Perl script and the shtml file that create a report of blocked and watched hosts taken from the hosts.allow file, created by Steve Hammond.
Here's a screenshot of the reporter utility
Here are the files that can be used to create the report displayed above, bh-reporter.cgi and bh-reporter.shtml, in a ZIP archive.
This is a version that includes the changes listed in the comment I've made some changes below:
bh-reporter2.zip
Previous version:
bh-reporter1.zip
Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
Copyright © 1995-2016 Avinash Chopde, avinash@aczoom.com
Comments
Error in .shtml in zip
Hi,
In the bh-reporter.shtml file, the following had to be changed from:
<!--#include virtual="/cgi-bin/blockhosts.cgi"-->
to:
<!--#include virtual="/cgi-bin/bh-reporter.cgi"-->
for it to work, since the cgi script contained in the package is not named blockhosts.cgi
Maybe it's an idea to correct this and re-upload the zip.
Regards,
Michael.
now fixed
Fixed, and uploaded the new zip archive.
Maybe not a bad idea
Thanks.
I've made a small enhancement to your shtml file also to allow an automatic browser refresh every 15 seconds. After your code:
#include virtual="/cgi-bin/bh-reporter.cgi"
I added:
meta http-equiv="pragma" content="no-cache"> meta http-equiv="refresh" content="15">
(be sure to add the "smaller than" sign before the "meta" word on each meta keyword above - I can't figure out how to get this post NOT HTML translated by this forum software).
or change the 15 to whatever you (or the user) sees fit. For less busy sites maybe "60" seconds or more would be better.
This meta refresh tag saves us the trouble of clicking refresh in the browser window all the time to see updated entries.
Regards,
Michael.
Use HTML entities
For <, use < and for > use > in the postings.
So, your code above becomes:
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="refresh" content="15">
Also - not sure if any site that probably uses blockhosts gets that many attacks! Not home users definitely, probably just 10-100 attacks on average over 24 hour period, so may not need high refresh rates - minutes or hours may be fine, don't need seconds.
Yeah I guess. I'm a hosting
Yeah I guess. I'm a hosting provider so many daily attacks are common place.
I've been looking for a proftpd blocker for many months now and really only stumbled upon yours from the freshmeat announcement today. I even asked on the proftpd mailing lists/forums and they don't seem to even know BlockHosts exists (they referred me to a proftpd "ban" module which doesn't block anyway).
I also knew about denyhosts but that is limited to ssh only and as I don't allow ssh to the world (open only a few ip's on the firewall) then denyhosts is of no use to me (although it has a nice feature where people auto-submit their attacks to a central server which the author summarizes for stats etc).
Was very happy to stumble upon BlockHosts.
As another addition to your shtml, you might like to add this to the bottom (just before the /body):
<p class="copyright"><a href="http://www.aczoom.com/cms/blockhosts/">BlockHosts</a> 1.0.4 2006/02/18 © Avinash Chopde</p>
where the (c) symbol is an "ampersand"copy - again sorry the forum software translates that to the symbol when displaying on the forum. But it looks nice on the bottom of the page and also supplies the weblink for the homepage.
I'm using 1.0.4 until 1.0.5 rpm is released.
Michael.
error
This page is a great idear. But on my system I got an error-window. I use IE 6.0 an the explorer. When I open the shtml-page IE shows an error about wrong mixture of using xml style-sheet functions. Who can i fix it? Thanks a lot!
cu Blade
My problem is fixed right
My problem is fixed right now. I did not copy the cgi-script to the right path at /vhost/cgi-bin . Now I copied it to that path, it is working fine! Thank you!
I've made some changes....
Great tool!
But I've made some changes that I thought you or someone else in the community might like.
On my servers I'm normally blocking between 1000-2000 hosts at any given time, so having to scroll down to the bottom was getting old.. ( I know I could have just hit the 'end' key - but I'm lazy!) So I modified the code to have two divs at the top of the shtml page to write the totals into.
If you would like the code, please let me know.
Thanks again for such a useful tool!
-Jon
updated archive
The main text above has been updated to point to the new archive that contains the changes received from the previous commenter, the archive is:
bh-reporter2.zip
Date time format bug (with fix)
There is a problem where the date and time are misformated if there is a large number of occurences in the log.
In my case 45,622
Below will dispaly your date and time regardless of the number of occurences.
Replace both sections of
#$IP = substr($_,8,16);
#$IP = trim($IP);
#$count = substr($_,27,4);
#$date = substr($_,33,10) if (substr($_,43,1) eq "-");
#$date = substr($_,33,11) if (substr($_,43,1) ne "-");
#$hour = substr($_,45) if (substr($_,44,1) eq "-");
#$hour = substr($_,44) if (substr($_,44,1) ne "-");
#$_ = $hour;
#s/-/:/;
#$hour = $_;
with
@values = split(':', $_);
$IP = trim($values[2]);
$count = trim($values[3]);
$datetime = trim($values[4] . ':' . $values[-2] . ':' . $values[-1]);
$date = substr($datetime,0,10);
$hour = substr($datetime,11,12);