#delete all mac cookies before adding script
Onlogin script will detect the user host-name+mac format .. and add it to a firewall list if the user only log-ed in by HTTP chap - pap or HTTP cookie
if user log-ed in by mac cookie the script will compare hostname+mac with the list and remove user if not in list
very good vs mac spoof
here is the script
{
:delay 500ms
:local x $user;
:local y [/ip hotspot active get [find user=$x] address];
:local f [/ip hotspot host get [find to-address=$y] address];
:local c [/ip hotspot active get [find user=$x] login-by];
:local b “http-pap”;
:local k “http-chap”;
:local v “cookie”;
:local n [/ip dhcp-server lease get [find active-address=$f] host-name];
:local s [/ip dhcp-server lease get [find active-address=$f] mac-address];
if (c = b || c = k || c = v) do={
:log warning “Hostname Shield - $x Login is valid”
if ( [ :len [ ip firewall address-list find where list=“$n$s” ] ] = 0 ) do={
/ip firewall address-list add list=“$n$s” comment=$user }} else={
if ( [ :len [ ip firewall address-list find where list=“$n$s” ] ] > 0 ) do={ :log warning “Hostname Shield - Login is valid” } else={ip hotspot active remove [find user=$x]
:log warning “Hostname Shield -login not allowed "
/ip firewall address-list add list=”$user - Account" comment=“$n - $s - Hacked account”
}}}
##added hostname and mac combo to overcome devices with duplicated hostname plus spoofed mac and account list entry
new 2.txt (983 Bytes)
uncheck Login by: MAC
may be easier solution
Thats not a solution !
most hotspot providers still prefer mac cookie logins because clients don’t like writing the account credentials each time they connect to the hotspot
thanks for script
but can you add exception for samsung mobile because new samsung have same host name like Galaxy-J5-Prime , Galaxy-A5-2016 ..etc
added hostname and mac combo so there will be no duplicate in the list
plz give me your number on telegram or whatsapp
but we need script for remove User from address when logout from active