#!/usr/local/bin/perl ################################################################### # HackStop - AntiHacking Script Demo Version 1.0 # # Copyright (©)2000 Marek A Molozzi, All Rights Reserved. # # Duplicating or redistributing this program without prior # written consent is expressly forbidden. You must obtain # permission before redistributing this software by any means. # In all cases this copyright/license notice must remain intact. # # http://HackStop.w2w.cc/ # # Last Modified 6/18/2000 ################################################################### ## Define Variables: ################################################################### $sitename = "N/A"; $send = "yes"; $email = 'email'; $from = 'email'; $sendmail = '/usr/sbin/sendmail'; $datafile = "HackSTOP.dat"; ######################################################################## ############ No configuing should be done beyond this point ############ ######################################################################## $page = $ENV{QUERY_STRING}; # Get the main URL, as a default redirect page and for setup $mainurl = $ENV{"HTTP_HOST"}; $mail = "no"; $cutoff = "50"; $exIP = ""; @iplist = (''); &print; if ($exIP eq ""){ &log; } elsif( $ENV{ 'REMOTE_ADDR' } !~ /$exIP\Z/ ){ &log; } if ($mail eq "yes") { &mail; } exit; ############################################################### sub log { $newip = $ENV{'REMOTE_ADDR'}; ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time); $mon++; $day = "$yday"; $day--; $yday++; # if ($yday < 3) { $day = $day + 365; } # This doesn't work $found = "no"; # reads the ENTIRE FILE into array @data open(FILE,"$datafile") || exit; flock(FILE,2); seek(FILE,0,0); @data = ; close(FILE); # opens file for overwrite open(FILE,">$datafile") || exit; flock(FILE,2); seek(FILE,0,2); foreach $i (@data) { chomp($i); ($d, $m, $ip, $c, ) = split(/\|/,$i); if ($ip eq $newip) { $found ="yes"; $c++; #$count=$c; print FILE "$yday|$mon|$ip|$c\n"; } # if ($ip ne $newip) {print FILE "$d|$m|$ip|$c\n"; } if (($ip ne $newip) && (($c >= "$cutoff") or ($d > $day))) {print FILE "$d|$m|$ip|$c\n";} # if (($ip ne $newip) && (($c >= "$cutoff") or ($d > $day))) {$mail = "yes"; $abc = "yes";} if ($c >= "$cutoff") { push(@iplist,"$ip"); } if (($c >= "$cutoff") && ($ip eq "$newip")) { $mail = "yes"; } } if ($found eq "no") { print FILE "$yday|$mon|$newip|1\n"; } close(FILE); } ############################################################### sub print { print "Content-type:text/html\n\n"; print "401 Authorization Required\n"; print "

\n"; print "

Authorization Required

\n"; print "If you are trying to log in using a legitimate username/password and keep getting this page please contact the our webmaster at $email.\n"; print "

\n"; print "

$ENV{'SERVER_SOFTWARE'} ---- Port $ENV{'SERVER_PORT'}

\n"; print "$sitename: http://$mainurl/\n"; print "

\n"; print "This site is protected with HackSTOP!\n"; print "

\n"; # print "

\n"; # print "

abc: $abc\n"; print ""; #exit; } ############################################################### sub mail { if (($c eq $cutoff)&&(lc $send eq "yes")){ open (MAIL, "|$sendmail -t") || exit; print MAIL "To: $email\n"; # print MAIL "Reply-to: $email\n"; print MAIL "From: $from (Hack STOP)\n"; print MAIL "Subject: HackSTOP - A Brute Force Attack has Detected.\n"; print MAIL "X-Priority: 1 (Highest)\n\n"; print MAIL "Brute Force Attack Detected!\n\n"; print MAIL "User: $ENV{'REMOTE_USER'}\n\n"; print MAIL "Surfers IP: $ENV{'REMOTE_ADDR'}\n\n"; print MAIL "Attempted URL: $mainurl$ENV{'REDIRECT_URL'}\n\n"; print MAIL "Referring URL: $ENV{'HTTP_REFERER'}\n\n"; print MAIL "Browser used: $ENV{'HTTP_USER_AGENT'}\n\n\n"; print MAIL "Your site has just been hit by a brute force attack\n\n"; print MAIL "Get HackStop Now!\n\n"; print MAIL "http://HackSTOP.w2w.cc/\n\n"; # print MAIL "c: $c\n\n"; # print MAIL "cutoff: $cutoff\n\n"; close (MAIL); } # End if ($send eq "yes") }