180 lines
6.1 KiB
PHP
180 lines
6.1 KiB
PHP
<?php
|
|
if (!defined('_PS_VERSION_'))
|
|
exit;
|
|
|
|
include_once(_PS_MODULE_DIR_.'/ant_alerthack/models/Suspect.php');
|
|
class Ant_Alerthack extends Module
|
|
{
|
|
|
|
public function __construct()
|
|
{
|
|
$this->name = 'ant_alerthack';
|
|
$this->tab = 'administration';
|
|
$this->author = 'Antadis';
|
|
$this->version = '1.0';
|
|
$this->need_instance = 0;
|
|
|
|
parent::__construct();
|
|
|
|
$this->displayName = $this->l('Alert for hacking tentative');
|
|
$this->description = $this->l('Alert when someone try to make SQL injection in contact form');
|
|
}
|
|
|
|
public function install()
|
|
{
|
|
// if (!$this->installDB()){
|
|
// return false;
|
|
// }
|
|
|
|
$hooks = array(
|
|
'ant_alerthack' => array('Ant Alert Hack', 'Called when someone sends some messages in few minutes'),
|
|
'ant_alerthackbefore' => array('Ant Alert Hack Before', 'Called before customer or visitor makes an action'),
|
|
);
|
|
foreach($hooks as $k => $v) {
|
|
if(count(Db::getInstance()->ExecuteS('
|
|
SELECT `id_hook`
|
|
FROM `'._DB_PREFIX_.'hook`
|
|
WHERE `name` = "'.$k.'"
|
|
LIMIT 1
|
|
')) == 0) {
|
|
Db::getInstance()->ExecuteS('
|
|
INSERT INTO `'._DB_PREFIX_.'hook`
|
|
VALUES (DEFAULT, "'.$k.'", "'.$v[0].'", "'.$v[1].'", 0, 0)
|
|
');
|
|
}
|
|
}
|
|
|
|
if(!parent::install()
|
|
|| !$this->registerHook('ant_alerthack')
|
|
|| !$this->registerHook('ant_alerthackbefore')) {
|
|
return false;
|
|
}
|
|
|
|
# Set default configuration values
|
|
Configuration::updateValue('ANT_ALERTHACK_LIMIT', 5);
|
|
Configuration::updateValue('ANT_ALERTHACK_TIME', 1);
|
|
Configuration::updateValue('ANT_ALERTHACK_EMAILS', 'marion@antadis.com');
|
|
|
|
return true;
|
|
}
|
|
|
|
private function installDB()
|
|
{
|
|
$result = true;
|
|
# Add tables
|
|
$query = '
|
|
CREATE TABLE IF NOT EXISTS `' . _DB_PREFIX_ . 'ant_alerthack_suspect` (
|
|
`id_suspect` INTEGER NOT NULL AUTO_INCREMENT,
|
|
`id_customer` INTEGER DEFAULT 0,
|
|
`email` VARCHAR(128),
|
|
`page` VARCHAR(250),
|
|
`referrer` VARCHAR(250),
|
|
`user_agent` VARCHAR(128),
|
|
`remote_host` VARCHAR(255),
|
|
`remote_ip` VARCHAR(20),
|
|
`condition` VARCHAR(50),
|
|
`is_suspect` INTEGER DEFAULT 0,
|
|
`date_add` DATETIME NOT NULL,
|
|
`date_upd` DATETIME NOT NULL,
|
|
PRIMARY KEY(`id_suspect`)
|
|
) ENGINE=' . _MYSQL_ENGINE_ . ' DEFAULT CHARSET=utf8
|
|
';
|
|
|
|
$result = Db::getInstance()->Execute($query);
|
|
|
|
return $result;
|
|
}
|
|
|
|
|
|
public function uninstall() {
|
|
|
|
if(parent::uninstall() == false) {
|
|
return false;
|
|
}
|
|
|
|
Configuration::deleteByName('ANT_ALERTHACK_LIMIT');
|
|
Configuration::deleteByName('ANT_ALERTHACK_TIME');
|
|
Configuration::deleteByName('ANT_ALERTHACK_EMAILS');
|
|
|
|
return true;
|
|
}
|
|
|
|
public function hookAnt_Alerthackbefore($params) {
|
|
global $cookie;
|
|
return true;
|
|
}
|
|
|
|
public function hookAnt_Alerthack($params) {
|
|
global $cookie;
|
|
$min = (int)Configuration::get('ANT_ALERTHACK_TIME');
|
|
$count_limit = (int)Configuration::get('ANT_ALERTHACK_LIMIT');
|
|
$id_customer = ($params['id_customer']?$params['id_customer']:'');
|
|
|
|
$count = Db::getInstance()->getValue('
|
|
SELECT COUNT(m.`id_customer_message`)
|
|
FROM `'._DB_PREFIX_.'customer_message` m
|
|
LEFT JOIN `'._DB_PREFIX_.'customer_thread` t ON (t.`id_customer_thread` = m.`id_customer_thread`)
|
|
WHERE (
|
|
t.`email` = "'.pSQL($params['email']).'"
|
|
'.(!empty($id_customer)?' OR t.`id_customer` = '.(int)$id_customer:'').'
|
|
)
|
|
AND m.`date_add` < NOW() AND m.`date_add` > DATE_SUB(NOW(), INTERVAL '.$min.' MINUTE)
|
|
');
|
|
|
|
if($count >= $count_limit){
|
|
$info = array(
|
|
'count' => (int)$count,
|
|
'time' => (int)$min
|
|
);
|
|
$this->saveInfo($info, $params['email'], $id_customer);
|
|
|
|
$emails = Configuration::get('ANT_ALERTHACK_EMAILS');
|
|
$to = explode(',', $emails);
|
|
$data = array(
|
|
'{limit}' => (int)Configuration::get('ANT_ALERTHACK_LIMIT'),
|
|
'{time}' => (int)Configuration::get('ANT_ALERTHACK_TIME'),
|
|
'{suspect_email}' => $params['email'],
|
|
);
|
|
foreach ($to as $email) {
|
|
Mail::Send((int)$cookie->id_lang, 'ant_alerthack', 'Alert Hack', $data, $to);
|
|
}
|
|
}
|
|
}
|
|
|
|
public function saveInfo($info, $email, $id_customer = '')
|
|
{
|
|
|
|
$remoteIP = $_SERVER['REMOTE_ADDR'];
|
|
if (strstr($remoteIP, ', ')) {
|
|
$ips = explode(', ', $remoteIP);
|
|
$remoteIP = $ips[0];
|
|
}
|
|
$page = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}";
|
|
$page .= (!empty($_SERVER['QUERY_STRING'])? $_SERVER['QUERY_STRING']:'');
|
|
$referrer = $_SERVER['HTTP_REFERER'];
|
|
$useragent = $_SERVER['HTTP_USER_AGENT'];
|
|
$remotehost = gethostbyaddr($remoteIP);
|
|
$is_exist = Db::getInstance()->getRow('
|
|
SELECT `id_suspect`
|
|
FROM `'._DB_PREFIX_.'ant_alerthack_suspect`
|
|
WHERE `email` = "'.pSQL($email).'"
|
|
');
|
|
if($is_exist){
|
|
$suspect = new Suspect((int)$is_exist['id_suspect']);
|
|
} else {
|
|
$suspect = new Suspect();
|
|
}
|
|
$suspect->id_customer = (!empty($id_customer)?$id_customer:0);
|
|
$suspect->email = pSQL($email);
|
|
$suspect->page = pSQL($page);
|
|
$suspect->user_agent = pSQL($useragent);
|
|
$suspect->remote_host = pSQL($remotehost);
|
|
$suspect->remote_ip = pSQL($remoteIP);
|
|
$suspect->referrer = pSQL($referrer);
|
|
$suspect->is_suspect = 1;
|
|
$suspect->condition = pSQL($info['count'].' messages in '.$info['time'].' minutes');
|
|
$suspect->save();
|
|
}
|
|
|
|
}
|