Title | Nephthys |
Version | V1.5a011 |
Description | Nephthys is a native mod for Unreal1 engine based servers which extends IpDrv by efficient attack blocking, banning, player logging and other features. Nephthys also provides efficient web downloads for clients and servers. |
Release Date | 22.08.2009 |
Authors | Winged Unicorn, Zora |
Email Address | zzora@gamebox.net |
Filenames | Nephthys.zip |
DLLs | Nephthys.dll, IpDrv.dll |
Scripts | Nephthys.u, IpDrv.u |
Configurations | Nephthys.int, NephthysWebDownload.ini |
Game Compatibility | Unreal 224v, Unreal 225f, Unreal 226b (Gold), Unreal 226f, Deus Ex 1100 (1112fm), Rune 101, Rune 107, Rune 108 (108HoV), Unreal Tournament |
OS Compatibility | Windows 98/ME, Windows NT 4, Windows 2000, Windows XP, Windows Vista, Linux (Wine), Linux (Rune 107 and Rune 108 (108HoV) only) |
IpDrv.*
files of your Unreal\System
folderUnreal.ini
file of your Unreal\System
folderUnreal\System
folder, depending on the installed patchUnreal\System\Unreal.ini
with any text editor, e.g. Notepad and search for the line "language=" (without the quotes). Then copy Unreal\System\Nephthys.int
to Unreal\System\Nephthys.<your language extension>
.
Unreal.ini
file:;ServerActors=IpServer.UdpServerQuery
ServerActors=Nephthys.NptServerQuery
;ServerActors=IpServer.UdpServerUplink MasterServerAddress=...
ServerActors=Nephthys.NptServerUplink MasterServerAddress=...
zunace.exe
and unacev2.dll
to your Unreal\System
folder.zxumod.exe
to your Unreal\System
folderzxumod
is a simple command line tool to extract files from Unreal modules (.umod
archives) to given folders.Value | Description |
---|---|
ESM_DontEvenLog | Don't even log this event. This value is NOT recommended since even in the server log you can't see that Nephthys did something relevant. The usage of this value is only reasonable temporarily if a certain message is spamming the server log. Please contact Zora or Winged Unicorn in this case. If you choose this option value Nephthys is logging a warning after startup. |
ESM_Off | Don't show this event. If you just like to enjoy playing without getting informed how Nephthys works, then use this value everywhere. |
ESM_Silent | Show this event without beep. If you think Nephthys beeps too much, then use this value instead of ESM_Beep. |
ESM_Beep | Show this event and beep. If you usually ignore the chat and want to be beeped by Nephthys' events, then use this value instead of ESM_Silent. |
Value | Description |
---|---|
EAR_Off | The attack is detected but Nephthys doesn't interact. This value is NOT recommended since your server is vulnerable to a known exploit. |
EAR_Block | The attack is detected and blocked by Nephthys. |
EAR_Kick | The attack is detected, blocked by Nephthys and the causing connection is closed (that means, the causing player is kicked; kick by IP address (range)). |
EAR_Ban | The attack is detected, blocked by Nephthys, the causing connection is closed and a ban for the causing IP address (range) is added/re-activated. |
EAR_BanQuiet | The attack is detected, blocked by Nephthys, the causing connection is closed and a quiet ban for the causing IP address (range) is added/re-activated. |
Option | Default | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ConnCountForDRJA TimeDeltaForDRJA |
50 1 |
Max. number of new connections per TimeDeltaForDRJA seconds counted for all IPs, more than this is considered to be a DRJA (distributed repetitive join attempt) attack, resulting in ignorance of all further join attempts until the attack is over. Set ConnCountForDRJA to at least (MaxPlayers + MaxSpectators) * 1½ to allow proper map travels for all players. Set it even higher to avoid unnecessary DRJA detections in minor attack situations. Consider the DRJA detection as the last emergency brake before the server crashes. | ||||||||||||
ShowDRJA | ESM_Beep | How to show detected DRJA attacks to all admins | ||||||||||||
WhiteListMode | EWLM_AutoQuiet | How to allow certain players to join during DRJA attacks:
|
Option | Default | Description |
---|---|---|
AutoBanDeleteSeconds | 2419200 | Number of seconds after which an automatically inserted ban is removed automatically (see "Delete" parameter in ban new). 2419200 = 4 * 7 * 24 * 3600 (4 weeks). 0=off=endless bans. |
MaxLoginsPerIP | 0 | Maximum allowed number of concurrent successful logins per IP (0=off=infinite). |
Option | Default | Description |
---|---|---|
ReactIIA | EAR_Kick | How to react when a IIA attack is detected |
ShowIIA | ESM_Beep | How to show detected IIA attacks to all admins |
Option | Default | Description |
---|---|---|
CountForRBO TimeDeltaForRBO |
10 10 |
Max. number of RPC bunch overflows per TimeDeltaForRBO seconds counted for a single connection, more than this is considered to be a RBO (RPC bunch overflowed) plethora. |
ReactRBO | EAR_Kick | How to react when a RBO plethora is detected |
ShowRBO | ESM_Beep | How to show detected RBO plethoras to all admins |
Option | Default | Description |
---|---|---|
CountForRER TimeDeltaForRER |
10 20 |
Max. number of exception recoveries per TimeDeltaForRER seconds counted for a single connection, more than this is considered to be a RER (repetitive exception recovery) attack. |
ReactRER | EAR_Kick | How to react when a RER attack is detected |
ShowRER | ESM_Beep | How to show detected RER attacks to all admins |
Option | Default | Description |
---|---|---|
CountForRIA TimeDeltaForRIA |
10 10 |
Max. number of injection commands per TimeDeltaForRIA seconds counted for a single connection, more than this is considered to be a RIA (repetitive injection attempt) attack. |
ReactRIA | EAR_Block | How to react when a RIA attack is detected |
ShowRIA | ESM_Beep | How to show detected RIA attacks to all admins |
Option | Default | Description |
---|---|---|
AutoBanBitsRJA | 8 | Used to detect and ban not only a single attacking IP address but a wider range (subnet detection and banning). Higher values make the detection more fuzzy: catch more and ban more. Lower values make the detection more exact. A value of 0 only catches and bans a single IP address. Values above 16 hardly make any sense since the detection would catch and ban almost the entire internet at once. 32 is the max. usable value. E.g. a value of 8 catches and bans the IP range x.x.x.0-x.x.x.255, 16 would catch and ban x.x.0.0-x.x.255.255, etc. |
ReactRJA | EAR_Kick | How to react when RJA attack is detected |
ConnCountForRJA TimeDeltaForRJA |
10 10 |
Max. number of new connections per TimeDeltaForRJA seconds counted for a single IP, more than this is considered to be a RJA (repetitive join attempt) attack, resulting in ignorance of all further join attempts from this IP address until the attack is over. Set ConnCountForRJA to at least (max. remote lan players) * 1½ to allow proper map travels for all remote lan players. |
ShowRJA | ESM_Beep | How to show detected RJA attacks to all admins |
Option | Default | Description |
---|---|---|
CountForRLM TimeDeltaForRLM |
20 10 |
Max. number of log messages per TimeDeltaForRLM seconds counted for a single connection, more than this is considered to be a RLM (repetitive log message) attack. |
ReactRLM | EAR_Kick | How to react when a RLM attack is detected |
ShowRLM | ESM_Beep | How to show detected RLM attacks to all admins |
Option | Default | Description |
---|---|---|
CountForRUF TimeDeltaForRUF |
10 10 |
Max. number of unwanted functions per TimeDeltaForRUF seconds counted for a single connection, more than this is considered to be a RUF (repetitive unwanted function) attack. |
ReactRUF | EAR_Kick | How to react when a RUF attack is detected |
ShowRUF | ESM_Beep | How to show detected RUF attacks to all admins |
Option | Default | Description |
---|---|---|
ShowBan | ESM_Beep | How to show any change of the ban table to all admins |
ShowSuspect | ESM_Silent | How to show any matching rules not applied due to (temporary) deactivation to all admins |
Option | Default | Description |
---|---|---|
ShowCmdError | ESM_Beep | How to show errors while executing remote admin commands. If your server is always accessible by server console you may set this option to ESM_Off. |
ShowCmdResult | ESM_Silent | How to show results of remote admin commands. If your server is always accessible by server console you may set this option to ESM_Off. |
Option | Default | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
bKillDoubles | true | Whether to kill double connections to players with same IP address / Name to get rid of unused (bandwidth eating) connections quickly. This may cause players with same IP address having to connect one after each other, not both at once. See also KillDoubleDelay. | ||||||||
bRejectAfterGameEnd | false | Whether to reject new connections when the game is ended (GameType.bGameEnded == true). This may cause a server to reject all connections if the map doesn't switch automatically after the game ended. | ||||||||
KillDoubleDelay | 10 | How long (in seconds) bKillDoubles is disabled after a map change. This allows remote LAN players to travel at once into new map. Compatibility with Nephthys V1.0: 0. | ||||||||
LogWithIP | ELWI_Critical | What events to log with the IP address of the causing connection. This option easily allows to isolate the causing player of a certain server log line. Possible settings:
|
||||||||
RecvErrorsToClose | 2 | Connection is closed after this number of successive receive errors. Usually 1 should do well, but some routers / PCs (?) seem to send single ICMP error messages spuriously. Set this to 0 to turn it off (not recommended). Compatibility with Nephthys V1.0: 0. | ||||||||
RegardPrivateICMP | ERPI_Auto | (not available for 224v) Whether to regard ICMP "port unreachable" messages from private and APIPA IP addresses. Set this option to ERPI_Always only if your server either only supports LAN players (private and APIPA IP addresses) or only supports remote players (no private nor APIPA IP addresses). Since most cheap xDSL routers don't apply proper NAPT of ICMP packets a LAN connection may be closed by a closing remote player connection if you turn this option to ERPI_Always and mix LAN and remote players. ERPI_Auto switches dynamically to "regard" if either only private or only public IP address connections are opened and back as soon as mixed connections are opened. ERPI_Off doesn't ever regard any private ICMP message. For more information see rfc1918 for private addresses, see rfc3330 for special used IPv4 addresses, see rfc2663 and rfc3022 for correct NAPT of ICMP packets. | ||||||||
ShowBlock | ESM_Beep | How to show connection blocks to all admins. | ||||||||
ShowInvalidData | ESM_Off | How to show invalid data from a connection (which might cause a Zombie bug). | ||||||||
ShowKick | ESM_Beep | How to show kicks to all admins. | ||||||||
ShowLogin | ESM_Off | How to show player logins to all admins. This is usually done by the game type. | ||||||||
ShowLogout | ESM_Off | How to show player logouts to all admins. This is usually done by the game type. | ||||||||
ShowNew | ESM_Silent | How to show upcoming connections to all admins. | ||||||||
ShowPreLogin | ESM_Beep | How to show player prelogins to all admins. | ||||||||
ShowPrivateICMP | ESM_Off | (not available for 224v) How to show ignorance of private and APIPA IP addresses to all admins (see option RegardPrivateICMP). |
Option | Default | Description |
---|---|---|
bUscriptAPI | false | Whether to support the UnrealScript event interface. If there are mods using Nephthys' events this option has to be true, otherwise this option should stay false for better performance. |
Option | Default | Description |
---|---|---|
MaxLogTableEntries | 1000 | Limit for entry number in log table. On load oldest entries get deleted. Large log tables need much time to be saved and searched through. Small log tables can't store "old" players. Find an applicable value for your server. Use 0 to turn this option off (log table grows endlessly). |
ShowLog | ESM_Beep | How to show any change of the log table to all admins |
Option | Default | Description |
---|---|---|
bAllowUploads | true | If this is set to false no player may download missing packages. |
bLimitUploadBandwidth | true |
Turns on the automatic upload bandwidth limitation algorithm. Upload is limited to the remaining available bandwidth calculated by MaxClientRate * (MaxPlayers + MaxSpectators) * UploadThrottle. If you prefer to play undisturbed by downloaders, this option should be set to true. If you prefer to get the downloader in as fast as possible (waiting until download/lag has stopped), this option should be set to false. To setup all your server's bandwidth values correctly use this small Netspeed Calculator (requires JavaScript to be enabled): |
MaxUploadPackageSize | -1 | Max. number of bytes a package may have to be allowed to be uploaded. Greater amount is blocked before start. -1 = no limit |
MaxUploadSize | -1 | Max. number of bytes a connection may download in sum. Greater amount is blocked before start. -1 = no limit |
ShowPublicUploads | ESM_Off | How to show a lag warning due to uploads to all players but admins. |
ShowUploadDone | ESM_Off | How to show info about completed uploads to all admins. |
ShowUploads | ESM_Beep | How to show info about uploads to all admins. |
UploadThrottle | 1.0 | Multiplyer for automatic upload bandwidth limitation (needs bLimitUploadBandwidth=true). Values > 0.0 but < 1.0 will make downloads slower with less lag for online players, values > 1.0 will make download faster with increasing lag for online players, values <= 0.0 will disable uploads. See bLimitUploadBandwidth for more details. |
NephthysWebDownload.ini
file to your public server (requires restart of your public server to apply). In this case using Nephthys Lite instead of Nephthys on the public server computer is recommended, especially if the public server computer doesn't allow Nephthys to be able to launch extractor programs.Option | Default | Description |
---|---|---|
bSupportWebDownload | true | The server side master switch. If this option is set to false the server won't ever support any web download (i.e. the server won't provide any URL to any client). |
DownloadFolders | <empty> | To setup a list of URLs referring archived packages use the command web support (see there). However, if you already have folders where you downloaded lots of archives you may enter these folder names to the DownloadFolders so the setup process doesn't need to re-download these archives just to take a look into which packages are contained. DownloadFolders are to be considered readonly for Nephthys. Its only purpose is to optionally provide a list of already downloaded archives. The folder names may be given relatively to the Unreal system folder. |
ServerOnlyPackages | <empty> | An array of all packages which never should be provided download urls for even if an archive is known. Don't add the file extension here (e.g. if your server mod is called "MyServerMod1.u" then only enter "MyServerMod1" here). Nephthys itself is always considered to be a member of this list, so you don't need to add "Nephthys" here. Also, all other ServerActors not listed in ServerPackages are considered to be a member of this list automatically. |
Option | Default | Description |
---|---|---|
bBanRUA | false | whether to ban an RUA attacking IP address automatically |
bBerateFakeMasters | true | whether to send a berating message to fake masters, i.e. remote partners which query an "outgoing" uplink port instead of querying the proper query port. The berating message is localizable in Nephthys.int . |
bLogAllRequests | false | debug only, never set this to true for usual play! |
bLogInvalidRequests | false | log mal-formed requests |
bLogRejected | false | log attacker requests |
bLogSendFail | true | log failing sends |
bLogSendText | false | debug only: log all replies sent |
DoUplink | true | whether to uplink to the given master server, so the server is globally listed. Note that NptServerUplink has its own setting here. |
UpdateMinutes | 1 | How often NptServerUplink uplinks to the master server. Note that NptServerUplink has its own setting here. |
MasterServerAddress MasterServerPort |
master0.gamespy.com 29700 |
These settings are usually overridden by specific ServerActors=Nephthys.NptServerUplink... lines, so it need not be configured here. |
MaxRequestsForDRUA TimeDeltaForDRUA |
20 1 |
max. numer of requests per TimeDeltaForDRUA seconds counted of all IPs, more than this is considered to be a DRUA (distributed repetitive uplink attempt) attack, resulting in ignorance of all further requests. This is a DoS (denial of service) attack attempt. To take effect, it must be: MaxRequestsForDRUA * TimeDeltaForDRUA <= MaxTicksPerSecond. |
MaxRequestsForRUA TimeDeltaForRUA |
7 1 |
max. number of requests per TimeDeltaForRUA seconds a single IP address may do, more than this is considered to be a RUA (repetitive uplink attempt) attack. This is a DoS (denial of service) attack attempt. To take effect, it must be: MaxRequestsForRUA * TimeDeltaForRUA <= MaxTicksPerSecond. |
ServerActors=Nephthys.NptServerUplink MasterServerAddress=<domain or IP address of (your) new master server> MasterServerPort=<port>
[UBrowserAll]
ListFactories[0]=UBrowser.UBrowserGSpyFact,MasterServerAddress=<domain or IP address of (your) new master server>,MasterServerTCPPort=<port>,GameName=Unreal
Option | Default | Description |
---|---|---|
AddServerRule | <all empty> | generic additional informations given to the client as reply to server rule requests |
.Tag | the key for the information (e.g. "Policy") | |
.Value | the information itself (e.g. "No cussing!") | |
bCountRealPlayersOnly | true | whether to count real players in server list only (= don't count spectators, etc.) or to count all of the checked above in server list |
bReportBots | false | include bots in detailed info |
bReportCameras | false | include cameras in detailed info |
bReportMeshSkinFace | true | whether to report meshes, skins and faces (Deus Ex only) of players |
bReportOthers | false | include all other score board entry relevant actors in detailed info |
bReportPlayers | true | include players in detailed info |
bReportSpectators | false | include spectators in detailed info |
Option | Default | Description |
---|---|---|
bAcceptIllegalSyntax | false | whether to accept illegal query syntax (not conform to the GameSpy Query Protocol). It's not recommended to set this to true because it's inefficient and certains query requests won't work. Only needed to support some wrongly coded game-external third-party server query tools. For Rune this is always considered to be set to true. |
bBanRQA | false | whether to ban an RQA attacking IP address automatically |
bDisableProperties | false | whether to reject requests of named properties of the game, the level or the players |
bLogAllRequests | false | debug only, never set this to true for usual play! |
bLogInvalidRequests | false | log mal-formed requests |
bLogInvalidSends | true | log mal-formed replies |
bLogRejected | false | log attacker requests |
bLogSendFail | true | log failing sends |
bLogSendText | false | debug only: log all replies sent |
bNoSmurfPingPong | true | Prevents servers from playing query ping-pong caused by a smurf attack. If you use UProtect you have to set this option to false. |
bReplaceBackslashes | true | whether to replace all backslashes '\ ' to slashes '/ ' in query responses |
MaxRequestsForDRQA TimeDeltaForDRQA |
20 1 |
max. numer of requests per TimeDeltaForDRQA seconds counted of all IPs, more than this is considered to be a DRQA (distributed repetitive query attempt) attack, resulting in ignorance of all further requests. This is a DoS (denial of service) attack attempt. To take effect, it must be: MaxRequestsForDRQA * TimeDeltaForDRQA <= MaxTicksPerSecond. |
MaxRequestsForRQA TimeDeltaForRQA |
7 1 |
max. number of requests per TimeDeltaForRQA seconds a single IP address may do, more than this is considered to be a RQA (repetitive query attempt) attack. This is a DoS (denial of service) attack attempt. To take effect, it must be: MaxRequestsForRQA * TimeDeltaForRQA <= MaxTicksPerSecond. |
Option | Default | Description |
---|---|---|
ArchiveFolder | ..\NephthysDownloadedArchives | The folder where to download archives to. May be given absolute (starting with a device letter) or relative (as the default). Relative pathes refer to the Unreal system folder. With the very first startup Nephthys presets this setting to the default value and creates the needed folder. If you change this setting later (e.g. to share the download folder with multiple Unreal installations), you have to create the new folder by yourself (and then you can safely delete the folder created by Nephthys). Also note that for security reasons this path always must end with \NephthysDownloadedArchives . |
bDeleteArchiveWhenDone | false | Whether to delete the download archive after the needed packages were extracted. If you set this option to true and bExtractAllPackages=false, clients will have to download the archive again and again for every map which is included in the archive. If you run out of hard drive space then set this option to true. |
Option | Default | Description |
---|---|---|
ActiveDataPort | <empty> | If this option is empty, passive FTP is used (the FTP client opens 2 outgoing connections to the web server, the control connection to the remote port 21 (usually, but some web spaces may use other ports), and the data connection to a remote port given by the web server). To enable active FTP you have to enter a local port number or a number range (with a dash inbetween the 2 numbers) which is/are to be used by the web server for incoming data transfer. For passive FTP you need to allow Unreal to open outgoing TCP connections to any remote address and any remote port. For active FTP you need to allow Unreal to open outgoing TCP connections to any remote address and remote port 21 (usually, but some web spaces may use other ports) and to accept incoming TCP connections to the local port(s) you provided in this option. |
AnonymousEmail | name@example.com | By common sense, FTP clients should provide their email address to the FTP web server from which they download stuff from. Most FTP web servers accept any password for anonymous connections while some only accept a valid email address. If this option is empty, "guest" is used as password to login. Note that "example.com" is invalid by definition (see rfc2606). |
bRedownloadArchives | false | Whether to download archives again, although they already exist in the ArchiveFolder. Useful, if the archive at the web space got updated but didn't change its size. |
FtpRetryPause | 3 | Time in seconds to wait after any failure of an FTP connection before retrying. Too low times may be treated as attacks by the web server and may lead in permanent banning. |
FtpTimeout | 20 | Time in seconds to wait for web server replies. |
MaxFtpConnsPerServer | 1 | If multiple archives are to be downloaded from the same web server Nephthys opens multiple connections and downloads them at once. Many web servers limit the number of connections per FTP client though, leading to a timeout error at the FTP client side. To avoid unnecessary timeout errors the number of connections per web server may be limited with this option. Nephthys then loads the required archives sequentially. |
MaxParallelFtpConns | 5 | How many FTP connections maximal are opened at once if multiple archives are to be downloaded. |
MaxRetryCount | 5 | Maximum number of tries after failing FTP downloads. If this number is exceeded Nephthys gives up and falls back to the standard download (from the Unreal server). |
Option | Default | Description |
---|---|---|
bRedownloadArchives | false | Whether to download archives again, although they already exist in the ArchiveFolder. Useful, if the archive at the web space got updated but didn't change its size. |
HttpRetryPause | 3 | Time in seconds to wait after any failure of an HTTP connection before retrying. Too low times may be treated as attacks by the web server and may lead in permanent banning. |
HttpTimeout | 20 | Time in seconds to wait for web server replies. |
MaxHttpConnsPerServer | 1 | If multiple archives are to be downloaded from the same web server Nephthys opens multiple connections and downloads them at once. Many web servers limit the number of connections per HTTP client though, leading to a timeout error at the HTTP client side. To avoid unnecessary timeout errors the number of connections per web server may be limited with this option. Nephthys then loads the required archives sequentially. |
MaxParallelHttpConns | 5 | How many HTTP connections maximal are opened at once if multiple archives are to be downloaded. |
MaxRedirectionCount | 5 | Locations of archives may be redirected by the web server. This option limits endless redirection chains. |
MaxRetryCount | 5 | Maximum number of tries after failing HTTP downloads. If this number is exceeded Nephthys gives up and falls back to the standard download (from the Unreal server). |
C:\Unreal\System\Unreal.log
; or you press TAB, type showlog and press ENTER to open the in-game log console). Each web action lists a short summary here.PATH
:PATH
already exists, double click it and append the required installation folder (starting with the device letter) to it's Variable value, separated with a semicolon, e.g. oldvaluehere;C:\Program Files\ThisDecompressionToolsFolder
.PATH
doesn't exist yet, Click the "New" button, enter "PATH" as the Variable name (without the quotes) and the required installation folder (starting with the device letter) as the Variable value, e.g. C:\Program Files\ThisDecompressionToolsFolder
.Unreal.ini
, User.ini
, NephthysWebDownload.ini
).Option | Default | Description |
---|---|---|
bConvertAllToCache | false | Whether to convert all extracted packages to the cache folder using the appropriate naming conventions. Advantage: Avoid version mismatches. Disadvantage: The downloaded stuff can't be used offline. Todo: For now only the packages currently running at the server are converted to cache. |
bEnableWebDownload | true | The master switch. Set this option to false to turn off the web download feature at the client side. |
bExtractAllPackages | false | Whether to extract all packages (true, faster connect to next maps but slower connect to current map) or only the currently needed packages (slower connect to next maps, but faster connect to current map). |
bReplacePackages | false | Whether to replace existing packages with the same name (cache folder packages are never replaced). |
PackageFolder | ..\NephthysDownloadedPackages | The folder where to extract packages from download archives to. May be given absolute (starting with a device letter) or relative (as the default). Relative pathes refer to the Unreal system folder. With the very first startup Nephthys presets this setting to the default value and creates the needed folder. If you change this setting later (e.g. to share this folder with multiple Unreal installations), you have to create the new folder by yourself (and then you can safely delete the folder created by Nephthys). Also note that for security reasons this path always must end with \NephthysDownloadedPackages . All cache named packages always go to the cache folder though. |
WebLinkTimeout | 7 | The time the server is given to provide appropriate download URLs after it announced to support web download. If this time expires without support by the server the client falls back to the standard download procedure (download from the server). |
Command | Description |
---|---|
Help | Show a brief summary of all commands |
Status [<conn#>|[-]<state>|[-]quiet] | Show a brief summary of all handled connections [a detailed info of given connection | all connections with [not] <state> | all [not] quiet connections] |
Ban list [<banentry> [<bansort> [<count> [overlap]]]] | List ban table [only <banentry>s [sorted by <bansort> [max. <count> entries [with overlapping bans]]]] |
Ban remove <banentry> | Remove ban table <banentry>s Hint: Use ban list with same <banentry> parameters prior to ban remove to avoid unwanted deletions |
Ban change <banentry> <banpar> | Change a single ban table <banentry> Hint: Use ban list with same <banentry> parameters prior to ban change to avoid unwanted changes |
Ban new <banpar> | Insert a new ban table entry, even if some banpars match an existing entry |
Kick <ip>[:<port>]|N=<Name>|O=<Computer>|I=<Identity> | Kick a given player (close its connection). You may kick downloaders by giving the IP! |
Log list [<logentry> [<logsort> [<count>]]] | List log table [only <logentry>s [sorted by <logsort> [max. <count> entries]]] |
Log remove <logentry> [<name>] | Remove log table <logentry>s [only the exact <name> from the entry] |
Log range <logentry> <ipStart>[-<ipEnd>]|#<slotStart>-<slotEnd>[,Mask] | Expand log table entry to IP address range / re-range <logentry>.
New range may include other entries, but must not intersect any entry. Giving ",Mask" will expand the selected range to boundaries of powers by 2 (see <logentry>). If you're unsure what this option does then don't use it! Anyways, it's recommended to use "log list" with this required mask prior to applying it with "log range". |
Log merge <logentry> [Mask] | Merge successive <logentry>s with same name(s) [and expand them by mask calculation]. It's a shortcut to range multiple log table entries of dyn. IP address players into one single entry. |
Web support [<archive url>] | List the current web support state. If an archive url is given it is accessed and downloaded to the configured ArchiveFolder or examined locally (if found in the ArchiveFolder or in one of the DownloadFolders) and all Unreal relevant packages are memorized together with the archive url. Note that URLs are case sensitive and must not include any blank character. The easiest and most convenient way is to copy the working URL from some web site or from your browser's address line directly to the server's log console window. This command with a given URL is not available in Nephthys Lite. |
Web list [<webentry>] | List web support table [only <webentry>s] |
Web toggle [<webentry>] | Enable/disable <webentry>s. Disabled web table entries are listed with a leading semicolon. |
Web remove [<webentry>] | Remove web table <webentry>s. |
Tag | Description |
---|---|
<banentry> | <ipStart>-<ipEnd> | #<slotStart>[-<slotEnd>] | N=<name> | L=<LastUsedStart>[-<LastUsedEnd>] | E=<ExpiresStart>[-<ExpiresEnd>] | D=<DeleteStart>[-<DeleteEnd>] | C=<comment> | M=<message> | R=<reference> | Drop | Stealth | Quiet | O=<Computer> | I=<Identity> More than 1 search criteria may be given separated by comma "," Name, Comment, Message, Reference, Computer, Identity: selects only ban entries including the given string LastUsed: The timestamp of the last time the ban rule was applied (setup by Nephthys automatically). You may omit time and/or day if not needed, e.g. 2004/08-2004/09 Expires: The timestamp of the epxiration of the ban rule (setup by Expires=...). You may omit time and/or day if not needed, e.g. 2004/08-2004/09 Delete: The timestamp of the time the ban rule is to be deleted automatically (setup by Delete=...). You may omit time and/or day if not needed, e.g. -2007/06 Drop: selects only ban entries with DropCount > 0 Stealth: selects only stealth ban entries Quiet: selects only quiet ban entries |
<bansort> | [-]<LastUsed> | [-]<Reference> LastUsed: sort the listed ban entries by their LastUsed information Reference: sort the listed ban entries by their Reference information precede the sort criterion with a minus sign to reverse the sort direction |
<banpar> | {IP=<ip>[-<ip>] | Name=<string> | | Expires=<stamp> | Delete=<stamp> | Mode=Always,OffWhenAdmin,ReserveName,Off | bStealth=0,1 | bQuiet=0,1 | Message=<string> | Reference=<string> | Comment=<string> | Next=#<slot>}+ IP: IP address (range) to ban, given as ddd.ddd.ddd.ddd Name: only for name bans (= ban if name matches) or name reservation bans (= ban if name matches but IP address (range) doesn't match) Expires: time stamp when this ban entry becomes disabled automatically and becomes shown as "suspect" if configured. Note that it isn't removed automatically! Delete: time stamp when this ban entry is to be deleted automatically. Note that the ban entry doesn't exist any more after that time stamp! Use this parameter to clean up the ban table automatically. Mode: Always: ban entry active always; OffWhenAdmin: ban entry active only if no admin is logged in; ReserveName (IP address (range) and Name requrired): Name is useable for given IP address (range) only; Off: disabled (is shown as "suspect" if configured) bStealth: 0: connection is allowed to query and to attempt PreLogin. The banned player is allowed to request a server info (name, players, scores, etc. are returned) and if the player tries to connect, Nephthys will let the player pass to PreLogin (so the admin (you) can see the Name of the player - important if you ban IP address ranges) and closes the connection after that. A higher mod has the possibility to send a (specific, see below) message to the player concerning the ban reason before Nephthys closes the connection. 1: no traffic from connection is accepted, i.e. the server will reject any server info request, so the server is invisible in the banned player's server list (NptServerQuery or a subclassed actor MUST be used; UdpServerQuery will not work). Also, if the player tries to connect manually by entering "open IP", Nephthys won't reply anything (just like a firewall: all network packets from the banned players are dropped). bQuiet: 0: Appliance of this ban is shown as configured in ShowBlock. 1: Appliance of this ban is neither shown nor logged at all. A customized uscript interface function is called though. Message (isn't considered for applying a ban; only used with non-stealth bans): message the player gets shown when banned. If no message is given the generic localized "BannedMessage" (section "[Nephthys]") in Nephthys.int is used. Reference (isn't considered for applying a ban): user defineable reference to the reason why this ban was setup (default and automatically inserted ban enties: current time stamp - see server log at this stamp for details) Comment (isn't considered for applying a ban): user defineable comment which should hold a reminder for the admin why this ban was setup. Next (may affect which ban is applied): If given the new or changed ban entry is placed before the given ban number, else it's appended at the end of the ban table (ban new) or it keeps its place (ban change). Since for ban application the ban table is scanned by slot number 0 to higher numbers, ban entries at the end of the ban table may be hidden behind a ban entry in a lower position. |
<logentry> | <ipStart>-<ipEnd> | #<slotStart>[-<slotEnd> | N=<name> | L=<LastUsedStart>[-<LastUsedEnd>] | Admin | Drop | Kick | O=<Computer> | I=<Identity>[,Mask] Name: selects only log entries including the given string LastUsed: omit time and/or day if not needed, e.g. 2004/08-2004/09 Admin: selects only log entries detected as admins Drop: selects only log entries with DropCount > 0 Kick: selects only log entries with KickCount > 0 Computer: selects only log entries for the given Unreal 227 client computer Identity: selects only log entries for the given Unreal 227 client identity Mask (requires IP address range or slot (range): extend IP address range to powers of 2. E.g. range 1.2.3.24-1.2.3.129,Mask becomes 1.2.3.0-1.2.3.255 and range 1.2.3.24-1.2.8.24,Mask becomes 1.2.0.0-1.2.15.255 etc. This might be useful when experimentally setting up IP address ranges for logged names of dynamic IP address address ranges. |
<logsort> | [-]<LastUsed> LastUsed: sort the listed log entries by their LastUsed information precede the sort criterion with a minus sign to reverse the sort direction |
<webentry> | #<slotStart>[-<slotEnd>]|<any fraction of the URL or any included package> Although URLs are case sensitive this command searches caseless. |
<string> | replace blanks with %20, % with %25 |
<state> | Connection state. One of New, Reuse, Opened, Hello, PreLogin, Upload, Login, Closing, Condemn, Closed, Blocked |
<stamp> | yyyy[/mm[/dd[%20hh[:mm[:ss]]]]] Note that all time comparisons are simple string comparisons, i.e. "2004/12/31" < "2005/02/25" because "4" < "5" (as expected) but "31.12.2004" > "25.02.2005" because "3" > "2" (not wanted) |
Command | Item | Description |
---|---|---|
log list | P[reLogin] | counts how often a player reached the PreLogin state (before download / join). |
log list | L[ogin] | counts how often a player reached the Login state (successful join). |
log list | K[ick] | counts how often a player was kicked (manually). |
log list | D[rop] | counts how often a player's connection was dropped (invalid join parameters, stealth ban). |
ban list | S[tealthCount] | counts how often a stealth ban was applied. This value won't count for non-stealth bans, but may (re-) start to count if you change the stealth mode of a ban entry. |
ban list | D[ropCount] | counts how often a non-stealth ban was applied, i.e. how often the player was blocked in PreLogin. This value won't count for stealth bans, but may (re-) start to count if you change the stealth mode of a ban entry. |
Unreal\System\Nephthys.ini
file every now and then ;-)Unreal\System\NephthysWebDownload.ini
file every now and then ;-)C:\Unreal\System
) and enter:Description: | Compress an Unreal package for auto-downloading. A file with extension .uz will be created. | |
Parameters: | Files | The wildcard or filenames to compress |
Example: | ucc nptcompress ..\Maps\mymap.unr |
Description: | Decompress a file compressed with ucc nptcompress. | |
Parameters: | CompressedFile | The .uz file to decompress |
Example: | ucc nptdecompress mymap.unr.uz |
Description: | Check a file as valid package. Packages may be misused to infect the target computer with a native virus. Nephthys checks packages automatically, e.g. if a client joins a server, and prevents from using infected packages. This commandlet may be used to check given packages explicitly. | |
Parameters: | PackageFile | The wildcard or filenames of the package to check |
Example: | ucc nptpackagecheck *.u |
Unreal.ini
file by setting it to readonly, once you set up all settings as desired.Unreal.ini
and Unreal.log
files for server and client (if you run both in same system folder) or just use different (system) folders for server and client.Nephthys.u
from within the class browser or edit your Unreal.ini
file and append to the end of the section [Editor.EditorEngine]
the line EditPackages=Nephthys
.ucc make
to compile your own class then edit your Unreal.ini
file and append to the end of the section [Editor.EditorEngine]
the line EditPackages=Nephthys
.Description: | Called when connection is rejected before opening. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space or "" if not logged yet |
Description: | Called when connection is just opened, PreLogin() not yet passed. Data may be received or sent from now on. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space or "" if not logged yet |
|
Outputs: | MoreInfo | If the uscript mod can gain some more informations about this connection it may be stored here. These informations can be obtained later by calls to GetPlayerInfo(), GetConnectionInfo() or GetConnectionInfo2(). |
Description: | Called when connection is closed before PreLogin(), e.g. due to invalid join parameters or a recognized attack. Since the connection was closed now, no data may be sent or received any more. | |
Parameters: | Addr | IP:Port of the current connection |
Name | The current name of the join attempt or "" if not analysed yet |
|
Names | All known names for connection's IP address separated by space or "" if not logged yet |
Description: | Called after a new player passed the game type's PreLogin(). | |
Parameters: | Addr | IP:Port of the current connection |
RequestURL | The complete URL of the join attempt | |
Names | All known names for connection's IP address separated by space | |
Outputs: | Error | To reject the join attempt at this place the uscript mod must set up an error message which gets logged. Although the connection gets dropped after that, the message isn't transmitted to the client. Use the game type's PreLogin() function to do so. |
Description: | Called when new connection started to load a file. | |
Parameters: | Addr | IP:Port of the current connection |
RequestURL | The complete URL of the join attempt | |
Names | All known names for connection's IP address separated by space | |
FileName | The complete name of the file, including the device (drive letter) and all folder names. | |
FileSize | The size of the file in bytes. |
Description: | Called after new player passed the game type's Login(). | |
Parameters: | Addr | IP:Port of the current connection |
RequestURL | The complete URL of the join attempt | |
Names | All known names for connection's IP address separated by space | |
Outputs: | Error | To reject the join attempt at this place the uscript mod must set up an error message which gets logged. Although the connection gets dropped after that, the message isn't transmitted to the client. Use the game type's Login() function to do so. |
Description: | Called when an established connection is closed (kick). | |
Parameters: | Addr | IP:Port of the current connection |
RequestURL | The complete URL of the join attempt | |
Names | All known names for connection's IP address separated by space |
Description: | Called after a player passed the game type's Logout(). | |
Parameters: | Addr | IP:Port of the current connection |
Name | The name of the join attempt (might not be the name the player used at last) | |
Names | All known names for connection's IP address separated by space |
Description: | Called when a connection is considered to be RJA attacking. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space | |
count | Number of new connections resulting in attack detection | |
TimeDelta | The time needed to open the connections. |
Description: | Called when a RJA attack has stopped. This event can be called some time after the attack really stopped. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space | |
count | Number of new connections during attack | |
TimeDelta | The duration of the attack in seconds. |
Description: | Called when a connection is considered to be DRJA attacking. | |
Parameters: | count | Number of new connections resulting in attack detection |
TimeDelta | The time needed to open the connections. |
Description: | Called when a DRJA attack has stopped. This event can be called some time after the attack really stopped. | |
Parameters: | count | Number of new connections during attack |
TimeDelta | The duration of the attack in seconds. |
Description: | Called when a connection is considered to be RIA attacking. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space | |
count | Number of new connections resulting in attack detection | |
TimeDelta | The time needed to open the connections. |
Description: | Called when a RIA attack has stopped. This event can be called some time after the attack really stopped. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space | |
count | Number of new connections during attack | |
TimeDelta | The duration of the attack in seconds. |
Description: | Called when a connection is considered to be IIA attacking. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space |
Description: | Called when a connection is considered to be RUF attacking. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space | |
count | Number of new connections resulting in attack detection | |
TimeDelta | The time needed to open the connections. |
Description: | Called when a RUF attack has stopped. This event can be called some time after the attack really stopped. | |
Parameters: | Addr | IP:Port of the current connection |
Names | All known names for connection's IP address separated by space | |
count | Number of new connections during attack | |
TimeDelta | The duration of the attack in seconds. |
Description: | Called when a connection is considered to attack by repetition. | |
Parameters: | attack | The name of the current attack: "RIA", "RJA", "RUF" or "RLM". Future Nephthys versions will call this event also for future attack detections. |
Addr | IP:Port of the current connection | |
Names | All known names for connection's IP address separated by space | |
count | Number of incidents resulting in attack detection | |
TimeDelta | The time needed for the incidents. |
Description: | Called when a connection related repetition attack has stopped. This event can be called some time after the attack really stopped. | |
Parameters: | attack | The name of the current attack: "RIA", "RJA", "RUF" or "RLM". Future Nephthys versions will call this event also for future attack detections. |
Addr | IP:Port of the current connection | |
Names | All known names for connection's IP address separated by space | |
count | Number of incidents during attack | |
TimeDelta | The duration of the attack in seconds. |
Description: | Called when "npt aux <cmd>" is entered. It's just a shortcut to execute a command of your server side uscript actor. | |
Parameters: | Cmd | The command string to execute. |
Description: | Determine whether an IP address and/or name is banned. To implement ban checking in the game type's PreLogin() or Login() a call of GetConnectionInfo() or GetConnectionInfo2() followed by a call of this function gains the information needed to return a (ban rule customized) message to the client. | |
Outputs: | message | If a ban rule matches and it provides a message it's returned here, else "" . |
Parameters: | ip | If given: determine whether this IP address is banned. At least IP address or name must be given. To match a name reservation ban IP address and name must be given. |
name | If given: determine whether this name is banned. At least IP address or name must be given. To match a name reservation ban IP address and name must be given. | |
bStealth | If bStealth!=false (i.e. =true or omitted) only stealth ban rules are considered, all non-stealth ban rules aren't applied |
|
bCount | Whether to count the ban appliance (depending on bStealth) | |
Returns: | The description of the first matched ban rule or "" if none matched. |
Description: | Insert a new stealth ban rule, valid always and forever, or set an existing ban rule to always valid and append the comment. | |
Parameters: | ip | If given: ban this IP address. Either ip or name must be given. |
name | If given: ban this name. Either ip or name must be given. | |
comment | Additional comment for this rule (e.g. reason). | |
AppendIfNot | If an existing ban rule matches the parameters and it doesn't include any of the (space separated) words given here, the new comment is appended to the old comment (with comma and space as separator). Otherwise the old comment is replaced by the new comment. Note that existing ban rules aren't set to stealth. | |
bQuiet | Whether to create a quiet ban (which isn't logged or shown when applied). | |
Returns: | A message what has been done. |
Description: | Read the ban information of a given ban number as a printed string. | |
Parameters: | slot | The ban number to examine. |
Returns: | The description of the matched ban rule or "" if none matched. |
Description: | Gets informations about a given player or the event causing connection. | |
Parameters: | PP | The PlayerPawn to obtain the informations for. Called from within the game type's PreLogin(), Login() and PostLogin() functions this parameter may be set to none to obtain informations about the connection causing the event call of PreLogin(), Login() resp. PostLogin().Called from any other context this parameter has to refer to an existing PlayerPawn, else this function will fail. |
Outputs: | Addr | Current IP:Port of the player. |
State | State of the connection. | |
Names | All known names for connection's IP address separated by space | |
MoreInfo | More informations as given by event ConnectionOpened() | |
Returns: | Whether it worked out good (true ) or bad (false , e.g. no connection for PlayerPawn). |
Description: | Kicks by a given PlayerPawn, IP:Port or IP. The traffic is stopped immediately, the connection is closed as soon as possible. | |
Parameters: | PP | If given: the PlayerPawn to kick. Either PP or Addr must be given. |
Addr | If given: IP:Port or IP to kick. If only IP is given all connections matching this IP address are kicked. | |
Comment | If given: A comment to log together with the kick (as reminder for later log inspections). | |
Returns: | Whether it worked out good (true ) or bad (false , e.g. no connection for PlayerPawn or IP address currently not online). |
Description: | Log a new name for a given IP. E.g. this may be called in case of name changes. | |
Parameters: | ip | The IP address to log. |
name | The name to log. | |
Returns: | A message what has been done. | |
Remark: | Better use LogPlayerName(). It's more exact with players with same IP address. |
Description: | Log a new name for a given player. E.g. this may be called in case of name changes. | |
Parameters: | PP | The PlayerPawn to log the name for. Called from within the game type's PreLogin(), Login() and PostLogin() functions this parameter may be set to none to log the name of the connection causing the event call of PreLogin(), Login() resp. PostLogin().Called from any other context this parameter has to refer to an existing PlayerPawn, else this function will fail. |
name | The name to log. | |
Returns: | A message what has been done or "" if failed. |
Description: | Executes a command as if given by npt <command>. | |
Parameters: | cmd | The command string to execute. |
Description: | Gets informations about a given connection. | |
Parameters: | Addr | IP:Port of the connection to examine. |
Outputs: | PP | PlayerPawn using this connection or none if not connected yet / anymore. |
State | State of the connection. | |
Names | All known names for the connection separated by space | |
MoreInfo | More informations as given by event ConnectionOpened() | |
UploadFilename | The complete name of the file currently uploading, including the device (drive letter) and all folder names or "" if connection isn't uploading. |
|
UploadTransfered | Number of bytes already uploaded or 0 if connection isn't uploading. | |
UploadTotalSize | The size of the file in bytes or 0 if connection isn't uploading. | |
Returns: | Whether it worked out good (true ) or bad (false , e.g. no connection for Addr). |
|
See: | GetConnectionInfo2() provides more informations. |
Description: | Gets informations about a given connection. | |
Parameters: | Addr | IP:Port of the connection to examine. |
Outputs: | PP | PlayerPawn using this connection or none if not connected yet / anymore. |
State | State of the connection. | |
Names | All known names for the connection separated by space | |
MoreInfo | More informations as given by event ConnectionOpened() | |
UploadFilename | The complete name of the file currently uploading, including the device (drive letter) and all folder names or "" if connection isn't uploading. |
|
UploadTransfered | Number of bytes already uploaded or 0 if connection isn't uploading. | |
UploadTotalSize | The size of the file in bytes or 0 if connection isn't uploading. | |
Computer | The 227 client computer information or 0 for older clients. | |
Identity | The 227 client Identity information or 0 for older clients. | |
Returns: | Whether it worked out good (true ) or bad (false , e.g. no connection for Addr). |