Skip to content

Instantly share code, notes, and snippets.

@niraj-shah niraj-shah/lfd.php
Last active Mar 12, 2019

Embed
What would you like to do?
#!/usr/local/bin/php
<?php
// get command line arguments
$args = $argv;
// AbuseIPDB API Key
$api_key = 'xxx';
// your AbuseIPDB User ID
$user_id = 'yyy';
// Your Server IPs to hide
$server_ip = [ 'server_ip' ];
// categories to tag in AbuseIPDB
$categories = [
'5' => 'ftpd',
'11' => 'email',
'18' => 'brute-force',
'21' => 'cpanel',
'22' => 'ssh',
'14' => 'port scan'
];
$msg = $argv[6];
$log = $argv[7];
$ips = $argv[1];
// default categories to tag in AbuseIPDB report
$cats = [ '18' ];
// see if the message or logs include any of the keywords from categories
foreach ($categories as $id => $category) {
if (stristr($log, $category) || stristr($msg, $category)) {
// add category to array to report
$cats[] = $id;
}
}
echo 'Remote IP: ' . $ips . PHP_EOL;
echo 'Message: ' . $msg . PHP_EOL;
echo 'Categories: ' . implode(', ', $cats) . PHP_EOL;
// check AbuseIPDB reports
$check = file_get_contents('https://www.abuseipdb.com/check/'. $ips .'/json?key='. $api_key .'&days=10&verbose');
$check = json_decode($check);
// fix for converting a single report to array
if (isset($check->ip)) {
$new = [];
$new[0] = $check;
$check = $new;
}
// loop through reports to see if IP was previously reported by yourself
foreach ($check as $report) {
if ($report->userId == $user_id) {
echo 'ALREADY REPORTED' . PHP_EOL;
exit;
}
}
echo 'IP Reported: '. count($check) .' times.' . PHP_EOL;
// report new IP to AbuseIPDB
$publish = file_get_contents('https://www.abuseipdb.com/report/json?key='. $api_key .'&category='. implode(',', $cats) .'&comment='. urlencode($msg) .'&ip='. $ips);
// print response from AbuseIPDB
$publish = json_decode($publish);
echo print_r($publish, 1) . PHP_EOL;
@ohgoodiee

This comment has been minimized.

Copy link

ohgoodiee commented Nov 20, 2018

Exactly what I have been looking for. Thank you.
Question: What if my ID on aipdb is set to anon? There are a lot of anon on there. Is there a way to set it to check by key?

@niraj-shah

This comment has been minimized.

Copy link
Owner Author

niraj-shah commented Mar 12, 2019

@ohgoodiee sorry for the late reply, did see your comment until today. I don't think there is a way to check for anonymous IDs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.