JoshS/UFW-AbuseIPDB-Reporter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes

Browse source
This commit is contained in:
Sefinek 2024-12-25 01:08:34 +01:00
parent 09d0a54db3
commit 25376cfb75
1 changed files with 28 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
default.config.js
View file

@ -12,6 +12,7 @@ exports.MAIN = {
GITHUB_REPO: 'https://github.com/sefinek/UFW-AbuseIPDB-Reporter', // If you are using a fork, provide the link to the forked repository here.
};
/**
* Generates a report submission to AbuseIPDB.
* @param {Object} logData
@ -37,8 +38,8 @@ exports.MAIN = {
* @param {string|null} serverName
* @returns {string} A formatted string report.
*/
exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) => {
return `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]
exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
`Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]
Source port: ${spt || 'N/A'}
TTL: ${ttl || 'N/A'}
Packet length: ${len || 'N/A'}
@ -46,33 +47,31 @@ TOS: ${tos || 'N/A'}
This report was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this URL; I would be very grateful! Thank you. 💙
};
// See: https://www.abuseipdb.com/categories
exports.DETERMINE_CATEGORIES = (proto, dpt) => {
const categories = {
TCP: {
22: '14,22,18', // Port Scan | SSH | Brute-Force
80: '14,21', // Port Scan | Web App Attack
443: '14,21', // Port Scan | Web App Attack
8080: '14,21', // Port Scan | Web App Attack
25: '14,11', // Port Scan | Email Spam
21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
23: '14,15,18', // Port Scan | Hacking | Brute-Force
3389: '14,15,18', // Port Scan | Hacking | Brute-Force
3306: '14,16', // Port Scan | SQL Injection
6666: '14,8', // Port Scan | Fraud VoIP
6667: '14,8', // Port Scan | Fraud VoIP
6668: '14,8', // Port Scan | Fraud VoIP
6669: '14,8', // Port Scan | Fraud VoIP
9999: '14,6', // Port Scan | Ping of Death
},
UDP: {
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
123: '14,17', // Port Scan | Spoofing
},
};
const categories = {
TCP: {
22: '14,22,18', // Port Scan | SSH | Brute-Force
80: '14,21', // Port Scan | Web App Attack
443: '14,21', // Port Scan | Web App Attack
8080: '14,21', // Port Scan | Web App Attack
25: '14,11', // Port Scan | Email Spam
21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
23: '14,15,18', // Port Scan | Hacking | Brute-Force
3389: '14,15,18', // Port Scan | Hacking | Brute-Force
3306: '14,16', // Port Scan | SQL Injection
6666: '14,8', // Port Scan | Fraud VoIP
6667: '14,8', // Port Scan | Fraud VoIP
6668: '14,8', // Port Scan | Fraud VoIP
6669: '14,8', // Port Scan | Fraud VoIP
9999: '14,6', // Port Scan | Ping of Death
},
UDP: {
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
123: '14,17', // Port Scan | Spoofing
},
};
return categories[proto]?.[dpt] || '14'; // Port Scan
};
exports.DETERMINE_CATEGORIES = (proto, dpt) => categories[proto]?.[dpt] || '14'; // Default: Port Scan