3 /**************************************************************************
4 ** (c) Copyright 2003, Andromeda Technology & Automation
5 ** This is free software; you can redistribute it and/or modify it under the
6 ** terms of the GNU General Public License, see the file COPYING.
7 ***************************************************************************
8 ** MODULE INFORMATION *
9 ***********************
10 ** FILE NAME : abuse.php
11 ** SYSTEM NAME : Gnucomo - Gnu Computer Monitoring
12 ** VERSION NUMBER : $Revision: 1.5 $
14 ** DESCRIPTION : Abuse list page
19 ***************************************************************************
20 ** ADMINISTRATIVE INFORMATION *
21 ********************************
22 ** ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
23 ** CREATION DATE : Apr 13, 2004
24 ** LAST UPDATE : Apr 13, 2004
26 **************************************************************************/
28 /*****************************
30 Revision 1.5 2007-12-10 16:29:59 arjen
31 When blocking a subnet, maintain the references to the log table from
32 all IP addresses in that subnet.
34 Revision 1.4 2007/11/21 14:38:06 arjen
35 The buttonbar at the top of each page is now a fixed 'div' element
36 instead of a framed page.
37 Contributed by Edwin Nadorp.
39 Revision 1.3 2007/10/19 07:15:52 arjen
40 In the abuse list, IP addresses can be whitelisted.
42 Revision 1.2 2007/01/11 13:44:29 arjen
43 Manually edit parameters.
44 View logs from abusing IP addresses.
46 Revision 1.1 2005/06/04 07:24:38 arjen
49 ******************************/
51 // RCSID = "$Id: abuse.php,v 1.5 2007-12-10 16:29:59 arjen Exp $";
53 ini_set('include_path', '.:./classes:../phpclasses');
55 require_once('page.class.php');
58 class abuse_list extends page
63 if (!empty($_GET['oid']))
65 $ObjectId = $_GET['oid'];
67 $res = pg_exec($this->database, "SELECT objectname FROM object
68 WHERE objectid=CAST('" . $_GET['oid']."' AS BIGINT)");
69 $obj = pg_fetch_object($res, 0);
71 echo "<script type='text/ecmascript'>";
72 echo "document.getElementById('menu_title').innerHTML =";
73 echo " '<h1>Abuse List for " . $obj->objectname . "<\/h1>'</script>";
75 if (!empty($_POST['ACTION']) && ($_POST['ACTION'] == 'Abuse'))
78 $Source_IP = $_POST['source'];
79 echo "Reporting " . $_POST['ACTION'] . " for " . $_POST['source'] . "<br>\n";
80 $res = pg_exec($this->database, "SELECT * FROM object_abuse
81 WHERE objectid='". $_GET['oid'] ."' AND source='$Source_IP'");
82 if (pg_numrows($res) == 0)
84 echo "$Source_IP is new.<br>";
85 pg_exec($this->database, "INSERT INTO object_abuse VALUES ('" . $_GET['oid'] .
86 "', '$Source_IP', '$abuse_points', '', NOW())");
90 $abuse = pg_fetch_object($res, 0);
91 $abuse_points += $abuse->nr_abuses;
92 echo $Source_IP . " will get " . $abuse_points . " abuse points.<br>";
93 echo "Status was " . $abuse->status . "<br>";
94 pg_exec($this->database, "UPDATE object_abuse SET nr_abuses='$abuse_points'" .
95 ", last_change=NOW() WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");
97 if ($abuse_points >= 6)
99 echo "<h2 class='error'>Block IP adrress $Source_IP on the firewall.</h2>";
100 pg_exec($this->database, "UPDATE object_abuse SET status='dropped'" .
101 " WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");
104 //select rawdata from log where logid in (select logid from log_abuse where source='');
107 else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Whitelist')
109 $Source_IP = $_POST['source'];
110 echo "Whitelisting " . $_POST['source'] . "<br>\n";
111 $res = pg_exec($this->database, "SELECT * FROM object_abuse
112 WHERE objectid='". $_GET['oid'] ."' AND source='$Source_IP'");
113 $Status = $_POST['status'];
114 if (pg_numrows($res) == 0)
116 echo "$Source_IP is new.<br>";
117 pg_exec($this->database, "INSERT INTO object_abuse VALUES ('" . $_GET['oid'] .
118 "', '$Source_IP', 0, '$Status', NOW())");
122 $abuse = pg_fetch_object($res, 0);
123 echo $Source_IP . " will be whitelisted.<br>";
124 echo "Status was " . $abuse->status . "<br>";
125 pg_exec($this->database, "UPDATE object_abuse SET status='$Status'" .
126 ", last_change=NOW() WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");
129 else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Investigate')
131 // Present a list of abuse addresses in one subnet
133 $Subnet = $_POST['subnet'];
134 $res = pg_exec($this->database, "SELECT * FROM object_abuse
135 WHERE objectid='". $_GET['oid'] ."' AND source << '$Subnet'");
137 echo pg_numrows($res) . " records found.<br>";
140 echo "<tr><th>IP address</th><th>Abuses</th><th>Status</th></tr>\n";
142 for ($ip = 0; $ip < pg_num_rows($res); $ip++)
144 $abuse = pg_fetch_object($res, $ip);
148 echo $abuse->nr_abuses;
156 else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Block')
158 // Block an entire subnet and remove the addresses from the list
160 $Subnet = $_POST['subnet'];
161 pg_exec($this->database, "DELETE FROM object_abuse WHERE objectid = '$ObjectId"
162 . "' AND source << '$Subnet'");
163 pg_exec($this->database, "UPDATE log_abuse set source='$Subnet'
164 WHERE objectid='$ObjectId' AND source << '$Subnet'");
165 $res = pg_exec($this->database, "SELECT logid FROM log_abuse
166 WHERE objectid='$ObjectId' AND source = '$Subnet'");
167 $abuse_points = pg_num_rows($res);
168 pg_exec($this->database, "INSERT INTO object_abuse VALUES ('$ObjectId" .
169 "', '$Subnet', '$abuse_points', 'dropped', NOW())");
172 if (!empty($_GET['src']))
176 $res = pg_exec($this->database, "SELECT * FROM log WHERE logid IN
177 (SELECT logid FROM log_abuse WHERE objectid=$oid AND source <<= '$src')
178 ORDER BY object_timestamp");
180 echo "<tr><th>Time</th><th>Service</th><th>Abused log entry</th></tr>";
181 for ($row = 0; $row < pg_numrows($res); $row++)
183 $log = pg_fetch_object($res, $row);
185 echo $log->object_timestamp;
187 echo $log->servicecode;
196 echo "<form method='post' action='abuse.php?oid=$ObjectId'>";
197 echo "Report <input type='submit' name='ACTION' value='Abuse'>";
198 echo " for IP address <input type='text' name='source'>";
199 echo " or <input type='submit' name='ACTION' value='Whitelist'>";
200 echo " with status <input type='text' name='status'>";
203 echo "<form method='post' action='abuse.php?oid=$ObjectId'>";
204 echo "<input type='submit' name='ACTION' value='Investigate'>";
205 echo " or <input type='submit' name='ACTION' value='Block'>";
206 echo " this subnet: <input type='text' name='subnet'>";
209 $res = pg_exec($this->database, "SELECT * FROM object_abuse
210 WHERE objectid='". $_GET['oid'] ."' ORDER BY source");
212 echo pg_numrows($res) . " records found.<br>";
215 echo "<tr><th>IP address</th><th>Abuses</th><th>Status</th><th>Last Changed</th></tr>\n";
217 for ($ip = 0; $ip < pg_numrows($res); $ip++)
219 $abuse = pg_fetch_object($res, $ip);
223 echo "<a href='abuse.php?oid=" . $_GET['oid'] . "&src=" . $abuse->source . "'>" . $abuse->nr_abuses . "</a>";
227 echo $abuse->last_change;
236 $page = new abuse_list("Gnucomo Abuse List");