Page 1 of 1

Ban IP on administrator or root login attempt

Posted: Mon Dec 25, 2023 12:25 am
by Simon6714
I had the same question as in this post and have been looking into it a bit. (11 years later :-)
Feel free to post suggestions for improvement.
My solution looks like this:

Code: Select all

-- This LUA script for WingFTP (Corporate Edition) permanently blocks IPs that log in as administrator or root.
-- The IPs are entered in the IP access list of the domain.
-- Add the LUA script under Events in "BeforeUserLoggedIn"

-- Variables
local strTO = "administrator@domain.net"
local strSubject =  "Log in as administrator or root"
local strBody = "The IP address %IP has been permanently blocked!"
local strSMTP = "my SMTP"

-- Functions
function Ban_IP_in_Domain()
  local ipmasks = c_GetIPMaskList("%Domain")
  local g_ipmasks = {}
  if type(ipmasks) == "table" then
     for _,ipmask in pairs(ipmasks) do
      local temp = {}
      table.insert(temp,ipmask.ip)
      table.insert(temp,ipmask.refuse)
      table.insert(temp,ipmask.comment)
      table.insert(g_ipmasks,temp)
     end
  end
  local myDate = "%YYYY.%MM.%DD %HH:%MM:%ss"
  local myText = "Login as admin or root user on " .. myDate
  table.insert(g_ipmasks,{"%IP",true, myText})
  c_SetIPMaskList("%Domain", g_ipmasks)
end 

function Sendmail()
  c_SendMail(strTO, strSubject, strBody, "", strSMTP)
end

function Kick_Session()
  c_KickSession("%Domain","%SessionID",0,0,0,0,0,0)
end

-- Main Script
if "%Name" == "root" or username == "administrator" then
  Ban_IP_in_Domain()
  Sendmail()
  Kick_Session()
end

Re: Ban IP on administrator or root login attempt

Posted: Mon Dec 25, 2023 12:47 am
by Simon6714
The script works for FTP and SSH events, but not for HTTP.
Are some LUA server variables not available for the HTTP protocol?

Re: Ban IP on administrator or root login attempt

Posted: Mon Dec 25, 2023 1:24 pm
by FTP
OK, it seems you have two mistakes in the above Lua script.

1. You can't use or get "%SessionID" in the event "BeforeUserLoggedIn", because web session doesn't exist at that time.
2. The local variable "username" doesn't exist, just replace the line 39 into:

Code: Select all

if "%Name" == "root" or "%Name" == "administrator" then

Re: Ban IP on administrator or root login attempt

Posted: Tue Dec 26, 2023 10:19 am
by Simon6714
Many thanks for the tip.

I would like to correct the error in the script in the first post, but unfortunately I see that it is not possible to edit the post later. If it is not possible, could you take over? This would be better for the overview, thank you.

Re: Ban IP on administrator or root login attempt

Posted: Tue Dec 26, 2023 2:48 pm
by FTP
Yes, you can't edit the previous post, but you can post another one. :)

Code: Select all

-- This LUA script for WingFTP (Corporate Edition) permanently blocks IPs that log in as administrator or root.
-- The IPs are entered in the IP access list of the domain.
-- Add the LUA script under Events in "BeforeUserLoggedIn"

-- Variables
local strTO = "administrator@domain.net"
local strSubject =  "Log in as administrator or root"
local strBody = "The IP address %IP has been permanently blocked!"
local strSMTP = "my SMTP"

-- Functions
function Ban_IP_in_Domain()
  local ipmasks = c_GetIPMaskList("%Domain")
  local g_ipmasks = {}
  if type(ipmasks) == "table" then
     for _,ipmask in pairs(ipmasks) do
      local temp = {}
      table.insert(temp,ipmask.ip)
      table.insert(temp,ipmask.refuse)
      table.insert(temp,ipmask.comment)
      table.insert(g_ipmasks,temp)
     end
  end
  local myDate = "%YYYY.%MM.%DD %HH:%MM:%ss"
  local myText = "Login as admin or root user on " .. myDate
  table.insert(g_ipmasks,{"%IP",true, myText})
  c_SetIPMaskList("%Domain", g_ipmasks)
end 

function Sendmail()
  c_SendMail(strTO, strSubject, strBody, "", strSMTP)
end

function Kick_Session()
  c_KickSession("%Domain","%SessionID",0,0,0,0,0,0)
end

-- Main Script
if "%Name" == "root" or "%Name" == "administrator" then
  Ban_IP_in_Domain()
  Sendmail()
  Kick_Session()
end