Archive for the 'Programming' Category

Sep 08

Block spam with OriginatingCountry SpamAssassin plugin

Tuesday, September 8th, 2009

Save 2 files below in /etc/mail/spamassassin directory and enable plugin by add line

PLAIN TEXT
CODE:
  1. loadplugin Mail::SpamAssassin::Plugin::OriginatingCountry OriginatingCountry.pm

in file /etc/mail/spamassassin/init.pre

Check and adjust score with your system :)

File OriginatingCountry.pm

PLAIN TEXT
CODE:
  1. package Mail::SpamAssassin::Plugin::OriginatingCountry;
  2.  
  3. use Mail::SpamAssassin::Plugin;
  4. use Mail::SpamAssassin::Constants qw(:ip);
  5. use strict;
  6. use warnings;
  7. use bytes;
  8.  
  9. use vars qw(@ISA);
  10. @ISA = qw(Mail::SpamAssassin::Plugin);
  11.  
  12. sub dbg { Mail::SpamAssassin::Plugin::dbg ("xip: @_"); }
  13.  
  14. sub new {
  15.   my $class = shift;
  16.   my $mailsaobject = shift;
  17.  
  18.   $class = ref($class) || $class;
  19.   my $self = $class->SUPER::new($mailsaobject);
  20.   bless ($self, $class);
  21.  
  22.   $self->register_eval_rule ("check_x_ip_header");
  23.   $self->register_eval_rule ("check_yahoo_ip_header");
  24.   $self->register_eval_rule ("check_authen_ip_header");
  25.   $self->register_eval_rule ("check_any_ip_header");
  26.  
  27.   return $self;
  28. }
  29.  
  30.  
  31. sub check_x_ip_header {
  32.   my ($self, $permsgstatus, $regex) = @_;
  33.   my $reg;
  34.   eval {
  35.     require IP::Country::Fast;
  36.     $reg = IP::Country::Fast->new();
  37.   };
  38.   if ($@) {
  39.     dbg("failed to load 'IP::Country::Fast', skipping ($@)");
  40.     return 1;
  41.   }
  42.   my $ip = ($permsgstatus->get("X-Originating-IP"));
  43.   $ip =~ s/[\[\]]//g;
  44.   my $IP_ADDRESS = IP_ADDRESS;
  45.   if ($ip =~ /$IP_ADDRESS/) {
  46.   dbg("Found x-ip $ip");
  47.   my $country = '';
  48.   my $cc = $reg->inet_atocc($ip) || "XX";
  49.   $country = $cc;
  50.   chomp $country;
  51.   dbg("X-Originating-IP: $country");
  52.     my $re;
  53.     if (defined $regex) {
  54.         $re = eval { qr/$regex/; };
  55.         if ($@) {
  56.             warn("invalid regex: $@");
  57.             return 0;
  58.         }
  59.     }
  60.     if (defined $re) {
  61.        if ($country =~ $re) {
  62.            dbg("Found hotmail country and matches regex: $country");
  63.            return 1;
  64.        }
  65.      }
  66.    }
  67.    return 0;
  68. }
  69.  
  70. sub check_yahoo_ip_header {
  71.   my ($self, $permsgstatus, $regex) = @_;
  72.   my $reg;
  73.   eval {
  74.     require IP::Country::Fast;
  75.     $reg = IP::Country::Fast->new();
  76.   };
  77.   if ($@) {
  78.     dbg("failed to load 'IP::Country::Fast', skipping ($@)");
  79.     return 1;
  80.   }
  81.   my $ip = '';
  82.   if ($permsgstatus->get("Received") =~ /\s?from\s+(\S+)\s+by\s+web[a-z0-9\.]+\.yahoo\.[a-z0-9\.]+\s+via\s+HTTP\;/) {
  83.     $ip = $1;
  84.     $ip =~ s/[\[\]]//g;
  85.    dbg("Found yahoo-ip: $ip");
  86.    my $country = '';
  87.    my $cc = $reg->inet_atocc($ip) || "XX";
  88.    $country = $cc;
  89.    chomp $country;
  90.    dbg("Yahoo-IP: $country");
  91.      my $re;
  92.      if (defined $regex) {
  93.          $re = eval { qr/$regex/; };
  94.          if ($@) {
  95.              warn("invalid regex: $@");
  96.              return 0;
  97.          }   
  98.      }
  99.      if (defined $re) {
  100.          if ($country =~ $re) {
  101.              dbg("Found yahoo country and matches regex: $country");
  102.              return 1;
  103.          }
  104.      }   
  105.   } 
  106.   return 0;
  107. }
  108.  
  109. sub check_authen_ip_header {
  110.   my ($self, $permsgstatus, $regex) = @_;
  111.   my $reg;
  112.   eval {
  113.     require IP::Country::Fast;
  114.     $reg = IP::Country::Fast->new();
  115.   };
  116.   if ($@) {
  117.     dbg("failed to load 'IP::Country::Fast', skipping ($@)");
  118.     return 1;
  119.   }
  120.   my $ip = '';
  121.   if ($permsgstatus->get("Received") =~ /\s?from\s+\w+\s+(\S+)/) {
  122.     $ip = $1;
  123.     $ip =~ s/[\[\]]//g;
  124.  
  125.    dbg("Found authen-ip: $ip");
  126.  
  127.    my $country = '';
  128.    my $cc = $reg->inet_atocc($ip) || "XX";
  129.    $country = $cc;
  130.    chomp $country;
  131.    dbg("Authen-IP: $country");
  132.    my $re;
  133.      if (defined $regex) {
  134.          $re = eval { qr/$regex/; };
  135.          if ($@) {
  136.              warn("invalid regex: $@");
  137.              return 0;
  138.          }   
  139.      }
  140.      if (defined $re) {
  141.           if ($country =~ $re) {
  142.               dbg("Found authen country and matches regex: $country");
  143.               return 1;
  144.           }
  145.      }   
  146.   } 
  147.   return 0;
  148. }
  149.  
  150. sub check_any_ip_header {
  151.   my ($self, $permsgstatus, $regex) = @_;
  152.   return ( $self->check_x_ip_header($permsgstatus,$regex) ||
  153.               $self->check_yahoo_ip_header($permsgstatus,$regex) ||
  154.               $self->check_authen_ip_header($permsgstatus,$regex)
  155.             );
  156. }
  157.  
  158. 1;

File originate_ip.cf

PLAIN TEXT
CODE:
  1. ifplugin Mail::SpamAssassin::Plugin::OriginatingCountry
  2.  
  3. header   X_ORIG_IP_CN  eval:check_any_ip_header('CN')
  4. describe X_ORIG_IP_CN  Message was sending originate from China
  5. score    X_ORIG_IP_CN  5.00
  6.  
  7. header   X_ORIG_IP_NG  eval:check_any_ip_header('NG')
  8. describe X_ORIG_IP_NG  Message was sending originate from Nigeria
  9. score    X_ORIG_IP_NG  1.00
  10.  
  11. header   X_ORIG_IP_SN  eval:check_any_ip_header('SN')
  12. describe X_ORIG_IP_SN  Message was sending originate from Senegal
  13. score    X_ORIG_IP_SN  1.00
  14.  
  15. header   X_ORIG_IP_BN  eval:check_any_ip_header('BN')
  16. describe X_ORIG_IP_BN  Message was sending originate from Benin
  17. score    X_ORIG_IP_BN  1.00
  18.  
  19. header   X_ORIG_IP_GH  eval:check_any_ip_header('GH')
  20. describe X_ORIG_IP_GH  Message was sending originate from Ghana
  21. score    X_ORIG_IP_GH  1.00
  22.  
  23. header   X_ORIG_IP_CI  eval:check_any_ip_header('CI')
  24. describe X_ORIG_IP_CI  Message was sending originate from Ivoiry Coast
  25. score    X_ORIG_IP_CI  1.00
  26.  
  27. header   X_ORIG_IP_ZA  eval:check_any_ip_header('ZA')
  28. describe X_ORIG_IP_ZA  Message was sending originate from South Africa
  29. score    X_ORIG_IP_ZA  1.00
  30.  
  31. endif

Posted in Internet, Perl, Programming, Spam | 2 Comments »

Mar 19

Calculate Google Pagerank with PHP

Monday, March 19th, 2007

This is modified code that I found from the Internet the orginal code that may not work on some server that php has 32bit operation problem and I already tested on my server.

PLAIN TEXT
PHP:
  1. <?php
  2. define('GOOGLE_MAGIC', 0xE6359A60);
  3.  
  4. //unsigned shift right
  5. function zeroFill($a, $b)
  6. {
  7.     $z = hexdec(80000000);
  8.         if ($z & $a)
  9.         {
  10.             $a = ($a>>1);
  11.             $a &= (~$z);
  12.             $a |= 0x40000000;
  13.             $a = ($a>>($b-1));
  14.         }
  15.         else
  16.         {
  17.             $a = ($a>>$b);
  18.         }
  19.         return $a;
  20. } 
  21.  
  22. function toInt32(& $x){
  23.   $z = hexdec(80000000);
  24.   $y = (int)$x;
  25.  if($y==-$z&&$x<-$z){
  26.    $y = (int)((-1)*$x);
  27.    $y = (-1)*$y;
  28.   }
  29.   $x = $y;
  30. }
  31.  
  32. function mix($a,$b,$c) {
  33. $a -= $b; $a -= $c; toInt32($a); $a = (int)($a ^ (zeroFill($c,13)));
  34. $b -= $c; $b -= $a; toInt32($b); $b = (int)($b ^ ($a<&lt;8));
  35. $c -= $a; $c -= $b; toInt32($c); $c = (int)($c ^ (zeroFill($b,13)));
  36. $a -= $b; $a -= $c; toInt32($a); $a = (int)($a ^ (zeroFill($c,12)));
  37. $b -= $c; $b -= $a; toInt32($b); $b = (int)($b ^ ($a<&lt;16));
  38. $c -= $a; $c -= $b; toInt32($c); $c = (int)($c ^ (zeroFill($b,5)));
  39. $a -= $b; $a -= $c; toInt32($a); $a = (int)($a ^ (zeroFill($c,3)));
  40. $b -= $c; $b -= $a; toInt32($b); $b = (int)($b ^ ($a<&lt;10));
  41. $c -= $a; $c -= $b; toInt32($c); $c = (int)($c ^ (zeroFill($b,15)));
  42. return array($a,$b,$c);
  43. }
  44.  
  45. function GoogleCH($url, $length=null, $init=GOOGLE_MAGIC) {
  46.     if(is_null($length)) {
  47.         $length = sizeof($url);
  48.     }
  49.     $a = $b = 0x9E3779B9;
  50.     $c = $init;
  51.     $k = 0;
  52.     $len = $length;
  53.     while($len>= 12) {
  54.         $a += ($url[$k+0] +($url[$k+1]<&lt;8) +($url[$k+2]<&lt;16) +($url[$k+3]<&lt;24));
  55.         $b += ($url[$k+4] +($url[$k+5]<&lt;8) +($url[$k+6]<&lt;16) +($url[$k+7]<&lt;24));
  56.         $c += ($url[$k+8] +($url[$k+9]<&lt;8) +($url[$k+10]<&lt;16)+($url[$k+11]<&lt;24));
  57.         $mix = mix($a,$b,$c);
  58.         $a = $mix[0]; $b = $mix[1]; $c = $mix[2];
  59.         $k += 12
  60.         $len -= 12;
  61.     }
  62.  
  63.     $c += $length;
  64.     switch($len)              /* all the case statements fall through */
  65.     {
  66.         case 11: $c+=($url[$k+10]<&lt;24);
  67.         case 10: $c+=($url[$k+9]<&lt;16);
  68.         case 9 : $c+=($url[$k+8]<&lt;8);
  69.           /* the first byte of c is reserved for the length */
  70.         case 8 : $b+=($url[$k+7]<&lt;24);
  71.         case 7 : $b+=($url[$k+6]<&lt;16);
  72.         case 6 : $b+=($url[$k+5]<&lt;8);
  73.         case 5 : $b+=($url[$k+4]);
  74.         case 4 : $a+=($url[$k+3]<&lt;24);
  75.         case 3 : $a+=($url[$k+2]<&lt;16);
  76.         case 2 : $a+=($url[$k+1]<&lt;8);
  77.         case 1 : $a+=($url[$k+0]);
  78.          /* case 0: nothing left to add */
  79.     }
  80.     $mix = mix($a,$b,$c);
  81.     /*-------------------------------------------- report the result */
  82.     return $mix[2];
  83. }
  84.  
  85. //converts a string into an array of integers containing the numeric value of the char
  86. function strord($string) {
  87.     for($i=0;$i<strlen($string);$i++) {
  88.         $result[$i] = ord($string{$i});
  89.     }
  90.     return $result;
  91. }
  92.  
  93.  
  94. // converts an array of 32 bit integers into an array with 8 bit values. Equivalent to (BYTE *)arr32
  95.  
  96. function c32to8bit($arr32) {
  97.     for($i=0;$i<count($arr32);$i++) {
  98.         for ($bitOrder=$i*4;$bitOrder<=$i*4+3;$bitOrder++) {
  99.             $arr8[$bitOrder]=$arr32[$i]&255;
  100.             $arr32[$i]=zeroFill($arr32[$i], 8);
  101.         }     
  102.     }
  103.     return $arr8;
  104. }
  105.  
  106.  
  107. function get_page_rank($url){
  108.     $url = preg_replace('/\?.*$/','?',$url);
  109.     $reqgr = "info:".$url;
  110.     $reqgre = "info:".urlencode($url);     
  111.     $gch = "6".GoogleCH(strord($reqgr));     
  112.         $fsock = fsockopen('toolbarqueries.google.com', 80, $errno, $errstr);
  113.         if ( !$fsock ){   
  114.             echo 'Can not connect to server';
  115.             return -1;
  116.         }
  117.         $base_get = "/search?client=navclient-auto&ch=".$gch."&ie=UTF-8&oe=UTF-8&features=Rank:FVN&q=".$reqgre;
  118.         fputs($fsock, "GET $base_get HTTP/1.1\r\n");
  119.         fputs($fsock, "HOST: toolbarqueries.google.com\r\n");
  120.         fputs($fsock, "User-Agent: Mozilla/4.0 (compatible; GoogleToolbar 2.0.114-big; Windows XP 5.1)\r\n");
  121.         fputs($fsock, "Connection: close\r\n\r\n");
  122.         while(!feof($fsock)){ 
  123.             $res['content'] .= fread($fsock, 1024);
  124.         }
  125.         fclose($fsock);
  126.         if(preg_match('/Rank_.*?:.*?:(\d+)/i', $res['content'], $m)){     
  127.             return $m[1];
  128.         }else{     
  129.             return -1;
  130.         }       
  131. }
  132.  
  133. echo get_page_rank("www.google.com");
  134.  
  135. ?>

Posted in Internet, PHP, Programming | No Comments »

Feb 22

PHP Group accused of security incompetence

Thursday, February 22nd, 2007

PHP developer Stefan Esser has said he will go ahead with plans to disclose dozens of security flaws in PHP in March, hitting back at criticism that the “Month of PHP bugs” project is nothing more than dangerous, self-serving publicity. The problem isn’t irresponsible disclosure, but the sluggishness of the PHP team in fixing serious problems, Esser contended. He has first-hand experience with the PHP security process having created both the Hardened-PHP Project and the PHP Security Response Team, which he left acrimoniously in December.

Original post by Forum of Incident Response and Security Teams - Daily Security News

Posted in News, PHP | No Comments »

« Previous Entries