v.1.0.8

README.md

@@ -3,15 +3,15 @@ Antiscan
 
 Automatic block (ban) IP addresses used by bad crawlers or vulnerability scanners.
 
-**Antiscan** is an add-on module that extends the [IP address blocking](https://backdropcms.org/project/ip_blocking) 
+**Antiscan** is an add-on module that extends the [IP address blocking](https://backdropcms.org/project/ip_blocking)
 module (version 1.x-1.0.5 or newest) to automatically block anyone who tries to access paths defined as restricted.
 
-Usually it is a bad crawler looking for known potentially vulnerable paths, 
+Usually it is a bad crawler looking for known potentially vulnerable paths,
 such as "wp-admin.php", "xmlrpc.php" and so on.
 
 Also, since version 1.x-1.0.5, you can block bad bots using their well-known User-Agent strings and spam referrer domains.
 
-**New in version version 1.x-1.0.4:** option "Report to AbuseIPDB" can be enabled for automatic reporting to AbuseIPDB about blocked scanners activity.    
+**New in version version 1.x-1.0.4:** option "Report to AbuseIPDB" can be enabled for automatic reporting to AbuseIPDB about blocked scanners activity.
 You need to install [AbuseIPDB report](https://backdropcms.org/project/abuseipdb_report) module to see and use this option.
 
 Installation
@@ -20,14 +20,14 @@ Install this module using the official Backdrop CMS instructions at https://back
 
 Configuration and usage
 -----------------------
-Administration page is available via menu *Administration > Configuration > 
-User accounts > Antiscan* (admin/config/people/antiscan) 
+Administration page is available via menu *Administration > Configuration >
+User accounts > Antiscan* (admin/config/people/antiscan)
 and may be used for:
 
 - add your patterns for paths to be restricted (some usefull patterns are already added out of the box);
 - set paths or portions of paths that will NOT be restricted to avoid self-blocking;
-- set User-Agent strings, to be blocked;
-- set Referrer spam domains to be blocked;
+- set "User-Agent strings" to be blocked;
+- set "Referrer spam domains" to be blocked;
 - enable automatic reporting to AbuseIPDB about blocked scanners activity ("AbuseIPDB report" module should be installed);
 - enable logging for blocked access attempts (enabled by default);
 - select the time after which the blocked IP will be unblocked automatically;
@@ -49,5 +49,5 @@ Vladimir (https://github.com/findlabnet/)
 
 More information
 ----------------
-For bug reports, feature or support requests, please use the module 
+For bug reports, feature or support requests, please use the module
 issue queue at https://github.com/backdrop-contrib/antiscan/issues.

antiscan.admin.inc

@@ -10,16 +10,16 @@
  */
 function antiscan_form($form, &$form_state) {
   $config = config('antiscan.settings');
-  
+
   $form['top'] = array(
     '#markup' => t('When a web crawler or even a person tries to visit a path that matches one of the patterns specified in the field below, their IP address will be blocked.')
   );
 
   $url = url('admin/config/people/ip-blocking');
   $form['info'] = array(
-    '#markup' => '<p><b>'. t('Please note') .': </b>' . t('you can manage the list of blocked IPs at  <a href="@url">this page</a>.', array('@url' => $url)) . '</p>',
+    '#markup' => '<p>'. t('You can manage blocked IPs at  <a href="@url">this page</a>.', array('@url' => $url)) . '</p>',
   );
-  
+
   $path_patterns = $config->get('path_patterns');
   $form['path_patterns'] = array(
     '#type' => 'textarea',
@@ -29,9 +29,9 @@ function antiscan_form($form, &$form_state) {
     '#title' => t('Restricted path patterns'),
     '#required' => TRUE,
     '#description' => t('Enter paths or portions of paths to restrict, separating them with commas or new lines.')
-      . '<br>' . t('Please note: the <b>*</b> character is a wildcard for end of the pattern, so pattern like') . '<b> /wp-* </b>' 
+      . '<br>' . t('The <b>*</b> character is a wildcard for end of the pattern, so pattern like') . '<b> /wp-* </b>'
       . t('will match to any path containing "/wp-admin", "/wp-login.php", etc.'),
-    
+
   );
 
   $form['noblock'] = array(
@@ -49,10 +49,10 @@ function antiscan_form($form, &$form_state) {
     '#columns' => 60,
     '#default_value' => $path_noblock,
     '#required' => TRUE,
-    '#description' => t('Enter paths or portions of paths that will NOT be restricted to avoid self-blocking your users.')
+    '#description' => t('Enter paths or portions of paths that will NOT be restricted to avoid self-blocking for users.')
       . '<br>' . t('Same format of rules as above.'),
   );
-  
+
   $blocked_ua = $config->get('blocked_ua');
   $form['blocked_ua'] = array(
     '#type' => 'textarea',
@@ -61,11 +61,11 @@ function antiscan_form($form, &$form_state) {
     '#default_value' => $blocked_ua,
     '#title' => t('Blocked User-Agent strings'),
     '#description' => t('Enter User-Agent strings to block, one per line.')
-      . '<br>' . t('Please note: the <b>*</b> character is a wildcard for end of the string, so pattern like') . '<b> python-requests/* </b>' 
+      . '<br>' . t('The <b>*</b> character is a wildcard for end of the string, so pattern like') . '<b> python-requests/* </b>'
       . t('will block any User-Agent strings starting with "python-requests/", for example "python-requests/2.9.0".'),
     '#element_validate' => array('_validate_self_ua'),
   );
-  
+
   $blocked_referrer = $config->get('blocked_referrer');
   $form['blocked_referrer'] = array(
     '#type' => 'textarea',
@@ -74,26 +74,26 @@ function antiscan_form($form, &$form_state) {
     '#default_value' => $blocked_referrer,
     '#title' => t('Blocked Referrer spam domains'),
     '#description' => t('Enter referrer spam domains to block, separating them with commas or new lines.')
-      . '<br>' . t('Please use domain name only, for example: "semalt.com" or "buttons-for-website.com" without quotes.'),
+      . '<br>' . t('Use domain name only, for example: "semalt.com" or "buttons-for-website.com" without quotes.'),
     '#element_validate' => array('_validate_self_referrer'),
   );
-  
-  if (module_exists('abuseipdb_report')) { 
+
+  if (module_exists('abuseipdb_report')) {
     $form['abuseipdb_report'] = array(
       '#type' => 'checkbox',
       '#title' => t('Report to AbuseIPDB'),
       '#default_value' => $config->get('abuseipdb_report'),
-      '#description' => t('Report to AbuseIPDB about blocked scanners activity.'), 
+      '#description' => t('Report to AbuseIPDB about blocked scanners activity.'),
     );
-  }  
-  
+  }
+
   $form['log_enabled'] = array(
     '#type' => 'checkbox',
     '#title' => t('Enable logging'),
     '#default_value' => $config->get('log_enabled'),
-    '#description' => t('Enable logging for blocked access attempts.'), 
+    '#description' => t('Enable logging for blocked access attempts.'),
   );
-  
+
   $form['unblock'] = array(
     '#type' => 'checkbox',
     '#title' => t('Unblock blocked IPs automatically after:') . '&nbsp;',
@@ -106,23 +106,24 @@ function antiscan_form($form, &$form_state) {
       86400 => t('1 day'),
       604800 => t('7 days'),
       2592000 => t('30 days'),
+      31536000 => t('365 days'),
     ),
     '#default_value' => $config->get('unblock_after'),
     '#suffix' => '</div>',
     '#states' => array(
       'disabled' => array(
         ':input[name="unblock"]' => array('checked' => FALSE),
       ),
-    ),  
+    ),
   );
-  
+
   $form['test_mode'] = array(
     '#type' => 'checkbox',
     '#title' => t('Test mode'),
     '#default_value' => $config->get('test_mode'),
-    '#description' => t('Turn it on to test your patterns. Your IP address will not be blocked, but you can see a blocking message when you try to visit a path that contains a restricted path pattern.'), 
+    '#description' => t('Turn it on to test your patterns. Your IP address will not be blocked, but you can see a blocking message when you try to visit a path that contains a restricted path pattern.'),
   );
-  
+
   $form['actions']['#type'] = 'actions';
   $form['actions']['submit'] = array(
     '#type' => 'submit',
@@ -138,10 +139,10 @@ function antiscan_form_validate($form, &$form_state) {
   $config         = config('antiscan.settings');
   $path_noblock   = $config->get('path_noblock');
   $path_patterns  = trim($form_state['values']['path_patterns']);
-  
+
   $noblock_array  = _textarea_to_array($path_noblock);
   $patterns_array = _textarea_to_array($path_patterns);
-  $matched        = array_intersect($noblock_array, $patterns_array); 
+  $matched        = array_intersect($noblock_array, $patterns_array);
 
   if (!empty($matched)) {
     $matched_patterns = implode(", ", $matched);
@@ -160,22 +161,22 @@ function antiscan_form_submit($form, &$form_state) {
   $blocked_referrer = trim($form_state['values']['blocked_referrer']);
   $log_enabled      = (int) $form_state['values']['log_enabled'];
   $unblock          = (int) $form_state['values']['unblock'];
-  $unblock_after    = (int) $form_state['values']['unblock_after']; 
+  $unblock_after    = (int) $form_state['values']['unblock_after'];
   $test_mode        = (int) $form_state['values']['test_mode'];
-  
+
   $config->set('path_patterns',    strtolower($path_patterns));
   $config->set('path_noblock',     strtolower($path_noblock));
   $config->set('blocked_ua',       $blocked_ua);
   $config->set('blocked_referrer', strtolower($blocked_referrer));
 
-  if (isset($form_state['values']['abuseipdb_report'])) {  
+  if (isset($form_state['values']['abuseipdb_report'])) {
     $config->set('abuseipdb_report', $form_state['values']['abuseipdb_report']);
   }
   $config->set('log_enabled',   $log_enabled);
   $config->set('unblock',       $unblock);
   $config->set('unblock_after', $unblock_after);
   $config->set('test_mode',     $test_mode);
-  
+
   $config->save();
   backdrop_set_message(t('The configuration options have been saved.'));
 }
@@ -191,20 +192,20 @@ function _validate_self_ua($element, &$form_state) {
 
   if (!empty($blocked_ua)) {
     $u_agents = _textarea_to_array($blocked_ua, FALSE);
-    
+
     foreach ($u_agents as $u_agent) {
       if (substr($u_agent, -1) == '*') {
         $u_agent = substr($u_agent, 0, -1);
 
         if (strpos($current_ua, $u_agent) !== FALSE) {
-          form_error($element, t('You are trying to add the part of User-Agent string that matches to your own current User-Agent string!') 
+          form_error($element, t('You are trying to add the part of User-Agent string that matches to your own current User-Agent string!')
             . '<br>' . t('Your User-Agent: ') . $current_ua
             . '<br>' . t('Trying to block: ') . $u_agent . '*');
         }
       }
       else {
         if ($u_agent == $current_ua) {
-          form_error($element, t('You are trying to add your own current User-Agent string!') 
+          form_error($element, t('You are trying to add your own current User-Agent string!')
             . '<br>' . t('Your User-Agent: ') . $current_ua
             . '<br>' . t('Trying to block: ') . $u_agent);
         }
@@ -219,16 +220,15 @@ function _validate_self_ua($element, &$form_state) {
  * @param type $form_state
  */
 function _validate_self_referrer($element, &$form_state) {
-  $config           = config('antiscan.settings');
   $blocked_referrer = trim($form_state['values']['blocked_referrer']);
   $host             = $_SERVER['HTTP_HOST'];
-  
+
   if (!empty($blocked_referrer)) {
     $referrers = _textarea_to_array($blocked_referrer);
-    
+
     foreach ($referrers as $referrer) {
       if (strpos($host, $referrer) !== FALSE) {
-        form_error($element, t('You are trying to add your own host to referrer spam domains!') 
+        form_error($element, t('You are trying to add your own host to referrer spam domains!')
           . '<br>' . t('Your hostname: ') . $host
           . '<br>' . t('Trying to block: ') . $referrer);
       }

antiscan.info

@@ -1,4 +1,4 @@
-name = Antiscan 
+name = Antiscan
 description = Block IP of web scanners trying access to restricted paths.
 package = Spam control
 backdrop = 1.x
@@ -8,4 +8,4 @@ dependencies[] = ip_blocking (>=1.0.5)
 
 configure = admin/config/people/antiscan
 
-version = 1.0.7 
+version = 1.0.8

antiscan.module

@@ -3,7 +3,7 @@
  * @file antiscan.module
  */
 
-define('MODULE_UID', 10001); // reasonable big uid for use in DB records
+define('MODULE_UID', 10001, false); // reasonable big uid for use in DB records
 
 /**
  * Implements hook_config_info().
@@ -150,9 +150,9 @@ function antiscan_blocked_referrer($referrer = '') {
 function antiscan_action($ip, $type, $subject) {
   $config      = config('antiscan.settings');
   $test_mode   = $config->get('test_mode');
-  $ban_message = '<h1>Suspicious activity detected, your IP address ' . $ip . ' has been banned.</h1>';
-  $ban_reason  = '<p>Ban reason: ' . $type . ' is ' . $subject . '</p>'
-    . '<h2>This is not a real ban - the test mode of the "Antiscan" module is on!</h2>';
+  $ban_message = '<h1>Suspicious activity detected, your IP address ' . $ip . ' has been blocked.</h1>';
+  $ban_reason  = '<p>Blocking reason: ' . $type . ' is ' . $subject . '</p>'
+    . '<h2>This is not a real blocking - the test mode of the "Antiscan" module is on!</h2>';
 
   if ($test_mode) {
     header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
@@ -214,16 +214,23 @@ function antiscan_block_ip($ip, $reason) {
   $config      = config('antiscan.settings');
   $log_enabled = $config->get('log_enabled');
 
+  if (mb_strlen($reason,'UTF-8') > 230) {
+    $reason_dec = urldecode(substr($reason, 0, 230)) . ' ... ';
+  }
+  else {
+    $reason_dec  = urldecode($reason);
+  }
+
   // Insert the record to DB.
   db_insert('blocked_ips')
-    ->fields(array('ip' => $ip, 'reason' => $reason, 'time' => time(), 'uid' => MODULE_UID))
+    ->fields(array('ip' => $ip, 'reason' => $reason_dec, 'time' => time(), 'uid' => MODULE_UID))
     ->execute();
 
   if ($log_enabled) {
     watchdog(
       'antiscan',
       'IP %ip blocked. %reason.',
-      array('%ip' => $ip, '%reason' => $reason),
+      array('%ip' => $ip, '%reason' => $reason_dec),
       WATCHDOG_WARNING
     );
   }

config/antiscan.settings.json

@@ -3,7 +3,7 @@
   "path_patterns": "elrekt,eval-stdin.php,/fck,phpMyAdmin,/wp-*,wlwmanifest.xml,xmlrpc.php",
   "path_noblock": "user/,admin/",
   "blocked_ua": "drupalgeddon2\r\nGo-http-client/*\r\nlibwww-perl*\r\npython-requests/*",
-  "blocked_referrer": "semalt.com,buttons-for-website.com,simple-share-buttons.com,simplesharebuttons.com",
+  "blocked_referrer": "semalt.com,buttons-for-website.com,simplesharebuttons.com",
   "log_enabled": 1,
   "test_mode": 0,
   "unblock": 1,