
port = imap2
filter = courierlogin
failregex = imapd: LOGIN FAILED.*ip=\[.*:\]
logpath = /var/log/mail.log
maxretry = 5

[courierpop3]

enabled = true
port = pop3
filter = courierlogin
failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:\]
logpath = /var/log/mail.log
maxretry = 5

[sasl]

enabled = true
port = smtp
filter = sasl
failregex = warning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
logpath = /var/log/mail.log

Please change the email section if you are going to directly copy and paste this config. Right now, when someone attempts a bruteforce attack, fail2ban will firewall the ip address, and send an email to that email address with the whois information, and the log information from the attack.

You can now start/restart fail2ban, I recommend using a restart just in case fail2ban is already running.

/etc/init.d/fail2ban restart

Please don’t use this as your only security measure. This is just one step you can take to protecting your servers.

Category: Linux, Security | Tags: , , , ,
tehjay | May 8, 2007
2 comments

HOWTO: Prevent website bandwidth theft with .htaccess

Some people can be so ignorant. Nothing aggravates me more than a forum user who hotlinks an image or file from your site on a popular forum, but when webmasters create file repositories, and all of the files are linked from other peoples servers. Without permission.

I’m sure there are many ways to prevent these people from harvesting your bandwidth, if you use apache with mod_rewrite, just by adding a couple lines of text to a file called .htaccess will do wonders.

What is Hotlinking?

Straight from Wikipedia:

Hotlinking aka. Inline linking is the placing of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located. Inline linking is also known as leeching, direct linking or bandwidth theft.

Let’s start by opening up a text editor and creating a file called .htaccess In this file you want to put something like this:


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?attackofthegamer.com/.*$ [NC]
RewriteRule \.(gz|zip|rar|gif|jpg|js|css)$ - [F]

Basically what this does is check if a request to any file with a .gz .zip .rar .gif .jpg .js .css extension comes from the referring URL http://www.attackofthegamer.com If the request comes from a referral that isn’t http://www.attackofthegamer.com it’s rejected. You will want to swap the domain for your own to make it work.

If you are just protecting images. You can mess with the culprit and change the image on them to something of your choice, with a comical outcome. Just create a .htaccess file that looks like this.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(png|gif|jpg)$ http://www.mydomain.com/badimage.gif [R,L]

Just change the domain name, and the url to the image you want to swap with and you are set. Once you have the .htaccess file created use your FTP program and upload it to each directory you want to protect.

Voila, you should now be protecting against bandwidth pirates. Happy Hunting.

Category: Linux | Tags: , , , , , ,
tehjay | December 10, 2006
39 comments

HOWTO: DevHook 0.51 Installation

DevHook 0.51 has been released, and now emulates firmware 3.01! There are 2 different Ultimate Installers available for this release, Ultimate Installer v1.5.2 for firmware 1.50 and Ultimate Installer v1.5.2 for 2.71se firmware.

The installation is almost the same as the DevHook 0.50 installation however a couple of the steps are different. For instance, the supplied .bat file didn’t do its job properly so each step will be explained here.

Connect your PSP to your computer using the USB port and initiate the USB file transfer mode. I recommend making a backup of your memory stick first. I went as far as backing up my memory stick then formatting it to install DevHook 0.51 on a fresh stick. Follow the on-screen instructions. You will be prompted to choose which version to install. I chose the Full Install.

Accept the license agreement, then select whichever drive your PSP is. The files will now be copied to your PSP.

The files are now copied to your PSP, you can hit the circle button on your PSP and exit out of USB file transfer mode. Now head over to the GAME menu, and select the PSAR Dumper. This will load a program that decrypts everything that is needed. Once the dumper loads, press the X button.

Once everything is complete, fully turn off your PSP. Don’t just put it into power saver mode, turn it right off.

Okay, you can now turn your PSP back on. Once again go and initiate the USB file transfer mode. Access your PSP through My Computer, you will see alot of files and directories. Some of these files and directories your going to move, or delete, some you won’t touch at all.

The first thing you want to do is access the folder labeled “f0″ and you will then find a folder labeled “kd” go inside of this folder aswell. Once you are inside of the folder labeled “kd” delete the file “audio.prx”

Now copy audio.prx from the “x:\temp” folder and put it back inside of “kd” folder inside of the “f0″ folder.

Now access the folder labeled “dh” and create a folder labeled “301″. Now move select the “f0″ folder and completely move it to the newly created “301″ folder, inside of the “dh” folder.

Now go back into the “temp” folder and move everything inside of it to “x:\dh\301\f0\kd”.

Now access the folder in “x:\dh\301\” labeled “f1″ and create the following folders: “dic”, “gps”, “net”, “net\http”, “vsh”, and “vsh\theme”.

You can now go back to the root folder and delete the “temp” folder, the “DH_README” folder, and the file labeled “DevHook Setup.bat”. Also while you are deleting stuff, you may go into the “x:\psp\game” folder and delete the PSAR dumper, as it is no longer needed.

Turn off USB file transfer mode and go back into the GAME menu. Now you can Launch DevHook 0.51.

Once you are inside of DevHook 0.51 go to the “FIRMWARE” menu and select the 3.01 firmware. You can now start DevHook 0.51 and watch your PSP boot into the 3.01 firmware.

Enjoy :)

Category: Linux | Tags: , , , ,