Report LFD to abuseabuseipdb

abuseabuseipdb_report.php

#!/usr/bin/env php
<?php

// get command line arguments
$args = $argv;

// AbuseIPDB API Key
$api_key = 'YOUR_API_KEY';

// your AbuseIPDB User ID
$user_id = 'YOUR_USER_ID';

// Your Server IPs to hide
$server_ip = [ 'server_ip' ];

// categories to tag in AbuseIPDB
$categories = [
    '5' => 'ftpd',
    '11' => 'email',
    '18' => 'brute-force',
    '21' => 'cpanel',
    '22' => 'ssh',
    '14' => 'port scan'
  ];

$msg = $argv[6];
$log = $argv[7];
$ips = $argv[1];

// default categories to tag in AbuseIPDB report
$cats = [ '18' ];

// see if the message or logs include any of the keywords from categories
foreach ($categories as $id => $category) {
  if (stristr($log, $category) || stristr($msg, $category)) {
    // add category to array to report
    $cats[] = $id;
  }
}

echo 'Remote IP: ' . $ips . PHP_EOL;
echo 'Message: ' . $msg . PHP_EOL;
echo 'Categories: ' . implode(', ', $cats) . PHP_EOL;

// check AbuseIPDB reports
$check = file_get_contents('https://www.abuseipdb.com/check/'. $ips .'/json?key='. $api_key .'&days=10&verbose');
$check = json_decode($check);

// fix for converting a single report to array
if (isset($check->ip)) {
  $new = [];
  $new[0] = $check;
  $check = $new;
}

// loop through reports to see if IP was previously reported by yourself
foreach ($check as $report) {
  if ($report->userId == $user_id) {
    echo 'ALREADY REPORTED' . PHP_EOL;
    exit;
  }
}

echo 'IP Reported: '. count($check) .' times.' . PHP_EOL;

// report new IP to AbuseIPDB
$publish = file_get_contents('https://www.abuseipdb.com/report/json?key='. $api_key .'&category='. implode(',', $cats) .'&comment='. urlencode($msg) .'&ip='. $ips);

// print response from AbuseIPDB
$publish = json_decode($publish);
echo print_r($publish, 1) . PHP_EOL;