//private int lineNumbers;
//private bool isLastRecordValid = false;
//public BackgroundWatcher()
//{
// //recordsList = new List<OneRecord>();
// filteredRecords = new FilteredRecords();
//}
public BackgroundWatcher(LogFile lf, NotifyIcon notifyIcon, MailAddress mail = null)
{
//recordsList = new List<OneRecord>();
filteredRecords = new FilteredRecords();
logfile = lf;
notifyIcon1 = notifyIcon;
//AnalysisTextBox = atextbox;
isAnyDangerousIpDetected = false;
//lineNumbers = 0;
//DangerousIpSize = 0;
dangerousRequests = new DangerousHTTPRequests();
mailAddress = mail;
}
public DangerousHTTPRequests SecureFilterAndScanAllFile()
{
DangerousHTTPRequests dangerousRequests = new DangerousHTTPRequests();
FilteredRecords filtered = new FilteredRecords();
try
{
using (StreamReader sr = new StreamReader(fileName, System.Text.Encoding.Default))
{
string line;
//long bytesSeek = 0;
while ((line = sr.ReadLine()) != null)
{
if (OneRecord.IsRecordCanBeCreated(line))
{
OneRecord record = new OneRecord(line);
//filteredList.AddRecord(record);
if (DangerousHTTPRequests.isRecordLoginFailure(record))
{
filtered.AddRecord(record);
}
}
}
}
}
catch (FileNotFoundException ioEx)
{
Console.WriteLine(ioEx.Message);
}
dangerousRequests = filtered.AttackDetector();
return(dangerousRequests);
}
private void WatcherChanged(object sender, FileSystemEventArgs e)
{
//Console.WriteLine("Type of changes: {0}; Changed: {1}", e.ChangeType, e.Name);
//MessageBox.Show(String.Format("Type of changes: {0}; Changed: {1}", e.ChangeType, e.Name));
//isHackDetacted = false;
DangerousHTTPRequests dr = new DangerousHTTPRequests();
int DangerousIpSize = dangerousRequests.DangerousIp.Count();
//if (dangerousRequests.DangerousIp.Any())
//{
// DangerousIpSize = dangerousRequests.DangerousIp.Count();
//}
//string s = ReadLastLine(logfile.fileName);
//MessageBox.Show(String.Format("Добавлено: {0}", s));
if (isLastRecordAdded())
{
//MessageBox.Show(String.Format("Добавлено: {0} --- {1}", filteredRecords.FilteredRecordsList.Last().logString,filteredRecords.FilteredRecordsList.First().logString));
dr = filteredRecords.AttackDetector();
if (dr.DangerousIp.Any())
{
foreach (KeyValuePair <string, float> keyValue in dr.DangerousIp)
{
bool isHackerDetected = false;
if (keyValue.Value == 100)
{
if (mailAddress != null)
{
SendEmail(keyValue.Key);
BackgroundWatcher.makeNotify(notifyIcon1, String.Format("ip: {0} взламывает ваш ресурс прямо сейчас! Мы отправили уведомление на вашу почту!", keyValue.Key));
}
else
{
BackgroundWatcher.makeNotify(notifyIcon1, String.Format("ip: {0} взламывает ваш ресурс прямо сейчас!", keyValue.Key));
}
isHackerDetected = true;
}
if (!dangerousRequests.DangerousIp.ContainsKey(keyValue.Key))
{
if (!isHackerDetected)
{
BackgroundWatcher.makeNotify(notifyIcon1, "Попытка возможного взлома обнаружена");
}
dangerousRequests.DangerousIp[keyValue.Key] = keyValue.Value;
addDangerousIp?.Invoke(); // 2.Вызов события
//writeToAnalisisTextBox();
}
else
{
float value = 0;
dangerousRequests.DangerousIp.TryGetValue(keyValue.Key, out value);
if (keyValue.Value > value)
{
if (!isHackerDetected)
{
BackgroundWatcher.makeNotify(notifyIcon1, "Попытка возможного взлома обнаружена с большей вероятностью");
}
dangerousRequests.DangerousIp[keyValue.Key] = keyValue.Value;
addDangerousIp?.Invoke(); // 2.Вызов события
}
}
}
}
//if (dangerousRequests.DangerousIp.Count() > DangerousIpSize)
//{
// BackgroundWatcher.makeNotify(notifyIcon1, "Попытка возможного взлома обнаружена");
// //DangerousIpSize = dangerousRequests.DangerousIp.Count();
// //DangerousIpSize = dangerousRequests.DangerousIp.Count();
// //if (!isAnyDangerousIpDetected)
// //{
// // isAnyDangerousIpDetected = true;
// //}
// //isHackDetacted = true;
// //foreach(KeyValuePair<string,float> keyValue in dangerousRequests.DangerousIp)
// // WriteDangerousRequest_InBackgroundMode_ToWindow(keyValue);
// //dangerousRequests.DangerousIp.Clear();
// }
//}
//foreach (KeyValuePair<string, float> keyValue in dangerousRequests.DangerousIp)
//{
// //if (isDangerousIPFound(keyValue))
// //{
// //}
//}
}
}
public DangerousHTTPRequests AttackDetector()
{
DangerousHTTPRequests dangerousRequests = new DangerousHTTPRequests();
//if (anyFilterActive)
//{
int index = 0;
foreach (OneRecord _record in FilteredRecordsList)
{
if (DangerousHTTPRequests.isRecordLoginFailure(_record))
{
string ip = _record.ip;
string requestFilename = _record.request_file_name;
DateTime time = _record.date;
int numberOfRequests = 1;
//if (dangerousRequests.DangerousIp.ContainsKey(ip))
// break;
for (int i = index + 1; i < FilteredRecordsList.Count; i++)
{
//Console.WriteLine("{0}", FilteredRecordsList[i].date - time);
if ((FilteredRecordsList[i].date - time).TotalMinutes >= 1)
{
break;
}
if (ip != FilteredRecordsList[i].ip)
{
continue;
}
if (requestFilename != FilteredRecordsList[i].request_file_name)
{
continue;
}
//Console.WriteLine("{0}", FilteredRecordsList[i].date);
numberOfRequests++;
}
float probabilityOfDangerous = (float)100 * numberOfRequests / 15; // 15 ---> 100%
if (probabilityOfDangerous > 100)
{
probabilityOfDangerous = 100;
}
if (DangerousHTTPRequests.isRecordDangerous(numberOfRequests, probabilityOfDangerous))
{
if (dangerousRequests.DangerousIp.ContainsKey(ip))
{
if (dangerousRequests.DangerousIp[ip] < probabilityOfDangerous)
{
dangerousRequests.DangerousIp[ip] = probabilityOfDangerous;
//Console.WriteLine("blya");
}
//else
// break;
}
else
{
dangerousRequests.AddIp(ip, probabilityOfDangerous);
}
}
//Console.WriteLine("aaaaaaaaaaaaaaa {0}", dangerousRequests.DangerousIp[ip]);
//Console.WriteLine(string.Format("колво - {0}; Number 2 : {1:0.00##}", numberOfRequests,probabilityOfDangerous));
}
index++;
}
//}
//else
//{
//}
return(dangerousRequests);
}
