IP Tracker

After going through some harrowing hacking and DoS attacks recently, I have written an IP Tracking app that scrutinizes incoming CFM page requests and tracks them in a query object / table in the server scope so it can be accessed by every CFM website on my server. IP numbers that exceed a configured number of requests in a configured period of time are added to an IP Block query object / table, also in the server scope, where they remain for a configured period of time, temporarily blocking them from my server.

I know there are other apps and appliances out there, but they seem to always include images, css, js, etc., such that a page with a lot of photos and css calls could reach 100 requests in a single page load. The code I wrote is called only once, in application.cfm.

The code comes in two pieces: the tracker, and the console where you can view the activity and edit the IP whitelist, IP blacklist, User Agent blacklist and URL Snippet blacklist, also kept in server variables and additionally stored in text files when edited so they can survive a reboot.

I have it running on a dev server and it seems to work pretty well. I’m not planning on putting it on my production server (350+ sites) until I’ve had a code review.

What I would like to do is share it with the Lucee community who can use it free and clear, and hopefully help make improvements for us all. It was written using cf tags because I use application.cfm (not cfc), so there’s plenty of opportunity for someone to convert the whole thing to a cfc / function. I suppose I could have done that, too, but, well, call me lazy. :slight_smile:

My issue is, I’ve never uploaded and shared code before (other than adding one UDF to cflib.org waaaaay back), so I’m not sure where the best place to do this is, and how to go about it.

What’s everyone’s recommendation, and who’s willing to take a look at it and either call me crazy, genius, or meh?

What I would do is create a repository on GitHub (or similar) and place it there. That way it is available for everyone to pull and review at their leisure. This would also allow anyone to submit changes/additions or log issues/questions.

If it turns out to be useful to people, I would then consider making that repo available on ForgeBox

1 Like

Ok, done. Please check it out. Thanks!

I did something similiar… if someone tries to do a sql injection or fills out a form with nonsense info I also add those to the banned IP list.

I check for evidence of a sql injection automatically and ban them, for the forms, In my control panel, I see the form submissions and have a button labelled “ban ip” next to them… if it is nonsense, I ban them… when I ban them, I give them a page that makes it look like the server is down whenever they try to access the site.

Yeah, I have something like that as well on my forms, but once this is up and running I’ll integrate it with this.