Intrusion attempts

☆ A M B ☆
24,524 Posts

sottwell Reply #1, 10 years, 10 months ago

Thursday morning for over 10 minutes a dev site I'm working with on a dedicated server was hammered by somebody using a Chrome browser from what was reported as the IP address 27.255.77.10, which apparently is part of a block of IP addresses assigned to the Korean hosting company http://www.ehostidc.co.kr/

It was attempting quite a number of directories and files, many of them .asa files. It also tried things like menu.htm, log.htm, and a lot of files within different editors, like FCKeditor/editor/fckeditor.html

Anybody else notice anything like this lately?

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

24,544 Posts

BobRay Reply #2, 10 years, 10 months ago

BotBlockX will (in theory) reject anyone hammering the site. I haven't noticed those guys in the log, but the log is limited and it tends to discourage people like that from coming back. I'd be curious to know if it blocks them.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

☆ A M B ☆
24,524 Posts

sottwell Reply #3, 10 years, 10 months ago

Hm. I will give it a try.

I have the LogPageNotFound installed and embedded in a Dashboard widget, so I get a quick look at all the 404 errors as soon as I log in.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

☆ A M B ☆
24,524 Posts

sottwell Reply #4, 10 years, 10 months ago

Heh. Made it into a dashboard widget; just embedded the clear-log form into the PHP code, and changed its name from clearlog to clearbbxlog so that it wouldn't get mixed up with the LogPageNotFound widget. Also changed form attributes to work with the Manager's styling.

/**
 * BlockLogReport
 * Copyright 2011-2013 Bob Ray
 *
 * BlockLogReport is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option) any
 * later version.
 *
 * BlockLogReport is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * BlockLogReport; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
 * Suite 330, Boston, MA 02111-1307 USA
 *
 * @package botblockx
 * @author Bob Ray <http://bobsguides.com>
 
 *
 * Description: The BlockLogReport snippet presents the contents of the block log as a table.
 *
 * /

/* Modified: November 1, 2011 */
/* Modified: June 30, 2013 by sottwell to make it suitable as a Dashboard widget */


$file = MODX_CORE_PATH . '/logs/ipblock.log';
$cellWidth = empty($scriptProperties['cell_width'])? 30 : $scriptProperties['cell_width'];
$tableWidth = empty($scriptProperties['table_width'])? '80%' : $scriptProperties['table_width'];
if (isset($_POST['clearbbxlog'])) {
    file_put_contents($file, "");
}
$fp = fopen ($file, 'r');
$output = '';
if ($fp) {
    $output = '<table class="classy" style="width:100%;">';
    $output .= '<thead><tr><th>IP</th><th>Host</th><th>Time</th><th>User Agent</th><th>Type</th></tr></thead><tbody>';
    while (($line = fgets($fp)) !== false) {
        $line = trim($line);
        if (strpos($line,'#' == 0) || empty($line)) continue;
        $lineArray = explode('`',$line);
        $output .= '<tr>';
        foreach($lineArray as $item) {
            $output .= '<td style="word-break:break-all;" width = "' . $cellWidth . '">' . $item . '</td>';
        }
        $output .= '</tr>';
    }
    $output .= '</tbody></table>';
    $output .= '<hr>
     <form action="" method="post">
    <input type="submit" name="clearbbxlog" value="Clear Log">
    </form>';
    fclose($fp);
} else {
    $output = 'Could not open: ' . $file;
}

return $output;

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

24,544 Posts

BobRay Reply #5, 10 years, 10 months ago

Brilliant. It never occurred to me to make them widgets.

I should do a separate release of them as widgets. It's a good excuse to bring MyComponent up to speed on widgets. wink

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

☆ A M B ☆
24,524 Posts

sottwell Reply #6, 10 years, 10 months ago

If you can help me figure out how to get the table rows to have the alternate colors I would be most appreciative. This appears to be a function of the extjs setting alternating rows to have different classnames, and I haven't been able to figure out how to do that with these snippets.

As far as making them into widgets, I'm working on a site that will have tens of thousands of resources and every resource I can eliminate is for the good. So I'm always on the lookout for ways to get things into TVs, MIGXdb TVs, widgets or whatever it takes to avoid using resources.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

24,544 Posts

BobRay Reply #7, 10 years, 10 months ago

Alternate colors would mean hacking the snippet code. There's no JS involved.

Maybe something like this in the report snippet:

    $i = 0;
    while (($line = fgets($fp)) !== false) {
        $class = $i%2? 'bbx-odd' : 'bbx-even';
        $line = trim($line);
        if (strpos($line,'#' === 0) || empty($line)) continue;
        $lineArray = explode('`',$line);
        $output .= '<tr class="' . $class . '">';
        foreach($lineArray as $item) {
            $output .= '<td style="word-break:break-all;" width = "' . $cellWidth . '">' . $item . '</td>';
        }
        $output .= '</tr>';
        $i++;
    }

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

☆ A M B ☆
24,524 Posts

sottwell Reply #8, 10 years, 10 months ago

Ah, of course. Thank you!

If you use x-grid3-row and x-grid-3-row-alt as the classnames, they'll get styled by the default Manager stylesheet.

Hm. Apparently not. ExtJS makes its grids with an appalling nest of divs, and apparently the styling is based on those div layers. I don't know it it's worth trying to emulate that structure; while I don't like inline styling that might be the way to handle this, instead of using classnames.

/**
 * BlockLogReport
 * Copyright 2011-2013 Bob Ray
 *
 * BlockLogReport is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option) any
 * later version.
 *
 * BlockLogReport is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * BlockLogReport; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
 * Suite 330, Boston, MA 02111-1307 USA
 *
 * @package botblockx
 * @author Bob Ray <http://bobsguides.com>
 
 *
 * Description: The BlockLogReport snippet presents the contents of the block log as a table.
 *
 * /

/* Modified: November 1, 2011 */
/* Modified: June 30, 2013 by sottwell to make it a Dashboard widget */
/* embedded clear-log form, changing the name to clearbbxlog */


$file = MODX_CORE_PATH . '/logs/ipblock.log';
$cellWidth = empty($scriptProperties['cell_width'])? 30 : $scriptProperties['cell_width'];
$tableWidth = empty($scriptProperties['table_width'])? '80%' : $scriptProperties['table_width'];
if (isset($_POST['clearbbxlog'])) {
    file_put_contents($file, "");
}
$fp = fopen ($file, 'r');
$output = '';
if ($fp) {
    $output = '<table class="classy" style="width:100%;">';
    $output .= '<thead><tr><th>IP</th><th>Host</th><th>Time</th><th>User Agent</th><th>Type</th></tr></thead><tbody>';
    $i = 0;
    while (($line = fgets($fp)) !== false) {
        $style = $i%2? 'style="background:#F9F9F9"' : 'style="background:#fff;"';
        $line = trim($line);
        if (strpos($line,'#' == 0) || empty($line)) continue;
        $lineArray = explode('`',$line);
        $output .= '<tr $style>';
        foreach($lineArray as $item) {
            $output .= '<td style="word-break:break-all;border-bottom:1px solid #E5E5E5" width = "' . $cellWidth . '">' . $item . '</td>';
        }
        $output .= '</tr>';
        $i++;
    }
    $output .= '</tbody></table>';
    $output .= '<hr>
     <form action="" method="post">
    <input type="submit" name="clearbbxlog" value="Clear Log">
    </form>';
    fclose($fp);
} else {
    $output = 'Could not open: ' . $file;
}

return $output;

[ed. note: sottwell last edited this post 10 years, 10 months ago.]

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org