Jump to content

Python Tiny Security Script


Recommended Posts

#FIRST YEAH

 

Hi Guys,
 
Just a Simple "python Security script". Just include the file in your root for example and import in prototype.py.
Its really not a big deal. Somebody asked for it. And you have to have Python 2.7
 
Code:

import subprocess
import app
import threading
import os
import time

Evil_ProcessList = ["notepad++.exe"]
Evil_FileNameList = [".sdsd",".asd",".asds"]

class SuperUnsecureAndNotEnoughProtectionOfferingScript(object):
	def __init__(self):
		self.LoadSuperUnsecureSystem()

		
	def __del__(self):
		pass
		
	def LoadSuperUnsecureSystem(self):
		while 1:
			self.CheckForEvilFiles()
			self.CheckForEvilProcesses()
		
	def KillProcess(self, processname):
		try:
			os.system("taskkill /f /im %s" % processname)
		except:
			app.Exit()
	
	
	def DeleteFile(self, filename):
		try:
			os.remove(filename)
		except IOError:
			app.Exit()
	
	
	def CheckForEvilFiles(self):
		for file in os.listdir(os.getcwd()):
			for filename in Evil_FileNameList:
				if file.endswith(filename):
					self.DeleteFile(file)
	
	
	
	def CheckForEvilProcesses(self):
		for evil in Evil_ProcessList:
			if evil in subprocess.Popen("tasklist", stdout=subprocess.PIPE, shell=False).communicate()[0]:
				self.KillProcess(evil)
				
			
				
if __name__ == '__main__':
	threading.Thread(target=SuperUnsecureAndNotEnoughProtectionOfferingScript, args=()).start()
		
  • Love 4
Link to comment
  • 4 weeks later...

These "evil"-process checks are prone to false positives (or different definitions of "evil") and too easily bypassed. Also I consider killing other processes bad practice (even if they're "evil"). Not even XTrap / HackShield do this.

To the file checks: Why delete these files?

If you don't want your client to load e.g. loginInfo.py, then remove the relevant code from your shipping client (or use the new xml-based loginInfo). Or hard-code the pack list if you don't want people to mess with it. Same goes for Miles and its extension modules.

Most of these checks are vulnerable to race conditions anyway (e.g. I can use the time between the check for *.mix files and Miles actually trying to load all of them)

PS: You should really add a call to time.sleep() to your loop. Currently you're spending a huge amount of CPU time on these checks which will surely cause problems for users with low-end hardware.

Link to comment

These "evil"-process checks are prone to false positives (or different definitions of "evil") and too easily bypassed. Also I consider killing other processes bad practice (even if they're "evil"). Not even XTrap / HackShield do this.

To the file checks: Why delete these files?

If you don't want your client to load e.g. loginInfo.py, then remove the relevant code from your shipping client (or use the new xml-based loginInfo). Or hard-code the pack list if you don't want people to mess with it. Same goes for Miles and its extension modules.

Most of these checks are vulnerable to race conditions anyway (e.g. I can use the time between the check for *.mix files and Miles actually trying to load all of them)

PS: You should really add a call to time.sleep() to your loop. Currently you're spending a huge amount of CPU time on these checks which will surely cause problems for users with low-end hardware.

 

You absolutely right. I only released this because somebody requested it this way. I was just doing what I supposed to do :D

Link to comment

well this will work is just fine with noobs and normal user

however i realy find no point in protecting the client from pro hacker

why?

because  if i want to do that it will make me change the client once per month this will make the player sick of my server and make them go away // what a waste

so if anyone want to keep his server runing than just make a pro protection for your server and a basic on for client and you sould be just fine cz anyone can get your client ip however :

not every one is good with PC ^^ dont you think so

and just saying it a 2nd time i like the release +1

Link to comment
  • 7 months later...
  • 2 years later...
  • 3 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.