224 lines
4.5 KiB
PHP
224 lines
4.5 KiB
PHP
|
<?php
|
||
|
|
||
|
/**
|
||
|
* IDS_Ips
|
||
|
*
|
||
|
* Will log and allow you to block ip addresses
|
||
|
*
|
||
|
* @category Security
|
||
|
* @author Bernie Berg <bernie@dakotanetwork.com>
|
||
|
* @license http://www.gnu.org/licenses/lgpl.html LGPL
|
||
|
* @version Release: $Id:Ips.php 517 2011-07-29 15:04:13Z bernieberg $
|
||
|
*/
|
||
|
class IDS_Ips
|
||
|
{
|
||
|
/**
|
||
|
* Holds the data from the log file
|
||
|
*
|
||
|
* @var array
|
||
|
*/
|
||
|
private $data = array();
|
||
|
|
||
|
/**
|
||
|
* how long an ip will be blocked from their last hit
|
||
|
*
|
||
|
* @var int
|
||
|
*/
|
||
|
private $blocked_duration = 7200;
|
||
|
|
||
|
/**
|
||
|
* How many negative hits until they are blocked
|
||
|
*
|
||
|
* @var int
|
||
|
*/
|
||
|
private $blocked_count = 5;
|
||
|
|
||
|
/**
|
||
|
* location of the ip log file
|
||
|
*
|
||
|
* @var string
|
||
|
*/
|
||
|
private $ip_file = null;
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Constructor
|
||
|
*
|
||
|
* Sets up the object with the passed arguments
|
||
|
*
|
||
|
* @param string $ip_file location of the ip log file
|
||
|
* @param int $duration how long, in seconds, to keep an ip blocked
|
||
|
* @param int $count how many hits until be block this ip
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
public function __construct($ip_file, $duration = 7200, $count = 5)
|
||
|
{
|
||
|
$this->blocked_duration = $duration;
|
||
|
$this->blocked_count = $count;
|
||
|
$this->ip_file = $ip_file;
|
||
|
|
||
|
if (!file_exists($ip_file)) {
|
||
|
$this->data = array();
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
// 0 = ip address
|
||
|
// 1 = count
|
||
|
// 2 = last date
|
||
|
// 3 = ban count
|
||
|
|
||
|
$handle = fopen($ip_file, "r");
|
||
|
$good_data = array();
|
||
|
|
||
|
while (($data = fgetcsv($handle, 0, ",")) !== FALSE) {
|
||
|
$good_data[$data[0]] = $data;
|
||
|
}
|
||
|
fclose($handle);
|
||
|
|
||
|
$this->data = $good_data;
|
||
|
}
|
||
|
|
||
|
public function tempBlock($ip_address)
|
||
|
{
|
||
|
|
||
|
if (!array_key_exists($ip_address, $this->data)) {
|
||
|
$this->data[$ip_address] = array($ip_address, $this->blocked_count + 1, time(), 0, false);
|
||
|
} else {
|
||
|
$this->data[$ip_address][1] += $this->blocked_count;
|
||
|
$this->data[$ip_address][2] = time();
|
||
|
}
|
||
|
|
||
|
$this->writeLog();
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* isBlocked
|
||
|
*
|
||
|
* Is the passed ip address blocked?
|
||
|
*
|
||
|
* @param string $ip_address ip we are checking
|
||
|
*
|
||
|
* @return boolean
|
||
|
*/
|
||
|
public function isBlocked($ip_address)
|
||
|
{
|
||
|
|
||
|
if (!array_key_exists($ip_address, $this->data)) {
|
||
|
return array(false, 0);
|
||
|
}
|
||
|
|
||
|
$blocked_time = time()-$this->blocked_duration;
|
||
|
$ip_data = $this->data[$ip_address];
|
||
|
|
||
|
//print_r($ip_data);
|
||
|
|
||
|
if ($ip_data[1]>=$this->blocked_count && $ip_data[2]>=$blocked_time) {
|
||
|
$this->incCount($ip_address);
|
||
|
$this->writeLog();
|
||
|
return array(true, $ip_data[3]);
|
||
|
}
|
||
|
elseif($ip_data[2] <= $blocked_time && $ip_data[4] == 1)
|
||
|
{
|
||
|
//$this->unBlock($ip_address);
|
||
|
$this->resetCount($ip_address);
|
||
|
$this->writeLog();
|
||
|
}
|
||
|
|
||
|
return array(false, 0);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* blockCount
|
||
|
*
|
||
|
* increase ban count, you should run writeLog after this
|
||
|
*
|
||
|
* @param string $ip_address ip we are checking
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
public function resetCount($ip_address)
|
||
|
{
|
||
|
if (array_key_exists($ip_address, $this->data)) {
|
||
|
//unset($this->data[$ip_address]);
|
||
|
$this->data[$ip_address][1] = 0;
|
||
|
$this->data[$ip_address][4] = false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* blockCount
|
||
|
*
|
||
|
* increase ban count, you should run writeLog after this
|
||
|
*
|
||
|
* @param string $ip_address ip we are checking
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
public function incCount($ip_address)
|
||
|
{
|
||
|
if (array_key_exists($ip_address, $this->data) && $this->data[$ip_address][4] == false) {
|
||
|
$this->data[$ip_address][3]++;
|
||
|
$this->data[$ip_address][4] = true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* unBlock
|
||
|
*
|
||
|
* remove the passed ip address, you should run writeLog after this
|
||
|
*
|
||
|
* @param string $ip_address ip we are checking
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
public function unBlock($ip_address)
|
||
|
{
|
||
|
echo "UNBLOCKED !";
|
||
|
if (array_key_exists($ip_address, $this->data)) {
|
||
|
unset($this->data[$ip_address]);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* logHit
|
||
|
*
|
||
|
* log and increment a negative hit for this ip address
|
||
|
*
|
||
|
* @param string $ip_address ip we are checking
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
public function logHit($ip_address)
|
||
|
{
|
||
|
if (!array_key_exists($ip_address, $this->data)) {
|
||
|
$this->data[$ip_address] = array($ip_address, 1, time(), 0, false);
|
||
|
} else {
|
||
|
$this->data[$ip_address][1]++;
|
||
|
$this->data[$ip_address][2] = time();
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* writeLog
|
||
|
*
|
||
|
* write the ip log file
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
public function writeLog()
|
||
|
{
|
||
|
$fp = fopen($this->ip_file, 'w');
|
||
|
|
||
|
foreach ($this->data as $fields) {
|
||
|
fputcsv($fp, $fields);
|
||
|
}
|
||
|
|
||
|
fclose($fp);
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
?>
|