`server_name` tinytext NOT NULL COMMENT 'Server''s host name',
`script_name` varchar(255) NOT NULL COMMENT 'Full script name',
`referer` varchar(255) NOT NULL COMMENT 'Referer',
+ `proxy_used` enum('Y','N') NOT NULL DEFAULT 'N' COMMENT 'Proxy used?',
`first_attempt` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' COMMENT 'First attempt',
`last_attempt` TIMESTAMP ON UPDATE CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Last attempt',
`count` bigint(20) unsigned NOT NULL DEFAULT '0' COMMENT 'Counter',
// Mail content
$mail = "Attack detected:
-----------------------------------------------------
-Remote-IP : ".$_SERVER['REMOTE_ADDR']."
+Remote-IP : ".determineRealRemoteAddress()."
User-Agent : ".$_SERVER['HTTP_USER_AGENT']."
Request-string : ".$_SERVER['QUERY_STRING']."
Filtered string : ".$GLOBALS['checkworm']."
function crackerTrackerSendMail ($mail) {
// Construct dummy array
$rowData = array(
- 'remote_addr' => $_SERVER['REMOTE_ADDR'],
+ 'remote_addr' => determineRealRemoteAddress(),
'check_worm' => $GLOBALS['checkworm'],
'server_name' => $_SERVER['SERVER_NAME']
);
// Mail text
$mail = "POST-Attack detected:
-----------------------------------------------------
-Remote-IP : ".$_SERVER['REMOTE_ADDR']."
+Remote-IP : ".determineRealRemoteAddress()."
User-Agent : ".$_SERVER['HTTP_USER_AGENT']."
Request-string : ".$_SERVER['QUERY_STRING']."
Filtered string : ".$GLOBALS['checkworm']."
// Aquire database link
aquireCrackerTrackerDatabaseLink();
+ // By default no proxy is used
+ $proxyUsed = 'N';
+
+ // Did the attacker use a proxy?
+ if (isProxyUsed()) {
+ // Set it
+ $proxyUsed = 'Y';
+ } // END - if
// Prepare array for database insert
$rowData = array(
- 'remote_addr' => $_SERVER['REMOTE_ADDR'],
+ 'remote_addr' => determineRealRemoteAddress(),
'user_agent' => $_SERVER['HTTP_USER_AGENT'],
'get_data' => $_SERVER['QUERY_STRING'],
'post_data' => $GLOBALS['post_track'],
'check_post' => $GLOBALS['check_post'],
'server_name' => $_SERVER['SERVER_NAME'],
'script_name' => $_SERVER['SCRIPT_NAME'],
- 'referer' => $_SERVER['HTTP_REFERER']
+ 'referer' => $_SERVER['HTTP_REFERER'],
+ 'proxy_used' => $proxyUsed
);
// Insert the array in database
return ((isset($GLOBALS['ctracker_debug'])) && ($GLOBALS['ctracker_debug'] === true));
}
+// Determines the real remote address
+function determineRealRemoteAddress () {
+ // Is a proxy in use?
+ if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ // Proxy was used
+ $address = $_SERVER['HTTP_X_FORWARDED_FOR'];
+ } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
+ // Yet, another proxy
+ $address = $_SERVER['HTTP_CLIENT_IP'];
+ } else {
+ // The regular address when no proxy was used
+ $address = $_SERVER['REMOTE_ADDR'];
+ }
+
+ // This strips out the real address from proxy output
+ if (strstr($address, ',')) {
+ $addressArray = explode(',', $address);
+ $address = $addressArray[0];
+ } // END - if
+
+ // Return the result
+ return $address;
+}
+
+// Determine if a proxy was used
+function isProxyUsed () {
+ // Check if specific entries are set
+ $proxyUsed = ((isset($_SERVER['HTTP_X_FORWARDED_FOR'])) || (isset($_SERVER['HTTP_CLIENT_IP'])));
+
+ // Return result
+ return $proxyUsed;
+}
+
// [EOF]
?>
projects / ctracker.git / commitdiff