CGI Reporter

Perl script and the shtml file that create a report of blocked and watched hosts taken from the hosts.allow file, created by Steve Hammond.

Here's a screenshot of the reporter utility

Here are the files that can be used to create the report displayed above, bh-reporter.cgi and bh-reporter.shtml, in a ZIP archive.

This is a version that includes the changes listed in the comment I've made some changes below:

Previous version:


Error in .shtml in zip


In the bh-reporter.shtml file, the following had to be changed from:

<!--#include virtual="/cgi-bin/blockhosts.cgi"-->


<!--#include virtual="/cgi-bin/bh-reporter.cgi"-->

for it to work, since the cgi script contained in the package is not named blockhosts.cgi

Maybe it's an idea to correct this and re-upload the zip.



now fixed

Fixed, and uploaded the new zip archive.

Maybe not a bad idea


I've made a small enhancement to your shtml file also to allow an automatic browser refresh every 15 seconds. After your code:

#include virtual="/cgi-bin/bh-reporter.cgi"

I added:

meta http-equiv="pragma" content="no-cache"> meta http-equiv="refresh" content="15">

(be sure to add the "smaller than" sign before the "meta" word on each meta keyword above - I can't figure out how to get this post NOT HTML translated by this forum software).

or change the 15 to whatever you (or the user) sees fit. For less busy sites maybe "60" seconds or more would be better.

This meta refresh tag saves us the trouble of clicking refresh in the browser window all the time to see updated entries.



Use HTML entities

For <, use &lt; and for > use &gt; in the postings.

So, your code above becomes:

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="refresh" content="15">

Also - not sure if any site that probably uses blockhosts gets that many attacks! Not home users definitely, probably just 10-100 attacks on average over 24 hour period, so may not need high refresh rates - minutes or hours may be fine, don't need seconds.

Yeah I guess. I'm a hosting

Yeah I guess. I'm a hosting provider so many daily attacks are common place.

I've been looking for a proftpd blocker for many months now and really only stumbled upon yours from the freshmeat announcement today. I even asked on the proftpd mailing lists/forums and they don't seem to even know BlockHosts exists (they referred me to a proftpd "ban" module which doesn't block anyway).

I also knew about denyhosts but that is limited to ssh only and as I don't allow ssh to the world (open only a few ip's on the firewall) then denyhosts is of no use to me (although it has a nice feature where people auto-submit their attacks to a central server which the author summarizes for stats etc).

Was very happy to stumble upon BlockHosts.

As another addition to your shtml, you might like to add this to the bottom (just before the /body):

<p class="copyright"><a href="">BlockHosts</a> 1.0.4 2006/02/18 © Avinash Chopde</p>

where the (c) symbol is an "ampersand"copy - again sorry the forum software translates that to the symbol when displaying on the forum. But it looks nice on the bottom of the page and also supplies the weblink for the homepage.

I'm using 1.0.4 until 1.0.5 rpm is released.



This page is a great idear. But on my system I got an error-window. I use IE 6.0 an the explorer. When I open the shtml-page IE shows an error about wrong mixture of using xml style-sheet functions. Who can i fix it? Thanks a lot!
cu Blade

My problem is fixed right

My problem is fixed right now. I did not copy the cgi-script to the right path at /vhost/cgi-bin . Now I copied it to that path, it is working fine! Thank you!

I've made some changes....

Great tool!

But I've made some changes that I thought you or someone else in the community might like.

On my servers I'm normally blocking between 1000-2000 hosts at any given time, so having to scroll down to the bottom was getting old.. ( I know I could have just hit the 'end' key - but I'm lazy!) So I modified the code to have two divs at the top of the shtml page to write the totals into.

If you would like the code, please let me know.

Thanks again for such a useful tool!


updated archive

The main text above has been updated to point to the new archive that contains the changes received from the previous commenter, the archive is:

Date time format bug (with fix)

There is a problem where the date and time are misformated if there is a large number of occurences in the log.
In my case 45,622
Below will dispaly your date and time regardless of the number of occurences.

Replace both sections of
#$IP = substr($_,8,16);
#$IP = trim($IP);
#$count = substr($_,27,4);
#$date = substr($_,33,10) if (substr($_,43,1) eq "-");
#$date = substr($_,33,11) if (substr($_,43,1) ne "-");
#$hour = substr($_,45) if (substr($_,44,1) eq "-");
#$hour = substr($_,44) if (substr($_,44,1) ne "-");
#$_ = $hour;
#$hour = $_;
@values = split(':', $_);
$IP = trim($values[2]);
$count = trim($values[3]);
$datetime = trim($values[4] . ':' . $values[-2] . ':' . $values[-1]);
$date = substr($datetime,0,10);
$hour = substr($datetime,11,12);