commit 0cd29639086e90ded817672d505ab0d009e6a9ab from: jrmu date: Sun Feb 12 01:27:45 2023 UTC The timestamp of the connect times is now recorded in its original string and epoch seconds. The names linked by ip are now flagged in the IP links list at the bottom of the report. **username** less then 5 min between connections *username* between 5 min and 10 min between connections. It only checks the last connections for each user currently. This will help identify links that aren't simply someone got the same ip -- Commit by izzyb commit - db0dd6f2c7250ca257652efdfa203134e5f7094e commit + 0cd29639086e90ded817672d505ab0d009e6a9ab blob - 0787940b1cd48a055ccb438a0060cf656d5ca77b blob + b75a4b83b6367cda0746f781ee96956bad41fa8d --- report +++ report @@ -25,46 +25,61 @@ sub debug { if ($verbose >= $level) { print "$msg\n"; } } -# +# location of local modules use lib './'; +# Date string to epock used in init_ip_xref +use Date::Parse; + my ($ipTable, $nameTable) = init_ip_xref(); while (my $username = shift) { #param 1 should be the name of a user to generate a report from. - my $dbFile = '/var/www/botnow/botnow.db'; - my $dbh = connectdb($dbFile); - if (!defined($dbh)) { - die "failed to connect to $dbFile"; - } - my $stmt=qq{select * from bnc join irc on (bnc.ircid = irc.id) where username is ?}; - my $sth=$dbh->prepare($stmt); - $sth->execute($username) or die "execution failed: $dbh->errstr()"; - while (my $row=$sth->fetchrow_hashref) { - my $dossier =qq{ - Username: $row->{username} - Email Address: $row->{email} - $row->{hostmask} - $row->{ctcpversion} - $row->{ctcptime} - Registration Date: $row->{date} - }; - print $dossier; - print "Same Email [" - . join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where email = ?\,undef,$row->{email})}) - . "]\n"; - print "Same Date [" - . join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where date = ?\,undef,$row->{date})}) - . "]\n"; - print "Same Hostmask [" - . join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where hostmask = ?\,undef,$row->{hostmask})}) - . "]\n"; - print Dumper($row); - print "Frequency of connections from: \n" . Dumper($nameTable->{$username}); - print "Other Users connecting from: \n"; - foreach(keys(%{$nameTable->{$username}})) { - print "$_ =>[" . join (', ', keys(%{$ipTable->{$_}})) . "]\n"; + my $dbFile = '/var/www/botnow/botnow.db'; + my $dbh = connectdb($dbFile); + if (!defined($dbh)) { + die "failed to connect to $dbFile"; + } + my $stmt=qq{select * from bnc join irc on (bnc.ircid = irc.id) where username is ?}; + my $sth=$dbh->prepare($stmt); + $sth->execute($username) or die "execution failed: $dbh->errstr()"; + while (my $row=$sth->fetchrow_hashref) { + my $dossier =qq{ +Username: $row->{username} +Email Address: $row->{email} +$row->{hostmask} +$row->{ctcpversion} +$row->{ctcptime} +Registration Date: $row->{date} + }; + print $dossier; + print "Same Email [" + . join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where email = ?\,undef,$row->{email})}) + . "]\n"; + print "Same Date [" + . join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where date = ?\,undef,$row->{date})}) + . "]\n"; + print "Same Hostmask [" + . join(', ', @{$dbh->selectcol_arrayref(qq\Select username from bnc join irc on (bnc.ircid = irc.id) where hostmask = ?\,undef,$row->{hostmask})}) + . "]\n"; + print Dumper($row); + print "Frequency of connections from: \n" . Dumper($nameTable->{$username}); + print "Other Users connecting from: \n"; + foreach my $ip (keys(%{$nameTable->{$username}})) { + my $thisLastConnect = @{ $nameTable->{ $row->{username} }->{$ip}->{epoch} }[-1]; + print "$ip =>["; + foreach my $link (keys(%{ $ipTable->{$ip} })) { + my $linkLastConnect = @{ $nameTable->{$link}->{$ip}->{epoch} }[-1]; + if (abs($thisLastConnect - $linkLastConnect) < 300) { # les then 5 min + print "**$link**, "; + } elsif (abs($thisLastConnect - $linkLastConnect) < 600) { # less then 10 min + print "*$link*, "; + } else { + print "$link, "; + } } + print "]\n"; } + } } @@ -97,23 +112,36 @@ sub init_ip_xref { my $usernames2ip={}; open my $zncLog, '<', '/home/znc/home/znc/.znc/moddata/adminlog/znc.log' or die "Can't open znc log file"; while (my $line = <$zncLog>) { - if( $line =~/.*\[(.*)\] connected to ZNC from (.*)/) { - my $name=$1; - my $ip=$2; + if( $line =~/\[(.*)\].*\[(.*)\] connected to ZNC from (.*)/) { + my $timestamp=$1; + my $name=$2; + my $ip=$3; if (!defined($ip2usernames->{$ip})) { $ip2usernames->{$ip} = {}; } if (!defined($ip2usernames->{$name})) { - $ip2usernames->{$ip}->{$name}=0; + $ip2usernames->{$ip}->{$name}={}; + $ip2usernames->{$ip}->{$name}->{count}=0; + $ip2usernames->{$ip}->{$name}->{timestamps}=[]; + $ip2usernames->{$ip}->{$name}->{epoch}=[]; + } - $ip2usernames->{$ip}->{$name}++; + $ip2usernames->{$ip}->{$name}->{count}++; + push (@{$ip2usernames->{$ip}->{$name}->{timestamps}}, $timestamp); + push (@{$ip2usernames->{$ip}->{$name}->{epoch}}, str2time($timestamp)); + if (!defined($usernames2ip->{$name})) { $usernames2ip->{$name}={}; } if (!defined($usernames2ip->{$name}->{$ip})) { - $usernames2ip->{$name}->{$ip}=0; + $usernames2ip->{$name}->{$ip}={}; + $usernames2ip->{$name}->{$ip}->{count}=0; + $usernames2ip->{$name}->{$ip}->{timestamps}=[]; + $usernames2ip->{$name}->{$ip}->{epoch}=[]; } - $usernames2ip->{$name}->{$ip}++; + $usernames2ip->{$name}->{$ip}->{count}++; + push (@{$usernames2ip->{$name}->{$ip}->{timestamps}}, $timestamp); + push (@{$usernames2ip->{$name}->{$ip}->{epoch}}, str2time($timestamp)); } } close $zncLog;