From: Roland Haeder Date: Tue, 5 Jan 2010 02:33:20 +0000 (+0000) Subject: Now detects proxy usage X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=481002578fb3a6dcb3ae5d3706c62ebf134bbcda;p=ctracker.git Now detects proxy usage --- diff --git a/install/install.sql b/install/install.sql index d3f4fb6..73b30c4 100644 --- a/install/install.sql +++ b/install/install.sql @@ -10,6 +10,7 @@ CREATE TABLE IF NOT EXISTS `ctracker_data` ( `server_name` tinytext NOT NULL COMMENT 'Server''s host name', `script_name` varchar(255) NOT NULL COMMENT 'Full script name', `referer` varchar(255) NOT NULL COMMENT 'Referer', + `proxy_used` enum('Y','N') NOT NULL DEFAULT 'N' COMMENT 'Proxy used?', `first_attempt` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' COMMENT 'First attempt', `last_attempt` TIMESTAMP ON UPDATE CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Last attempt', `count` bigint(20) unsigned NOT NULL DEFAULT '0' COMMENT 'Counter', diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 4ea881f..4459a58 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -107,7 +107,7 @@ function sendCrackerTrackerMail () { // Mail content $mail = "Attack detected: ----------------------------------------------------- -Remote-IP : ".$_SERVER['REMOTE_ADDR']." +Remote-IP : ".determineRealRemoteAddress()." User-Agent : ".$_SERVER['HTTP_USER_AGENT']." Request-string : ".$_SERVER['QUERY_STRING']." Filtered string : ".$GLOBALS['checkworm']." @@ -131,7 +131,7 @@ Referrer : ".$_SERVER['HTTP_REFERRER']." function crackerTrackerSendMail ($mail) { // Construct dummy array $rowData = array( - 'remote_addr' => $_SERVER['REMOTE_ADDR'], + 'remote_addr' => determineRealRemoteAddress(), 'check_worm' => $GLOBALS['checkworm'], 'server_name' => $_SERVER['SERVER_NAME'] ); @@ -160,7 +160,7 @@ function sendCrackerTrackerPostMail () { // Mail text $mail = "POST-Attack detected: ----------------------------------------------------- -Remote-IP : ".$_SERVER['REMOTE_ADDR']." +Remote-IP : ".determineRealRemoteAddress()." User-Agent : ".$_SERVER['HTTP_USER_AGENT']." Request-string : ".$_SERVER['QUERY_STRING']." Filtered string : ".$GLOBALS['checkworm']." @@ -200,10 +200,18 @@ function crackerTrackerLogAttack () { // Aquire database link aquireCrackerTrackerDatabaseLink(); + // By default no proxy is used + $proxyUsed = 'N'; + + // Did the attacker use a proxy? + if (isProxyUsed()) { + // Set it + $proxyUsed = 'Y'; + } // END - if // Prepare array for database insert $rowData = array( - 'remote_addr' => $_SERVER['REMOTE_ADDR'], + 'remote_addr' => determineRealRemoteAddress(), 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'get_data' => $_SERVER['QUERY_STRING'], 'post_data' => $GLOBALS['post_track'], @@ -211,7 +219,8 @@ function crackerTrackerLogAttack () { 'check_post' => $GLOBALS['check_post'], 'server_name' => $_SERVER['SERVER_NAME'], 'script_name' => $_SERVER['SCRIPT_NAME'], - 'referer' => $_SERVER['HTTP_REFERER'] + 'referer' => $_SERVER['HTTP_REFERER'], + 'proxy_used' => $proxyUsed ); // Insert the array in database diff --git a/libs/lib_general.php b/libs/lib_general.php index 19b7e28..b3db3ef 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -79,5 +79,38 @@ function isCrackerTrackerDebug () { return ((isset($GLOBALS['ctracker_debug'])) && ($GLOBALS['ctracker_debug'] === true)); } +// Determines the real remote address +function determineRealRemoteAddress () { + // Is a proxy in use? + if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { + // Proxy was used + $address = $_SERVER['HTTP_X_FORWARDED_FOR']; + } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { + // Yet, another proxy + $address = $_SERVER['HTTP_CLIENT_IP']; + } else { + // The regular address when no proxy was used + $address = $_SERVER['REMOTE_ADDR']; + } + + // This strips out the real address from proxy output + if (strstr($address, ',')) { + $addressArray = explode(',', $address); + $address = $addressArray[0]; + } // END - if + + // Return the result + return $address; +} + +// Determine if a proxy was used +function isProxyUsed () { + // Check if specific entries are set + $proxyUsed = ((isset($_SERVER['HTTP_X_FORWARDED_FOR'])) || (isset($_SERVER['HTTP_CLIENT_IP']))); + + // Return result + return $proxyUsed; +} + // [EOF] ?>