From e15ede132688d353472dfb88274f4cc6a1858bba Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Sun, 11 Aug 2013 12:15:49 +0000 Subject: [PATCH] Added logging/detection of proxy IP address --- libs/lib_connect.php | 9 +++++---- libs/lib_detector.php | 2 ++ libs/lib_updates.php | 8 +++++++- libs/mails/de/user_add_ticket.tpl | 2 ++ libs/mails/de/webmaster_add_ticket.tpl | 2 ++ libs/mails/en/user_add_ticket.tpl | 2 ++ libs/mails/en/webmaster_add_ticket.tpl | 4 +++- 7 files changed, 23 insertions(+), 6 deletions(-) diff --git a/libs/lib_connect.php b/libs/lib_connect.php index 7a155de..c0476d4 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -119,7 +119,7 @@ function crackerTrackerInsertArray ($table, $rowData) { // Updates a given entry by just counting it up function updateCrackerTrackerEntry ($rowData) { // Construct the SELECT query - $SQL = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1'; + $SQL = 'UPDATE `ctracker_data` SET `count`=`count`+1 WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" LIMIT 1'; // Run the SQL and check if we have one line runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__); @@ -128,7 +128,7 @@ function updateCrackerTrackerEntry ($rowData) { // Checks if an entry with IP/check_worm/domain combination is there function isCrackerTrackerEntryFound ($rowData) { // Construct the SELECT query - $SQL = 'SELECT `id` FROM `ctracker_data` WHERE `remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; + $SQL = 'SELECT `id` FROM `ctracker_data` WHERE (`remote_addr`="' . crackerTrackerEscapeString($rowData['remote_addr']) . '" OR `proxy_addr`="' . crackerTrackerEscapeString($rowData['proxy_addr']) . '") AND `check_worm` = "' . crackerTrackerEscapeString($rowData['check_worm']) . '" AND `server_name`="' . crackerTrackerEscapeString($rowData['server_name']) . '" LIMIT 1'; // Run the SQL and check if we have one line return ((isCrackerTrackerDatabaseLinkUp()) && (mysql_num_rows(runCrackerTrackerSql($SQL, __FUNCTION__, __LINE__)) == 1)); @@ -312,7 +312,7 @@ function isCrackerTrackerIpSuspicious () { } // END - if // We only need the very last attempt to get! - $result = runCrackerTrackerSql("SELECT * FROM `ctracker_data` WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__); + $result = runCrackerTrackerSql("SELECT * FROM `ctracker_data` WHERE `remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `proxy_addr`='" . getenv('REMOTE_ADDR') . "' ORDER BY `last_attempt` DESC LIMIT 1", __FUNCTION__, __LINE__); // Do we have entries? $found = (mysql_num_rows($result) == 1); @@ -333,7 +333,7 @@ function isCrackerTrackerIpSuspicious () { // Does the current IP have a ticket? function ifCrackerTrackerIpHasTicket () { // We only give one ticket per IP! - $result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' LIMIT 1", __FUNCTION__, __LINE__); + $result = runCrackerTrackerSql("SELECT * FROM `ctracker_ticket` WHERE `ctracker_ticket_remote_addr`='" . determineCrackerTrackerRealRemoteAddress() . "' OR `ctracker_ticket_proxy_addr`='" . getenv('REMOTE_ADDR') . "' LIMIT 1", __FUNCTION__, __LINE__); // Do we have a ticket? $found = (mysql_num_rows($result) == 1); @@ -356,6 +356,7 @@ function addCrackerTrackerTicket (array $data) { // Prepare the array $GLOBALS['ctracker_last_ticket'] = array( 'ctracker_ticket_remote_addr' => determineCrackerTrackerRealRemoteAddress(), + 'ctracker_ticket_proxy_addr' => getenv('REMOTE_ADDR'), 'ctracker_ticket_user_agent' => crackerTrackerUserAgent(), 'ctracker_ticket_name' => crackerTrackerSecureString($data['name']), 'ctracker_ticket_email' => crackerTrackerSecureString($data['email']), diff --git a/libs/lib_detector.php b/libs/lib_detector.php index a6f8435..6f12049 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -221,6 +221,7 @@ function crackerTrackerSendMail ($mail, $recipient = NULL, $subject = NULL) { // Construct dummy array $rowData = array( 'remote_addr' => determineCrackerTrackerRealRemoteAddress(), + 'proxy_addr' => getenv('REMOTE_ADDR'), 'check_worm' => $GLOBALS['ctracker_checkworm'], 'server_name' => crackerTrackerServerName() ); @@ -321,6 +322,7 @@ function crackerTrackerLogAttack () { // Prepare array for database insert $rowData = array( 'remote_addr' => determineCrackerTrackerRealRemoteAddress(), + 'proxy_addr' => getenv('REMOTE_ADDR'), 'user_agent' => crackerTrackerUserAgent(), 'get_data' => crackerTrackerQueryString(), 'post_data' => $GLOBALS['ctracker_post_track'], diff --git a/libs/lib_updates.php b/libs/lib_updates.php index 1b8bcc9..1f03ed8 100644 --- a/libs/lib_updates.php +++ b/libs/lib_updates.php @@ -60,7 +60,13 @@ FOREIGN KEY ( `ctracker_data_id` ) REFERENCES `' . $GLOBALS['ctracker_dbname'] . "UPDATE `ctracker_data` SET `script_name`=NULL WHERE `script_name`=''", "ALTER TABLE `ctracker_data` CHANGE `server_name` `server_name` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 'Server''s host name'", "UPDATE `ctracker_data` SET `server_name`=NULL WHERE `server_name`=''", - ) + ), + + // Also store proxy address + 2 => array( + 'ALTER TABLE `ctracker_data` ADD `proxy_addr` VARCHAR(15) NULL DEFAULT NULL', + 'ALTER TABLE `ctracker_ticket` ADD `ctracker_ticket_proxy_addr` VARCHAR(15) NULL DEFAULT NULL', + ), ); } diff --git a/libs/mails/de/user_add_ticket.tpl b/libs/mails/de/user_add_ticket.tpl index dbb9f2d..af0bffb 100644 --- a/libs/mails/de/user_add_ticket.tpl +++ b/libs/mails/de/user_add_ticket.tpl @@ -9,6 +9,8 @@ Email: $content[ctracker_ticket_email] ---------------------------------------------------- Ihre IP: $content[ctracker_ticket_remote_addr] ---------------------------------------------------- +Ihre Proxy-IP: $content[ctracker_ticket_proxy_addr] +---------------------------------------------------- Ihr Browser: $content[ctracker_ticket_user_agent] ---------------------------------------------------- Kommentar: diff --git a/libs/mails/de/webmaster_add_ticket.tpl b/libs/mails/de/webmaster_add_ticket.tpl index 1d731aa..953ba82 100644 --- a/libs/mails/de/webmaster_add_ticket.tpl +++ b/libs/mails/de/webmaster_add_ticket.tpl @@ -9,6 +9,8 @@ Email: $content[ctracker_ticket_email] ---------------------------------------------------- IP: $content[ctracker_ticket_remote_addr] ---------------------------------------------------- +Proxy-IP: $content[ctracker_ticket_proxy_addr] +---------------------------------------------------- Browser: $content[ctracker_ticket_user_agent] ---------------------------------------------------- Kommentar: diff --git a/libs/mails/en/user_add_ticket.tpl b/libs/mails/en/user_add_ticket.tpl index dcd2447..99b1b82 100644 --- a/libs/mails/en/user_add_ticket.tpl +++ b/libs/mails/en/user_add_ticket.tpl @@ -9,6 +9,8 @@ Email: $content[ctracker_ticket_email] ---------------------------------------------------- Your IP: $content[ctracker_ticket_remote_addr] ---------------------------------------------------- +Proxy IP: $content[ctracker_ticket_proxy_addr] +---------------------------------------------------- Your browser: $content[ctracker_ticket_user_agent] ---------------------------------------------------- Comments: diff --git a/libs/mails/en/webmaster_add_ticket.tpl b/libs/mails/en/webmaster_add_ticket.tpl index dfb4abc..aa939af 100644 --- a/libs/mails/en/webmaster_add_ticket.tpl +++ b/libs/mails/en/webmaster_add_ticket.tpl @@ -7,7 +7,9 @@ Name: $content[ctracker_ticket_name] ---------------------------------------------------- Email: $content[ctracker_ticket_email] ---------------------------------------------------- -IP: $content[ctracker_ticket_remote_addr] +Real IP: $content[ctracker_ticket_remote_addr] +---------------------------------------------------- +Proxy IP: $content[ctracker_ticket_proxy_addr] ---------------------------------------------------- Browser: $content[ctracker_ticket_user_agent] ---------------------------------------------------- -- 2.39.2