index.mjs

import { createServer } from 'node:http';
import { setTimeout } from 'node:timers';

const msg = 'Relax, take it easy! For there is nothing that we can do.';
const minDelayMs = 3000;
const maxDelayMs = 6000;
const delayDiff = maxDelayMs - minDelayMs;
const randomDelay = () => Math.floor(Math.random() * delayDiff + minDelayMs);
const ipNextReportDateMap = new Map();

const server = createServer((req, res) => {
  const connOpenDate = new Date();
  const endpoint = `${req.method} ${req.url}`;

  if (endpoint === 'GET /health') {
    res.statusCode = 200;
    return res.end('OK\n');
  }

  const ip = req.headers['x-forwarded-for'];
  const userAgent = req.headers['user-agent'];
  const host = req.headers['x-forwarded-host'];

  console.log(
    `${ip} (${userAgent}) targeted ${host} on ${endpoint}`
  );

  let charIdx = 0;
  
  const hang = () => {
    if (res.closed) return;
    else if (charIdx === msg.length) res.end('\n');
    else res.write(msg[charIdx++]);

    setTimeout(hang, randomDelay());
  };

  hang();

  res.once('close', async () => {
    const connCloseDate = new Date();
    const diffText = new Date(connCloseDate - connOpenDate)
      .toISOString()
      .substring(14, 19);

    const nextIpReportDate = ipNextReportDateMap.get(ip) || connCloseDate;
    const hangResult =
      charIdx === msg.length ? 'received the message' : 'aborted connection';

    console.log(`${ip} ${hangResult} after ${diffText}`);

    if (connCloseDate < nextIpReportDate) return;

    const queryParams = new URLSearchParams();

    queryParams.append('ip', ip);
    queryParams.append('categories', '15,21');
    queryParams.append('timestamp', connOpenDate.toISOString());
    queryParams.append(
      'comment',
      `Vulnerability scanner detected!\nUser-Agent: ${userAgent}\nEndpoint: ${endpoint}`
    );

    const abuseIpDbRes = await fetch(
      `https://api.abuseipdb.com/api/v2/report?${queryParams.toString()}`,
      {
        method: 'POST',
        headers: {
          'Accept': 'application/json',
          'Key': process.env.ABUSEIPDB_API_KEY,
        }
      }
    );

    if (abuseIpDbRes.ok) {
      const reportDate = new Date();

      console.log(`${ip} has been reported!`);
      ipNextReportDateMap.set(
        ip,
        new Date(
          reportDate.getFullYear(),
          reportDate.getMonth(),
          reportDate.getDate() + 1,
          reportDate.getHours(),
          reportDate.getMinutes(),
          reportDate.getSeconds()
        )
      );
    } else {
      console.error(
        `Failed to report ${ip}: ${abuseIpDbRes.status} ${abuseIpDbRes.statusText}`
      );
    }
  });
});

server.listen(3000);

process.on('SIGTERM', () => server.close());
Create a "hanger" server 2024-07-24 16:40:40 +02:00			`import { createServer } from 'node:http';`
Introduce random delays between res writes 2024-07-26 16:08:05 +02:00			`import { setTimeout } from 'node:timers';`
Create a "hanger" server 2024-07-24 16:40:40 +02:00
Update message and max delay 2025-09-27 10:38:03 +02:00			`const msg = 'Relax, take it easy! For there is nothing that we can do.';`
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`const minDelayMs = 3000;`
			`const maxDelayMs = 6000;`
			`const delayDiff = maxDelayMs - minDelayMs;`
			`const randomDelay = () => Math.floor(Math.random() * delayDiff + minDelayMs);`
			`const ipNextReportDateMap = new Map();`
Use Polish date format in the logs 2024-07-25 23:04:36 +02:00
Create a "hanger" server 2024-07-24 16:40:40 +02:00			`const server = createServer((req, res) => {`
Reintroduce logging and add SIGTERM handler 2026-01-15 09:34:17 +01:00			`const connOpenDate = new Date();`
			const endpoint = `${req.method} ${req.url}`;
Temporarily log all request headers 2024-07-24 19:19:39 +02:00
Add healthcheck 2026-01-15 09:41:02 +01:00			`if (endpoint === 'GET /health') {`
			`res.statusCode = 200;`
			`return res.end('OK\n');`
			`}`

Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`const ip = req.headers['x-forwarded-for'];`
			`const userAgent = req.headers['user-agent'];`
			`const host = req.headers['x-forwarded-host'];`

Reintroduce logging and add SIGTERM handler 2026-01-15 09:34:17 +01:00			`console.log(`
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`${ip} (${userAgent}) targeted ${host} on ${endpoint}`
Reintroduce logging and add SIGTERM handler 2026-01-15 09:34:17 +01:00			`);`
Create a "hanger" server 2024-07-24 16:40:40 +02:00
Temporarily disable access logs 2025-11-28 13:22:12 +01:00			`let charIdx = 0;`

Introduce random delays between res writes 2024-07-26 16:08:05 +02:00			`const hang = () => {`
			`if (res.closed) return;`
Send the message only once to let fail2ban do its thing 2024-07-30 17:37:51 +02:00			`else if (charIdx === msg.length) res.end('\n');`
			`else res.write(msg[charIdx++]);`
Introduce random delays between res writes 2024-07-26 16:08:05 +02:00
			`setTimeout(hang, randomDelay());`
			`};`

			`hang();`
Create a "hanger" server 2024-07-24 16:40:40 +02:00
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`res.once('close', async () => {`
Reintroduce logging and add SIGTERM handler 2026-01-15 09:34:17 +01:00			`const connCloseDate = new Date();`
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`const diffText = new Date(connCloseDate - connOpenDate)`
			`.toISOString()`
			`.substring(14, 19);`
Send the message only once to let fail2ban do its thing 2024-07-30 17:37:51 +02:00
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`const nextIpReportDate = ipNextReportDateMap.get(ip) \|\| connCloseDate;`
Reintroduce logging and add SIGTERM handler 2026-01-15 09:34:17 +01:00			`const hangResult =`
			`charIdx === msg.length ? 'received the message' : 'aborted connection';`
Log time and targeted host 2024-07-24 19:15:07 +02:00
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			console.log(`${ip} ${hangResult} after ${diffText}`);

			`if (connCloseDate < nextIpReportDate) return;`

			`const queryParams = new URLSearchParams();`

			`queryParams.append('ip', ip);`
Replace Bad Web Bot report category with Hacking 2026-01-17 10:15:24 +01:00			`queryParams.append('categories', '15,21');`
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`queryParams.append('timestamp', connOpenDate.toISOString());`
			`queryParams.append(`
			`'comment',`
			`Vulnerability scanner detected!\nUser-Agent: ${userAgent}\nEndpoint: ${endpoint}`
			`);`

			`const abuseIpDbRes = await fetch(`
			`https://api.abuseipdb.com/api/v2/report?${queryParams.toString()}`,
			`{`
Make sure to use the right HTTP method for the report endpoint 2026-01-17 09:23:15 +01:00			`method: 'POST',`
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`headers: {`
			`'Accept': 'application/json',`
			`'Key': process.env.ABUSEIPDB_API_KEY,`
			`}`
			`}`
			`);`

			`if (abuseIpDbRes.ok) {`
			`const reportDate = new Date();`

			console.log(`${ip} has been reported!`);
			`ipNextReportDateMap.set(`
			`ip,`
			`new Date(`
			`reportDate.getFullYear(),`
			`reportDate.getMonth(),`
			`reportDate.getDate() + 1,`
			`reportDate.getHours(),`
			`reportDate.getMinutes(),`
			`reportDate.getSeconds()`
			`)`
			`);`
			`} else {`
			`console.error(`
			`Failed to report ${ip}: ${abuseIpDbRes.status} ${abuseIpDbRes.statusText}`
			`);`
			`}`
Reintroduce logging and add SIGTERM handler 2026-01-15 09:34:17 +01:00			`});`
Create a "hanger" server 2024-07-24 16:40:40 +02:00			`});`

			`server.listen(3000);`
Reintroduce logging and add SIGTERM handler 2026-01-15 09:34:17 +01:00
Implement AbuseIPDB reporting 2026-01-17 08:45:23 +01:00			`process.on('SIGTERM', () => server.close());`