From 0c1b6cc2808b4fd45779cce4835a6a80eae48265 Mon Sep 17 00:00:00 2001 From: Doug Freed Date: Fri, 4 Dec 2015 12:12:28 +0400 Subject: Initial commit --- cgi-bin/query.pl | 130 +++++++++++++++++++++++++++ cgi-bin/secret/.htaccess | 6 ++ cgi-bin/secret/investigate.pl | 203 ++++++++++++++++++++++++++++++++++++++++++ cgi-bin/secret/logs.pl | 34 +++++++ cgi-bin/showUsers.pl | 75 ++++++++++++++++ 5 files changed, 448 insertions(+) create mode 100755 cgi-bin/query.pl create mode 100644 cgi-bin/secret/.htaccess create mode 100755 cgi-bin/secret/investigate.pl create mode 100755 cgi-bin/secret/logs.pl create mode 100755 cgi-bin/showUsers.pl (limited to 'cgi-bin') diff --git a/cgi-bin/query.pl b/cgi-bin/query.pl new file mode 100755 index 0000000..4a9ed26 --- /dev/null +++ b/cgi-bin/query.pl @@ -0,0 +1,130 @@ +#!/usr/bin/perl + +#use warnings; +use Data::Dumper; +use strict; +use DBI; + +use CGI_Lite; + +my $dbh = DBI->connect("DBI:mysql:database=asm_main;host=localhost;port=3306", 'USER', 'PASSWORD'); + +my $debug = 0; + +sub esc +{ + my ($arg) = @_; + $arg = $dbh->quote($arg); + $arg =~ s/\*/%/g; + $arg =~ s/_/\\_/g; + $arg =~ s/\?/_/g; + return $arg; +} + +my $cgi = new CGI_Lite; +my %data = $cgi->parse_form_data; + +$debug = int($data{debug}) if (defined($data{debug})); + +if ($debug) { + print "Content-type: text/plain", "\n\n"; + print Dumper(\%data); +} else { + print "Content-type: text/html", "\n\n"; + print "Query results\n"; +} + +my ($channel, $nick, $user, $host); +my ($level, $id, $reason); + +my $qry = "SELECT time, channel, nick, user, host, gecos, level, id, reason FROM alertlog WHERE "; + +if (defined($data{channel})) { + $qry = $qry . "channel like " . esc($data{channel}); +} else { die "channel not defined!\n"; } + +if (defined($data{nick}) && ($data{nick} ne "*") && ($data{nick} ne "")) { + $qry .= " and nick like " . esc($data{nick}); +} + +if (defined($data{user}) && ($data{user} ne "*") && ($data{user} ne "")) { + $qry .= " and user like " . esc($data{user}); +} + +if (defined($data{host}) && ($data{host} ne "*") && ($data{host} ne "")) { + $qry .= " and host like " . esc($data{host}); +} + +if (defined($data{gecos}) && ($data{gecos} ne "*") && ($data{gecos} ne "")) { + $qry .= " and gecos like " . esc($data{gecos}); +} + +if (defined($data{since})) { + $qry .= sprintf("and time > '%04d-%02d-%02d %02d:%02d:%02d'", + int($data{syear}), int($data{smonth}), int($data{sday}), + int($data{shour}), int($data{smin}), int($data{ssec})); +} + +if (defined($data{before})) { + $qry .= sprintf("and time < '%04d-%02d-%02d %02d:%02d:%02d'", + int($data{byear}), int($data{bmonth}), int($data{bday}), + int($data{bhour}), int($data{bmin}), int($data{bsec})); +} + +#if (defined($data{id})) { +# $qry .= " and id = " . $dbh->quote($data{id}); +#} + +if (defined($data{level}) && ($data{level} ne "any")) { + $qry .= " and level = " . $dbh->quote($data{level}); +} + +if (defined($data{reason})) { + $qry .= " and reason like " . esc($data{reason}); +} + +if (defined($data{sort}) && defined($data{order}) && ($data{order} =~ /^[ad]$/ ) && + ( $data{sort} =~ /^(time|nick|user|host|level|id|reason)$/ ) ) { + $qry .= " order by " . $data{sort}; + $qry .= " desc" if $data{order} eq "d"; +} + +if ($debug) { + print "Querying: "; + print Dumper($qry); +} + +my $sth = $dbh->prepare($qry); +$sth->execute; +my $names = $sth->{'NAME'}; +my $numFields = $sth->{'NUM_OF_FIELDS'}; + + print "" unless $debug; + +for (my $i = 0; $i < $numFields; $i++) { + if ($debug) { + printf("%s%s", $i ? "," : "", $$names[$i]); + } else { + print ""; + } +} + +print "" unless $debug; +print "\n"; + +while (my $ref = $sth->fetchrow_arrayref) { + print "" unless $debug; + + for (my $i = 0; $i < $numFields; $i++) { + if ($debug) { + printf("%s%s", $i ? "," : "", $$ref[$i]); + } else { + print ""; + } + } + print "" unless $debug; + print "\n"; +} +unless ($debug) { + print "
" . $$names[$i] . "
" . $$ref[$i] . "
"; +} diff --git a/cgi-bin/secret/.htaccess b/cgi-bin/secret/.htaccess new file mode 100644 index 0000000..14ea91d --- /dev/null +++ b/cgi-bin/secret/.htaccess @@ -0,0 +1,6 @@ +AuthType Basic +AuthName "Restricted Files" +AuthUserFile /home/icxcnika/AntiSpamMeta/HTTP_ACCESS_USER +AuthGroupFile /home/icxcnika/AntiSpamMeta/HTTP_ACCESS_GROUP +Require group actionlogs +#Require user icxcnika diff --git a/cgi-bin/secret/investigate.pl b/cgi-bin/secret/investigate.pl new file mode 100755 index 0000000..0716480 --- /dev/null +++ b/cgi-bin/secret/investigate.pl @@ -0,0 +1,203 @@ +#!/usr/bin/perl + +#use warnings; +use Data::Dumper; +use strict; +use DBI; + +use CGI_Lite; + +my $dbh = DBI->connect("DBI:mysql:database=asm_main;host=localhost;port=3306", 'USER', 'PASSWORD'); + +my $debug = 0; + +sub esc +{ + my ($arg) = @_; + $arg = $dbh->quote($arg); + $arg =~ s/\*/%/g; + $arg =~ s/_/\\_/g; + $arg =~ s/\?/_/g; + return $arg; +} + +sub dottedQuadToInt +{ + my ($dottedquad) = @_; + my $ip_number = 0; + my @octets = split(/\./, $dottedquad); + foreach my $octet (@octets) { + $ip_number <<= 8; + $ip_number |= $octet; + } + return $ip_number; +} + +my $cgi = new CGI_Lite; +my %data = $cgi->parse_form_data; + +$debug = int($data{debug}) if (defined($data{debug})); + +if ( !defined($data{query}) ) { +print "Content-type: text/html", "\n\n"; +print < + + AntiSpamMeta database query page + + +

Maintaining AntiSpamMeta takes work! Please +
+ + + + +

+

Matching is done based on field1 OR field2 OR field3 etc. Wildcards are supported, +except for the realIP field, which must be blank or an IPv4 dotted quad.

+
+ +HTML +print ' Nickname:
\n"; +print ' User:
\n"; +print ' Hostname:
\n"; +print ' Gecos:
\n"; +print ' Account:
\n"; +print ' Real IP: \n"; +print <
+ + + +HTML +exit 0; +} + +if ($debug) { + print "Content-type: text/plain", "\n\n"; + print Dumper(\%data); +} else { + print "Content-type: text/html", "\n\n"; + print < + +Query results + + + +HTML +} + + +##Queryable items: +## nick, user, host, realip, gecos, account +my $qry = 'SELECT * FROM actionlog WHERE '; + +if (defined($data{nick}) && ($data{nick} ne "*") && ($data{nick} ne "")) { + $qry .= " nick like " . esc($data{nick}) . ' or '; +} + +if (defined($data{user}) && ($data{user} ne "*") && ($data{user} ne "")) { + $qry .= ' user like ' . esc($data{user}) . ' or '; +} + +if (defined($data{host}) && ($data{host} ne "*") && ($data{host} ne "")) { + $qry .= ' host like ' . esc($data{host}) . ' or '; +} + +if (defined($data{gecos}) && ($data{gecos} ne "*") && ($data{gecos} ne "")) { + $qry .= ' gecos like ' . esc($data{gecos}) . ' or '; +} + +if (defined($data{account}) && ($data{account} ne "*") && ($data{account} ne "")) { + $qry .= ' account like ' . esc($data{account}) . ' or '; +} + +if (defined($data{realip}) && ($data{realip} =~ /^\d+\.\d+\.\d+\.\d+$/)) { + $qry .= ' ip = ' . dottedQuadToInt($data{realip}) . ' or '; +} + +$qry .= '(1 = 0)'; # rather than trying to get rid of a trailing 'or ' + +if ($debug) { + print "Querying: "; + print Dumper($qry); +} + +my $sth = $dbh->prepare($qry); +$sth->execute; +my $names = $sth->{'NAME'}; +my $numFields = $sth->{'NUM_OF_FIELDS'}; + +#fields are index,time,action,reason,channel,nick,user,host,ip,gecos,account,bynick,byuser,byhost,bygecos,byaccount +my %f = ( + "index" => 0, + "time" => 1, + "action" => 2, + "reason" => 3, + "channel" => 4, + "nick" => 5, + "user" => 6, + "host" => 7, + "ip" => 8, + "gecos" => 9, + "account" => 10, + "bynick" => 11, + "byuser" => 12, + "byhost" => 13, + "bygecos" => 14, + "byaccount" => 15 +); + +print "" unless $debug; +if ($debug) { + for (my $i = 0; $i < $numFields; $i++) { + printf("%s%s", $i ? "," : "", $$names[$i]); + } +} +#print "" unless $debug; +print "\n"; + +while (my $ref = $sth->fetchrow_arrayref) { +#fields are index,time,action,reason,channel,nick,user,host,ip,gecos,account,bynick,byuser,byhost,bygecos,byaccount + unless ($debug) { + print ''; + print ''; + print ''; + + print ''; +# print ''; + print ''; + } else { + for (my $i = 0; $i < $numFields; $i++) { + printf("%s%s", $i ? "," : "", $$ref[$i]); + } + } + print "\n"; +} +unless ($debug) { + print "
#' . $$ref[$f{'index'}] . ':' . $$ref[$f{'time'}] . '' . $$ref[$f{'nick'}] . ''; + print '!' . $$ref[$f{'user'}] . '@' . $$ref[$f{'host'}] . ' (' . $$ref[$f{'gecos'}] . ')'; + print ' [' . $$ref[$f{'account'}] . ']' if ($$ref[$f{'account'}] ne ''); + print ''; + print ' received ' . $$ref[$f{'action'}] . ''; + print ' (' . $$ref[$f{'reason'}] . ')' if ($$ref[$f{'reason'}] ne ''); + print ' on ' . $$ref[$f{'channel'}] if ($$ref[$f{'channel'}] ne ''); + print ' '; +# print ''; + if ($$ref[$f{'bynick'}] ne '') { + print 'by ' . $$ref[$f{'bynick'}]; + print '!' . $$ref[$f{'byuser'}] . '@' . $$ref[$f{'byhost'}] . ' (' . $$ref[$f{'bygecos'}] . ')'; + print ' [' . $$ref[$f{'byaccount'}] . ']' if ($$ref[$f{'byaccount'}] ne ''); + print ''; + } + print '
"; +} diff --git a/cgi-bin/secret/logs.pl b/cgi-bin/secret/logs.pl new file mode 100755 index 0000000..419f450 --- /dev/null +++ b/cgi-bin/secret/logs.pl @@ -0,0 +1,34 @@ +#!/usr/bin/perl + +#use warnings; +use Data::Dumper; +use strict; +use DBI; + +use CGI_Lite; +my $cgi = new CGI_Lite; +my %data = $cgi->parse_form_data; +my $index = $data{index}; +print "Content-type: text/plain", "\n\n"; +if ( !defined($index) ) { + print "Nice hax!\n"; + exit 0; +} +$index = int $index; + +if ( $index < 50000) { + my $block; + $block = "50K" if $index < 50000; + $block = "40K" if $index < 40000; + $block = "30K" if $index < 30000; + $block = "20K" if $index < 20000; + $block = "10K" if $index < 10000; + print "tar -Oxf /var/www/actionlogs/$block.tar.gz $index.txt\n\n"; + print `tar -Oxf /var/www/actionlogs/$block.tar.gz $index.txt`; +} elsif ( -e "/var/www/actionlogs/$index.txt.lzma" ) { + print `lzcat /var/www/actionlogs/$index.txt.lzma`; +} elsif ( -e "/var/www/actionlogs/$index.txt" ) { + print `cat /var/www/actionlogs/$index.txt`; +} else { + print "u wot m8?\n"; +} diff --git a/cgi-bin/showUsers.pl b/cgi-bin/showUsers.pl new file mode 100755 index 0000000..913ee22 --- /dev/null +++ b/cgi-bin/showUsers.pl @@ -0,0 +1,75 @@ +#!/usr/bin/perl + +#use warnings; +use Data::Dumper; +use strict; +use DBI; +use XML::Simple qw(:strict); + + +print "Content-type: text/html", "\n\n"; +print < + + AntiSpamMeta User List + + +

Maintaining AntiSpamMeta takes work! Please +
+ + + + +

+ + +HTML + +my $xs1 = XML::Simple->new( KeyAttr => ['id'], Cache => [ qw/memcopy/ ]); +my $users = $xs1->XMLin( "/home/icxcnika/AntiSpamMeta/config-main/users.xml", ForceArray => 'person'); + +sub printout +{ + my ($user) = @_; + print ""; + print ""; + print ""; + print ""; + print ""; + print "\n"; +} + +foreach my $user (keys %{$users->{person}}) { + if (index($users->{person}->{$user}->{flags}, 'd') != -1) { + printout($user); + delete $users->{person}->{$user}; + } +} +foreach my $user (keys %{$users->{person}}) { + if (index($users->{person}->{$user}->{flags}, 'a') != -1) { + printout($user); + delete $users->{person}->{$user}; + } +} +foreach my $user (keys %{$users->{person}}) { + if (index($users->{person}->{$user}->{flags}, 's') != -1) { + printout($user); + delete $users->{person}->{$user} + } +} + +foreach my $user (keys %{$users->{person}}) { + printout($user); +} +print "
NickServ accounthsad
$user"; + print "x" if (index($users->{person}->{$user}->{flags}, 'h') != -1); + print ""; + print "x" if (index($users->{person}->{$user}->{flags}, 's') != -1); + print ""; + print "x" if (index($users->{person}->{$user}->{flags}, 'a') != -1); + print ""; + print "x" if (index($users->{person}->{$user}->{flags}, 'd') != -1); + print "
"; + +exit 0; -- cgit v1.2.3