Instantly share code, notes, and snippets.

@niraj-shah /lfd.php
Last active Nov 20, 2018

Embed
What would you like to do?
#!/usr/local/bin/php
<?php
// get command line arguments
$args = $argv;
// AbuseIPDB API Key
$api_key = 'xxx';
// your AbuseIPDB User ID
$user_id = 'yyy';
// Your Server IPs to hide
$server_ip = [ 'server_ip' ];
// categories to tag in AbuseIPDB
$categories = [
'5' => 'ftpd',
'11' => 'email',
'18' => 'brute-force',
'21' => 'cpanel',
'22' => 'ssh',
'14' => 'port scan'
];
$msg = $argv[6];
$log = $argv[7];
$ips = $argv[1];
// default categories to tag in AbuseIPDB report
$cats = [ '18' ];
// see if the message or logs include any of the keywords from categories
foreach ($categories as $id => $category) {
if (stristr($log, $category) || stristr($msg, $category)) {
// add category to array to report
$cats[] = $id;
}
}
echo 'Remote IP: ' . $ips . PHP_EOL;
echo 'Message: ' . $msg . PHP_EOL;
echo 'Categories: ' . implode(', ', $cats) . PHP_EOL;
// check AbuseIPDB reports
$check = file_get_contents('https://www.abuseipdb.com/check/'. $ips .'/json?key='. $api_key .'&days=10&verbose');
$check = json_decode($check);
// fix for converting a single report to array
if (isset($check->ip)) {
$new = [];
$new[0] = $check;
$check = $new;
}
// loop through reports to see if IP was previously reported by yourself
foreach ($check as $report) {
if ($report->userId == $user_id) {
echo 'ALREADY REPORTED' . PHP_EOL;
exit;
}
}
echo 'IP Reported: '. count($check) .' times.' . PHP_EOL;
// report new IP to AbuseIPDB
$publish = file_get_contents('https://www.abuseipdb.com/report/json?key='. $api_key .'&category='. implode(',', $cats) .'&comment='. urlencode($msg) .'&ip='. $ips);
// print response from AbuseIPDB
$publish = json_decode($publish);
echo print_r($publish, 1) . PHP_EOL;
@ohgoodiee

This comment has been minimized.

ohgoodiee commented Nov 20, 2018

Exactly what I have been looking for. Thank you.
Question: What if my ID on aipdb is set to anon? There are a lot of anon on there. Is there a way to set it to check by key?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment