3 /**************************************************************************
4 ** (c) Copyright 2003, Andromeda Technology & Automation
5 ** This is free software; you can redistribute it and/or modify it under the
6 ** terms of the GNU General Public License, see the file COPYING.
7 ***************************************************************************
8 ** MODULE INFORMATION *
9 ***********************
10 ** FILE NAME : abuse.php
11 ** SYSTEM NAME : Gnucomo - Gnu Computer Monitoring
12 ** VERSION NUMBER : $Revision: 1.4 $
14 ** DESCRIPTION : Abuse list page
19 ***************************************************************************
20 ** ADMINISTRATIVE INFORMATION *
21 ********************************
22 ** ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
23 ** CREATION DATE : Apr 13, 2004
24 ** LAST UPDATE : Apr 13, 2004
26 **************************************************************************/
28 /*****************************
30 Revision 1.4 2007-11-21 14:38:06 arjen
31 The buttonbar at the top of each page is now a fixed 'div' element
32 instead of a framed page.
33 Contributed by Edwin Nadorp.
35 Revision 1.3 2007/10/19 07:15:52 arjen
36 In the abuse list, IP addresses can be whitelisted.
38 Revision 1.2 2007/01/11 13:44:29 arjen
39 Manually edit parameters.
40 View logs from abusing IP addresses.
42 Revision 1.1 2005/06/04 07:24:38 arjen
45 ******************************/
47 // RCSID = "$Id: abuse.php,v 1.4 2007-11-21 14:38:06 arjen Exp $";
49 ini_set('include_path', '.:./classes:../phpclasses');
51 require_once('page.class.php');
54 class abuse_list extends page
59 if (!empty($_GET['oid']))
61 $res = pg_exec($this->database, "SELECT objectname FROM object
62 WHERE objectid=CAST('" . $_GET['oid']."' AS BIGINT)");
63 $obj = pg_fetch_object($res, 0);
65 echo "<script type='text/ecmascript'>";
66 echo "document.getElementById('menu_title').innerHTML =";
67 echo " '<h1>Abuse List for " . $obj->objectname . "<\/h1>'</script>";
69 if (!empty($_POST['ACTION']) && ($_POST['ACTION'] == 'Abuse'))
72 $Source_IP = $_POST['source'];
73 echo "Reporting " . $_POST['ACTION'] . " for " . $_POST['source'] . "<br>\n";
74 $res = pg_exec($this->database, "SELECT * FROM object_abuse
75 WHERE objectid='". $_GET['oid'] ."' AND source='$Source_IP'");
76 if (pg_numrows($res) == 0)
78 echo "$Source_IP is new.<br>";
79 pg_exec($this->database, "INSERT INTO object_abuse VALUES ('" . $_GET['oid'] .
80 "', '$Source_IP', '$abuse_points', '', NOW())");
84 $abuse = pg_fetch_object($res, 0);
85 $abuse_points += $abuse->nr_abuses;
86 echo $Source_IP . " will get " . $abuse_points . " abuse points.<br>";
87 echo "Status was " . $abuse->status . "<br>";
88 pg_exec($this->database, "UPDATE object_abuse SET nr_abuses='$abuse_points'" .
89 ", last_change=NOW() WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");
91 if ($abuse_points >= 6)
93 echo "<h2 class='error'>Block IP adrress $Source_IP on the firewall.</h2>";
94 pg_exec($this->database, "UPDATE object_abuse SET status='dropped'" .
95 " WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");
98 //select rawdata from log where logid in (select logid from log_abuse where source='');
101 else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Whitelist')
103 $Source_IP = $_POST['source'];
104 echo "Whitelisting " . $_POST['source'] . "<br>\n";
105 $res = pg_exec($this->database, "SELECT * FROM object_abuse
106 WHERE objectid='". $_GET['oid'] ."' AND source='$Source_IP'");
107 $Status = $_POST['status'];
108 if (pg_numrows($res) == 0)
110 echo "$Source_IP is new.<br>";
111 pg_exec($this->database, "INSERT INTO object_abuse VALUES ('" . $_GET['oid'] .
112 "', '$Source_IP', 0, '$Status', NOW())");
116 $abuse = pg_fetch_object($res, 0);
117 echo $Source_IP . " will be whitelisted.<br>";
118 echo "Status was " . $abuse->status . "<br>";
119 pg_exec($this->database, "UPDATE object_abuse SET status='$Status'" .
120 ", last_change=NOW() WHERE objectid='" . $_GET['oid'] . "' AND source='$Source_IP'");
123 else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Investigate')
125 // Present a list of abuse addresses in one subnet
127 $Subnet = $_POST['subnet'];
128 $res = pg_exec($this->database, "SELECT * FROM object_abuse
129 WHERE objectid='". $_GET['oid'] ."' AND source << '$Subnet'");
131 echo pg_numrows($res) . " records found.<br>";
134 echo "<tr><th>IP address</th><th>Abuses</th><th>Status</th></tr>\n";
136 for ($ip = 0; $ip < pg_numrows($res); $ip++)
138 $abuse = pg_fetch_object($res, $ip);
142 echo $abuse->nr_abuses;
150 else if (!empty($_POST['ACTION']) && $_POST['ACTION'] == 'Block')
152 // Block an entire subnet and remove the addresses from the list
154 $Subnet = $_POST['subnet'];
155 pg_exec($this->database, "DELETE FROM object_abuse WHERE objectid = '" . $_GET['oid']
156 . "' AND source << '$Subnet'");
158 pg_exec($this->database, "INSERT INTO object_abuse VALUES ('" . $_GET['oid'] .
159 "', '$Subnet', '$abuse_points', 'dropped', NOW())");
162 if (!empty($_GET['src']))
166 $res = pg_exec($this->database, "SELECT * FROM log WHERE logid IN
167 (SELECT logid FROM log_abuse WHERE objectid=$oid AND source <<= '$src')
168 ORDER BY object_timestamp");
170 echo "<tr><th>Time</th><th>Service</th><th>Abused log entry</th></tr>";
171 for ($row = 0; $row < pg_numrows($res); $row++)
173 $log = pg_fetch_object($res, $row);
174 //$log = pg_fetch_object(pg_exec($this->database, "SELECT rawdata FROM log WHERE logid=" . $logid->logid), 0);
176 echo $log->object_timestamp;
178 echo $log->servicecode;
187 echo "<form method='post' action='abuse.php'>";
188 echo "Report <input type='submit' name='ACTION' value='Abuse'>";
189 echo " for IP address <input type='text' name='source'>";
190 echo " or <input type='submit' name='ACTION' value='Whitelist'>";
191 echo " with status <input type='text' name='status'>";
194 echo "<form method='post' action='abuse.php'>";
195 echo "<input type='submit' name='ACTION' value='Investigate'>";
196 echo " or <input type='submit' name='ACTION' value='Block'>";
197 echo " this subnet: <input type='text' name='subnet'>";
200 $res = pg_exec($this->database, "SELECT * FROM object_abuse
201 WHERE objectid='". $_GET['oid'] ."' ORDER BY source");
203 echo pg_numrows($res) . " records found.<br>";
206 echo "<tr><th>IP address</th><th>Abuses</th><th>Status</th><th>Last Changed</th></tr>\n";
208 for ($ip = 0; $ip < pg_numrows($res); $ip++)
210 $abuse = pg_fetch_object($res, $ip);
214 echo "<a href='abuse.php?oid=" . $_GET['oid'] . "&src=" . $abuse->source . "'>" . $abuse->nr_abuses . "</a>";
218 echo $abuse->last_change;
227 $page = new abuse_list("Gnucomo Abuse List");