autoadmin

[reef]

Original Script made by: Terran Jun 7 2005

I've only slightly modified this for FXServer and will work with WCS also
One of the safer autoadmin scripts that i've seen as both IP and NAME have to match
before it will admin a user.The chances of a user coming into your room
with the same IP or IP range and having the same NAME as 1 of your admins
is pretty slim i'd say.

For admins with static ips use the whole ip addy... for admins with dynamic IP's
use ranges for example 84.7
If that particular admins IP range changes drastically add another OnEnter for their
second ip range and maybe even a third if neccessary.... if they have more ranges than 3
have them login instead ;p      Personal welcome messages for each admin can be made.

Add your admins names to the usergroup below (to make this even more secure
and providing that your admins aren't big name changers.... add their names
and include the first set of hash numbers in their name) eg: joebloe473

Only 1 problem i've found with this script is if u have 2 admins with the
same IP range... it may admin them but use wrong password.

Hope somebody finds this as useful as i have

Code: [Select]

<usergroup name="autoadmin">
joeblow*
ADMIN1*
ADMIN2*
</usergroup>

<OnEnter  type="script" usergroup="autoadmin" users="" flood="0">
<out delay="0" type="break" extdata="0" condition="5" lvalue="%IP%" rvalue="84.7"></out>
<out delay="500" type="normal" extdata="0" condition="-1" lvalue="" rvalue="">/forcelogin %RAWNAME% joe</out>
<out delay="1000" type="normal" extdata="0" condition="-1" lvalue="" rvalue="">#c10#Welcome Home #c1#joe</out>
</OnEnter>

<OnEnter  type="script" usergroup="autoadmin" users="" flood="0">
<out delay="0" type="break" extdata="0" condition="5" lvalue="%IP%" rvalue="ADMIN1IP"></out>
<out delay="500" type="normal" extdata="0" condition="-1" lvalue="" rvalue="">/forcelogin %RAWNAME% ADMIN1PASSWORD</out>
<out delay="1000" type="normal" extdata="0" condition="-1" lvalue="" rvalue="">#c20#Welcome Home #c6#ADMIN1NAME</out>
</OnEnter>

<OnEnter  type="script" usergroup="autoadmin" users="" flood="0">
<out delay="0" type="break" extdata="0" condition="5" lvalue="%IP%" rvalue="ADMIN2IP"></out>
<out delay="500" type="normal" extdata="0" condition="-1" lvalue="" rvalue="">/forcelogin %RAWNAME% ADMIN2PASSWORD</out>
<out delay="1000" type="normal" extdata="0" condition="-1" lvalue="" rvalue="">#c20#Welcome Home #c1#ADMIN2NAME</out>
</OnEnter>

[KM]

just in case anyone is mislead by the comment that it's more secure than just auto admining on username:

anyone on the same ISP as any admin can get themselves admined, if for example you have an admin on AOL, you are allowing any AOL user to admin themselves

it's not likely someone will happen to have the same username by accident, but it was never likely anyway, as most peoples usernames are full of colour codes and symbols etc that make it very unlikely to see someone else with that username unless they are deliberately trying to imitate that username, in which case this still doesn't help out with that problem

i strongly advise against auto admin for anything except static IP Addresses

[reef]

Actually KM no it won't admin users of the same isp such as aol..... i've got admins with dynamic IP and have
tested it.Their ip range can be in the script but if their name isnt in the usergroup it will not admin them.
I find it to be much more secure than admining just by usergroup as somebody could copy an admin name to
the letter and on the off chance that admin isnt in the room,they name cloner would get admin.Both name
and IP have to match up b4 anybody will be auto admin'd.

[KM]

users who don't clone the name, it's exactly the same as simply using usernames

for someone who would clone the usernames to get auto admined (the reason doing it by username isn't secure), the only difference that makes is now there are fewer ISPs they can use, but as long as they are on the same ISP as an admin they can still clone the username and get admin... it's not really much more secure, especially considering chances are you'll have admins on most of the major ISPs, and of course the major ISPs are also the ones that user trying to get admined will be most likely to be using

you have an admin on AOL, all i have to do it go create a AOL dialup account, go in to your room with an admins username, and i'm admined

and of course the only reason i'd need that dialup account would be because i don't use AOL, but if i happened to be on the same ISP as any of your admins then i could do it without that extra hassle

there are only 2 ways to have a secure auto admin
1. by IP Address (doesn't work for dynamic IP Addresses)
2. the client identifying itself in some way (ie. them setting their client to automatically log in) - which of course wouldn't be something you can do from just the server, they'd need to use a client that logs in on enter, making it not so much of an auto admin but more them having an auto-login

of course there is one thing you could possibly try that i'm surprised nobody has tried doing yet - resolve a hostname to an IP Address (such as a hostname from no-ip or dyndns or some similar service), then if the user matches that admin them... of course it would mean constantly checking the hostnames for every admin, although combined with usernames could make it more efficient (ie. they come in with username admin3 then look up admin3-hostname.no-ip.com, if the IP Address matches then admin them)... only problem with that is when their clients do update there is a couple of minutes delay for it to get updated properly so they'd have to wait a few minutes before entering to get admined

[reef]

good points and yes users could take advantage of it if they wanted to

I was using another popular auto admin script for awhile and i knew it
wasnt intended for dynamic ip's but added ip ranges anyways,only to see 1 day
somebody come in with the same range as 1 of my cohosts and they got
logged in....this does prevent that from happening,unless of course
like u said,they have cloned the admins name.That being said though
most my admins are logged in at all times and with fxserver it prevents
name cloners to enter the room as do most chat servers i believe...
 
your right tho it isnt the safest option but i do believe its a lil
more secure than admining by JUST usergroup or by JUST ip range  lol

[SamSeeSam]

I don't know if this is 100% foolproof. But does seem to provide a bit of cover

You can use dyndns (or no IP) to get a static hostname for dynamic Ip's
Get all your admins to get free accounts there

Then:
as soon as your admin A enters check his dyndns account IP with the IP of the person who has just entered. If they match, then log him in.
You also get a free utility for download.com that updates the Account and keeps the IP in the hostname up to date...

Cheers

[Max™]

i take room security seriously too, my admin's standard access means they can kick other admins, but can not ban them, so if someone did manage to self admin, all they can hope fot is kick most people out allowing the admins to re-enter and as well as myself, Metis  & ShareGuard are unkickable, also the default admin password setup on wcs or fxs is on auto ban if someone tries the default login (we know there are people out there trying that)