meramsey/abuseabuseipdb_report.php

## abuseabuseipdb_report.php
#!/usr/bin/env php
<?php

// get command line arguments
$args = $argv;

// AbuseIPDB API Key
$api_key = 'YOUR_API_KEY';

// your AbuseIPDB User ID
$user_id = 'YOUR_USER_ID';

// Your Server IPs to hide
$server_ip = [ 'server_ip' ];

// categories to tag in AbuseIPDB
$categories = [
    '5' => 'ftpd',
    '11' => 'email',
    '18' => 'brute-force',
    '21' => 'cpanel',
    '22' => 'ssh',
    '14' => 'port scan'
  ];

$msg = $argv[6];
$log = $argv[7];
$ips = $argv[1];

// default categories to tag in AbuseIPDB report
$cats = [ '18' ];

// see if the message or logs include any of the keywords from categories
foreach ($categories as $id => $category) {
  if (stristr($log, $category) || stristr($msg, $category)) {
    // add category to array to report
    $cats[] = $id;
  }
}

echo 'Remote IP: ' . $ips . PHP_EOL;
echo 'Message: ' . $msg . PHP_EOL;
echo 'Categories: ' . implode(', ', $cats) . PHP_EOL;

// check AbuseIPDB reports
$check = file_get_contents('https://www.abuseipdb.com/check/'. $ips .'/json?key='. $api_key .'&days=10&verbose');
$check = json_decode($check);

// fix for converting a single report to array
if (isset($check->ip)) {
  $new = [];
  $new[0] = $check;
  $check = $new;
}

// loop through reports to see if IP was previously reported by yourself
foreach ($check as $report) {
  if ($report->userId == $user_id) {
    echo 'ALREADY REPORTED' . PHP_EOL;
    exit;
  }
}

echo 'IP Reported: '. count($check) .' times.' . PHP_EOL;

// report new IP to AbuseIPDB
$publish = file_get_contents('https://www.abuseipdb.com/report/json?key='. $api_key .'&category='. implode(',', $cats) .'&comment='. urlencode($msg) .'&ip='. $ips);

// print response from AbuseIPDB
$publish = json_decode($publish);
echo print_r($publish, 1) . PHP_EOL;
	#!/usr/bin/env php
	<?php

	// get command line arguments
	$args = $argv;

	// AbuseIPDB API Key
	$api_key = 'YOUR_API_KEY';

	// your AbuseIPDB User ID
	$user_id = 'YOUR_USER_ID';

	// Your Server IPs to hide
	$server_ip = [ 'server_ip' ];

	// categories to tag in AbuseIPDB
	$categories = [
	'5' => 'ftpd',
	'11' => 'email',
	'18' => 'brute-force',
	'21' => 'cpanel',
	'22' => 'ssh',
	'14' => 'port scan'
	];

	$msg = $argv[6];
	$log = $argv[7];
	$ips = $argv[1];

	// default categories to tag in AbuseIPDB report
	$cats = [ '18' ];

	// see if the message or logs include any of the keywords from categories
	foreach ($categories as $id => $category) {
	if (stristr($log, $category) \|\| stristr($msg, $category)) {
	// add category to array to report
	$cats[] = $id;
	}
	}

	echo 'Remote IP: ' . $ips . PHP_EOL;
	echo 'Message: ' . $msg . PHP_EOL;
	echo 'Categories: ' . implode(', ', $cats) . PHP_EOL;

	// check AbuseIPDB reports
	$check = file_get_contents('https://www.abuseipdb.com/check/'. $ips .'/json?key='. $api_key .'&days=10&verbose');
	$check = json_decode($check);

	// fix for converting a single report to array
	if (isset($check->ip)) {
	$new = [];
	$new[0] = $check;
	$check = $new;
	}

	// loop through reports to see if IP was previously reported by yourself
	foreach ($check as $report) {
	if ($report->userId == $user_id) {
	echo 'ALREADY REPORTED' . PHP_EOL;
	exit;
	}
	}

	echo 'IP Reported: '. count($check) .' times.' . PHP_EOL;

	// report new IP to AbuseIPDB
	$publish = file_get_contents('https://www.abuseipdb.com/report/json?key='. $api_key .'&category='. implode(',', $cats) .'&comment='. urlencode($msg) .'&ip='. $ips);

	// print response from AbuseIPDB
	$publish = json_decode($publish);
	echo print_r($publish, 1) . PHP_EOL;