Skip to content

GitLab

M
mod_honeypot
Source
Select Git revision
...
Target
Select Git revision
 
Commits (2)
Show whitespace changes
Inline Side-by-side
Showing with 125 additions and 113 deletions
src/mod_honeypot.c
View file @ c9a519a8
/*
* Date: 20-Jul-2015
* Date: 23-Oct-2018
* Info: mod_honeypot Apache 2 module
* Version: See MODULE_VERSION
* Author: Yoyodyne Software Systems, Inc.
......@@ -32,6 +32,9 @@
* Prepend "hp_" to config struct variables
* 20-Jul-2015 1.2.03 BRM
* Change "failsafe accept" message to "passthrough"
* 23-oct-2018 1.2.04 UHE
* Change remote_ip -> client_ip for apache 2.4
* IP lookup only for IPv4 Addresses
*/
/* ==================== EXTREMELY IMPORTANT ===================
......@@ -127,7 +130,7 @@
#define HP_THREAT_AGE 90 /* Threat age threshold (days) */
#define HP_THREAT_LEVEL 10 /* Threat level threshold */
#define MODULE_NAME "mod_honeypot"
#define MODULE_VERSION "1.2.03" /* Module revision level */
#define MODULE_VERSION "1.2.04" /* Module revision level */
#define IP_CACHE_SIZE 256 /* IPv4 cache table size */
#define LOOKUP_SIZE 80 /* PH DNS lookup string size */
......@@ -255,7 +258,7 @@ static int hp_check_ipv4_cache
/* Retrieve the IP of the requester */
remote_ip = r->connection->remote_ip;
remote_ip = r->connection->client_ip;
if (hp_scfg->hp_logdebug & 0x00000080) {
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
......@@ -361,10 +364,10 @@ static void hp_add_ipv4_cache
if (hp_scfg->hp_logdebug & 0x00001000)
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: Add %u %s %d",
hp_scfg->hp_ip_cachenext, r->connection->remote_ip,
hp_scfg->hp_ip_cachenext, r->connection->client_ip,
ipstatus);
strncpy(hp_scfg->hp_cached_ip_addr[hp_scfg->hp_ip_cachenext], r->connection->remote_ip, 16);
strncpy(hp_scfg->hp_cached_ip_addr[hp_scfg->hp_ip_cachenext], r->connection->client_ip, 16);
hp_scfg->hp_cached_ip_result[hp_scfg->hp_ip_cachenext] = ipstatus;
/* Bump list size, next available slot and rotate buffer if needed */
......@@ -438,7 +441,7 @@ static int honeypot_handler
if (hp_scfg->hp_logdebug & 0x00000004)
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: Debug flags 0x%x", hp_scfg->hp_logdebug);
"mod_honeypot: Debug flags 0x%lx", hp_scfg->hp_logdebug);
/* Process only request methods on our method list */
......@@ -470,7 +473,7 @@ static int honeypot_handler
if (hp_scfg->hp_logdebug & 0x00800000)
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: IP %s in reject cache",
r->connection->remote_ip);
r->connection->client_ip);
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: Blocklisted");
if (hp_scfg->hp_logdebug & 0x00000001)
......@@ -487,7 +490,7 @@ static int honeypot_handler
if (hp_scfg->hp_logdebug & 0x00800000)
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: IP %s not in cache",
r->connection->remote_ip);
r->connection->client_ip);
break;
/* Previously accepted */
......@@ -495,7 +498,7 @@ static int honeypot_handler
if (hp_scfg->hp_logdebug & 0x00800000)
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: IP %s in accept cache",
r->connection->remote_ip);
r->connection->client_ip);
return DECLINED;
break;
}
......@@ -508,14 +511,17 @@ static int honeypot_handler
struct hostent *hp = 0;
memset(lookup_this, '\0', LOOKUP_SIZE);
sscanf(r->connection->remote_ip,
"%d.%d.%d.%d",
&oct1, &oct2, &oct3, &oct4);
if (sscanf(r->connection->client_ip,
"::ffff:%d.%d.%d.%d",
&oct1, &oct2, &oct3, &oct4)) {
/* remote IP is a IPv4 Address, so go on an check it ... */
snprintf(lookup_this, LOOKUP_SIZE-1,
"%s.%d.%d.%d.%d.%s",
hp_scfg->hp_access_key,
oct4, oct3, oct2, oct1,
"dnsbl.httpbl.org");
"dnsbl.httpbl.org.");
/* See if the requester is a known PH offender. Fail-safe on error. */
......@@ -549,11 +555,12 @@ static int honeypot_handler
if (hp_scfg->hp_logdebug & 0x10000000)
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: IP %s added to accept cache",
r->connection->remote_ip);
r->connection->client_ip);
hp_add_ipv4_cache(r, (int)1);
return DECLINED;
}
/* Requesting IPv4 address is now known to be an offender. */
/* Get the 4-octet DNS response "IP address" */
......@@ -578,7 +585,7 @@ static int honeypot_handler
if (hp_scfg->hp_logdebug & 0x02000000)
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: Visitor type matches 0x%x",
"mod_honeypot: Visitor type matches 0x%lx",
hp_scfg->hp_visitor_type);
/* See if the threat level matches or exceeds our limit */
......@@ -634,7 +641,7 @@ static int honeypot_handler
if (hp_scfg->hp_logdebug & 0x10000000)
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
"mod_honeypot: IP %s added to reject cache",
r->connection->remote_ip);
r->connection->client_ip);
hp_add_ipv4_cache(r, (int)-1);
......@@ -644,6 +651,11 @@ static int honeypot_handler
ap_custom_response(r, HTTP_FORBIDDEN,
"Your IP address is on the Project Honeypot offender list.");
return HTTP_FORBIDDEN;
}
/* failsave if it's a IPv6 request allow it */
return DECLINED;
}
......@@ -849,7 +861,7 @@ static int honeypot_post_config
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
MODULE_NAME " " MODULE_VERSION);
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
" Data block %u bytes",
" Data block %lu bytes",
sizeof(hp_mod_config));
return OK;
......