//private int lineNumbers; //private bool isLastRecordValid = false; //public BackgroundWatcher() //{ // //recordsList = new List<OneRecord>(); // filteredRecords = new FilteredRecords(); //} public BackgroundWatcher(LogFile lf, NotifyIcon notifyIcon, MailAddress mail = null) { //recordsList = new List<OneRecord>(); filteredRecords = new FilteredRecords(); logfile = lf; notifyIcon1 = notifyIcon; //AnalysisTextBox = atextbox; isAnyDangerousIpDetected = false; //lineNumbers = 0; //DangerousIpSize = 0; dangerousRequests = new DangerousHTTPRequests(); mailAddress = mail; }
public DangerousHTTPRequests SecureFilterAndScanAllFile() { DangerousHTTPRequests dangerousRequests = new DangerousHTTPRequests(); FilteredRecords filtered = new FilteredRecords(); try { using (StreamReader sr = new StreamReader(fileName, System.Text.Encoding.Default)) { string line; //long bytesSeek = 0; while ((line = sr.ReadLine()) != null) { if (OneRecord.IsRecordCanBeCreated(line)) { OneRecord record = new OneRecord(line); //filteredList.AddRecord(record); if (DangerousHTTPRequests.isRecordLoginFailure(record)) { filtered.AddRecord(record); } } } } } catch (FileNotFoundException ioEx) { Console.WriteLine(ioEx.Message); } dangerousRequests = filtered.AttackDetector(); return(dangerousRequests); }
private void WatcherChanged(object sender, FileSystemEventArgs e) { //Console.WriteLine("Type of changes: {0}; Changed: {1}", e.ChangeType, e.Name); //MessageBox.Show(String.Format("Type of changes: {0}; Changed: {1}", e.ChangeType, e.Name)); //isHackDetacted = false; DangerousHTTPRequests dr = new DangerousHTTPRequests(); int DangerousIpSize = dangerousRequests.DangerousIp.Count(); //if (dangerousRequests.DangerousIp.Any()) //{ // DangerousIpSize = dangerousRequests.DangerousIp.Count(); //} //string s = ReadLastLine(logfile.fileName); //MessageBox.Show(String.Format("Добавлено: {0}", s)); if (isLastRecordAdded()) { //MessageBox.Show(String.Format("Добавлено: {0} --- {1}", filteredRecords.FilteredRecordsList.Last().logString,filteredRecords.FilteredRecordsList.First().logString)); dr = filteredRecords.AttackDetector(); if (dr.DangerousIp.Any()) { foreach (KeyValuePair <string, float> keyValue in dr.DangerousIp) { bool isHackerDetected = false; if (keyValue.Value == 100) { if (mailAddress != null) { SendEmail(keyValue.Key); BackgroundWatcher.makeNotify(notifyIcon1, String.Format("ip: {0} взламывает ваш ресурс прямо сейчас! Мы отправили уведомление на вашу почту!", keyValue.Key)); } else { BackgroundWatcher.makeNotify(notifyIcon1, String.Format("ip: {0} взламывает ваш ресурс прямо сейчас!", keyValue.Key)); } isHackerDetected = true; } if (!dangerousRequests.DangerousIp.ContainsKey(keyValue.Key)) { if (!isHackerDetected) { BackgroundWatcher.makeNotify(notifyIcon1, "Попытка возможного взлома обнаружена"); } dangerousRequests.DangerousIp[keyValue.Key] = keyValue.Value; addDangerousIp?.Invoke(); // 2.Вызов события //writeToAnalisisTextBox(); } else { float value = 0; dangerousRequests.DangerousIp.TryGetValue(keyValue.Key, out value); if (keyValue.Value > value) { if (!isHackerDetected) { BackgroundWatcher.makeNotify(notifyIcon1, "Попытка возможного взлома обнаружена с большей вероятностью"); } dangerousRequests.DangerousIp[keyValue.Key] = keyValue.Value; addDangerousIp?.Invoke(); // 2.Вызов события } } } } //if (dangerousRequests.DangerousIp.Count() > DangerousIpSize) //{ // BackgroundWatcher.makeNotify(notifyIcon1, "Попытка возможного взлома обнаружена"); // //DangerousIpSize = dangerousRequests.DangerousIp.Count(); // //DangerousIpSize = dangerousRequests.DangerousIp.Count(); // //if (!isAnyDangerousIpDetected) // //{ // // isAnyDangerousIpDetected = true; // //} // //isHackDetacted = true; // //foreach(KeyValuePair<string,float> keyValue in dangerousRequests.DangerousIp) // // WriteDangerousRequest_InBackgroundMode_ToWindow(keyValue); // //dangerousRequests.DangerousIp.Clear(); // } //} //foreach (KeyValuePair<string, float> keyValue in dangerousRequests.DangerousIp) //{ // //if (isDangerousIPFound(keyValue)) // //{ // //} //} } }
public DangerousHTTPRequests AttackDetector() { DangerousHTTPRequests dangerousRequests = new DangerousHTTPRequests(); //if (anyFilterActive) //{ int index = 0; foreach (OneRecord _record in FilteredRecordsList) { if (DangerousHTTPRequests.isRecordLoginFailure(_record)) { string ip = _record.ip; string requestFilename = _record.request_file_name; DateTime time = _record.date; int numberOfRequests = 1; //if (dangerousRequests.DangerousIp.ContainsKey(ip)) // break; for (int i = index + 1; i < FilteredRecordsList.Count; i++) { //Console.WriteLine("{0}", FilteredRecordsList[i].date - time); if ((FilteredRecordsList[i].date - time).TotalMinutes >= 1) { break; } if (ip != FilteredRecordsList[i].ip) { continue; } if (requestFilename != FilteredRecordsList[i].request_file_name) { continue; } //Console.WriteLine("{0}", FilteredRecordsList[i].date); numberOfRequests++; } float probabilityOfDangerous = (float)100 * numberOfRequests / 15; // 15 ---> 100% if (probabilityOfDangerous > 100) { probabilityOfDangerous = 100; } if (DangerousHTTPRequests.isRecordDangerous(numberOfRequests, probabilityOfDangerous)) { if (dangerousRequests.DangerousIp.ContainsKey(ip)) { if (dangerousRequests.DangerousIp[ip] < probabilityOfDangerous) { dangerousRequests.DangerousIp[ip] = probabilityOfDangerous; //Console.WriteLine("blya"); } //else // break; } else { dangerousRequests.AddIp(ip, probabilityOfDangerous); } } //Console.WriteLine("aaaaaaaaaaaaaaa {0}", dangerousRequests.DangerousIp[ip]); //Console.WriteLine(string.Format("колво - {0}; Number 2 : {1:0.00##}", numberOfRequests,probabilityOfDangerous)); } index++; } //} //else //{ //} return(dangerousRequests); }