Ban IP on administrator or root login attempt

You can share your Lua Scripts with everybody here.
Post Reply
Simon6714
Posts: 3
Joined: Mon Dec 25, 2023 12:10 am

Ban IP on administrator or root login attempt

Post by Simon6714 »

I had the same question as in this post and have been looking into it a bit. (11 years later :-)
Feel free to post suggestions for improvement.
My solution looks like this:

Code: Select all

-- This LUA script for WingFTP (Corporate Edition) permanently blocks IPs that log in as administrator or root.
-- The IPs are entered in the IP access list of the domain.
-- Add the LUA script under Events in "BeforeUserLoggedIn"

-- Variables
local strTO = "administrator@domain.net"
local strSubject =  "Log in as administrator or root"
local strBody = "The IP address %IP has been permanently blocked!"
local strSMTP = "my SMTP"

-- Functions
function Ban_IP_in_Domain()
  local ipmasks = c_GetIPMaskList("%Domain")
  local g_ipmasks = {}
  if type(ipmasks) == "table" then
     for _,ipmask in pairs(ipmasks) do
      local temp = {}
      table.insert(temp,ipmask.ip)
      table.insert(temp,ipmask.refuse)
      table.insert(temp,ipmask.comment)
      table.insert(g_ipmasks,temp)
     end
  end
  local myDate = "%YYYY.%MM.%DD %HH:%MM:%ss"
  local myText = "Login as admin or root user on " .. myDate
  table.insert(g_ipmasks,{"%IP",true, myText})
  c_SetIPMaskList("%Domain", g_ipmasks)
end 

function Sendmail()
  c_SendMail(strTO, strSubject, strBody, "", strSMTP)
end

function Kick_Session()
  c_KickSession("%Domain","%SessionID",0,0,0,0,0,0)
end

-- Main Script
if "%Name" == "root" or username == "administrator" then
  Ban_IP_in_Domain()
  Sendmail()
  Kick_Session()
end
Simon6714
Posts: 3
Joined: Mon Dec 25, 2023 12:10 am

Re: Ban IP on administrator or root login attempt

Post by Simon6714 »

The script works for FTP and SSH events, but not for HTTP.
Are some LUA server variables not available for the HTTP protocol?
FTP
Site Admin
Posts: 2089
Joined: Tue Sep 29, 2009 6:09 am

Re: Ban IP on administrator or root login attempt

Post by FTP »

OK, it seems you have two mistakes in the above Lua script.

1. You can't use or get "%SessionID" in the event "BeforeUserLoggedIn", because web session doesn't exist at that time.
2. The local variable "username" doesn't exist, just replace the line 39 into:

Code: Select all

if "%Name" == "root" or "%Name" == "administrator" then
Simon6714
Posts: 3
Joined: Mon Dec 25, 2023 12:10 am

Re: Ban IP on administrator or root login attempt

Post by Simon6714 »

Many thanks for the tip.

I would like to correct the error in the script in the first post, but unfortunately I see that it is not possible to edit the post later. If it is not possible, could you take over? This would be better for the overview, thank you.
FTP
Site Admin
Posts: 2089
Joined: Tue Sep 29, 2009 6:09 am

Re: Ban IP on administrator or root login attempt

Post by FTP »

Yes, you can't edit the previous post, but you can post another one. :)

Code: Select all

-- This LUA script for WingFTP (Corporate Edition) permanently blocks IPs that log in as administrator or root.
-- The IPs are entered in the IP access list of the domain.
-- Add the LUA script under Events in "BeforeUserLoggedIn"

-- Variables
local strTO = "administrator@domain.net"
local strSubject =  "Log in as administrator or root"
local strBody = "The IP address %IP has been permanently blocked!"
local strSMTP = "my SMTP"

-- Functions
function Ban_IP_in_Domain()
  local ipmasks = c_GetIPMaskList("%Domain")
  local g_ipmasks = {}
  if type(ipmasks) == "table" then
     for _,ipmask in pairs(ipmasks) do
      local temp = {}
      table.insert(temp,ipmask.ip)
      table.insert(temp,ipmask.refuse)
      table.insert(temp,ipmask.comment)
      table.insert(g_ipmasks,temp)
     end
  end
  local myDate = "%YYYY.%MM.%DD %HH:%MM:%ss"
  local myText = "Login as admin or root user on " .. myDate
  table.insert(g_ipmasks,{"%IP",true, myText})
  c_SetIPMaskList("%Domain", g_ipmasks)
end 

function Sendmail()
  c_SendMail(strTO, strSubject, strBody, "", strSMTP)
end

function Kick_Session()
  c_KickSession("%Domain","%SessionID",0,0,0,0,0,0)
end

-- Main Script
if "%Name" == "root" or "%Name" == "administrator" then
  Ban_IP_in_Domain()
  Sendmail()
  Kick_Session()
end
Post Reply