Skip to content
/ ip-flame Public
forked from johnjohnsp1/ip-flame

Wall of Shame Generator from Web Server Logs

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hernannh/ip-flame

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
templates
templates
 
 
README.md
README.md
 
 
config-ip-flame.txt
config-ip-flame.txt
 
 
ip-flame.sh
ip-flame.sh
 
 
whitelist.txt
whitelist.txt
 
 

Repository files navigation

ip-flame


IP-Flame is a public Hack/Spam/DoS Attempt IP Wall-of-Shame generator for IP addresses from Apache2 Logs. I got his idea from constantly having to blacklist IP addresses that try to add spam to an old wiki that I used to host on C programming. Why would C programmers want knock-off Louis Vuitton purses from .CN anyways? I don't know. I actually took the wiki down because of the amount of spam that was slamming it and because CloudFlare.com only allows you to block and entire country with an expensive subscription. I thought that if there was a simple, pretty way to just check the logs and have a lot of detailed output, I would be a bit happier about the spam. My own Wall-Of-Flame can be found here: WeakNet Labs' IP Flames

Functions

The main script can be ran with: ./ip-flame.sh after the configuration file config-ip-flame.txt file is updated. The script generates a static HTML report that includes dynamically generated links to Shodan, SpamCop, ARIN, APNIC, InfoByIp, and Sophos, for each offending IP address found. The script does NOT make any request to these sites, just generates the links for your convenience.

Technically, this could be used as a simply incident response tool for web-application breaches or disclosures of web-accessible data. IDS functionality is in development as well for sneding the report from the cron job to an MMS address.

Requirements

Linux: bash, sed, awk, egrep
Web Server: log file and hosting of report, Apache2

Screenshots


Terminal Output:

trevelyn@80211:~/repository/ip-flame$ ./ip-flame.sh
[ + ] WWW log location: /path/to/log/apache2/access.log
[ + ] Using web-host path: /path/to/wwwroot/example.com/flamed-ips.html
[ + ] Generated IP white list: 192.168.1.100|192.168.1.101
[ + ] Matching offending lines: /wiki/c
[ + ] HTML file generation completed and stored in /path/to/wwwroot/example.com/flamed-ips.html
trevelyn@80211:~/repository/ip-flame$

Configuration / Install

The file config-ip-flame.txt is the configuration file.

# IP-FLAME Configuration File
# #
# use fwd slashes at the end of path names! 
# ~Douglas - [email protected]
web-path=/path/to/wwwroot/example.com/
offending-lines=/wiki/c
web-log=/path/to/apache2/access.log
temp-path=/tmp/
  1. Web Path is to where you would like to host your report
  2. Offending Lines are lines, or requests that resemble hacking attempts (SQLi, XSS, Spam)
  3. Web Log is the path to your Apache2 log file
  4. Tmp Path is the temporary working path for file generation

To run the application, simply use ./ip-flame.sh. To install IP-Flame, simply copy the executable into one of your $PATH directories to make it readily available. E.G.

trevelyn@80211:~/repository/ip-flame$ cp ip-flame.sh /usr/local/bin
trevelyn@80211:~/repository/ip-flame$ ip-flame.sh

TODO

  1. Mobile responsive design
  2. Finish coding MMS/IDS function
  3. Write cron job to generate the report automatically
  4. Add a total (IPs) to the top of the HTML report

About

Wall of Shame Generator from Web Server Logs

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 69.2%
  • HTML 30.8%