forked from kselkowitz/surf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsurf.php
52 lines (39 loc) · 1.15 KB
/
surf.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/php -q
<?php
// Welcome to SURF
// SAFE UFW Rule Fixer
define("MAXFRAUDSCORE",50); // value to add to UFW
define("EMAILTO","user@domain.tld");
define("EMAILFROM","user@domain.tld");
$headers = "From: " . EMAILFROM . "\r\n";
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$body_details = "The following IPs are now blocked on Endpoints";
$blockcount = 0;
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "http://127.0.0.1/cfg/ndp-block-list");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$safearray=json_decode(curl_exec($ch));
foreach ($safearray as $ip => $count)
{
if ($count >= MAXFRAUDSCORE)
{
// ufw insert
shell_exec("ufw insert 1 deny from " . $ip ." comment 'SAFE'");
// clear from safe
curl_setopt($ch, CURLOPT_URL, "http://127.0.0.1/cfg/ndp-block-allow/".$ip);
curl_exec($ch);
// add to email
$body_details .= "<br>".$ip;
$blockcount++;
}
}
if ($blockcount>0)
{
mail(EMAILTO,"SAFE SURF has blocked IPs", $body_details,$headers);
}
// close cURL resource
curl_close($ch);
?>