JoshS/UFW-AbuseIPDB-Reporter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes

Browse source
This commit is contained in:
Sefinek 2024-12-25 01:08:34 +01:00
parent 09d0a54db3
commit 25376cfb75
1 changed files with 28 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
default.config.js
View file

@ -12,6 +12,7 @@ exports.MAIN = {
GITHUB_REPO: 'https://github.com/sefinek/UFW-AbuseIPDB-Reporter', // If you are using a fork, provide the link to the forked repository here. GITHUB_REPO: 'https://github.com/sefinek/UFW-AbuseIPDB-Reporter', // If you are using a fork, provide the link to the forked repository here.
}; };
/** /**
* Generates a report submission to AbuseIPDB. * Generates a report submission to AbuseIPDB.
* @param {Object} logData * @param {Object} logData
@ -37,8 +38,8 @@ exports.MAIN = {
* @param {string|null} serverName * @param {string|null} serverName
* @returns {string} A formatted string report. * @returns {string} A formatted string report.
*/ */
exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) => { exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
return `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}] `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]
Source port: ${spt || 'N/A'} Source port: ${spt || 'N/A'}
TTL: ${ttl || 'N/A'} TTL: ${ttl || 'N/A'}
Packet length: ${len || 'N/A'} Packet length: ${len || 'N/A'}
@ -46,33 +47,31 @@ TOS: ${tos || 'N/A'}
This report was generated by: This report was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this URL; I would be very grateful! Thank you. 💙 https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this URL; I would be very grateful! Thank you. 💙
};
// See: https://www.abuseipdb.com/categories // See: https://www.abuseipdb.com/categories
exports.DETERMINE_CATEGORIES = (proto, dpt) => { const categories = {
const categories = { TCP: {
TCP: { 22: '14,22,18', // Port Scan | SSH | Brute-Force
22: '14,22,18', // Port Scan | SSH | Brute-Force 80: '14,21', // Port Scan | Web App Attack
80: '14,21', // Port Scan | Web App Attack 443: '14,21', // Port Scan | Web App Attack
443: '14,21', // Port Scan | Web App Attack 8080: '14,21', // Port Scan | Web App Attack
8080: '14,21', // Port Scan | Web App Attack 25: '14,11', // Port Scan | Email Spam
25: '14,11', // Port Scan | Email Spam 21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force
21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force 53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning 23: '14,15,18', // Port Scan | Hacking | Brute-Force
23: '14,15,18', // Port Scan | Hacking | Brute-Force 3389: '14,15,18', // Port Scan | Hacking | Brute-Force
3389: '14,15,18', // Port Scan | Hacking | Brute-Force 3306: '14,16', // Port Scan | SQL Injection
3306: '14,16', // Port Scan | SQL Injection 6666: '14,8', // Port Scan | Fraud VoIP
6666: '14,8', // Port Scan | Fraud VoIP 6667: '14,8', // Port Scan | Fraud VoIP
6667: '14,8', // Port Scan | Fraud VoIP 6668: '14,8', // Port Scan | Fraud VoIP
6668: '14,8', // Port Scan | Fraud VoIP 6669: '14,8', // Port Scan | Fraud VoIP
6669: '14,8', // Port Scan | Fraud VoIP 9999: '14,6', // Port Scan | Ping of Death
9999: '14,6', // Port Scan | Ping of Death },
}, UDP: {
UDP: { 53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning 123: '14,17', // Port Scan | Spoofing
123: '14,17', // Port Scan | Spoofing },
}, };
};
return categories[proto]?.[dpt] || '14'; // Port Scan exports.DETERMINE_CATEGORIES = (proto, dpt) => categories[proto]?.[dpt] || '14'; // Default: Port Scan
};