function get_ip($as_integer = false)
{
$ip = $_SERVER['REMOTE_ADDR'];
if (CONFIG_TRUST_HTTP_X_FORWARDED_FOR_IP && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// in almost all cases, there will only be one IP in this header
if (is_valid_ip($_SERVER['HTTP_X_FORWARDED_FOR'], true)) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$forwarded_for_list = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
foreach ($forwarded_for_list as $forwarded_for) {
$forwarded_for = trim($forwarded_for);
if (is_valid_ip($forwarded_for, true)) {
$ip = $forwarded_for;
break;
}
}
}
}
if ($as_integer) {
return inet_aton($ip);
} else {
return $ip;
}
}
function check_input($data)
{
global $request_settings;
global $errormessage;
prepare_ip($data);
if (!isset($request_settings['ip_address']) or !is_valid_ip($request_settings['ip_address'])) {
$errormessage = 'Invalid IP Address';
return false;
}
if (!isset($data['s']) or empty($data['s']) or !validate_md5($data['s'])) {
$errormessage = 'No valid Integration Placement ID supplied. (Variable "s")';
return false;
}
$request_settings['placement_hash'] = $data['s'];
prepare_ua($data);
if (!isset($request_settings['user_agent']) or empty($request_settings['user_agent'])) {
$errormessage = 'No User Agent supplied. (Variable "u")';
return false;
}
return true;
}
function is_valid_ip_filter($ip)
{
global $global_allow_all_ftp;
if ($global_allow_all_ftp) {
return true;
}
if (!is_valid_ip($ip)) {
return false;
}
$ip_values = preg_split("/[.]/", $ip);
for ($i = 0; $i < 4; $i++) {
$ip_values[$i] = intval($ip_values[$i]);
}
if ($ip_values[0] == 10) {
return false;
}
if ($ip_values[0] == 172 && $ip_values[1] >= 16 && $ip_values[1] <= 31) {
return false;
}
return true;
}
/**
* Attempt to get the IP address of the current user
*
* @param integer The number of groups to include in the IP address (rest will be replaced with *'s). For IP6, this is doubled.
* @set 1 2 3 4
* @return IP The users IP address (blank: could not find a valid one)
*/
function get_ip_address($amount = 4)
{
// return strval(mt_rand(0,255)).'.'.strval(mt_rand(0,255)).'.'.strval(mt_rand(0,255)).'.'.strval(mt_rand(0,255)); // Nice little test for if sessions break
$fw = ocp_srv('HTTP_X_FORWARDED_FOR');
if (ocp_srv('HTTP_CLIENT_IP') != '') {
$fw = ocp_srv('HTTP_CLIENT_IP');
}
if ($fw != '' && $fw != '127.0.0.1' && substr($fw, 0, 8) != '192.168.' && substr($fw, 0, 3) != '10.' && is_valid_ip($fw) && $fw != ocp_srv('SERVER_ADDR')) {
$ip = $fw;
} else {
$ip = ocp_srv('REMOTE_ADDR');
}
// Bizarro-filter (found "in the wild")
$pos = strpos($ip, ',');
if ($pos !== false) {
$ip = substr($ip, 0, $pos);
}
$ip = preg_replace('#%14$#', '', $ip);
if (!is_valid_ip($ip)) {
return '';
}
if (strpos($ip, '.') === false) {
if (substr_count($ip, ':') < 7) {
$ip = str_replace('::', str_repeat(':', 7 - substr_count($ip, ':') + 2), $ip);
}
$parts = explode(':', $ip);
for ($i = 0; $i < $amount * 2; $i++) {
$parts[$i] = isset($parts[$i]) ? str_pad($parts[$i], 4, '0', STR_PAD_LEFT) : '0000';
}
for ($i = $amount * 2; $i < 8; $i++) {
$parts[$i] = '*';
}
return implode(':', $parts);
} else {
$parts = explode('.', $ip);
for ($i = 0; $i < $amount; $i++) {
if (!array_key_exists($i, $parts)) {
$parts[$i] = '0';
}
}
for ($i = $amount; $i < 4; $i++) {
$parts[$i] = '*';
}
return implode('.', $parts);
}
}
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
head('IP log');
menu_management();
$where = array();
if (is_valid_ip(array_get($_GET, 'ip'))) {
section_head('Teams using IP ' . $_GET['ip']);
$where['ip'] = ip2long($_GET['ip']);
} else {
if (is_valid_id(array_get($_GET, 'user_id'))) {
section_head('IP log for user');
$where['user_id'] = $_GET['user_id'];
} else {
message_error('Must supply either IP or user ID');
}
}
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>Team name</th>
<th>Hostname</th>
<th>First used</th>
<th>Last used</th>
<th>Times used</th>
</tr>
</thead>
<tbody>
';
/**
* Validate IPv4 Address (Check if it is a public IP).
*
* @param string $ip IP address
*
* @return bool
*/
function is_public_ip($ip)
{
if (!is_valid_ip($ip)) {
return false;
}
return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
}
/**
* Log a hackattack, then displays an error message. It also attempts to send an e-mail to the staff alerting them of the hackattack.
*
* @param ID_TEXT The reason for the hack attack. This has to be a language string codename
* @param SHORT_TEXT A parameter for the hack attack language string (this should be based on a unique ID, preferably)
* @param SHORT_TEXT A more illustrative parameter, which may be anything (e.g. a title)
*/
function _log_hack_attack_and_exit($reason, $reason_param_a = '', $reason_param_b = '')
{
if (function_exists('set_time_limit')) {
@set_time_limit(4);
}
global $EXTRA_HEAD;
if (!isset($EXTRA_HEAD)) {
$EXTRA_HEAD = new ocp_tempcode();
}
$EXTRA_HEAD->attach('<meta name="robots" content="noindex" />');
// XHTMLXHTML
$GLOBALS['HTTP_STATUS_CODE'] = '403';
if (!headers_sent()) {
if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) {
header('HTTP/1.0 403 Forbidden');
}
// Stop spiders ever storing the URL that caused this
}
if (!addon_installed('securitylogging')) {
warn_exit(do_lang_tempcode('HACK_ATTACK_USER'));
}
$ip = get_ip_address();
$ip2 = ocp_srv('REMOTE_ADDR');
if (!is_valid_ip($ip2)) {
$ip2 = '';
}
if ($ip2 == $ip || $ip2 == '' || ocp_srv('SERVER_ADDR') == $ip2) {
$ip2 = NULL;
}
if (function_exists('get_member')) {
$id = get_member();
$username = $GLOBALS['FORUM_DRIVER']->get_username($id);
if (is_null($username)) {
$username = do_lang('UNKNOWN');
}
} else {
$id = db_get_first_id();
$username = function_exists('do_lang') ? do_lang('UNKNOWN') : 'Unknown';
}
$url = ocp_srv('PHP_SELF') . '?' . ocp_srv('QUERY_STRING');
$post = '';
foreach ($_POST as $key => $val) {
if (!is_string($val)) {
continue;
}
$post .= $key . ' => ' . $val . "\n\n";
}
$count = $GLOBALS['SITE_DB']->query_value('hackattack', 'COUNT(*)', array('ip' => $ip));
$alt_ip = false;
if (!is_null($ip2)) {
$count2 = $GLOBALS['SITE_DB']->query_value('hackattack', 'COUNT(*)', array('ip' => $ip2));
if ($count2 > $count) {
$count = $count2;
$alt_ip = true;
}
}
$hack_threshold = 5;
if (array_key_exists('FORUM_DRIVER', $GLOBALS) && function_exists('get_member') && $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) {
$count = 0;
}
$new_row = array('user_agent' => substr(get_browser_string(), 0, 255), 'referer' => substr(ocp_srv('HTTP_REFERER'), 0, 255), 'user_os' => substr(get_os_string(), 0, 255), 'reason' => $reason, 'reason_param_a' => substr($reason_param_a, 0, 255), 'reason_param_b' => substr($reason_param_b, 0, 255), 'url' => substr($url, 0, 255), 'data_post' => $post, 'the_user' => $id, 'date_and_time' => time(), 'ip' => $ip);
$ip_ban_todo = NULL;
if ($count >= $hack_threshold && get_option('autoban') != '0') {
// Test we're not banning a good bot
$se_ip_lists = array('http://www.iplists.com.nyud.net/nw/google.txt', 'http://www.iplists.com.nyud.net/nw/msn.txt', 'http://www.iplists.com.nyud.net/infoseek.txt', 'http://www.iplists.com.nyud.net/nw/inktomi.txt', 'http://www.iplists.com.nyud.net/nw/lycos.txt', 'http://www.iplists.com.nyud.net/nw/askjeeves.txt', 'http://www.iplists.com.nyud.net/northernlight.txt', 'http://www.iplists.com.nyud.net/nw/altavista.txt', 'http://www.iplists.com.nyud.net/nw/misc.txt');
$ip_stack = array();
$ip_bits = explode(strpos($alt_ip ? $ip2 : $ip, '.') !== false ? '.' : ':', $alt_ip ? $ip2 : $ip);
foreach ($ip_bits as $i => $ip_bit) {
$buildup = '';
for ($j = 0; $j <= $i; $j++) {
if ($buildup != '') {
$buildup .= strpos($alt_ip ? $ip2 : $ip, '.') !== false ? '.' : ':';
}
$buildup .= $ip_bits[$j];
}
$ip_stack[] = $buildup;
}
$is_se = false;
foreach ($se_ip_lists as $ip_list) {
$ip_list_file = http_download_file($ip_list, NULL, false);
if (is_string($ip_list_file)) {
$ip_list_array = explode(chr(10), $ip_list_file);
foreach ($ip_stack as $ip_s) {
if (in_array($ip_s, $ip_list_array)) {
$is_se = true;
}
}
if ($is_se) {
break;
}
}
}
$dns = @gethostbyaddr($alt_ip ? $ip2 : $ip);
if (preg_match('#(\\s|,|^)gethostbyname(\\s|$|,)#i', @ini_get('disable_functions')) != 0 || @gethostbyname($dns) === ($alt_ip ? $ip2 : $ip)) {
$se_domain_names = array('googlebot.com', 'google.com', 'msn.com', 'yahoo.com', 'ask.com', 'aol.com');
foreach ($se_domain_names as $domain_name) {
if (substr($dns, -strlen($domain_name) - 1) == '.' . $domain_name) {
$is_se = true;
break;
}
}
}
if (!$is_se && ($alt_ip ? $ip2 : $ip) != '127.0.0.1') {
$rows = $GLOBALS['SITE_DB']->query_select('hackattack', array('*'), array('ip' => $alt_ip ? $ip2 : $ip));
$rows[] = $new_row;
$summary = '';
foreach ($rows as $row) {
$full_reason = do_lang($row['reason'], $row['reason_param_a'], $row['reason_param_b'], NULL, get_site_default_lang());
$summary .= "\n" . ' - ' . $full_reason . ' [' . $row['url'] . ']';
}
add_ip_ban($alt_ip ? $ip2 : $ip, $full_reason);
$_ip_ban_url = build_url(array('page' => 'admin_ipban', 'type' => 'misc'), get_module_zone('admin_ipban'), NULL, false, false, true);
$ip_ban_url = $_ip_ban_url->evaluate();
$ip_ban_todo = do_lang('AUTO_BAN_HACK_MESSAGE', $alt_ip ? $ip2 : $ip, integer_format($hack_threshold), array($summary, $ip_ban_url), get_site_default_lang());
}
}
$GLOBALS['SITE_DB']->query_insert('hackattack', $new_row);
if (!is_null($ip2)) {
$new_row['ip'] = $ip2;
$GLOBALS['SITE_DB']->query_insert('hackattack', $new_row);
}
if (function_exists('do_lang')) {
$reason_full = do_lang($reason, $reason_param_a, $reason_param_b, NULL, get_site_default_lang());
$_stack_trace = get_html_trace();
$stack_trace = str_replace('html', 'html', $_stack_trace->evaluate());
$time = get_timezoned_date(time(), true, true, true);
$message = do_template('HACK_ATTEMPT_MAIL', array('_GUID' => '6253b3c42c5e6c70d20afa9d1f5b40bd', 'STACK_TRACE' => $stack_trace, 'USER_AGENT' => get_browser_string(), 'REFERER' => ocp_srv('HTTP_REFERER'), 'USER_OS' => get_os_string(), 'REASON' => $reason_full, 'IP' => $ip, 'ID' => strval($id), 'USERNAME' => $username, 'TIME_RAW' => strval(time()), 'TIME' => $time, 'URL' => $url, 'POST' => $post), get_site_default_lang());
require_code('notifications');
$subject = do_lang('HACK_ATTACK_SUBJECT', $ip, NULL, NULL, get_site_default_lang());
dispatch_notification('hack_attack', NULL, $subject, $message->evaluate(get_site_default_lang(), false), NULL, A_FROM_SYSTEM_PRIVILEGED);
if (!is_null($ip_ban_todo)) {
$subject = do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang());
dispatch_notification('auto_ban', NULL, $subject, $ip_ban_todo, NULL, A_FROM_SYSTEM_PRIVILEGED);
}
}
if (preg_match('#^localhost[\\.\\:$]#', ocp_srv('HTTP_HOST')) != 0 && substr(get_base_url(), 0, 17) == 'http://localhost/') {
fatal_exit(do_lang('HACK_ATTACK'));
}
warn_exit(do_lang_tempcode('HACK_ATTACK_USER'));
}
protected function is_valid_ip($address)
{
if (defined('STRICT_TYPES') && CAMEL_CASE == '1') {
return (bool) self::parameters(['address' => DT::STRING])->call(__FUNCTION__)->with($address)->returning(DT::BOOL);
} else {
return (bool) is_valid_ip($address);
}
}
function getIPAddress()
{
if ($this->ipAddress !== FALSE) {
return $this->ipAddress;
}
if ($this->server('REMOTE_ADDR') and $this->server('HTTP_CLIENT_IP')) {
$this->ipAddress = $_SERVER['HTTP_CLIENT_IP'];
} elseif ($this->server('REMOTE_ADDR')) {
$this->ipAddress = $_SERVER['REMOTE_ADDR'];
} elseif ($this->server('HTTP_CLIENT_IP')) {
$this->ipAddress = $_SERVER['HTTP_CLIENT_IP'];
} elseif ($this->server('HTTP_X_FORWARDED_FOR')) {
$this->ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
if ($this->ipAddress === FALSE) {
$this->ipAddress = '0.0.0.0';
return $this->ipAddress;
}
if (strstr($this->ipAddress, ',')) {
$x = explode(',', $this->ipAddress);
$this->ipAddress = end($x);
}
if (!is_valid_ip($this->ipAddress)) {
$this->ipAddress = '0.0.0.0';
}
return $this->ipAddress;
}