예제 #1
0
        private static void ProcessBlock()
        {
            var currentTimestamp = Utilities.GetCurrentTimestamp();

            while (true)
            {
                if (!GlobalVars.Data.BlockQueue.TryPeek(out var blockStruct))
                {
                    break;
                }

                if (blockStruct.ExpirationTime < currentTimestamp)
                {
                    CloudflareUtilities.Unblock(blockStruct.BlockId);
                    Console.WriteLine($"Unblocked IP: {blockStruct.IpAddress} (Id = {blockStruct.BlockId})");

                    GlobalVars.Data.BlockQueue.Dequeue();
                    GlobalVars.Data.BlockHashSet.Remove(blockStruct.IpAddress);

                    _dataChanged = true;
                }
                else
                {
                    break;
                }
            }
        }
예제 #2
0
        private static void Main(string[] args)
        {
            if (!File.Exists(ConfigFileName))
            {
                GlobalVars.Config = ConfigManager.GetDefaultConfig();
                ConfigManager.SaveConfig(ConfigFileName, GlobalVars.Config);

                Console.WriteLine("Config not found, generated new one");
                Environment.Exit(1);
            }

            GlobalVars.Config = ConfigManager.ReadConfig(ConfigFileName);
            GlobalVars.Data   = File.Exists(DataFileName) ? DataManager.ReadData(DataFileName) : DataManager.GetDefaultData();

            if (string.IsNullOrEmpty(GlobalVars.Config.CloudflareEmail))
            {
                Console.WriteLine($"Application is not configured, please edit {ConfigFileName}");
                Environment.Exit(2);
            }

            if (!File.Exists(GlobalVars.Config.NginxBlockSnippetFile))
            {
                File.Create(GlobalVars.Config.NginxBlockSnippetFile);
            }

            GlobalVars.Http = new HttpClient(new HttpClientHandler
            {
                AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip,
                SslProtocols           = SslProtocols.Tls11 | SslProtocols.Tls12,
            });

            GlobalVars.Http.DefaultRequestHeaders.TryAddWithoutValidation("X-Auth-Email", GlobalVars.Config.CloudflareEmail);
            GlobalVars.Http.DefaultRequestHeaders.TryAddWithoutValidation("X-Auth-Key", GlobalVars.Config.CloudflareApiKey);

            if (GlobalVars.Config.CloudflareUnderAttackMode)
            {
                foreach (var id in GlobalVars.Config.CloudflareManageZones)
                {
                    CloudflareUtilities.SecurityLevel(id, GlobalVars.Config.CloudflareModeDefault);
                    Console.WriteLine($"SecurityLevel({id}) = {GlobalVars.Config.CloudflareModeDefault}");
                }
            }

            while (true)
            {
                try
                {
                    Console.WriteLine("Watching...");
                    Watcher();
                }
                catch (Exception ex)
                {
                    Console.WriteLine($"Watcher crashed: {ex.Message}{ex.StackTrace}");
                    Thread.Sleep(1_000);
                }
            }
        }
예제 #3
0
        private static void ProcessAbuseLog()
        {
            var currentTimestamp = Utilities.GetCurrentTimestamp();
            var expireTimestamp  = currentTimestamp - GlobalVars.Config.AbuseExpirationTime;
            var blockCounter     = 0;
            var itemsToRemove    = new List <string>();

            foreach (var(key, value) in AbuseDictionary)
            {
                if (GlobalVars.Data.BlockHashSet.Contains(value.IpAddress))
                {
                    itemsToRemove.Add(key);
                    continue;
                }

                while (true)
                {
                    if (value.Timestamps.TryPeek(out var timestamp))
                    {
                        if (timestamp < expireTimestamp)
                        {
                            value.Timestamps.Dequeue();
                        }
                        else
                        {
                            break;
                        }
                    }
                    else
                    {
                        break;
                    }
                }

                // remove expired timestamps
                if (value.Timestamps.Count == 0)
                {
                    itemsToRemove.Add(key);
                    continue;
                }

                // count & block abusing ips
                var abusesToBlock = _underAttack
                                        ? GlobalVars.Config.AbusesToBlockUnderAttack
                                        : GlobalVars.Config.AbusesToBlock;

                if (value.Timestamps.Count >= abusesToBlock)
                {
                    var blockStruct = new BlockStruct(value.IpAddress, currentTimestamp + GlobalVars.Config.BlockExpirationTime)
                    {
                        BlockId = CloudflareUtilities.Block(value.IpAddress)
                    };

                    Console.WriteLine($"Blocked abusing IP: {blockStruct.IpAddress} (Id = {blockStruct.BlockId})");

                    GlobalVars.Data.BlockQueue.Enqueue(blockStruct);
                    GlobalVars.Data.BlockHashSet.Add(value.IpAddress);
                    blockCounter++;

                    itemsToRemove.Add(key);
                    _dataChanged = true;
                }
            }

            foreach (var key in itemsToRemove)
            {
                AbuseDictionary.Remove(key);
            }

            if (!_underAttack && blockCounter >= GlobalVars.Config.BlocksToUnderAttack)
            {
                _underAttack = true;
                Console.WriteLine($"UAM is now enabled (blocked {blockCounter} IPs in one tick)");

                if (GlobalVars.Config.CloudflareUnderAttackMode)
                {
                    foreach (var id in GlobalVars.Config.CloudflareManageZones)
                    {
                        CloudflareUtilities.SecurityLevel(id, "under_attack");
                        Console.WriteLine($"SecurityLevel({id}) = under_attack");
                    }
                }
            }

            if (_underAttack)
            {
                if (blockCounter > 0)
                {
                    _underAttackExpirationTicks = GlobalVars.Config.UnderAttackExpirationTicks;
                }
                else
                {
                    _underAttackExpirationTicks--;

                    if (_underAttackExpirationTicks <= 0)
                    {
                        _underAttack = false;
                        Console.WriteLine("UAM is now disabled, no more abuses detected");

                        if (GlobalVars.Config.CloudflareUnderAttackMode)
                        {
                            foreach (var id in GlobalVars.Config.CloudflareManageZones)
                            {
                                CloudflareUtilities.SecurityLevel(id, GlobalVars.Config.CloudflareModeDefault);
                                Console.WriteLine($"SecurityLevel({id}) = {GlobalVars.Config.CloudflareModeDefault}");
                            }
                        }
                    }
                }
            }
        }