We Need Some php + SQL Code Written

[Chip (OP)]

any competent software developers out there in junkie-land ?

[Chip (OP)]

from most recent to oldest

Chipper: ... with the members names too, of course
40mgtofreedom: im good at modifying code, piping things, using the tools
Chipper: 40, i need to list and out sort all IP's first, that should be heaps of help, right ?
40mgtofreedom: you're a better programmer than i
40mgtofreedom: dude i just copped 20 1mg Klonopins and 840mg of methadone
40mgtofreedom: its weird this scrolls upwards lol
40mgtofreedom: of course i would never damage or change a thing
40mgtofreedom: btw would you like me to keep looking for security holes?
Chipper: 40, i wrote a PM and VM dumper in php and that's my anti-solicitation weapon (not to mention the same DB on MY intranet's unsecured TEST system)
40mgtofreedom: or get the ip address and get the first 11 chars (9 numbers and 2 periods i.e. 100.100.100) and see if thats equal to the other class C subnet then tell if the last octets are changing, but really ppl have static ips or semi static these days
Chipper: 40, it's going to be a combination of php and scripting, i reckon - i just have to pipe the output of my php sql query into "sed" or something
40mgtofreedom: but theres tor exit nodes, a million vpns, proxies which are pretty much worthless (proxies these days)
40mgtofreedom: im sure theres a blacklist back there somewhere right? first of all get a copy of like kasperspys bad ip/spam ranges, maybe one from malware bytes and just ban the fuck out of those ranges, if someone is banned give them a gateway to email a mod to analyze them on case by case basis
40mgtofreedom: but bash to php? lol not so good
40mgtofreedom: i can do i in bash
40mgtofreedom: but writing it from scratch....
40mgtofreedom: as far as php, find a script that does it and i can tell you whether or not its secure code and modify it

[40mgtofreedom]

ok so the ip in question is assigned a variable and then compared against a sorted blacklist.... if it falls in the end or beginning you can even run the sort backwards or forwards

dude what kind of firewall are you running, are all these things running on one box>?? i really need more info like setup, whats running what, how you get ips, etc..

[40mgtofreedom]

you could put pfsense on literally any computer 486 and up and let it be the firewall in front of the webserver, are you running apache???

pfsense has amazing rules, and its intelligent, like what you're talking about writing is pretty much written in there, you just gotta guide and tweak what youre looking for

[40mgtofreedom]

can you draw me a diagram like in mspaint or gimp or something that just shows basic layout of machines and whats running on them, wiring diagram so i can get a picture of how the traffic is flowing

[40mgtofreedom]

also on the list sorting with php you can always use the endswith() and startswith() especially for the ends with

[Chip (OP)]

it's packed with utilities, lots of scripts i wrote to help me, monitoring tools and performance monitors, network monitors etc.. it's got everything almost i could throw at it - do you want ?:

[root@forum SQL]# chkconfig --list
amavisd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
blk-availability        0:off   1:on    2:on    3:on    4:on    5:on    6:off
cgconfig        0:off   1:off   2:off   3:off   4:off   5:off   6:off
cgred           0:off   1:off   2:off   3:off   4:off   5:off   6:off
clamd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
clamd.amavisd   0:off   1:off   2:off   3:off   4:off   5:off   6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
dovecot         0:off   1:off   2:on    3:on    4:off   5:on    6:off
fail2ban        0:off   1:off   2:off   3:on    4:on    5:on    6:off
htcacheclean    0:off   1:off   2:off   3:off   4:off   5:off   6:off
httpd           0:off   1:off   2:on    3:on    4:off   5:on    6:off
icinga          0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
ipset           0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
iscsi           0:off   1:off   2:off   3:on    4:on    5:on    6:off
iscsid          0:off   1:off   2:off   3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mailman         0:off   1:off   2:on    3:on    4:off   5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
multipathd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
mysqld          0:off   1:off   2:on    3:on    4:off   5:on    6:off
named           0:off   1:off   2:off   3:off   4:off   5:off   6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nmb             0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntop            0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntpdate         0:off   1:off   2:off   3:off   4:off   5:off   6:off
portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
postgresql-9.2  0:off   1:off   2:off   3:off   4:off   5:off   6:off
postgresql-9.3  0:off   1:off   2:on    3:on    4:on    5:on    6:off
pure-ftpd       0:off   1:off   2:on    3:on    4:off   5:on    6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
saslauthd       0:off   1:off   2:on    3:on    4:on    5:on    6:off
smb             0:off   1:off   2:on    3:on    4:on    5:on    6:off
snmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
snmptrapd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
spamassassin    0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
svnserve        0:off   1:off   2:off   3:off   4:off   5:off   6:off
udev-post       0:off   1:on    2:on    3:on    4:on    5:on    6:off
webmin          0:off   1:off   2:on    3:on    4:on    5:on    6:off
winbind         0:off   1:off   2:off   3:off   4:off   5:off   6:off
xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off
zabbix-agent    0:off   1:off   2:off   3:off   4:off   5:off   6:off
zabbix-java-gateway     0:off   1:off   2:off   3:off   4:off   5:off   6:off
zabbix-server   0:off   1:off   2:off   3:off   4:off   5:off   6:off

i have some manual starts too.

the classic LAMP base.

... later, i config'ed and autostart service spamassassin start

[Chip (OP)]

also on the list sorting with php you can always use the endswith() and startswith() especially for the ends with

i was thinking the SQL sort ...

[Chip (OP)]

let me have a poke around. i'm an IBM guy so all this is still quite new to me.

[shirobug]

It's not entirely clear to me what you're looking for, but I know PHP and SQL so could probably lend a hand.

I saw some mention of trying to match a single IP address with a CIDR block.  That's pretty easy to do, see StackOverflow here:

http://stackoverflow.com/questions/594112/matching-an-ip-to-a-cidr-mask-in-php5

Also, if you are talking about blocking bad IP's, you could do all that the operating system level with iptables:

iptables -I INPUT -i eth0 -s 1.2.3.4 -j DROP

[Opus]

webmin??

wow..

Chipper, brother, you gotta be careful about what you post openly, that's just simply too much information.. Plz be careful, not everyone has as big of a heart as you..

added: why run postgres when already running mysql?

[Chip (OP)]

it was part of the audit tool you mentioned to me.

i forget it's name now.

i am aware of it but decided to keep it.

i like webmin - it's handy for mail but i do understand the dangers.

yeah, i'm a trusting guy, too much so.

[Opus]

Server auditing should be done from a separate box.

What if the server had already been rooted? You likely wouldn't be able to trust *anything* the kernel told you in the first place, an audit might be completely worthless.

There are tools out there for finding rootkits on a local machine, but really it's best to run a minimum of software & services (especially stuff like databases) on any production server, for both security and performance reasons. I'd recommend finding a cheap used laptop to dedicate for admin/auditing purposes..

[Chip (OP)]

now you tell me ! (Doh!).

i have installed RKHunter and so far, so good.

i got carried away and installed all sorts of crap. too late now, i guess.

[Opus]

Nah, not too late at all. Just shutdown/remove the shit you don't need and find a cheap box to dedicate for admin tasks..

You're doing fine buddy.