summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--misc/freeswitch/scripts/common/perimeter.lua14
1 files changed, 11 insertions, 3 deletions
diff --git a/misc/freeswitch/scripts/common/perimeter.lua b/misc/freeswitch/scripts/common/perimeter.lua
index d1eecd1..de3f993 100644
--- a/misc/freeswitch/scripts/common/perimeter.lua
+++ b/misc/freeswitch/scripts/common/perimeter.lua
@@ -111,6 +111,14 @@ function Perimeter.check(self, event)
end
end
+ if tonumber(event.points) and event.points < 0 then
+ event.points = 0;
+ end
+
+ if event.points then
+ self.log:info('[', event.key, '/', event.sequence, '] PERIMETER suspicion rising - points: ', event.points,', ', event.action, '=', event.class, ', from: ', event.from_user, '@', event.from_host, ', to: ', event.to_user, '@', event.to_host, ', user_agent: ', event.user_agent);
+ end
+
if (event.points or event.record.points) > self.ban_threshold and event.record.banned <= self.ban_tries then
if event.record.banned > 0 and event.record.banned == self.ban_tries then
self.log:warning('[', event.key, '/', event.sequence, '] PERIMETER_BAN_FUTILE - points: ', event.points,', event: ', event.class, ', from: ', event.from_user, '@', event.from_host, ', to: ', event.to_user, '@', event.to_host);
@@ -134,7 +142,7 @@ end
function Perimeter.check_frequency(self, event)
if event.record.span_contact_count >= self.contact_count_threshold then
- self.log:info('[', event.key, '/', event.sequence, '] PERIMETER_FREQUENCY_CHECK - contacts: ', event.record.span_contact_count, ' in < ', (event.timestamp - event.record.span_start)/1000000, ' sec, threshold: ', self.contact_count_threshold, ' in ', self.contact_span_threshold, ' sec');
+ self.log:debug('[', event.key, '/', event.sequence, '] PERIMETER_FREQUENCY_CHECK - contacts: ', event.record.span_contact_count, ' in < ', (event.timestamp - event.record.span_start)/1000000, ' sec, threshold: ', self.contact_count_threshold, ' in ', self.contact_span_threshold, ' sec');
event.span_contact_count = 0;
event.span_start = event.timestamp;
return 1;
@@ -156,7 +164,7 @@ function Perimeter.check_username_scan(self, event)
end
if #event.record.users >= self.name_changes_threshold then
- self.log:info('[', event.key, '/', event.sequence, '] PERIMETER_USER_SCAN - user names: ', #event.record.users, ', threshold: ', self.name_changes_threshold);
+ self.log:debug('[', event.key, '/', event.sequence, '] PERIMETER_USER_SCAN - user names: ', #event.record.users, ', threshold: ', self.name_changes_threshold);
event.users = {};
return 1;
else
@@ -180,7 +188,7 @@ function Perimeter.check_bad_headers(self, event)
pattern = self:expand_variables(pattern, event);
local success, result = pcall(string.find, event[name], pattern);
if success and result then
- self.log:info('[', event.key, '/', event.sequence, '] PERIMETER_BAD_HEADERS - ', name, '=', event[name], ' ~= ', pattern);
+ self.log:debug('[', event.key, '/', event.sequence, '] PERIMETER_BAD_HEADERS - ', name, '=', event[name], ' ~= ', pattern);
points = (points or 0) + 1;
end
end