Nathanwoodburn.github.io/libraries/plugins/IDS/Ips.php
2021-08-30 15:06:36 +10:00

224 lines
4.5 KiB
PHP

<?php
/**
* IDS_Ips
*
* Will log and allow you to block ip addresses
*
* @category Security
* @author Bernie Berg <bernie@dakotanetwork.com>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @version Release: $Id:Ips.php 517 2011-07-29 15:04:13Z bernieberg $
*/
class IDS_Ips
{
/**
* Holds the data from the log file
*
* @var array
*/
private $data = array();
/**
* how long an ip will be blocked from their last hit
*
* @var int
*/
private $blocked_duration = 7200;
/**
* How many negative hits until they are blocked
*
* @var int
*/
private $blocked_count = 5;
/**
* location of the ip log file
*
* @var string
*/
private $ip_file = null;
/**
* Constructor
*
* Sets up the object with the passed arguments
*
* @param string $ip_file location of the ip log file
* @param int $duration how long, in seconds, to keep an ip blocked
* @param int $count how many hits until be block this ip
*
* @return void
*/
public function __construct($ip_file, $duration = 7200, $count = 5)
{
$this->blocked_duration = $duration;
$this->blocked_count = $count;
$this->ip_file = $ip_file;
if (!file_exists($ip_file)) {
$this->data = array();
return;
}
// 0 = ip address
// 1 = count
// 2 = last date
// 3 = ban count
$handle = fopen($ip_file, "r");
$good_data = array();
while (($data = fgetcsv($handle, 0, ",")) !== FALSE) {
$good_data[$data[0]] = $data;
}
fclose($handle);
$this->data = $good_data;
}
public function tempBlock($ip_address)
{
if (!array_key_exists($ip_address, $this->data)) {
$this->data[$ip_address] = array($ip_address, $this->blocked_count + 1, time(), 0, false);
} else {
$this->data[$ip_address][1] += $this->blocked_count;
$this->data[$ip_address][2] = time();
}
$this->writeLog();
return true;
}
/**
* isBlocked
*
* Is the passed ip address blocked?
*
* @param string $ip_address ip we are checking
*
* @return boolean
*/
public function isBlocked($ip_address)
{
if (!array_key_exists($ip_address, $this->data)) {
return array(false, 0);
}
$blocked_time = time()-$this->blocked_duration;
$ip_data = $this->data[$ip_address];
//print_r($ip_data);
if ($ip_data[1]>=$this->blocked_count && $ip_data[2]>=$blocked_time) {
$this->incCount($ip_address);
$this->writeLog();
return array(true, $ip_data[3]);
}
elseif($ip_data[2] <= $blocked_time && $ip_data[4] == 1)
{
//$this->unBlock($ip_address);
$this->resetCount($ip_address);
$this->writeLog();
}
return array(false, 0);
}
/**
* blockCount
*
* increase ban count, you should run writeLog after this
*
* @param string $ip_address ip we are checking
*
* @return void
*/
public function resetCount($ip_address)
{
if (array_key_exists($ip_address, $this->data)) {
//unset($this->data[$ip_address]);
$this->data[$ip_address][1] = 0;
$this->data[$ip_address][4] = false;
}
}
/**
* blockCount
*
* increase ban count, you should run writeLog after this
*
* @param string $ip_address ip we are checking
*
* @return void
*/
public function incCount($ip_address)
{
if (array_key_exists($ip_address, $this->data) && $this->data[$ip_address][4] == false) {
$this->data[$ip_address][3]++;
$this->data[$ip_address][4] = true;
}
}
/**
* unBlock
*
* remove the passed ip address, you should run writeLog after this
*
* @param string $ip_address ip we are checking
*
* @return void
*/
public function unBlock($ip_address)
{
echo "UNBLOCKED !";
if (array_key_exists($ip_address, $this->data)) {
unset($this->data[$ip_address]);
}
}
/**
* logHit
*
* log and increment a negative hit for this ip address
*
* @param string $ip_address ip we are checking
*
* @return void
*/
public function logHit($ip_address)
{
if (!array_key_exists($ip_address, $this->data)) {
$this->data[$ip_address] = array($ip_address, 1, time(), 0, false);
} else {
$this->data[$ip_address][1]++;
$this->data[$ip_address][2] = time();
}
}
/**
* writeLog
*
* write the ip log file
*
* @return void
*/
public function writeLog()
{
$fp = fopen($this->ip_file, 'w');
foreach ($this->data as $fields) {
fputcsv($fp, $fields);
}
fclose($fp);
return true;
}
}
?>