Commit 210effc1 authored by david's avatar david

scripts

parent 804ebfca
#!/home/david/.rvm/rubies/ruby-2.6.5/bin/ruby
# Load diaspora environment
ENV['RAILS_ENV'] ||= "production"
ENV['DB'] ||= "postgres"
require_relative '../config/environment'
user = User.find_by(email: ARGV[0])
user.disable_mail = true
user.save
#!/usr/bin/perl -T
use strict;
use warnings;
## Customized for diasp.org setup
## Calomel.org .:. https://calomel.org
## name : web_server_abuse_detection.pl
## version : 0.04
my $log = "/home/david/diaspora/log/production.log";
## how many seconds before an unseen ip is considered old and removed from the hash?
my $expire_time = 9200;
## how many error log lines before we trigger blocking abusive ips and clean up
## of old ips in the hash? make sure this value is greater than $errors_block above.
my $cleanup_time = 10;
## do you want to debug the scripts output ? on=1 and off=0
my $debug_mode = 0;
## clear the environment and set our path
$ENV{ENV} ="";
$ENV{PATH} = "/bin:/usr/bin:/usr/local/bin";
## declare some internal variables and the hash of abusive ip addresses
my ( $ip, $errors, $time, $newtime, $newerrors, $hash, $rawhash, $username, $email, $date );
my $trigger_count=1;
my %abusive_ips = ();
## open the log file. we are using the system binary tail which is smart enough
## to follow rotating logs. We could have used File::Tail, but tail is easier.
open(LOG,"/usr/bin/tail -200000 $log |") || die "ERROR: could not open log file.\n";
while(<LOG>) {
## process the log line if it contains one of these error codes
if ($_ =~ m/\/simple_captcha\?/)
{
## Whitelisted ips. This is where you can whitelist ips that cause errors,
if ($_ !~ m/^(66\.249\.|192\.168\.)/)
{
## extract the ip address from the log line and get the current unix time
$time = time();
$ip = (split ' ')[9];
$rawhash = (split ' ')[7];
($hash)= $rawhash =~ /code=(.*?)&/;
## if an ip address has never been seen before we need
## to initialize the errors value to avoid warning messages.
$abusive_ips{ $ip }{ 'errors' } = 0 if not defined $abusive_ips{ $ip }{ 'errors' };
## increment the error counter and update the time stamp.
$abusive_ips{ $ip }{ 'errors' } = $abusive_ips{ $ip }->{ 'errors' } + 1;
$abusive_ips{ $ip }{ 'time' } = $time;
if ($abusive_ips{ $ip }->{ 'errors' } >= 4 ) {
my $newhash = "\"$hash\"";
open(LOG2,"/bin/cat $log | grep '=>$newhash' |") || die "ERROR: could not open log file.\n";
while(<LOG2>) {
($username)= lc($_) =~ /username\"=>"(.*?)"/;
($email)= lc($_) =~ /email\"=>"(.*?)"/;
$date = (split ' ')[0];
print "Abuse detected for new accounts $newhash . time: $date ip: $ip email: $email https://diasp.org/u/$username \n\n";
print "fail2ban-client set manban banip $ip";
}
}
## increment the trigger counter which is used for the following clean up function.
$trigger_count++;
## clean up function: when the trigger counter reaches the $cleanup_time we
## remove any old hash entries from the $abusive_ips hash
if ($trigger_count >= $cleanup_time) {
my $time_current = time();
## DEBUG: show detailed output
if ( $debug_mode == 1 ) {
print " Clean up... expire: $expire_time, pre-size of hash: " . keys( %abusive_ips ) . ".\n";
}
## clean up ip addresses we have not seen in a long time
while (($ip, $time) = each(%abusive_ips)){
## DEBUG: show detailed output
if ( $debug_mode == 1 ) {
my $total_time = $time_current - $abusive_ips{ $ip }->{ 'time' };
print " ip: $ip, seconds_last_seen: $total_time, errors: $abusive_ips{ $ip }->{ 'errors' }\n";
}
if ( ($time_current - $abusive_ips{ $ip }->{ 'time' } ) >= $expire_time) {
delete($abusive_ips{ $ip });
}
}
## DEBUG: show detailed output
if ( $debug_mode == 1 ) {
print " Clean up... expire: $expire_time, post-size of hash: " . keys( %abusive_ips ) . ".\n";
}
## reset the trigger counter
$trigger_count = 1;
}
}
}
}
#### EOF ####
......@@ -28,7 +28,7 @@ use warnings;
## open the log file. we are using the system binary tail which is smart enough
## to follow rotating logs. We could have used File::Tail, but tail is easier.
open(LOG,"/usr/bin/tail -1000000 $log |") || die "ERROR: could not open log file.\n";
open(LOG,"/usr/bin/tail -500000 $log |") || die "ERROR: could not open log file.\n";
while(<LOG>) {
## process the log line if it contains one of these error codes
......@@ -54,8 +54,8 @@ use warnings;
if ($abusive_ips{ $ip }->{ 'errors' } >= 3 ) {
print "abuse from ip $ip username $username, trigged manban with fail2ban \n";
system("fail2ban-client set manban banip $ip");
print "Registration abuse detected from IP=$ip Username=$username, triggered banip on this IP \n";
system("fail2ban-client set manban banip $ip;fail2ban-client get manban banip --with-time");
}
......
#!/usr/bin/env ruby
#!/home/david/.rvm/rubies/ruby-2.6.5/bin/ruby
# List of spam accounts
spam_accounts = %w(bulkweedinboxonline@diasp.org)
spam_accounts = ARGV[0]
# Delete comments even if spammer isn't a local user or spam isn't on a
# local users account
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment