#1
  1. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2000
    Posts
    11
    Rep Power
    0
    Hello to all,

    I have two cgi scripts that work great but I would like to combine them into one working script. Basically, the first script logs all 401 errors to a text file and sends the user to a custom 401 page in the browser.

    The second script reads the 401 log file generated by the first script above and then
    based upon the threshold will create a blocked file of ip addresses and will block redirect the attacker and prevent them from hurling passwords.

    Note, the first script is called by a 401 error document in the .htaccess file and the second needs to be called by cron and that is why I would like to combine the scripts to avoid the chron.
    --------------------------------------
    1st Script that logs 401 Errors
    --------------------------------------
    #!/usr/local/bin/perl
    $|=1;

    $result=$ENV{'QUERY_STRING'};

    &set_params;

    if ($logem{$result} eq "Y")
    {&notification("L");}
    if ($email{$result} eq "N")
    {&notification("M");}

    print "Content-type: text/htmlnn";
    print "$msg{$result}n";

    sub set_params
    {

    #The full path to your error log (not server log!) file.
    $errorlog="/path/to/cgi-bin/log.txt";

    #The e-mail address of the person to notify when an error occurs.
    #Be sure to put the backslash before the @ at sign!!!
    $notify="your@yourdomain.com";

    #The name of your site
    $sitename="domain.com";

    #The link the reader should follow home.
    $returnlink="http://domain.com/members";

    #This is the URL to the directory holding your images.
    $imageurl="http://domain.com/pics";

    #The name of your sendmail program, one of the two below should work.
    #Make sure you always use the -t option or the script will fail.
    # $mailprog="/usr/sbin/sendmail -t";
    $mailprog="/usr/lib/sendmail -t";


    #By default, e-mail is turned off for all errors.
    #Windows APACHE users MUST leave the mail feature off.
    #Change the N to Y if you want to receive e-mail when a particular
    #error occurs.
    %email=('401','Y');

    #By default, all errors are saved to the log file.
    #Change the Y to N if you do not wish to log a particular type of
    #error.
    %logem=('401','Y');

    #These are the Subject Lines for the e-mail notification
    #You can modify these without causing any problems.
    %sbjct=( '401', 'NO AUTHORIZATION');

    # Leave the this line alone alone!
    {$result="401";}
    #################################################################
    # EDIT THE HTML ERROR MESSAGES BELOW TO SUITE YOUR NEEDS. DO NOT
    # CHANGE OR MOVE THE OPENING AND CLOSING TAGS SUCH AS __40X__
    #
    #HTML CODE TO APPEAR WHEN AN UNAUTHORIZED PAGE ACCESS ATTEMP OCCURS
    $msg{'401'} =<<__401__;
    <title>Authorization Failure</title>
    <BODY bgcolor="white" text="black" link="#ff0000" vlink="#0000ff">
    <center>
    <p><FONT face="arial" size="+1"><b>OOOPS!</b></FONT><br>
    <FONT face="arial" size="+1">THE CODES YOU ENTERED WERE WRONG!</FONT></p>
    <p><font face="arial" size="-1"><A HREF="$returnlink">CLICK
    HERE</font></a><font size="3"> to try again.</font><br>
    <br>
    Your username and password are case sensitve.<br>
    </font><br>
    <IMAGE SRC="$imageurl/error.jpg" width="70" height="255">
    <br>
    __401__

    }


    ##################################################################
    # this routine either sends e-mail or writes to a log depending
    # on whether it was called with an "L" or "M"
    sub notification
    {
    local($action) = @_;

    $date=localtime(time);

    if ($action eq "L")
    { open (BL,">>$errorlog");}
    else
    {open (BL,"| $mailprog");
    print BL "To: $notifyn";
    print BL "From: $notifyn";
    print BL "Subject: $sbjct{$result}n";
    }

    print BL <<_BL_;
    $ENV{'REMOTE_ADDR'}
    _BL_

    close (BL);

    }

    #end of first script
    -----------------------------------------
    2nd Script to Block Attackers
    -----------------------------------------
    #!/usr/bin/perl

    $logfile = "/pathto/cgi-bin/log.txt";
    $blockfile = "/pathto/cgi-bin/blocked";
    $htaccess = "/pathto/.htaccess";
    $threshold = 10;

    open (LOGFILE, "$logfile");
    @logfiles=<LOGFILE>;
    close LOGFILE;

    foreach $logfiles (@logfiles) {
    (@dimensions) = split(/ /,$logfiles);
    $locatefield = @dimensions;
    $pointer= $locatefield0;
    $attacker= $dimensions[0];

    {
    $usersessions{$attacker}++;
    if ($usersessions{$attacker} > $threshold){
    &blockattacker unless ($blockattacker{$attacker});
    next;
    }
    }
    }
    sub blockattacker {
    $blockattacker{$attacker} = $attacker;
    print "ALERT! $usersessions{$attacker} attacks from $attackern";

    open (BLOCKFILE, "$blockfile");
    @banned=<BLOCKFILE>;
    close BLOCKFILE;

    open (BLOCKFILE, ">$blockfile");
    flock(BLOCKFILE, 2);
    foreach $banned(@banned) {
    chomp $banned;
    print BLOCKFILE "$bannedn" unless ($banned eq $attacker);
    }
    print BLOCKFILE "$attackern" unless ($attacker eq "");
    flock(BLOCKFILE, 8);
    close (BLOCKFILE);

    open (HTACCESS, ">$htaccess");
    flock(HTACCESS, 2);
    print HTACCESS "RewriteEngine onnAuthUserFile /dev/nullnAuthGroupFile /dev/nullnAuthName hackerkillnAuthType Basicnn";

    foreach $banned(@banned) {
    chomp $banned;
    print HTACCESS "RewriteCond %{REMOTE_ADDR} ^$bannednRewriteRule /* http://www.fbi.gov [L,R]n" unless (($banned eq $attacker) or ($banned eq ""));
    }
    print HTACCESS "RewriteCond %{REMOTE_ADDR} ^$attackernRewriteRule /* http://www.fbi.gov [L,R]n" unless ($attacker eq "");
    flock(HTACCESS, 8);
    close (HTACCESS);
    }

    open (LOGFILE, ">$logfile");


    #end of second script
  2. #2
  3. No Profile Picture
    chinnavi
    Guest
    Devshed Newbie (0 - 499 posts)
    hai
    just write one more script that will call
    that is exec ... two files simultaneously ..

    vijay
  4. #3
  5. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    The logic of your 1st script is to determine whether to send mail or do logging, then send the HTML output back.
    Your 2nd script doesn't have HTML output. So place it to your 1st script right before it is sending the HTML output.

IMN logo majestic logo threadwatch logo seochat tools logo