zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-12 22:48:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Added rudimentary abuse monitoring (Spec 11)

Browse source
This commit is contained in:
Pinga 2023-12-09 12:02:04 +02:00
parent 98243ec069
commit a453a6d745
4 changed files with 123 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

89
automation/abusemonitor.php Normal file
View file

@ -0,0 +1,89 @@
<?php
$c = require_once 'config.php';
require_once 'helpers.php';
$logFilePath = '/var/log/namingo/abusemonitor.log';
$log = setupLogger($logFilePath, 'Abuse_Monitor');
$log->info('job started.');
use Swoole\Coroutine;
// Initialize the PDO connection pool
$pool = new Swoole\Database\PDOPool(
(new Swoole\Database\PDOConfig())
->withDriver($c['db_type'])
->withHost($c['db_host'])
->withPort($c['db_port'])
->withDbName($c['db_database'])
->withUsername($c['db_username'])
->withPassword($c['db_password'])
->withCharset('utf8mb4')
);
Swoole\Runtime::enableCoroutine();
// Creating first coroutine
Coroutine::create(function () use ($pool, $log) {
try {
$pdo = $pool->get();
$stmt = $pdo->query('SELECT name, clid FROM domain');
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$domain = $row['name'];
if (checkSpamhaus($domain)) {
$userStmt = $pdo->prepare('SELECT user_id FROM registrar_users WHERE registrar_id = ?');
$userStmt->execute([$row['clid']]);
$userData = $userStmt->fetch(PDO::FETCH_ASSOC);
if ($userData) {
// Prepare INSERT statement to add a ticket
$insertStmt = $pdo->prepare('INSERT INTO support_tickets (id, user_id, category_id, subject, message, status, priority, reported_domain, nature_of_abuse, evidence, relevant_urls, date_of_incident, date_created, last_updated) VALUES (NULL, ?, 8, ?, ?, "Open", "High", ?, "Abuse", ?, ?, ?, CURRENT_TIMESTAMP(3), CURRENT_TIMESTAMP(3))');
// Execute the prepared statement with appropriate values
$insertStmt->execute([
$userData['user_id'], // user_id
"Abuse Report for $domain", // subject
"Abuse detected for domain $domain.", // message
$domain, // reported_domain
"Link to Spamhaus", // evidence
"http://www.spamhaus.org/query/domain/$domain", // relevant_urls
date('Y-m-d H:i:s') // date_of_incident
]);
}
}
// Get URLhaus data
$urlhausData = getUrlhausData();
$urlhausResult = checkUrlhaus($domain, $urlhausData);
if ($urlhausResult) {
$userStmt = $pdo->prepare('SELECT user_id FROM registrar_users WHERE registrar_id = ?');
$userStmt->execute([$row['clid']]);
$userData = $userStmt->fetch(PDO::FETCH_ASSOC);
if ($userData) {
// Prepare INSERT statement to add a ticket
$insertStmt = $pdo->prepare('INSERT INTO support_tickets (id, user_id, category_id, subject, message, status, priority, reported_domain, nature_of_abuse, evidence, relevant_urls, date_of_incident, date_created, last_updated) VALUES (NULL, ?, 8, ?, ?, "Open", "High", ?, "Abuse", ?, ?, ?, CURRENT_TIMESTAMP(3), CURRENT_TIMESTAMP(3))');
// Execute the prepared statement with appropriate values
$insertStmt->execute([
$userData['user_id'], // user_id
"Abuse Report for $domain", // subject
"Abuse detected for domain $domain.", // message
$domain, // reported_domain
"Link to URLhaus", // evidence
"https://urlhaus.abuse.ch/downloads/json_recent/", // relevant_urls
date('Y-m-d H:i:s') // date_of_incident
]);
}
}
}
$log->info('job finished successfully.');
} catch (PDOException $e) {
$log->error('Database error: ' . $e->getMessage());
} catch (Throwable $e) {
$log->error('Error: ' . $e->getMessage());
}
});

3
automation/crontab.example
View file

@ -15,6 +15,9 @@
# run auto-approve-transfer.php every hour
45 * * * * root /usr/bin/php8.2 /opt/registry/automation/auto-approve-transfer.php
# run abusemonitor.php every hour
30 * * * * root /usr/bin/php8.2 /opt/registry/automation/abusemonitor.php
# run send-invoice.php every 1st day
1 0 1 * * root /usr/bin/php8.2 /opt/registry/automation/send-invoice.php

30
automation/helpers.php
View file

@ -6,6 +6,7 @@ use Monolog\Logger;
use Monolog\Handler\StreamHandler;
use Monolog\Handler\RotatingFileHandler;
use Monolog\Formatter\LineFormatter;
use Ds\Map;
/**
* Sets up and returns a Logger instance.
@ -55,3 +56,32 @@ function fetchCount($pdo, $tableName) {
$result = $stmt->fetch();
return $result['count'];
}
// Function to check domain against Spamhaus SBL
function checkSpamhaus($domain) {
// Append '.sbl.spamhaus.org' to the domain
$queryDomain = $domain . '.sbl.spamhaus.org';
// Check if the domain is listed in the SBL
return checkdnsrr($queryDomain, "A");
}
function getUrlhausData() {
$urlhausUrl = 'https://urlhaus.abuse.ch/downloads/json_recent/';
$json = file_get_contents($urlhausUrl);
$data = json_decode($json, true);
$map = new Map();
foreach ($data as $entry) {
foreach ($entry as $urlData) {
$domain = parse_url($urlData['url'], PHP_URL_HOST); // Extract domain from URL
$map->put($domain, $urlData); // Store data against domain
}
}
return $map;
}
function checkUrlhaus($domain, Map $urlhausData) {
return $urlhausData->get($domain, false);
}

2
docs/install.md
View file

@ -9,7 +9,7 @@ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stabl
gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update && apt upgrade
apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml pv unzip wget whois
apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-ds php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml pv unzip wget whois
```
### Configure time: