[pLog-svn] r3254 - plugins/trunk/0ipabuse/class/security
pwestbro at devel.lifetype.net
pwestbro at devel.lifetype.net
Mon Apr 17 04:02:07 GMT 2006
Author: pwestbro
Date: 2006-04-17 04:02:05 +0000 (Mon, 17 Apr 2006)
New Revision: 3254
Added:
plugins/trunk/0ipabuse/class/security/update_iptables.php
Modified:
plugins/trunk/0ipabuse/class/security/ipabusefilter.class.php
Log:
Added a script that can be run as a cron job to configure iptables with the
blocked ipaddress that the plugin found.
This script will most likely need to be modified to be installed on someone
else's system. Also this script should be modified to make it easier to
make these modifications.
Modified: plugins/trunk/0ipabuse/class/security/ipabusefilter.class.php
===================================================================
--- plugins/trunk/0ipabuse/class/security/ipabusefilter.class.php 2006-04-16 14:57:09 UTC (rev 3253)
+++ plugins/trunk/0ipabuse/class/security/ipabusefilter.class.php 2006-04-17 04:02:05 UTC (rev 3254)
@@ -62,7 +62,24 @@
return new PipelineResult();
}
- $clientIp = Client::getIp();
+
+ // Don't call Client::getIp() as it returns the ip address of the requestor, even
+ // if it is behind a gateway. For example, this will return 127.0.0.1, if the machine is configured
+ // to use a proxy runing on localhost.
+// $clientIp = Client::getIp();
+
+
+ // This should only get the public ip
+
+
+ if(isset($_SERVER['REMOTE_ADDR']) AND
+ $_SERVER['REMOTE_ADDR']!="") {
+ $clientIp = $_SERVER['REMOTE_ADDR'];
+ }
+ else {
+ $clientIp = Client::getIp();
+ }
+
$locale = $blogInfo->getLocale();
$result = new PipelineResult();
@@ -76,6 +93,8 @@
$result = new PipelineResult( false, IP_ABUSE_MATCH_FOUND, $locale->tr("error_ipabuse_ip_address_banned") );
}
$newValueInt = $numAccesses + 1;
+
+// error_log( $clientIp . " " . $newValueInt );
dba_replace($clientIp, "$newValueInt", $db);
}
else {
Added: plugins/trunk/0ipabuse/class/security/update_iptables.php
===================================================================
--- plugins/trunk/0ipabuse/class/security/update_iptables.php 2006-04-16 14:57:09 UTC (rev 3253)
+++ plugins/trunk/0ipabuse/class/security/update_iptables.php 2006-04-17 04:02:05 UTC (rev 3254)
@@ -0,0 +1,33 @@
+<?php
+
+// Set this to the temp folder for lifetype
+$LIFETYPE_TMP_FOLDER = "/var/www/plog-1.0/tmp/ipabuse/2";
+
+$today = date("Ymd");
+$dbFile =$LIFETYPE_TMP_FOLDER ."/".$today."ipabuse.db";
+
+$id = dba_open($dbFile, "wl", "db4");
+
+if (!$id) {
+ echo "dba_open failed\n";
+ exit;
+}
+
+$key = dba_firstkey($id);
+
+while ($key != false) {
+ $numAccesses = intval( dba_fetch($key, $id) );
+ if ($numAccesses > 10) { // remember the ip address to perform some action later
+ $handle_later[] = $key;
+ }
+ $key = dba_nextkey($id);
+}
+
+foreach ($handle_later as $val) {
+ exec("/sbin/iptables -I blocked-hosts -s $val -j DROP");
+ echo "/sbin/iptables -I blocked-hosts -s $val -j DROP\n";
+ dba_delete($val, $id);
+}
+
+dba_close($id);
+?>
\ No newline at end of file
More information about the pLog-svn
mailing list