Compare commits
9 Commits
ed11b2d15d
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
3a31cd4540
|
|||
|
c876cbedc4
|
|||
|
3bd264f974
|
|||
|
21c3d2e194
|
|||
|
71312297be
|
|||
|
58b8cf3bdc
|
|||
|
38e5654341
|
|||
|
efbcc5a7fb
|
|||
|
20881c1ba4
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
.env
|
||||||
11
Dockerfile
11
Dockerfile
@@ -1,8 +1,15 @@
|
|||||||
FROM node:lts-alpine
|
FROM node:lts-alpine
|
||||||
USER node
|
USER node
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
ENV NODE_ENV production
|
ENV NODE_ENV=production
|
||||||
ENV TZ Europe/Warsaw
|
ENV TZ=Europe/Warsaw
|
||||||
COPY --chown=node:node index.mjs ./
|
COPY --chown=node:node index.mjs ./
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
CMD ["node", "./index.mjs"]
|
CMD ["node", "./index.mjs"]
|
||||||
|
|
||||||
|
HEALTHCHECK \
|
||||||
|
--interval=10s \
|
||||||
|
--timeout=5s \
|
||||||
|
--start-period=3s \
|
||||||
|
--retries=3 \
|
||||||
|
CMD ["wget", "http://localhost:3000/health", "-O", "/dev/null", "-q"]
|
||||||
|
|||||||
87
index.mjs
87
index.mjs
@@ -2,21 +2,31 @@ import { createServer } from 'node:http';
|
|||||||
import { setTimeout } from 'node:timers';
|
import { setTimeout } from 'node:timers';
|
||||||
|
|
||||||
const msg = 'Relax, take it easy! For there is nothing that we can do.';
|
const msg = 'Relax, take it easy! For there is nothing that we can do.';
|
||||||
const minDelay = 3000;
|
const minDelayMs = 3000;
|
||||||
const maxDelay = 5000;
|
const maxDelayMs = 6000;
|
||||||
const delayDiff = maxDelay - minDelay;
|
const delayDiff = maxDelayMs - minDelayMs;
|
||||||
const randomDelay = () => Math.floor(Math.random() * delayDiff + minDelay);
|
const randomDelay = () => Math.floor(Math.random() * delayDiff + minDelayMs);
|
||||||
|
const ipNextReportDateMap = new Map();
|
||||||
|
|
||||||
const server = createServer((req, res) => {
|
const server = createServer((req, res) => {
|
||||||
const connOpenDate = new Date();
|
const connOpenDate = new Date();
|
||||||
const dateText = connOpenDate.toLocaleString('pl');
|
|
||||||
const scannerIP = req.headers['x-forwarded-for'];
|
|
||||||
const host = req.headers['x-forwarded-host'];
|
|
||||||
const endpoint = `${req.method} ${req.url}`;
|
const endpoint = `${req.method} ${req.url}`;
|
||||||
|
|
||||||
|
if (endpoint === 'GET /health') {
|
||||||
|
res.statusCode = 200;
|
||||||
|
return res.end('OK\n');
|
||||||
|
}
|
||||||
|
|
||||||
|
const ip = req.headers['x-forwarded-for'];
|
||||||
|
const userAgent = req.headers['user-agent'];
|
||||||
|
const host = req.headers['x-forwarded-host'];
|
||||||
|
|
||||||
|
console.log(
|
||||||
|
`${ip} (${userAgent}) targeted ${host} on ${endpoint}`
|
||||||
|
);
|
||||||
|
|
||||||
let charIdx = 0;
|
let charIdx = 0;
|
||||||
|
|
||||||
console.log(`[${dateText}] ${scannerIP} targeted ${host} on ${endpoint}`);
|
|
||||||
|
|
||||||
const hang = () => {
|
const hang = () => {
|
||||||
if (res.closed) return;
|
if (res.closed) return;
|
||||||
else if (charIdx === msg.length) res.end('\n');
|
else if (charIdx === msg.length) res.end('\n');
|
||||||
@@ -27,17 +37,64 @@ const server = createServer((req, res) => {
|
|||||||
|
|
||||||
hang();
|
hang();
|
||||||
|
|
||||||
res.once('close', () => {
|
res.once('close', async () => {
|
||||||
const connCloseDate = new Date();
|
const connCloseDate = new Date();
|
||||||
const timeDiff = connCloseDate.getTime() - connOpenDate.getTime();
|
const diffText = new Date(connCloseDate - connOpenDate)
|
||||||
const dateText = connCloseDate.toLocaleString('pl');
|
.toISOString()
|
||||||
const diffText = new Date(timeDiff).toISOString().substring(14, 19);
|
.substring(14, 19);
|
||||||
|
|
||||||
|
const nextIpReportDate = ipNextReportDateMap.get(ip) || connCloseDate;
|
||||||
const hangResult =
|
const hangResult =
|
||||||
charIdx === msg.length ? 'received the message' : 'aborted connection';
|
charIdx === msg.length ? 'received the message' : 'aborted connection';
|
||||||
|
|
||||||
console.log(`[${dateText}] ${scannerIP} ${hangResult} after ${diffText}`);
|
console.log(`${ip} ${hangResult} after ${diffText}`);
|
||||||
|
|
||||||
|
if (connCloseDate < nextIpReportDate) return;
|
||||||
|
|
||||||
|
const queryParams = new URLSearchParams();
|
||||||
|
|
||||||
|
queryParams.append('ip', ip);
|
||||||
|
queryParams.append('categories', '15,21');
|
||||||
|
queryParams.append('timestamp', connOpenDate.toISOString());
|
||||||
|
queryParams.append(
|
||||||
|
'comment',
|
||||||
|
`Vulnerability scanner detected!\nUser-Agent: ${userAgent}\nEndpoint: ${endpoint}`
|
||||||
|
);
|
||||||
|
|
||||||
|
const abuseIpDbRes = await fetch(
|
||||||
|
`https://api.abuseipdb.com/api/v2/report?${queryParams.toString()}`,
|
||||||
|
{
|
||||||
|
method: 'POST',
|
||||||
|
headers: {
|
||||||
|
'Accept': 'application/json',
|
||||||
|
'Key': process.env.ABUSEIPDB_API_KEY,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
if (abuseIpDbRes.ok) {
|
||||||
|
const reportDate = new Date();
|
||||||
|
|
||||||
|
console.log(`${ip} has been reported!`);
|
||||||
|
ipNextReportDateMap.set(
|
||||||
|
ip,
|
||||||
|
new Date(
|
||||||
|
reportDate.getFullYear(),
|
||||||
|
reportDate.getMonth(),
|
||||||
|
reportDate.getDate() + 1,
|
||||||
|
reportDate.getHours(),
|
||||||
|
reportDate.getMinutes(),
|
||||||
|
reportDate.getSeconds()
|
||||||
|
)
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
console.error(
|
||||||
|
`Failed to report ${ip}: ${abuseIpDbRes.status} ${abuseIpDbRes.statusText}`
|
||||||
|
);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
server.listen(3000);
|
server.listen(3000);
|
||||||
|
|
||||||
|
process.on('SIGTERM', () => server.close());
|
||||||
|
|||||||
Reference in New Issue
Block a user