506 lines
23 KiB
PHP
506 lines
23 KiB
PHP
<?php
|
||
|
||
class class_SECUR
|
||
{
|
||
private $RE = '';
|
||
private $IP = '';
|
||
|
||
/**
|
||
* Класс для анализа ссылок которые нам поступают
|
||
*/
|
||
function __construct()
|
||
{
|
||
#$out['query'] = $_SERVER['QUERY_STRING'];
|
||
$this->RE = $out['reque'] = $_SERVER['REQUEST_URI'];
|
||
#$out['redir'] = $_SERVER['REDIRECT_URL'];
|
||
#$out['ip1'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||
$this->IP = $out['ip2'] = $_SERVER['REMOTE_ADDR'];
|
||
$out['ua'] = $_SERVER['HTTP_USER_AGENT'];
|
||
|
||
if($this->IP!='37.29.121.162') {
|
||
$this->check_ban($this->IP);
|
||
$this->check_ua($out['ua']);
|
||
$this->check_url($out['reque']);
|
||
}
|
||
}
|
||
|
||
|
||
|
||
/**
|
||
* Проверям есть ли ИП в бане уже, более 3 банов сразу баним!
|
||
* если меньше то делаем задержку 1 секунда
|
||
* @param $ip
|
||
* @return void
|
||
*/
|
||
function check_ban($ip){
|
||
$file = 'tmp/ban/'.$ip.'.json';
|
||
if (file_exists($file)){
|
||
$json = json_decode(file_get_contents($file),1);
|
||
if($json['kol']>3) die('ошибка сервера 2');
|
||
else sleep(1);
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Записываем подозрительные ИП и баним
|
||
* @return void
|
||
*/
|
||
function ban(){
|
||
$file = 'tmp/ban/'.$this->IP.'.json';
|
||
if (file_exists($file)){
|
||
$json = json_decode(file_get_contents($file),1);
|
||
$json['time'] = time();
|
||
$json['kol']++;
|
||
$json['url'][]=$this->RE;
|
||
file_put_contents($file,json_encode($json));
|
||
}else{
|
||
$json = array();
|
||
$json['time'] = time();
|
||
$json['kol'] = 1;
|
||
$json['url'][]=$this->RE;
|
||
file_put_contents($file,json_encode($json));
|
||
}
|
||
|
||
die('ошибка сервера 1');
|
||
}
|
||
|
||
/**
|
||
* Проверяем по словарю адресную строку и баним при совпадении
|
||
* @param $url
|
||
* @return void
|
||
*/
|
||
function check_url($url){
|
||
$slovar = $this->slovar();
|
||
foreach ($slovar as $key => $val){
|
||
if(strpos($url, $val)!==False){
|
||
$this->ban();
|
||
}
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Проверяем ЮзерАгента и баним если это подозрительный
|
||
* @param $ua
|
||
* @return void
|
||
*/
|
||
function check_ua($ua){
|
||
$ban = false;
|
||
if(strpos($ua, 'Kali')!==False){
|
||
$ban = true;
|
||
}
|
||
if($ban){
|
||
$this->ban();
|
||
}
|
||
}
|
||
|
||
/**
|
||
* Словарь не наших слов в адресной строке
|
||
* @return array
|
||
*/
|
||
function slovar(){
|
||
$out = array();
|
||
$out[] = '../';
|
||
$out[] = '..%2F';
|
||
$out[] = '/etc';
|
||
$out[] = '/passwd';
|
||
//$out[] = '/admin';
|
||
$out[] = 'option=com';
|
||
$out[] = 'wp-config';
|
||
$out[] = 'wp-content';
|
||
$out[] = 'localPath';
|
||
$out[] = '.jsp';
|
||
$out[] = '/pwn';
|
||
$out[] = 'functionRouter';
|
||
$out[] = '/cgi-bin';
|
||
$out[] = 'instancemanager';
|
||
$out[] = '+CSCOU+';
|
||
$out[] = '/scripts/setup';
|
||
$out[] = '/ecp';
|
||
$out[] = 'adminer';
|
||
return $out;
|
||
}
|
||
|
||
function syssys_html_head(){
|
||
$out = '<!DOCTYPE html>
|
||
<!--[if IE 8]> <html lang="ru" class="ie8"> <![endif]-->
|
||
<!--[if IE 9]> <html lang="ru" class="ie9"> <![endif]-->
|
||
<!--[if !IE]><!--> <html lang="ru"> <!--<![endif]-->
|
||
<head>
|
||
<meta charset="utf-8" />
|
||
<title>Логи</title>
|
||
<meta content="width=device-width, initial-scale=1.0" name="viewport" />
|
||
<meta content="" name="description" />
|
||
<meta content="" name="author" />
|
||
<link href="/tpl/assets/bootstrap/css/bootstrap.min.css" rel="stylesheet" />
|
||
<link href="/tpl/assets/bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" />
|
||
<link href="/tpl/assets/font-awesome/css/font-awesome.css" rel="stylesheet" />
|
||
<link href="/tpl/css/style-responsive.css" rel="stylesheet" />
|
||
<link href="/tpl/css/style-default.css" rel="stylesheet" id="style_color" />
|
||
<script src="/tpl/js/jquery-1.8.3.min.js"></script>
|
||
</head>';
|
||
$out .= '<style>
|
||
.collapse, .collapse_trmain{cursor:pointer;}
|
||
.collapse_table, .collapse_tr{display: none;}
|
||
.show_log_html{
|
||
overflow: auto;
|
||
width: 100%;
|
||
height:380px;
|
||
background-color: #fff;
|
||
}
|
||
.show_log{
|
||
position: fixed;
|
||
top: 0px;
|
||
left:0px;
|
||
right:0px;
|
||
height:400px;
|
||
display:none;
|
||
background-color: #fff;
|
||
z-index: 100;
|
||
}
|
||
.table{
|
||
border: 1px solid #eee;
|
||
table-layout: fixed;
|
||
width: 100%;
|
||
margin-bottom: 20px;
|
||
}
|
||
.table th {
|
||
font-weight: bold;
|
||
padding: 5px;
|
||
background: #efefef;
|
||
border: 1px solid #dddddd;
|
||
}
|
||
.table td{
|
||
padding: 5px 10px;
|
||
border: 1px solid #eee;
|
||
text-align: left;
|
||
}
|
||
.table tbody tr:nth-child(odd){
|
||
background: #fff;
|
||
}
|
||
.table tbody tr:nth-child(even){
|
||
background: #F7F7F7;
|
||
}
|
||
</style>';
|
||
$out .= '<script>$(document).ready(function(){
|
||
$(".collapse").click(function(){
|
||
let id = $(this).data("id");
|
||
$("#ct_"+id).toggle();
|
||
return false;
|
||
});
|
||
$(".collapse_trmain").click(function(){
|
||
let id = $(this).data("id");
|
||
$("."+id).toggle();
|
||
return false;
|
||
});
|
||
$(".show_log_close").click(function(){
|
||
$(".show_log").hide();
|
||
return false;
|
||
})
|
||
$(".log_ip").click(function(){
|
||
$(".show_log_html").html("получаем");
|
||
let ip = $(this).data("ip");
|
||
$.ajax({
|
||
url: "/syssys/", cache: false, datatype: "json", type: "POST",
|
||
data: "ajdesSYS=showip&ip=" + ip,
|
||
success: function (data) {
|
||
$(".show_log_html").html(data.html);
|
||
$(".show_log").show();
|
||
}
|
||
});
|
||
return false;
|
||
});
|
||
});</script>';
|
||
$out .= '<a href="/syssys/">Измененные файлы за 12 часов</a> | <a href="/syssys/checkvirus/">Вирусные вставки</a>';
|
||
return $out;
|
||
}
|
||
function syssys_getcontentfile($file,$finds){
|
||
$out = array(); $out1 = '';
|
||
if($file!='inc/class_SECUR.php') {
|
||
/*
|
||
Например, мы хотим выбрать все ошибки из лог-файла, но знаем, что в следующей строчке после ошибки может содержаться полезная информация, тогда с помощью grep отобразим несколько строк. Ошибки будем искать в Xorg.log по шаблону "EE":
|
||
grep -A4 "EE" /var/log/xorg.0.log
|
||
Выведет строку с вхождением и 4 строчки после неё:
|
||
grep -B4 "EE" /var/log/xorg.0.log
|
||
Выведет целевую строку и 4 строчки до неё:
|
||
grep -C2 "EE" /var/log/xorg.0.log
|
||
Выведет по две строки с верху и снизу от вхождения.
|
||
* */
|
||
foreach ($finds as $key => $find) {
|
||
$command = 'grep "' . $find . '" ' . $file;
|
||
exec($command, $output);
|
||
$out = array_merge($out, $output);
|
||
}
|
||
$out1 = '<div style="overflow: auto;width:100%;height:120px;">';
|
||
foreach ($out as $k => $v)
|
||
$out1 .= htmlspecialchars($v) . '<br>';
|
||
$out1 .= '</div>';
|
||
}
|
||
return $out1;
|
||
}
|
||
function syssys(){
|
||
if ($_SESSION['user']['status'] != 99) exit();
|
||
$des = ''; if(isset($_GET['des'])) $des = $_GET['des'];
|
||
|
||
if($des=='checkvirus') {
|
||
echo $this->syssys_html_head();
|
||
echo '<h3>Вирусные вставки</h3>';
|
||
echo '<table class="table">';
|
||
echo '<tr>';
|
||
echo '<th class="span4">Дата</th>';
|
||
echo '<th class="span8">Файл</th>';
|
||
echo '</tr>';
|
||
|
||
$finds = array('featureShell(','eval(','p0wny');
|
||
$command = "grep -Rils --include=\*.php -e 'featureShell(' -e 'eval(' -e 'p0wny' /home/admin/web/eios.mkgtu.ru/public_html/*";
|
||
$output=array(); exec($command, $output);
|
||
if(count($output)) {
|
||
echo '<tr class="collapse_trmain error" data-id="tr1"><td colspan="2">[' . count($output) . '] featureShell p0wny eval( </td></tr>';
|
||
foreach ($output as $key => $file) {
|
||
$data = date('H:i:s d.m.Y', filectime($file));
|
||
echo '<tr class="collapse_tr tr1">';
|
||
echo '<td>' . $data . '</td>';
|
||
echo '<td>' . str_replace('/home/admin/web/eios.mkgtu.ru/public_html/', '', $file) . '</td>';
|
||
echo '</tr>';
|
||
echo '<tr class="collapse_tr tr1"><td colspan="2">'.$this->syssys_getcontentfile($file,$finds).'</td></tr>';
|
||
}
|
||
}
|
||
|
||
$finds = array('@$emaillist=$_POST','$emaillist=','$smtp_username=','$smtp_password=','Sender Anonym Email');
|
||
$command = "grep -Rils --include=\*.php -e '\@\$emaillist\=\$_POST' -e '\$emaillist=' -e '\$smtp_username=' -e '\$smtp_password=' -e 'Sender Anonym Email' /home/admin/web/eios.mkgtu.ru/public_html/*";
|
||
$output=array(); exec($command, $output);
|
||
if(count($output)) {
|
||
echo '<tr class="collapse_trmain error" data-id="tr2"><td colspan="2">[' . count($output) . '] $emaillist=$_POST $emaillist= $smtp_username= $smtp_password= Sender Anonym Email</td></tr>';
|
||
foreach ($output as $key => $file) {
|
||
$data = date('H:i:s d.m.Y', filectime($file));
|
||
echo '<tr class="collapse_tr tr2">';
|
||
echo '<td>' . $data . '</td>';
|
||
echo '<td>' . str_replace('/home/admin/web/eios.mkgtu.ru/public_html/', '', $file) . '</td>';
|
||
echo '</tr>';
|
||
echo '<tr class="collapse_tr tr1"><td colspan="2">'.$this->syssys_getcontentfile($file,$finds).'</td></tr>';
|
||
}
|
||
}
|
||
|
||
$finds = array('if(md5(md5($','h1>Loading...','b>Please wait a moment ...','... Please wait...</h3','You are here because one of your friends has invited you...','bankofamerica','http://hellosomeguys','rldailynews.com','--81a338--','; it.src = ');
|
||
$command = "grep -Rils --include=\*.{php,htm,html} -e 'if(md5(md5(\$' -e 'h1\>Loading...' -e 'b\>Please wait a moment ...\ You will be forwarded. \<' -e '... Please wait...\<\/h3' -e 'You are here because one of your friends has invited you...\ Redirecting...' -e 'bankofamerica' -e 'http:\/\/hellosomeguys' -e 'rldailynews.com' -e 'http\:\/\/.*doctor.*\.com' -e '\-\-81a338\-\-' -e '\; it.src = ' /home/admin/web/eios.mkgtu.ru/public_html/*";
|
||
$output=array(); exec($command, $output);
|
||
if(count($output)) {
|
||
echo '<tr class="collapse_trmain error" data-id="tr3"><td colspan="2">[' . count($output) . '] различные ботнетовские редиректы</td></tr>';
|
||
foreach ($output as $key => $file) {
|
||
$data = date('H:i:s d.m.Y', filectime($file));
|
||
echo '<tr class="collapse_tr tr3">';
|
||
echo '<td>' . $data . '</td>';
|
||
echo '<td>' . str_replace('/home/admin/web/eios.mkgtu.ru/public_html/', '', $file) . '</td>';
|
||
echo '</tr>';
|
||
echo '<tr class="collapse_tr tr1"><td colspan="2">'.$this->syssys_getcontentfile($file,$finds).'</td></tr>';
|
||
}
|
||
}
|
||
|
||
$finds = array('FilesMan','b=4594','e2aa4e','v58f57b98 = 0','forexam@pandion.im','pathToDomains','if(navigator.userAgent.match(','var vst = String.fromCharCode','Menu_files/jquery.js','i5463 == null','r57.gen.tr','/rsize.js','feelthesame.changeip.name','40,101,115,110,98,114,105,110','c99sh','Shell by',' sh_ver','.tcpflood','c999sh','Array(base64_decode','Attacker Perl File','bogel = ','(!function_exists("getmicrotime"))','$d=substr','WSO ','r57shell','msg=@gzinflate(@base64_decode(@str_replace','6POkiojiO7iY3ns1rn8',' mysql_safe','sql2_safe','aHR0cDovLzE3OC4yMTEu','php function _','encodeURIComponent(document.URL)','; if(isset($_REQUEST','UdpFlood','udp://1.1.1.1',' (md5($_POST[','header("Location: http','fx29sh_','c999sh_surl','c99sh','/request12.php','NlOThmMjgyODM0NjkyODdiYT');
|
||
$command = "grep -Rils --include=\*.{php,htm,html} -e 'FilesMan' -e 'b=4594' -e 'e2aa4e' -e 'v58f57b98 = 0' -e 'forexam\@pandion.im' -e 'pathToDomains' -e 'if(navigator.userAgent.match(' -e 'var vst = String.fromCharCode' -e 'Menu\_files\/jquery.js' -e 'i5463 == null' -e 'r57.gen.tr' -e '\/rsize.js' -e 'feelthesame.changeip.name' -e '40,101,115,110,98,114,105,110' -e 'c99sh' -e 'Shell by' -e ' sh_ver' -e '\.tcpflood' -e 'c999sh' -e 'Array(base64_decode' -e 'Attacker Perl File' -e 'bogel = ' -e '(\!function_exists(\"getmicrotime\"))' -e'\$d=substr' -e 'WSO ' -e 'r57shell' -e 'msg=@gzinflate(@base64_decode(@str_replace' -e '6POkiojiO7iY3ns1rn8' -e ' mysql_safe' -e 'sql2_safe' -e 'aHR0cDovLzE3OC4yMTEu' -e 'php function _' -e 'encodeURIComponent(document.URL)' -e '\; if(isset(\$_REQUEST' -e 'UdpFlood' -e 'udp\:\/\/1.1.1.1' -e '\ (md5(\$_POST\[' -e 'header(\"Location\: http' -e 'fx29sh_' -e 'c999sh_surl' -e 'c99sh' -e '\/request12.php' -e 'NlOThmMjgyODM0NjkyODdiYT' /home/admin/web/eios.mkgtu.ru/public_html/*";
|
||
$output=array(); exec($command, $output);
|
||
if(count($output)) {
|
||
echo '<tr class="collapse_trmain error" data-id="tr4"><td colspan="2">[' . count($output) . '] malware скрипты</td></tr>';
|
||
foreach ($output as $key => $file) {
|
||
$data = date('H:i:s d.m.Y', filectime($file));
|
||
echo '<tr class="collapse_tr tr4">';
|
||
echo '<td>' . $data . '</td>';
|
||
echo '<td>' . str_replace('/home/admin/web/eios.mkgtu.ru/public_html/', '', $file) . '</td>';
|
||
echo '</tr>';
|
||
echo '<tr class="collapse_tr tr1"><td colspan="2">'.$this->syssys_getcontentfile($file,$finds).'</td></tr>';
|
||
}
|
||
}
|
||
|
||
$finds = array('\%3C\%73\%63\%72\%69\%70\%74\%20\%74\%79\%70','kSKlBXYjNXZfhSZwF2YzVmb1h');
|
||
$command = "grep -Rils --include=\*.js -e '\%3C\%73\%63\%72\%69\%70\%74\%20\%74\%79\%70' -e 'kSKlBXYjNXZfhSZwF2YzVmb1h' /home/admin/web/eios.mkgtu.ru/public_html/*";
|
||
$output=array(); exec($command, $output);
|
||
if(count($output)) {
|
||
echo '<tr class="collapse_trmain error" data-id="tr5"><td colspan="2">[' . count($output) . '] различные malware в java скриптах</td></tr>';
|
||
foreach ($output as $key => $file) {
|
||
$data = date('H:i:s d.m.Y', filectime($file));
|
||
echo '<tr class="collapse_tr tr5">';
|
||
echo '<td>' . $data . '</td>';
|
||
echo '<td>' . str_replace('/home/admin/web/eios.mkgtu.ru/public_html/', '', $file) . '</td>';
|
||
echo '</tr>';
|
||
echo '<tr class="collapse_tr tr1"><td colspan="2">'.$this->syssys_getcontentfile($file,$finds).'</td></tr>';
|
||
}
|
||
}
|
||
|
||
echo '</table>';
|
||
//echo '<pre>'.print_r($output,1).'</pre>';
|
||
}
|
||
if($des=='') {
|
||
echo $this->syssys_html_head();
|
||
echo '<h3>Измененные файлы за 12 часов</h3>';
|
||
//print_r($_SESSION['user']);
|
||
if (isset($_POST['ajdesSYS'])) {
|
||
header('Content-Type: application/json; charset=utf-8');
|
||
$out = array();
|
||
if ($_POST['ajdesSYS'] == 'showip') {
|
||
$ip = $_POST['ip'];
|
||
$logs = $this->syssys_get_logs_IP($ip);
|
||
|
||
$html = '<table class="table">';
|
||
$html .= '<tr>';
|
||
$html .= '<th>Дата</th>';
|
||
$html .= '<th>IP</th>';
|
||
$html .= '<th>Метод</th>';
|
||
$html .= '<th>УРЛ</th>';
|
||
$html .= '<th>Код</th>';
|
||
$html .= '<th>Запрос</th>';
|
||
$html .= '<th>Юзерагент</th>';
|
||
$html .= '</tr>';
|
||
$html .= '<tbody>';
|
||
foreach ($logs as $key1 => $val1) {
|
||
$html .= '<tr>';
|
||
$html .= '<td>' . $val1['data'] . '</td>';
|
||
$html .= '<td>' . $val1['ip'] . '</td>';
|
||
$html .= '<td>' . $val1['method'] . '</td>';
|
||
$html .= '<td>' . $val1['urlp'] . '</td>';
|
||
$html .= '<td>' . $val1['code'] . '</td>';
|
||
$html .= '<td>' . $val1['url'] . '</td>';
|
||
$html .= '<td>' . $val1['ua'] . '</td>';
|
||
$html .= '</tr>';
|
||
}
|
||
$html .= '</tbody>';
|
||
$html .= '</table>';
|
||
|
||
$out['html'] = $html;
|
||
}
|
||
echo json_encode($out);
|
||
exit();
|
||
}
|
||
$output = array();
|
||
$command = 'find /home/admin/web/eios.mkgtu.ru/public_html/ -mmin -60 -print > /home/admin/web/eios.mkgtu.ru/public_html/lastf1.txt';
|
||
//смотрим изменения файлов за час = 60 12часов=720
|
||
$command = 'find /home/admin/web/eios.mkgtu.ru/public_html/ -type f -mmin -720 -print';
|
||
exec($command, $output);
|
||
$result = $this->syssys_parse_find($output);
|
||
//echo '<pre>'.print_r($this->syssys_parse_find($output),1).'</pre>';
|
||
echo '<div class="show_log"><div class="show_log_html">тут логи если щелкнуть по ИП</div><a href="#" class="show_log_close">Закрыть</a></div>';
|
||
echo '<table class="table">';
|
||
echo '<tr>';
|
||
echo '<th>Дата</th>';
|
||
echo '<th>Файл</th>';
|
||
echo '</tr>';
|
||
foreach ($result as $key => $val) {
|
||
$style = '';
|
||
if ($val['danger'] == 1) $style = 'style="color:red;"';
|
||
|
||
if (count($val['logs'])) {
|
||
echo '<tr class="collapse" data-id="' . $key . '">';
|
||
} else {
|
||
echo '<tr>';
|
||
}
|
||
echo '<td>' . $val['data_c'] . '</td>';
|
||
echo '<td ' . $style . '>' . $val['file'] . '</td>';
|
||
echo '</tr>';
|
||
if (count($val['logs'])) {
|
||
echo '<tr class="collapse_table" id="ct_' . $key . '">';
|
||
echo '<td colspan="2">';
|
||
echo '<table class="">';
|
||
echo '<tr>';
|
||
echo '<th>Дата</th>';
|
||
echo '<th>IP</th>';
|
||
echo '<th>Метод</th>';
|
||
echo '<th>УРЛ</th>';
|
||
echo '<th>Код</th>';
|
||
echo '<th>Запрос</th>';
|
||
echo '<th>Юзерагент</th>';
|
||
echo '</tr>';
|
||
echo '<tbody>';
|
||
foreach ($val['logs'] as $key1 => $val1) {
|
||
echo '<tr>';
|
||
echo '<td>' . $val1['data'] . '</td>';
|
||
echo '<td><a href="#" class="log_ip" data-ip="' . $val1['ip'] . '">' . $val1['ip'] . '</a></td>';
|
||
echo '<td>' . $val1['method'] . '</td>';
|
||
echo '<td>' . $val1['urlp'] . '</td>';
|
||
echo '<td>' . $val1['code'] . '</td>';
|
||
echo '<td>' . $val1['url'] . '</td>';
|
||
echo '<td>' . $val1['ua'] . '</td>';
|
||
echo '</tr>';
|
||
}
|
||
echo '</tbody>';
|
||
echo '</table>';
|
||
echo '</td>';
|
||
echo '</tr>';
|
||
}
|
||
}
|
||
echo '</table>';
|
||
}
|
||
exit();
|
||
}
|
||
|
||
function syssys_parse_find($output){
|
||
$out = array();
|
||
$m1=array('/home/admin/web/eios.mkgtu.ru/public_html/');
|
||
$m2=array('');
|
||
foreach($output as $key => $file){
|
||
$tmp['data_c'] = date('H:i:s d.m.Y',filectime($file));
|
||
$tmp['file'] = str_replace($m1,$m2,$file);
|
||
if (strpos($tmp['file'], '/templates_c/') !== false) continue;
|
||
if (strpos($tmp['file'], '/json.php') !== false) continue;
|
||
$pi = pathinfo($tmp['file']); $ext = mb_strtolower($pi['extension']);
|
||
if($ext=='json'||$ext=='png'||$ext=='jpg'||$ext=='jpeg'||$ext=='gif'||$ext=='doc'||$ext=='docx'||$ext=='pdf'||$ext=='xls'||$ext=='xlsx'||$ext=='zip'||$ext=='rar'||$ext=='plx'||$ext=='pptx'||$ext=='ppt') continue;
|
||
if (strpos($tmp['file'], '.php') !== false) {
|
||
$tmp['danger'] = 1;
|
||
$tmp['logs'] = $this->syssys_get_logs_acc($tmp['file']);
|
||
}else {
|
||
$tmp['danger'] = 0;
|
||
$tmp['logs'] = array();
|
||
}
|
||
$out[] = $tmp;
|
||
}
|
||
return $out;
|
||
}
|
||
|
||
function syssys_get_logs_acc($string){
|
||
$out = array();
|
||
$command = 'grep '.$string.' /var/log/httpd/domains/eios.mkgtu.ru.log';
|
||
$command = 'grep '.$string.' /home/admin/web/eios.mkgtu.ru/logs/eios.mkgtu.ru.log';
|
||
// [0] => 62.183.98.199 - - [12/Apr/2022:10:02:40 +0300] "GET /upload/iup/208/98062.php HTTP/1.0" 200 177818 "https://eios.mkgtu.ru/iup/student/edit/5400/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4495.0 Safari/537.36"
|
||
exec($command, $output);
|
||
foreach($output as $key => $line){
|
||
|
||
preg_match_all('|(.*) - - \[(.*)\] "(.*) (.*) (.*)" (.*) (.*) "(.*)" "(.*)"|isU',$line,$arr);
|
||
//echo count($arr[0]).'<pre>'.print_r($arr,1).'</pre>';
|
||
if(count($arr)>2){
|
||
$tmp=array();
|
||
$tmp['ip'] = $arr[1][0];
|
||
$tmp['data'] = $arr[2][0];
|
||
$tmp['method'] = $arr[3][0];
|
||
$tmp['urlp'] = $arr[4][0];
|
||
$tmp['http'] = $arr[5][0];
|
||
$tmp['code'] = $arr[6][0];
|
||
$tmp['size'] = $arr[7][0];
|
||
$tmp['url'] = $arr[8][0];
|
||
$tmp['ua'] = $arr[9][0];
|
||
$out[] = $tmp;
|
||
}else $out[]['line'] = $line;
|
||
}
|
||
return $out;
|
||
//echo '<pre>'.print_r($output,1).'</pre>';
|
||
}
|
||
function syssys_get_logs_IP($ip){
|
||
$out = array();
|
||
$command = 'grep '.$ip.' /home/admin/web/eios.mkgtu.ru/logs/eios.mkgtu.ru.log';
|
||
// [0] => 62.183.98.199 - - [12/Apr/2022:10:02:40 +0300] "GET /upload/iup/208/98062.php HTTP/1.0" 200 177818 "https://eios.mkgtu.ru/iup/student/edit/5400/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4495.0 Safari/537.36"
|
||
exec($command, $output);
|
||
foreach($output as $key => $line){
|
||
preg_match_all('|(.*) - - \[(.*)\] "(.*) (.*) (.*)" (.*) (.*) "(.*)" "(.*)"|isU',$line,$arr);
|
||
if(count($arr)>2){
|
||
$tmp=array();
|
||
$tmp['ip'] = $arr[1][0];
|
||
$tmp['data'] = $arr[2][0];
|
||
$tmp['method'] = $arr[3][0];
|
||
$tmp['urlp'] = $arr[4][0];
|
||
$tmp['http'] = $arr[5][0];
|
||
$tmp['code'] = $arr[6][0];
|
||
$tmp['size'] = $arr[7][0];
|
||
$tmp['url'] = $arr[8][0];
|
||
$tmp['ua'] = $arr[9][0];
|
||
$out[] = $tmp;
|
||
}else $out[]['line'] = $line;
|
||
}
|
||
return $out;
|
||
}
|
||
} |