FTP wrote: ↑Fri Jun 23, 2023 1:42 pm
Yes, your above script is correct. And if you want to handle the domain level rules, just replace the following APIs:
c_GetGlobalIPMaskList() ===> c_GetIPMaskList("DomainName")
c_SetGlobalIPMaskList(ipmasks) ===> c_SetIPMaskList("DomainName", ipmasks)
Yeah I tried that and I don't think It worked. all I ever see in the logs is that the IP is Temporarily banned. It never get permanently Band.
Code: Select all
[02] Fri, 23 Jun 2023 20:29:32 (0000006) Failed to exchange the keys.
[02] Fri, 23 Jun 2023 20:29:33 (0000006) Closed session, disconnected from 180.101.88.235
[02] Fri, 23 Jun 2023 20:29:48 (0000010) Connected from 180.101.88.235 (local address 172.16.107.47, port 22)
[02] Fri, 23 Jun 2023 20:29:48 (0000011) Connected from 180.101.88.235 (local address 172.16.107.47, port 22)
[02] Fri, 23 Jun 2023 20:30:10 (0000012) Connected from 180.101.88.235 (local address 172.16.107.47, port 22)
[02] Fri, 23 Jun 2023 20:30:10 (0000013) Connected from 180.101.88.235 (local address 172.16.107.47, port 22)
[01] Fri, 23 Jun 2023 20:30:12 (0000013) The user root started SSH authentication.
[01] Fri, 23 Jun 2023 20:30:12 (0000012) The user root started SSH authentication.
[01] Fri, 23 Jun 2023 20:30:12 (0000013) Failed in user/password authentication.
[01] Fri, 23 Jun 2023 20:30:12 (0000012) Failed in user/password authentication.
[02] Fri, 23 Jun 2023 20:30:12 IP address:180.101.88.235 is blocked for 10800 seconds.
[02] Fri, 23 Jun 2023 20:30:12 (0000012) Closed session, disconnected from 180.101.88.235
[01] Fri, 23 Jun 2023 20:30:13 (0000013) Failed in user/password authentication.
[01] Fri, 23 Jun 2023 20:30:13 (0000013) Failed in user/password authentication.
[01] Fri, 23 Jun 2023 20:30:13 The lua script of event OnExceedUSERPASS executed successfully.
[02] Fri, 23 Jun 2023 20:30:13 (0000013) Closed session, disconnected from 180.101.88.235
[02] Fri, 23 Jun 2023 20:30:18 (0000010) Failed to exchange the keys.
[02] Fri, 23 Jun 2023 20:30:18 (0000011) Failed to exchange the keys.
[02] Fri, 23 Jun 2023 20:30:18 (0000010) Closed session, disconnected from 180.101.88.235
[02] Fri, 23 Jun 2023 20:30:18 (0000011) Closed session, disconnected from 180.101.88.235
[02] Fri, 23 Jun 2023 20:30:32 (0000000) Closed session, disconnected from 180.101.88.235. The reason is: The IP 180.101.88.235 is banned temporarily.
[02] Fri, 23 Jun 2023 20:30:32 (0000000) Closed session, disconnected from 180.101.88.235. The reason is: The IP 180.101.88.235 is banned temporarily.
[02] Fri, 23 Jun 2023 20:30:56 (0000000) Closed session, disconnected from 180.101.88.235. The reason is: The IP 180.101.88.235 is banned temporarily.
[02] Fri, 23 Jun 2023 20:30:57 (0000000) Closed session, disconnected from 180.101.88.235. The reason is: The IP 180.101.88.235 is banned temporarily.
[02] Fri, 23 Jun 2023 20:31:18 (0000000) Closed session, disconnected from 180.101.88.235. The reason is: The IP 180.101.88.235 is banned temporarily.
[02] Fri, 23 Jun 2023 20:31:18 (0000000) Closed session, disconnected from 180.101.88.235. The reason is: Th
I receive an email from the script;
Code: Select all
GDCFTP (180.101.88.235) SSH Security WARNING Event: root has performed a OnExceedUSERPASS event
NO
NoReply <NoReply@GDCFTP.GDC.COM>
6/23/2023 8:30 PM
To: Domenic.disorbo@gdc.com <Domenic.disorbo@gdc.com>
Dear Domenic.disorbo@gdc.com
The FTP user > root < from the following IP 180.101.88.235 has just produced an SSH Security WARNING Event: OnExceedUSERPASS (Fri, Jun 23, 2023 08:30 PM). Banning access for this IP
and here is the SSH event code OnExceedUSERPASSWORD
Code: Select all
-- [1] [2] [3] [4] [5] [6]
-- c_SendMail(string strTo,string strSubject,string strPlainText,string strAttach,string strSmtpName,bool bHTML)
-- Parameters
-- [1]string the receiver's email addresses, multiple email addresses can be separated by a comma
-- [2]string mail subject
-- [3]string mail content
-- [4]string attach file path
-- [5]string the smtp configuration name
-- [6]bool mail content is HTML?, true=yes, false=no.
-- Return Values
-- [1]bool return true if email is sent successfully, otherwise return false
--
-- To Write to the Admin Log
-- c_AddAdminLog("Starting " .. event_type .. " " .. event_action .. " OnFileDownLoad",1)
local user = c_GetUser("%Domain","%Name")
-- Original but I want to notify emails addrs in the user.note_memo - local user_email = user.note_email
-- Variable not available if user does authenticate -- local user_memo = user.note_memo
local event_type = "SSH Security WARNING Event:"
local event_action = "OnExceedUSERPASS"
--if user_memo == nil or user_memo == "" then
local user_memo = "Domenic.disorbo@gdc.com"
--end
-- No send this to the FTP administrator
-- local mSendTo = user_memo
local mSendTo = "Domenic.disorbo@gdc.com"
local mSalutation = user_memo.gsub(user_memo,",", ", ")
local mDate = os.date("%a, %b %d, %Y %I:%M %p")
local mSubject = "GDCFTP (%IP) ".. event_type .. " %Name has performed a " .. event_action .. " event"
local mBody ="Dear " .. mSalutation .. "\n\n The FTP user > %Name < from the following IP %IP has just produced an " .. event_type .. " " .. event_action.. " (" .. mDate .. "). Banning access for this IP"
local mSMTP = "Big Mountain Mail"
if mSendTo ~= nil and MSendTo ~= "" then
c_SendMail(mSendTo, mSubject, mBody, "", mSMTP)
-- To Write to the Admin Log
-- c_AddAdminLog(" Notifying " .. mSendTo .. " of " .. event_type .. " " .. event_action, 1)
end
--Ban the IP
--local ipmasks = c_GetGlobalIPMaskList()
-- handle the domain level rules
local ipmasks = c_GetIPMaskList("DomainName")
local g_ipmasks = {}
if type(ipmasks) == "table" then
for _,ipmask in pairs(ipmasks) do
local temp = {}
table.insert(temp,ipmask.ip)
table.insert(temp,ipmask.refuse)
table.insert(temp,ipmask.comment)
table.insert(g_ipmasks,temp)
end
end
table.insert(g_ipmasks,{"%IP",true})
--c_SetGlobalIPMaskList(g_ipmasks)
--handle the domain level rules
c_SetIPMaskList("DomainName", ipmasks)
AlsoI think you missed answering a couple of my question.
Will this script add the IP to Administrator, Settings, IP Access and or will it add to Domain, Settings, IP access If the answer is NO then How can I do make do that? Being able to visually look on the admin client to un-ban an IP is so much easier than running a script (you never answer one of my previous question How do I run a script on the server )
Sure I found this in the forum but where the heck or how the heck do you run it
Code: Select all
And how can I reverse a ban if I have used the script?
For example, if you want to remove the banned IP "180.101.88.235", you can try the following script:
local ipmasks = c_GetGlobalIPMaskList()
if type(ipmasks) == "table" then
for i,ipmask in pairs(ipmasks) do
if ipmask.ip == "180.101.88.235" then
table.remove(ipmasks, i)
end
end
end
local global_ipmasks = {}
if type(ipmasks) == "table" then
for _,ipmask in pairs(ipmasks) do
local temp = {}
table.insert(temp,ipmask.ip)
table.insert(temp,ipmask.refuse)
table.insert(temp,ipmask.comment)
table.insert(global_ipmasks,temp)
end
end
c_SetGlobalIPMaskList(global_ipmasks)
So this post has 3 question
1. Will this script add the IP to Administrator, Settings, IP Access
2. will it add to Domain, Settings, IP access
3. If the answer is NO to 1 or 2 or both then; can the script add entries to those tables ?
Oh nuts I just found Administrator, General Settings and an IP access tab - Whats that and should I be populating that instead or in addition to the above?
OK now we are up to 4 Questions
1. Will this script add the IP to Administrator, Settings, IP Access
2. will it add to Domain, Settings, IP access
3. If the answer is NO to 1 or 2 or both then; can the script add entries to those tables ?
4. Should I be adding to Administrator, General Settings and an IP access tab instead or in addition to the above?