parent
6bd4fe73d0
commit
bc3de31409
5 changed files with 201 additions and 25 deletions
@ -1,25 +1,4 @@ |
||||
# CakePHP 3 |
||||
|
||||
/vendor/* |
||||
/config/app.php |
||||
|
||||
/tmp/cache/models/* |
||||
!/tmp/cache/models/empty |
||||
/tmp/cache/persistent/* |
||||
!/tmp/cache/persistent/empty |
||||
/tmp/cache/views/* |
||||
!/tmp/cache/views/empty |
||||
/tmp/sessions/* |
||||
!/tmp/sessions/empty |
||||
/tmp/tests/* |
||||
!/tmp/tests/empty |
||||
|
||||
/logs/* |
||||
!/logs/empty |
||||
|
||||
# CakePHP 2 |
||||
|
||||
/app/tmp/* |
||||
/app/Config/core.php |
||||
/app/Config/database.php |
||||
/vendors/* |
||||
composer.lock |
||||
composer.phar |
||||
GeoLite2-City.mmdb |
@ -0,0 +1,5 @@ |
||||
{ |
||||
"require": { |
||||
"geoip2/geoip2": "~2.0" |
||||
} |
||||
} |
@ -0,0 +1,26 @@ |
||||
<?php |
||||
/*** |
||||
* 2022 ~ a monocul.us project _ _ __ _ _ |
||||
* _ __ __ _ _ _ __ _| |__ | |_ _ _ / /(_)___| |_ |
||||
* | '_ \ / _` | | | |/ _` | '_ \| __| | | |/ / | / __| __| |
||||
* | | | | (_| | |_| | (_| | | | | |_| |_| / /__| \__ \ |_ |
||||
* |_| |_|\__,_|\__,_|\__, |_| |_|\__|\__, \____/_|___/\__| |
||||
* |___/ |___/ |
||||
* |
||||
* Set LOCALDB to true if this is your main/only server to monitor. |
||||
* The GEOIPDB is propietary and you must download it whith a Maxmind account (free is enough). |
||||
* If this script can be executed from the outside world (ex placed in your www root) make sure |
||||
* to set REMOTESECRET with a good secure string (no spaces!). |
||||
*/ |
||||
|
||||
define("LOCALDB", true); |
||||
define("MYSQL_PDO", "mysql:host=127.0.0.1;dbname=naughylist"); |
||||
define("MYSQL_USERNAME", ""); |
||||
define("MYSQL_PASSWORD", ""); |
||||
define("PATH_GEOIPDB","GeoLite2-City.mmdb"); |
||||
define("REMOTEDB", "https://example.com/fail2sql.php"); |
||||
define("REMOTESECRET", "put-long-secure-string-here"); |
||||
ini_set('display_errors', 1); |
||||
ini_set('display_startup_errors', 1); |
||||
error_reporting(E_ALL); |
||||
?> |
@ -0,0 +1,166 @@ |
||||
<?php |
||||
/*** |
||||
* 2022 ~ a monocul.us project _ _ __ _ _ |
||||
* _ __ __ _ _ _ __ _| |__ | |_ _ _ / /(_)___| |_ |
||||
* | '_ \ / _` | | | |/ _` | '_ \| __| | | |/ / | / __| __| |
||||
* | | | | (_| | |_| | (_| | | | | |_| |_| / /__| \__ \ |_ |
||||
* |_| |_|\__,_|\__,_|\__, |_| |_|\__|\__, \____/_|___/\__| |
||||
* |___/ |___/ |
||||
* You should not modify this file unless you know what you are doing; |
||||
* settings can be found in the config.php file. |
||||
*/ |
||||
|
||||
require 'vendor/autoload.php'; |
||||
include 'config.php'; |
||||
use GeoIp2\Database\Reader; |
||||
|
||||
function sendReport($name, $protocol, $port, $ip) |
||||
{ |
||||
$ch = curl_init(REMOTEDB); |
||||
$postData = [ |
||||
'name' => $name, |
||||
'protocol' => $protocol, |
||||
'port' => $port, |
||||
'ip' => $ip, |
||||
'key' => REMOTESECRET |
||||
]; |
||||
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); |
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); |
||||
$response = curl_exec($ch); |
||||
curl_close($ch); |
||||
} |
||||
|
||||
function updateReport($db, $report_id) |
||||
{ |
||||
$QUERY = "UPDATE naughtylist set count=count+1 where id = :id"; |
||||
|
||||
$db->prepare($QUERY)->execute( |
||||
[ |
||||
'id' => $report_id |
||||
] |
||||
); |
||||
} |
||||
|
||||
function addReport($db, $geoip, $name, $protocol, $port, $ip) |
||||
{ |
||||
$QUERY = "INSERT INTO naughtylist VALUES (:id, :name, :protocol, :port, :ip, :count, :longitude, :latitude, :countrycode, :geo)"; |
||||
$geoipRecord = $geoip->city($ip); |
||||
|
||||
$db->prepare($QUERY)->execute( |
||||
['id' => 0, |
||||
'name' => $name, |
||||
'protocol' => $protocol, |
||||
'port' => intval($port), |
||||
'ip' => $ip, |
||||
'count' => 1, |
||||
'longitude' => $geoipRecord->location->longitude, |
||||
'latitude' => $geoipRecord->location->latitude, |
||||
'countrycode' => $geoipRecord->country->isoCode, |
||||
'geo' => $geoipRecord->mostSpecificSubdivision->name . " " . $geoipRecord->city->name |
||||
] |
||||
); |
||||
|
||||
} |
||||
|
||||
function reportExists($db, $name, $protocol, $port, $ip) |
||||
{ |
||||
$QUERY = "SELECT id FROM naughtylist WHERE name = :name AND protocol = :protocol AND port = :port AND ip = :ip LIMIT 1"; |
||||
|
||||
$stmt = $db->prepare($QUERY); |
||||
$stmt->execute( |
||||
['name' => $name, |
||||
'protocol' => $protocol, |
||||
'port' => intval($port), |
||||
'ip' => $ip |
||||
] |
||||
); |
||||
if(!$stmt) { return -1; } |
||||
return $stmt->fetchColumn(); |
||||
} |
||||
|
||||
function honeypot($name, $protocol, $port) |
||||
{ |
||||
/* Credits to https://stackoverflow.com/a/13646848 */ |
||||
/* This DOES NOT resolve VPNs. Only transparent HTTP proxy */ |
||||
if(array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ) { |
||||
if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',')>0) { |
||||
$addr = explode(",",$_SERVER['HTTP_X_FORWARDED_FOR']); |
||||
$ip = trim($addr[0]); |
||||
} else { |
||||
$ip = $_SERVER['HTTP_X_FORWARDED_FOR']; |
||||
} |
||||
} |
||||
else { |
||||
$ip = $_SERVER['REMOTE_ADDR']; |
||||
} |
||||
|
||||
if(LOCALDB) { |
||||
$db = new PDO(MYSQL_PDO, MYSQL_USERNAME, MYSQL_PASSWORD); |
||||
$geoip = new Reader(PATH_GEOIPDB); |
||||
|
||||
$report = reportExists($db, $name, $protocol, $port, $ip); |
||||
|
||||
if($report != -1) |
||||
{ |
||||
updateReport($db, $report); |
||||
} else { |
||||
addReport($db, $geoip, $name, $protocol, $port, $ip); |
||||
} |
||||
} else { |
||||
sendReport($name, $protocol, $port, $ip); |
||||
} |
||||
} |
||||
|
||||
function serve() |
||||
{ |
||||
if(LOCALDB) { |
||||
$db = new PDO(MYSQL_PDO, MYSQL_USERNAME, MYSQL_PASSWORD); |
||||
$geoip = new Reader(PATH_GEOIPDB); |
||||
} |
||||
/* Running from console */ |
||||
if(isset($_SERVER["argv"][1]) && isset($_SERVER["argv"][2]) && isset($_SERVER["argv"][3]) && isset($_SERVER["argv"][4])) |
||||
{ |
||||
$name = $_SERVER["argv"][1]; |
||||
$protocol = $_SERVER["argv"][2]; |
||||
$port = $_SERVER["argv"][3]; |
||||
$ip = $_SERVER["argv"][4]; |
||||
if(LOCALDB) |
||||
{ |
||||
$report = reportExists($db, $name, $protocol, $port, $ip); |
||||
|
||||
if($report != -1) |
||||
{ |
||||
updateReport($db, $report); |
||||
} else { |
||||
addReport($db, $geoip, $name, $protocol, $port, $ip); |
||||
} |
||||
} else { |
||||
sendReport($name, $protocol, $port, $ip); |
||||
} |
||||
/* Remote query */ |
||||
} elseif (isset($_POST['name']) && isset($_POST['protocol']) && isset($_POST['port']) && isset($_POST['ip']) && isset($_POST['key']) && LOCALDB) { |
||||
$name = $_POST['name']; |
||||
$protocol = $_POST['protocol']; |
||||
$port = $_POST['port']; |
||||
$ip = $_POST['ip']; |
||||
|
||||
if($_POST['key'] != REMOTESECRET) {die(0);} |
||||
$report = reportExists($db, $name, $protocol, $port, $ip); |
||||
if($report != -1) |
||||
{ |
||||
updateReport($db, $report); |
||||
echo json_encode(["status" => "updated"]); |
||||
} else { |
||||
addReport($db, $geoip, $name, $protocol, $port, $ip); |
||||
echo json_encode(["status" => "added"]); |
||||
} |
||||
} |
||||
|
||||
} |
||||
|
||||
if(!defined("HONEYPOT")) |
||||
{ |
||||
serve(); |
||||
} |
||||
|
Loading…
Reference in new issue