When blocking a subnet, maintain the references to the log table from

[gnucomo.git] / src / web / abuse.php

<?php

/**************************************************************************
**  (c) Copyright 2003, Andromeda Technology & Automation
** This is free software; you can redistribute it and/or modify it under the
** terms of the GNU General Public License, see the file COPYING.
***************************************************************************
** MODULE INFORMATION *
***********************
**      FILE NAME      : abuse.php
**      SYSTEM NAME    : Gnucomo - Gnu Computer Monitoring
**      VERSION NUMBER : $Revision: 1.5 $
**
**  DESCRIPTION      : Abuse list page
**
**  EXPORTED OBJECTS : 
**  LOCAL    OBJECTS : 
**  MODULES  USED    :
***************************************************************************
**  ADMINISTRATIVE INFORMATION *
********************************
**      ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
**      CREATION DATE   : Apr 13, 2004
**      LAST UPDATE     : Apr 13, 2004
**      MODIFICATIONS   : 
**************************************************************************/

/*****************************
   $Log: abuse.php,v $
   Revision 1.5  2007-12-10 16:29:59  arjen
   When blocking a subnet, maintain the references to the log table from
   all IP addresses in that subnet.

   Revision 1.4  2007/11/21 14:38:06  arjen
   The buttonbar at the top of each page is now a fixed 'div' element
   instead of a framed page.
   Contributed by Edwin Nadorp.

   Revision 1.3  2007/10/19 07:15:52  arjen
   In the abuse list, IP addresses can be whitelisted.

   Revision 1.2  2007/01/11 13:44:29  arjen
   Manually edit parameters.
   View logs from abusing IP addresses.

   Revision 1.1  2005/06/04 07:24:38  arjen
   New page: Abuse list

******************************/

// RCSID = "$Id: abuse.php,v 1.5 2007-12-10 16:29:59 arjen Exp $";

ini_set('include_path', '.:./classes:../phpclasses');

require_once('page.class.php');


class abuse_list extends page
{

   function Body()
   {
      if (!empty($_GET['oid']))
      {
         $ObjectId = $_GET['oid'];

         $res = pg_exec($this->database, "SELECT objectname FROM object
                                          WHERE objectid=CAST('" . $_GET['oid']."' AS BIGINT)");
         $obj = pg_fetch_object($res, 0);

         echo "<script type='text/ecmascript'>";
         echo "document.getElementById('menu_title').innerHTML =";
         echo " '<h1>Abuse List for " . $obj->objectname . "<\/h1>'</script>";

         if (!empty($_POST['ACTION']) && ($_POST['ACTION'] == 'Abuse'))
         {
            $abuse_points = 2;
            $Source_IP = $_POST['source'];
            echo "Reporting " . $_POST['ACTION'] . " for " . $_POST['source'] . "<br>\n";
            $res = pg_exec($this->database, "SELECT * FROM object_abuse
                                  WHERE objectid='". $_GET['oid'] ."' AND source='$Source_IP'");
            if (pg_numrows($res) == 0)
            {
               echo "$Source_IP is new.<br>";
               pg_exec($this->database, "INSERT INTO object_abuse VALUES ('" . $_GET['oid'] .
                                  "', '$Source_IP', '$abuse_points', '', NOW())");
            }
            else
            {
               $abuse = pg_fetch_object($res, 0);
               $abuse_points += $abuse->nr_abuses;
               echo $Source_IP . " will get " . $abuse_points . " abuse points.<br>";
               echo "Status was " . $abuse->status . "<br>";
               pg_exec($this->database, "UPDATE object_abuse SET nr_abuses='$abuse_points'" .
                           ", last_change=NOW() WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");

               if ($abuse_points >= 6)
               {
                  echo "<h2 class='error'>Block IP adrress $Source_IP on the firewall.</h2>";
                  pg_exec($this->database, "UPDATE object_abuse SET status='dropped'" .
                           " WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");
               }
            }
//select rawdata from log where logid in (select logid from log_abuse where source='');

         }
         else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Whitelist')
         {
            $Source_IP = $_POST['source'];
            echo "Whitelisting " . $_POST['source'] . "<br>\n";
            $res = pg_exec($this->database, "SELECT * FROM object_abuse
                                  WHERE objectid='". $_GET['oid'] ."' AND source='$Source_IP'");
            $Status = $_POST['status'];
            if (pg_numrows($res) == 0)
            {
               echo "$Source_IP is new.<br>";
               pg_exec($this->database, "INSERT INTO object_abuse VALUES ('" . $_GET['oid'] .
                                  "', '$Source_IP', 0, '$Status', NOW())");
            }
            else
            {
               $abuse = pg_fetch_object($res, 0);
               echo $Source_IP . " will be whitelisted.<br>";
               echo "Status was " . $abuse->status . "<br>";
               pg_exec($this->database, "UPDATE object_abuse SET status='$Status'" .
                           ", last_change=NOW() WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");
            }
         }
         else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Investigate')
         {
            //  Present a list of abuse addresses in one subnet

            $Subnet = $_POST['subnet'];
            $res = pg_exec($this->database, "SELECT * FROM object_abuse
                                  WHERE objectid='". $_GET['oid'] ."' AND source << '$Subnet'");

            echo pg_numrows($res) . " records found.<br>";

            echo "<table>";
            echo "<tr><th>IP address</th><th>Abuses</th><th>Status</th></tr>\n";

            for ($ip = 0; $ip < pg_num_rows($res); $ip++)
            {
               $abuse = pg_fetch_object($res, $ip);
               echo "<tr><td>";
               echo $abuse->source;
               echo "</td><td>";
               echo $abuse->nr_abuses;
               echo "</td><td>";
               echo $abuse->status;
               echo "</td></tr>";
            }
            echo "</table>";

         }
         else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Block')
         {
            //  Block an entire subnet and remove the addresses from the list

            $Subnet = $_POST['subnet'];
            pg_exec($this->database, "DELETE FROM object_abuse WHERE objectid = '$ObjectId"
                                         . "' AND source << '$Subnet'");
            pg_exec($this->database, "UPDATE log_abuse set source='$Subnet'
                                      WHERE objectid='$ObjectId' AND source << '$Subnet'");
            $res = pg_exec($this->database, "SELECT logid FROM log_abuse
                                      WHERE objectid='$ObjectId' AND source = '$Subnet'");
            $abuse_points = pg_num_rows($res);
            pg_exec($this->database, "INSERT INTO object_abuse VALUES ('$ObjectId" .
                                  "', '$Subnet', '$abuse_points', 'dropped', NOW())");
         }

         if (!empty($_GET['src']))
         {
            $oid = $_GET['oid'];
            $src = $_GET['src'];
            $res = pg_exec($this->database, "SELECT * FROM log WHERE logid IN
                                     (SELECT logid FROM log_abuse WHERE objectid=$oid AND source <<= '$src')
                                          ORDER BY object_timestamp");
            echo "<table>";
            echo "<tr><th>Time</th><th>Service</th><th>Abused log entry</th></tr>";
            for ($row = 0; $row < pg_numrows($res); $row++)
            {
               $log = pg_fetch_object($res, $row);
               echo "<tr><td>";
               echo $log->object_timestamp;
               echo "</td><td>";
               echo $log->servicecode;
               echo "</td><td>";
               echo $log->rawdata;
               echo "</td></tr>";
            }
            echo "</table>";
         }
         else
         {
            echo "<form method='post' action='abuse.php?oid=$ObjectId'>";
            echo "Report <input type='submit' name='ACTION' value='Abuse'>";
            echo " for IP address <input type='text' name='source'>";
            echo " or <input type='submit' name='ACTION' value='Whitelist'>";
            echo " with status <input type='text' name='status'>";
            echo "</form>"; 
   
            echo "<form method='post' action='abuse.php?oid=$ObjectId'>";
            echo "<input type='submit' name='ACTION' value='Investigate'>";
            echo " or <input type='submit' name='ACTION' value='Block'>";
            echo " this subnet: <input type='text' name='subnet'>";
            echo "</form>"; 
   
            $res = pg_exec($this->database, "SELECT * FROM object_abuse
                                     WHERE objectid='". $_GET['oid'] ."' ORDER BY source");
   
            echo pg_numrows($res) . " records found.<br>";
   
            echo "<table>";
            echo "<tr><th>IP address</th><th>Abuses</th><th>Status</th><th>Last Changed</th></tr>\n";
   
            for ($ip = 0; $ip < pg_numrows($res); $ip++)
            {
               $abuse = pg_fetch_object($res, $ip);
               echo "<tr><td>";
               echo $abuse->source;
               echo "</td><td>";
               echo "<a href='abuse.php?oid=" . $_GET['oid'] . "&src=" . $abuse->source . "'>" .  $abuse->nr_abuses . "</a>";
               echo "</td><td>";
               echo $abuse->status;
               echo "</td><td>";
               echo $abuse->last_change;
               echo "</td></tr>";
            }
            echo "</table>";
         }
      }
   }
}

$page = new abuse_list("Gnucomo Abuse List");

$page->Showpage();

?>