Op 14 jun 2008, om 21:38 heeft John Pettitt het volgende geschreven:
I've been having some luck writing to the network contacts for abusive hosts - enough so that I'm thinking of writing a script to sendautomated notices to the worst offenders. Before I re-invent the wheelhas anybody already got code that finds the contact emails for a given IP what you'd be willing to share?
Hi John,Please find below a perl script that looks up the abuse contacts (using the abuse.net database) for any given IP address. This script is an adoptation of a script I use to send automated abuse messages for trojaned connections connecting to an IRC network.
Use at your own risk, and also take Adrian's warnings into mind please. Kind regards, Remco
#!/usr/bin/perl -w
###########################################################################
# This script reads an IPv4 IP address from the command line, looks up the
# abuse contact for that IP address, and, if found, sends a complaint.
#
# Remco Rijnders
###########################################################################
use warnings;
use DateTime;
use Mail::Sendmail;
use Net::DNS;
if ($#ARGV == 0 && $ARGV[0] =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/) {
lookup_abuse_contact($4, $3, $2, $1);
} else {
print "Incorrect usage, pass an IPv4 address as the only argument to this program!\n";
}
sub lookup_abuse_contact {
my ($octet4, $octet3, $octet2, $octet1) = @_;
my $ip = "$octet1.$octet2.$octet3.$octet4";
my $dt = DateTime->now;
my $timestamp = $dt->datetime;
my ($res, $query, @r);
$res = new Net::DNS::Resolver;
$query = $res->search("$4.$3.$2.$1.in-addr.arpa", "PTR");
if ($query) {
my ($rr, $domain);
foreach $rr ($query->answer) {
if ($rr->type eq "PTR") {
$domain = $rr->ptrdname;
$query = $res->search("$domain.contacts.abuse.net", "TXT");
if ($query) {
my $mailstring = "";
foreach $rr ($query->answer) {
if (length($mailstring) > 0) {
$mailstring = $mailstring . ", " . $rr->txtdata if $rr->type eq "TXT";
} else {
$mailstring = $rr->txtdata if $rr->type eq "TXT";
}
}
send_abuse_mail($mailstring, $timestamp, $ip);
print "Abuse mail sent for $ip to $mailstring\n";
} else {
print "No abuse contact found for $octet1.$octet2.$octet3.$octet4 !\n!";
}
}
}
}
}
sub send_abuse_mail {
my ($mailstring, $time, $ip) = @_;
my %mailmsg;
# Change the To address below to '[EMAIL PROTECTED]' for testing purposes. Only once you are
# absolutely sure the script works without hitches, you can change it to $mailstring.
%mailmsg = ( To => '[EMAIL PROTECTED]',
From => '[EMAIL PROTECTED]',
Subject => 'Abuse on ' . $ip . ' detected',
Message => "Dear abuse team,\n\nWe have reason to believe that one of your users ...\n\n" .
"The system in question connected from $ip at $time UTC:\n\n" .
"<More abuse related complaint text goes here>\n\n" .
"This email was automatically generated and sent to you as you are listed as the contact for abuse issues in the abuse.net database ( http://www.abuse.net/ ).\n\n" .
"Sincere regards,\nJoe Complaint"
);
sendmail(%mailmsg);
}
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
