📄 mintervalcommand.java
字号:
package net.jumperz.app.MGuardian.plugin.sessionIdManager2;
import java.io.*;
import java.util.*;
import java.sql.*;
import net.jumperz.sql.*;
import net.jumperz.util.*;
import net.jumperz.net.*;
import net.jumperz.app.MGuardian.*;
public class MIntervalCommand
implements MCommand
{
public static MSessionIdManager sessionIdManager;
private Connection connection;
private MSqlQueue sqlQueue;
//--------------------------------------------------------------------------------
public MIntervalCommand( Connection c )
{
connection = c;
sqlQueue = new MSqlQueue( connection );
}
//--------------------------------------------------------------------------------
public void execute()
{
try
{
removeOldRecords();
if( sessionIdManager.detectionType == MSessionIdManager.DETECTION_INTERVAL )
{
if( sessionIdManager.bruteForceAction != MSessionIdManager.ACTION_IGNORE )
{
detectBruteForceAttack(); //different id from the same ip address
}
checkHighjack();
sqlQueue.executeSql();
}
}
catch( Exception e )
{
e.printStackTrace();
}
}
//--------------------------------------------------------------------------------
private void checkHighjack()
throws SQLException, IOException
{
String queryString =
"SELECT COUNT(*) AS c, host, paramName, paramValue FROM tState GROUP BY host, paramName, paramValue ORDER BY c DESC";
synchronized( connection )
{
ResultSet rs = MSqlUtil.executeQuery( connection, queryString );
while( rs.next() )
{
int count = rs.getInt( "c" );
if( count < 2 )
{
break;
}
String host = rs.getString( "host" );
String paramName = rs.getString( "paramName" );
String paramValue = rs.getString( "paramValue" );
if( sessionIdManager.differentIpAction != MSessionIdManager.ACTION_IGNORE )
{
detectDifferentIp( count, host, paramName, paramValue );
}
if( sessionIdManager.differentUaAction != MSessionIdManager.ACTION_IGNORE )
{
detectDifferentUa( count, host, paramName, paramValue );
}
}
rs.close();
}
}
//--------------------------------------------------------------------------------
private void detectDifferentIp( int count, String host, String paramName, String paramValue )
throws SQLException, IOException
{
String queryString =
"SELECT COUNT(*) AS c, ip FROM tState WHERE host = ? AND paramName = ? AND paramValue = ? GROUP BY ip ORDER BY c DESC";
MObjectArray args = new MObjectArray();
args.add( host );
args.add( paramName );
args.add( paramValue );
ResultSet rs = MSqlUtil.executeQuery2( connection, queryString, args );
rs.next();
int count2 = rs.getInt( "c" );
rs.close();
if( count2 == count )
{
return;
}
if( sessionIdManager.checkIpRange( host, paramName, paramValue ) )
{
sessionIdManager.differentSourceAttackDetected( host, paramName, paramValue, "ip", sqlQueue );
}
}
//--------------------------------------------------------------------------------
private void detectDifferentUa( int count, String host, String paramName, String paramValue )
throws SQLException, IOException
{
String queryString =
"SELECT COUNT(*) AS c, useragent FROM tState WHERE host = ? AND paramName = ? AND paramValue = ? GROUP BY useragent ORDER BY c DESC";
MObjectArray args = new MObjectArray();
args.add( host );
args.add( paramName );
args.add( paramValue );
ResultSet rs = MSqlUtil.executeQuery2( connection, queryString, args );
rs.next();
int count2 = rs.getInt( "c" );
rs.close();
if( count2 != count )
{
sessionIdManager.differentSourceAttackDetected( host, paramName, paramValue, "useragent", sqlQueue );
}
}
//--------------------------------------------------------------------------------
private void removeOldRecords()
throws SQLException
{
String queryString = "DELETE FROM tState WHERE t < ?";
Timestamp spanAgo = new Timestamp( System.currentTimeMillis() - ( sessionIdManager.timespan * 60 * 1000 ) );
MObjectArray args = new MObjectArray( spanAgo );
synchronized( connection )
{
MSqlUtil.executeUpdate2( connection, queryString, args );
}
}
//--------------------------------------------------------------------------------
private void detectBruteForceAttack()
throws SQLException, IOException
{
String queryString =
"SELECT COUNT(*) AS c, ip, host, paramName, userAgent FROM tState GROUP BY ip, host, paramName, userAgent ORDER BY c DESC";
synchronized( connection )
{
ResultSet rs = MSqlUtil.executeQuery( connection, queryString );
while( rs.next() )
{
int count = rs.getInt( "c" );
if( count <= sessionIdManager.bruteForceThreshold )
{
break;
}
// detected!
String ip = rs.getString( "ip" );
String host = rs.getString( "host" );
String paramName = rs.getString( "paramName" );
String userAgent = rs.getString( "userAgent" );
sessionIdManager.bruteForceAttackDetected( count, ip, host, paramName, userAgent, sqlQueue );
}
rs.close();
}
}
//--------------------------------------------------------------------------------
public void breakCommand()
{
try
{
connection.close();
}
catch( SQLException e )
{
e.printStackTrace();
}
}
//--------------------------------------------------------------------------------
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -