changes

fa09ae10 · david · f079dc3a · fa09ae10 · fa09ae10
Commit fa09ae10 authored Dec 03, 2020 by david
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

app/views/shared/_bar.haml app/views/shared/_bar.haml +1 -1

script/sign_up_abuse_new.pl script/sign_up_abuse_new.pl +9 -3

No files found.
--- a/app/views/shared/_bar.haml
+++ b/app/views/shared/_bar.haml
 :javascript
-  $(document).ready(function() {progress(15, $('#progressBar'));});
+  $(document).ready(function() {progress(26, $('#progressBar'));});

 .contentdonations.sidebar.info-bar
  2021 Fundraiser is going, goal is $1500. That keeps diasporg ad free and running for a year.

--- a/script/sign_up_abuse_new.pl
+++ b/script/sign_up_abuse_new.pl
@@ -6,6 +6,7 @@ use warnings;
 ## Customized for diasp.org setup
 ## Modify: app/controllers/registrations_controller.rb:      
 ## With: logger.info "event=registration status=successful user=#{@user.diaspora_handle} ip=#{request.remote_ip}"
+## assumes a manual fail2ban jail called manban created

  my $log = "/home/david/diaspora/log/production.log";

@@ -21,13 +22,13 @@ use warnings;
  $ENV{PATH} = "/bin:/usr/bin:/usr/local/bin";

 ## declare some internal variables and the hash of abusive ip addresses
-  my ( $ip, $errors, $time, $newtime, $newerrors, $username, $date );
+  my ( $ip, $errors, $time, $newtime, $newerrors, $username, $date, $existingips );
  my $trigger_count=1;
  my %abusive_ips = ();

 ## open the log file. we are using the system binary tail which is smart enough
 ## to follow rotating logs. We could have used File::Tail, but tail is easier.
-  open(LOG,"/usr/bin/tail -500000 $log |") || die "ERROR: could not open log file.\n";
+  open(LOG,"/usr/bin/tail -35000 $log |") || die "ERROR: could not open log file.\n";

  while(<LOG>) {
       ## process the log line if it contains one of these error codes 
@@ -51,9 +52,14 @@ use warnings;
          $abusive_ips{ $ip }{ 'errors' } = $abusive_ips{ $ip }->{ 'errors' } + 1;
          $abusive_ips{ $ip }{ 'time' } = $time;

-           if ($abusive_ips{ $ip }->{ 'errors' } >= 3 ) {
+           if ($abusive_ips{ $ip }->{ 'errors' } >= 2 ) {
+              $existingips = `fail2ban-client get manban banip`;
+              if (index($existingips, $ip) != -1) {
+                ## already banned this ip
+              } else {
                print "Registration abuse detected from IP=$ip Username=$username, triggered banip on this IP \n";
                system("fail2ban-client set manban banip $ip;fail2ban-client get manban banip --with-time");               
+              }
           }

         ## increment the trigger counter which is used for the following clean up function.