2.0.2 • Published 9 years ago

metas-detect v2.0.2

Weekly downloads
2
License
ISC
Repository
github
Last release
9 years ago

NodeJS detect hack attempts

New version 2.0

Now 'metas-detect' is an expressjs' middleware.

This module can :

  • Identify bots
  • Geolocate IPs
  • Parse visitor language
  • Detect basic hack attemps
  • Redirect attackers
  • Log any visit into storage
  • Query logs to build statistics

It better to use it with a winston supported storage and currently, only winston-mongodb is implemented.

You're really welcome if you want to contribute at this repository and have some good features to add :)

Installation

npm install --save metas-detect

Usage

// Load library
var MetasDetect = require('metas-detect');

// Instanciate the metasDetect
var metasDetect = new MetasDetect({
    mongodb: {
        db: 'mongodb://locahost/@yourdb',
        username: 'optional',
        password: 'optional'
    }
})

// Load express
var express = require('express');
var app = express();

// Install metasDetect middleware
app.use(metasDetect.middleware.bind(metasDetect))

Options

    # Hack attempt
    # ------------

        # Display a blue screen of death if an attack is detected ?
        # Stop request here
        hackers_bsod: true

        # Waste time of the hacker before sending a response
        hackers_sleep: 2000

        # The image that scares
        hackers_responseTxt: '''
                uuuuuuu
             uu$$$$$$$$$$$uu
          uu$$$$$$$$$$$$$$$$$uu
         u$$$$$$$$$$$$$$$$$$$$$u
        u$$$$$$$$$$$$$$$$$$$$$$$u
       u$$$$$$$$$$$$$$$$$$$$$$$$$u
       u$$$$$$$$$$$$$$$$$$$$$$$$$u
       u$$$$$$"   "$$$"   "$$$$$$u
       "$$$$"      u$u       $$$$"
        $$$u       u$u       u$$$
        $$$u      u$$$u      u$$$
         "$$$$uu$$$   $$$uu$$$$"
          "$$$$$$$"   "$$$$$$$"
            u$$$$$$$u$$$$$$$u
             u$"$"$"$"$"$"$u
  uuu        $$u$ $ $ $ $u$$       uuu
 u$$$$        $$$$$u$u$u$$$       u$$$$
  $$$$$uu      "$$$$$$$$$"     uu$$$$$$
u$$$$$$$$$$$uu    """""    uuuu$$$$$$$$$$
$$$$"""$$$$$$$$$$uuu   uu$$$$$$$$$"""$$$"
 """      ""$$$$$$$$$$$uu ""$"""
           uuuu ""$$$$$$$$$$uuu
  u$$$uuu$$$$$$$$$uu ""$$$$$$$$$$$uuu$$$
  $$$$$$$$$$""""           ""$$$$$$$$$$$"
   "$$$$$"[      MSG1:22         ]""$$$$""
     $$$"[       MSG2:23         ]$$$$"
        '''

        # Rules to detect attack
        hackers_honeypots:
            'url': [/^(\/administrator\/|\/wp-admin\/|(.*)\.php)/]


    # Bots detection rules
    # --------------------
    bots_honeypots:
        'ua': [
            /(http|https)/
            /BingPreview/
            /Google\ favicon/
            /spider/i
            /crawler/i
            /Twitterbot/i
        ]
        'url': [
            /SiteAuth\.xml$/i
            /^\/robots\.txt$/
        ]


    # Static files detection rules
    # ----------------------------
    static_honeypot: /\.(js|css|woff|woff2|ttf|eot|png|jpg|gif|ico|svg)$/i    

Query logs

You can query datas from storage like the example below.

Get all logs for the current day :

    timeRef = moment()
    metasDetect.query({
        from: timeRef.clone().startOf('day').toDate()
        until: timeRef.clone().endOf('day').toDate()
        start: 0
        limit: 10000
        order: 'asc'
    }, (err, results) ->
        console.log(err, results)
    )