First Push
Still needs a cleanup and minor fixes
This commit is contained in:
parent
6bd4fe73d0
commit
bc3de31409
27
.gitignore
vendored
27
.gitignore
vendored
|
@ -1,25 +1,4 @@
|
||||||
# CakePHP 3
|
|
||||||
|
|
||||||
/vendor/*
|
/vendor/*
|
||||||
/config/app.php
|
composer.lock
|
||||||
|
composer.phar
|
||||||
/tmp/cache/models/*
|
GeoLite2-City.mmdb
|
||||||
!/tmp/cache/models/empty
|
|
||||||
/tmp/cache/persistent/*
|
|
||||||
!/tmp/cache/persistent/empty
|
|
||||||
/tmp/cache/views/*
|
|
||||||
!/tmp/cache/views/empty
|
|
||||||
/tmp/sessions/*
|
|
||||||
!/tmp/sessions/empty
|
|
||||||
/tmp/tests/*
|
|
||||||
!/tmp/tests/empty
|
|
||||||
|
|
||||||
/logs/*
|
|
||||||
!/logs/empty
|
|
||||||
|
|
||||||
# CakePHP 2
|
|
||||||
|
|
||||||
/app/tmp/*
|
|
||||||
/app/Config/core.php
|
|
||||||
/app/Config/database.php
|
|
||||||
/vendors/*
|
|
2
LICENSE
2
LICENSE
|
@ -1,6 +1,6 @@
|
||||||
MIT License
|
MIT License
|
||||||
|
|
||||||
Copyright (c) 2022 Andrea Santaniello
|
Copyright (c) 2022 Andrea Santaniello / Monocul.us
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
|
5
composer.json
Normal file
5
composer.json
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{
|
||||||
|
"require": {
|
||||||
|
"geoip2/geoip2": "~2.0"
|
||||||
|
}
|
||||||
|
}
|
26
config.php
Normal file
26
config.php
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
<?php
|
||||||
|
/***
|
||||||
|
* 2022 ~ a monocul.us project _ _ __ _ _
|
||||||
|
* _ __ __ _ _ _ __ _| |__ | |_ _ _ / /(_)___| |_
|
||||||
|
* | '_ \ / _` | | | |/ _` | '_ \| __| | | |/ / | / __| __|
|
||||||
|
* | | | | (_| | |_| | (_| | | | | |_| |_| / /__| \__ \ |_
|
||||||
|
* |_| |_|\__,_|\__,_|\__, |_| |_|\__|\__, \____/_|___/\__|
|
||||||
|
* |___/ |___/
|
||||||
|
*
|
||||||
|
* Set LOCALDB to true if this is your main/only server to monitor.
|
||||||
|
* The GEOIPDB is propietary and you must download it whith a Maxmind account (free is enough).
|
||||||
|
* If this script can be executed from the outside world (ex placed in your www root) make sure
|
||||||
|
* to set REMOTESECRET with a good secure string (no spaces!).
|
||||||
|
*/
|
||||||
|
|
||||||
|
define("LOCALDB", true);
|
||||||
|
define("MYSQL_PDO", "mysql:host=127.0.0.1;dbname=naughylist");
|
||||||
|
define("MYSQL_USERNAME", "");
|
||||||
|
define("MYSQL_PASSWORD", "");
|
||||||
|
define("PATH_GEOIPDB","GeoLite2-City.mmdb");
|
||||||
|
define("REMOTEDB", "https://example.com/fail2sql.php");
|
||||||
|
define("REMOTESECRET", "put-long-secure-string-here");
|
||||||
|
ini_set('display_errors', 1);
|
||||||
|
ini_set('display_startup_errors', 1);
|
||||||
|
error_reporting(E_ALL);
|
||||||
|
?>
|
166
naughtylist.php
Normal file
166
naughtylist.php
Normal file
|
@ -0,0 +1,166 @@
|
||||||
|
<?php
|
||||||
|
/***
|
||||||
|
* 2022 ~ a monocul.us project _ _ __ _ _
|
||||||
|
* _ __ __ _ _ _ __ _| |__ | |_ _ _ / /(_)___| |_
|
||||||
|
* | '_ \ / _` | | | |/ _` | '_ \| __| | | |/ / | / __| __|
|
||||||
|
* | | | | (_| | |_| | (_| | | | | |_| |_| / /__| \__ \ |_
|
||||||
|
* |_| |_|\__,_|\__,_|\__, |_| |_|\__|\__, \____/_|___/\__|
|
||||||
|
* |___/ |___/
|
||||||
|
* You should not modify this file unless you know what you are doing;
|
||||||
|
* settings can be found in the config.php file.
|
||||||
|
*/
|
||||||
|
|
||||||
|
require 'vendor/autoload.php';
|
||||||
|
include 'config.php';
|
||||||
|
use GeoIp2\Database\Reader;
|
||||||
|
|
||||||
|
function sendReport($name, $protocol, $port, $ip)
|
||||||
|
{
|
||||||
|
$ch = curl_init(REMOTEDB);
|
||||||
|
$postData = [
|
||||||
|
'name' => $name,
|
||||||
|
'protocol' => $protocol,
|
||||||
|
'port' => $port,
|
||||||
|
'ip' => $ip,
|
||||||
|
'key' => REMOTESECRET
|
||||||
|
];
|
||||||
|
|
||||||
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||||
|
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
|
||||||
|
$response = curl_exec($ch);
|
||||||
|
curl_close($ch);
|
||||||
|
}
|
||||||
|
|
||||||
|
function updateReport($db, $report_id)
|
||||||
|
{
|
||||||
|
$QUERY = "UPDATE naughtylist set count=count+1 where id = :id";
|
||||||
|
|
||||||
|
$db->prepare($QUERY)->execute(
|
||||||
|
[
|
||||||
|
'id' => $report_id
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function addReport($db, $geoip, $name, $protocol, $port, $ip)
|
||||||
|
{
|
||||||
|
$QUERY = "INSERT INTO naughtylist VALUES (:id, :name, :protocol, :port, :ip, :count, :longitude, :latitude, :countrycode, :geo)";
|
||||||
|
$geoipRecord = $geoip->city($ip);
|
||||||
|
|
||||||
|
$db->prepare($QUERY)->execute(
|
||||||
|
['id' => 0,
|
||||||
|
'name' => $name,
|
||||||
|
'protocol' => $protocol,
|
||||||
|
'port' => intval($port),
|
||||||
|
'ip' => $ip,
|
||||||
|
'count' => 1,
|
||||||
|
'longitude' => $geoipRecord->location->longitude,
|
||||||
|
'latitude' => $geoipRecord->location->latitude,
|
||||||
|
'countrycode' => $geoipRecord->country->isoCode,
|
||||||
|
'geo' => $geoipRecord->mostSpecificSubdivision->name . " " . $geoipRecord->city->name
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function reportExists($db, $name, $protocol, $port, $ip)
|
||||||
|
{
|
||||||
|
$QUERY = "SELECT id FROM naughtylist WHERE name = :name AND protocol = :protocol AND port = :port AND ip = :ip LIMIT 1";
|
||||||
|
|
||||||
|
$stmt = $db->prepare($QUERY);
|
||||||
|
$stmt->execute(
|
||||||
|
['name' => $name,
|
||||||
|
'protocol' => $protocol,
|
||||||
|
'port' => intval($port),
|
||||||
|
'ip' => $ip
|
||||||
|
]
|
||||||
|
);
|
||||||
|
if(!$stmt) { return -1; }
|
||||||
|
return $stmt->fetchColumn();
|
||||||
|
}
|
||||||
|
|
||||||
|
function honeypot($name, $protocol, $port)
|
||||||
|
{
|
||||||
|
/* Credits to https://stackoverflow.com/a/13646848 */
|
||||||
|
/* This DOES NOT resolve VPNs. Only transparent HTTP proxy */
|
||||||
|
if(array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ) {
|
||||||
|
if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',')>0) {
|
||||||
|
$addr = explode(",",$_SERVER['HTTP_X_FORWARDED_FOR']);
|
||||||
|
$ip = trim($addr[0]);
|
||||||
|
} else {
|
||||||
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$ip = $_SERVER['REMOTE_ADDR'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if(LOCALDB) {
|
||||||
|
$db = new PDO(MYSQL_PDO, MYSQL_USERNAME, MYSQL_PASSWORD);
|
||||||
|
$geoip = new Reader(PATH_GEOIPDB);
|
||||||
|
|
||||||
|
$report = reportExists($db, $name, $protocol, $port, $ip);
|
||||||
|
|
||||||
|
if($report != -1)
|
||||||
|
{
|
||||||
|
updateReport($db, $report);
|
||||||
|
} else {
|
||||||
|
addReport($db, $geoip, $name, $protocol, $port, $ip);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
sendReport($name, $protocol, $port, $ip);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function serve()
|
||||||
|
{
|
||||||
|
if(LOCALDB) {
|
||||||
|
$db = new PDO(MYSQL_PDO, MYSQL_USERNAME, MYSQL_PASSWORD);
|
||||||
|
$geoip = new Reader(PATH_GEOIPDB);
|
||||||
|
}
|
||||||
|
/* Running from console */
|
||||||
|
if(isset($_SERVER["argv"][1]) && isset($_SERVER["argv"][2]) && isset($_SERVER["argv"][3]) && isset($_SERVER["argv"][4]))
|
||||||
|
{
|
||||||
|
$name = $_SERVER["argv"][1];
|
||||||
|
$protocol = $_SERVER["argv"][2];
|
||||||
|
$port = $_SERVER["argv"][3];
|
||||||
|
$ip = $_SERVER["argv"][4];
|
||||||
|
if(LOCALDB)
|
||||||
|
{
|
||||||
|
$report = reportExists($db, $name, $protocol, $port, $ip);
|
||||||
|
|
||||||
|
if($report != -1)
|
||||||
|
{
|
||||||
|
updateReport($db, $report);
|
||||||
|
} else {
|
||||||
|
addReport($db, $geoip, $name, $protocol, $port, $ip);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
sendReport($name, $protocol, $port, $ip);
|
||||||
|
}
|
||||||
|
/* Remote query */
|
||||||
|
} elseif (isset($_POST['name']) && isset($_POST['protocol']) && isset($_POST['port']) && isset($_POST['ip']) && isset($_POST['key']) && LOCALDB) {
|
||||||
|
$name = $_POST['name'];
|
||||||
|
$protocol = $_POST['protocol'];
|
||||||
|
$port = $_POST['port'];
|
||||||
|
$ip = $_POST['ip'];
|
||||||
|
|
||||||
|
if($_POST['key'] != REMOTESECRET) {die(0);}
|
||||||
|
$report = reportExists($db, $name, $protocol, $port, $ip);
|
||||||
|
if($report != -1)
|
||||||
|
{
|
||||||
|
updateReport($db, $report);
|
||||||
|
echo json_encode(["status" => "updated"]);
|
||||||
|
} else {
|
||||||
|
addReport($db, $geoip, $name, $protocol, $port, $ip);
|
||||||
|
echo json_encode(["status" => "added"]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!defined("HONEYPOT"))
|
||||||
|
{
|
||||||
|
serve();
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user