[HOME]

Path : /etc/cron.daily/
Upload :
Current File : //etc/cron.daily/eigid

#!/usr/bin/perl
# do not try to use ssl_opts with LWP::UserAgent to kill certificate warnings. You'll make this script not able to run on half the farm. 
# Just update the certificate on eigid.endurance.com
use strict;
use lib '/usr/lib/perl5/vendor_perl/5.8.8/';
use Sys::Hostname;
use Net::Domain qw(hostdomain);
use JSON qw(encode_json);
use LWP::UserAgent;
use HTTP::Request;
use Data::Dumper;
$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;

my %data;
$data{'hostname'} = hostname();
$data{'hostdomain'} = hostdomain();
my %dispatch = (
    'generic' => \&get_generic,
    'cpanel' => \&get_generic,
    'virtuozzo' => \&get_virtuozzo,
);

main();

sub main {
    get_brand();
    get_ips();
    $dispatch{get_type()}->();
    submit();
}

sub get_brand {
    my %brands = (
        'hostgator.com$' => 'hostgator',
        'websitewelcome.com$' => 'hostgator',
        'launchpad.com$' => 'hostgator',
        'hostgator.com.br$' => 'hostgator_br',
        'prodns.com.br$' => 'hostgator_br',
        'accountservergroup.com$' => 'asmallorange',
        'asmallorange.com$' => 'asmallorange',
        'asoshared.com$' => 'asmallorange',
        'apthost.com$' => 'asmallorange',
        'arvixe.com$' => 'asmallorange',
        'bluefur.com$' => 'asmallorange',
        'cirtexhosting.com$' => 'asmallorange',
        'cloudbyix.com$' => 'asmallorange',
        'hostnine.com$' => 'asmallorange',
        'hostv.com$' => 'asmallorange',
        'ixwebhosting.com$' => 'asmallorange',
        'myserverhosts.com$' => 'asmallorange',
        'mysitehosted.com$' => 'asmallorange',
        'seoboxes.com$' => 'asmallorange',
        'seohosting.com$' => 'asmallorange',
        'seohosting.com$' => 'asmallorange',
        'site5.com$' => 'asmallorange',
        'weblimitsiz.com$' => 'asmallorange',
        'webserversystems.com$' => 'asmallorange',
        'bluehost.com$' => 'bluehost',
        'domainpro.com$' => 'bluehost',
        'fastdomain.com$' => 'bluehost',
        'hostmonster.com$' => 'bluehost',
        'justhost.com$' => 'bluehost',
        'supergreenhosting.com$' => 'bluehost',
        'rhost(bh|jh).com$' => 'bluehost',
        'unifiedlayer.com$' => 'bluehost',
        'beta(bh|hm|fd|jh).com$' => 'bluehost',
        'annulet.com$' => 'buydomains',
        'azdomainz.com$' => 'buydomains',
        'azprivatez.com$' => 'buydomains',
        'buydomains.com$' => 'buydomains',
        'adlauncher.io$' => 'constantcontact',
        'constantcontact.com$' => 'constantcontact',
        'smbinnoloft.com$' => 'constantcontact',
        'singleplatform.com$' => 'constantcontact',
        'anytimesites.com$' => 'directi',
        'bigdomainshop.com$' => 'directi',
        'bigrock.com$' => 'directi',
        'bigrock.cn$' => 'directi',
        'bigrock.in$' => 'directi',
        'bigrock.com$' => 'directi',
        'bluefractal.com$' => 'directi',
        'br.bluehost.com$' => 'directi',
        'cn.bluehost.com$' => 'directi',
        'in.bluehost.com$' => 'directi',
        'bluehost.mx$' => 'directi',
        'ru.bluehost.com$' => 'directi',
        'tr.bluehost.com$' => 'directi',
        'publicdomainregistry.com$' => 'directi',
        'commerceisland.com$' => 'directi',
        'coolocean.com$' => 'directi',
        'crispnames.com$' => 'directi',
        'crystalcoal.com$' => 'directi',
        'curiousnet.com$' => 'directi',
        'desertdevil.com$' => 'directi',
        'domainband.com$' => 'directi',
        'domainmantra.com$' => 'directi',
        'domainshype.com$' => 'directi',
        'domdrill.com$' => 'directi',
        'everreadynames.com$' => 'directi',
        'extendnames.com$' => 'directi',
        'extremelywild.com$' => 'directi',
        'findgooddomains.com$' => 'directi',
        'gamefornames.com$' => 'directi',
        'gofullhouse.com$' => 'directi',
        'africa.hostgator.com$' => 'directi',
        'cn.hostgator.com$' => 'directi',
        'hostgator.in$' => 'directi',
        'my.hostgator.com$' => 'directi',
        'hostgator.mx$' => 'directi',
        'ru.hostgator.com$' => 'directi',
        'hostgator.sg$' => 'directi',
        'hostgator.com.tr$' => 'directi',
        'hotdomaintrade.com$' => 'directi',
        'instinctsolutions.com$' => 'directi',
        'jumboname.com$' => 'directi',
        'keyregistrar.com$' => 'directi',
        'logicboxes.com$' => 'directi',
        'logicboxes.com$' => 'directi',
        'magicfriday.com$' => 'directi',
        'mightybay.net$' => 'directi',
        'nameperfections.com$' => 'directi',
        'nametofame.com$' => 'directi',
        'namware.com$' => 'directi',
        'needservers.com$' => 'directi',
        'netjuggler.com$' => 'directi',
        'networksavior.com$' => 'directi',
        'publicdomainregistry.com$' => 'directi',
        'platinumregistrar.com$' => 'directi',
        'powercarrier.com$' => 'directi',
        'powernamers.com$' => 'directi',
        'publicdomainregistry.com$' => 'directi',
        'rankusa.com$' => 'directi',
        'cn.resellerclub.com$' => 'directi',
        'resellerclub.com$' => 'directi',
        'india.resellerclub.com$' => 'directi',
        'id.resellerclub.com$' => 'directi',
        'russia.resellerclub.com$' => 'directi',
        'es.resellerclub.com$' => 'directi',
        'tr.resellerclub.com$' => 'directi',
        'uk.resellerclub.com$' => 'directi',
        'resellersrs.com$' => 'directi',
        'br.resellerclub.com$' => 'directi',
        'speedhost.in$' => 'directi',
        'supernameworld.com$' => 'directi',
        'techtyrants.com$' => 'directi',
        'theregistrarservice.com$' => 'directi',
        'TitanicHosting.com$' => 'directi',
        'tradestarter.com$' => 'directi',
        'ultraregistrar.com$' => 'directi',
        'unifiedservers.com$' => 'directi',
        'unpower.com$' => 'directi',
        'vertexnames.com$' => 'directi',
        'visualmonster.com$' => 'directi',
        'webhosting.info$' => 'directi',
        'yellowstart.com$' => 'directi',
        'yourdomainking.com$' => 'directi',
        'zonecasting.com$' => 'directi',
        '000domains.com$' => 'directi',
        'directdomains.com$' => 'directi',
        'domainbank.com$' => 'directi',
        'domain.com$' => 'directi',
        'dominio.com$' => 'directi',
        'dotster.com$' => 'directi',
        'enameco.com$' => 'directi',
        'fortunecity.com$' => 'directi',
        'hostlane.com$' => 'directi',
        'namezero.com$' => 'directi',
        'namesdirect.com$' => 'directi',
        'vip.domain.com$' => 'directi',
        'appmachine.com$' => 'eig',
        'tapp.com$' => 'eig',
        'emailbrain.com$' => 'eig',
        'endurance.com$' => 'eig',
        'impress.ly$' => 'eig',
        'seogears.com$' => 'eig',
        'textagrams.com$' => 'eig',
        're.vu$' => 'eig',
        'theinstantsurvey.com$' => 'eig',
        'backupgenie.com$' => 'jdi',
        'jdibackup.com$' => 'jdi',
        'justcloud.com$' => 'jdi',
        'mypcbackup.com$' => 'jdi',
        'shieldsafe.com$' => 'jdi',
        'turboyourpc.com$' => 'jdi',
        'yesbackup.com$' => 'jdi',
        'zipcloud.com$' => 'jdi',
        'siteblog.com$' => 'jdi',
        'sitebuilder.com$' => 'jdi',
        'sitelio.com$' => 'jdi',
        'sitey.com$' => 'jdi',
        'templatesites.com$' => 'jdi',
        'websitetailor.com$' => 'jdi',
        'websitebuilder.com$' => 'jdi',
        'webzai.com$' => 'jdi',
        'cloudhosted.com$' => 'jdi',
        'digitalcloud.com$' => 'jdi',
        'ehost.com$' => 'jdi',
        'hostclear.com$' => 'jdi',
        'hostfinity.com$' => 'jdi',
        'ideahost.com$' => 'jdi',
        'cvexpert.com$' => 'jdi',
        'speedyresume.com$' => 'jdi',
        'standoutresume.com$' => 'jdi',
        'mysocialsuite.com$' => 'jdi',
        'social-booster.com$' => 'jdi',
        'uplift.social$' => 'jdi',
        'fortifi.co$' => 'jdi',
        'incognitovpn.com$' => 'jdi',
        'pseud.io$' => 'jdi',
        'saferweb.com$' => 'jdi',
        'supervpn.io$' => 'jdi',
        'totalvpn.com$' => 'jdi',
        '123domainrenewals.com$' => 'vdeck',
        '1800-website.com$' => 'vdeck',
        '1st-for-domain-names.com$' => 'vdeck',
        '24x7domains.com$' => 'vdeck',
        '995discountdomains.com$' => 'vdeck',
        'addresscreation.com$' => 'vdeck',
        'addressontheweb.com$' => 'vdeck',
        'allaccessdomains.com$' => 'vdeck',
        'alldomains.com$' => 'vdeck',
        'apollohosting.com$' => 'vdeck',
        'austriadomains.com$' => 'vdeck',
        'austriandomains.com$' => 'vdeck',
        'bidfordomainnames.com$' => 'vdeck',
        'bizland.com$' => 'vdeck',
        'blueboxinternet.com$' => 'vdeck',
        'bluedomino.com$' => 'vdeck',
        'CapitalDomains.org$' => 'vdeck',
        'chinesedomain.cn$' => 'vdeck',
        'chocolatecovereddomains.com$' => 'vdeck',
        'claimeddomains.com$' => 'vdeck',
        'click2site.com$' => 'vdeck',
        'cocosislandsdomains.cc$' => 'vdeck',
        'ColumbiaDomains.net$' => 'vdeck',
        'DecentDomains.net$' => 'vdeck',
        'department-of-domains.com$' => 'vdeck',
        'deutchdomains.de$' => 'vdeck',
        'diggitydot.com$' => 'vdeck',
        'discountdomainservices.com$' => 'vdeck',
        'Domain-A-Go-Go.com$' => 'vdeck',
        'domain.com$' => 'vdeck',
        'domainadministration.com$' => 'vdeck',
        'domainbulkregistration.com$' => 'vdeck',
        'domainbusinessnames.com$' => 'vdeck',
        'domaincamping.com$' => 'vdeck',
        'personalnames.com$' => 'vdeck',
        'domainhost.com$' => 'vdeck',
        'domainhostingweb.us$' => 'vdeck',
        'domaininternetname.com$' => 'vdeck',
        'domainnamebidder.com$' => 'vdeck',
        'domainnamelookup.us$' => 'vdeck',
        'dot5hosting.com$' => 'vdeck',
        'easycgi.com$' => 'vdeck',
        'vdeck.ehost.com$' => 'vdeck',
        'enameco.com$' => 'vdeck',
        'entryhost.com$' => 'vdeck',
        'fatcow.com$' => 'vdeck',
        'freeyellow.com$' => 'vdeck',
        'globat.com$' => 'vdeck',
        'homestead.com$' => 'vdeck',
        'hostcentric.com$' => 'vdeck',
        'hostlane.com$' => 'vdeck',
        'hypermart.com$' => 'vdeck',
        'imoutdoorshosting.com$' => 'vdeck',
        'ipage.com$' => 'vdeck',
        'ipower.com$' => 'vdeck',
        'namezero.com$' => 'vdeck',
        'cadomains.com$' => 'vdeck',
        'netfirms.com$' => 'vdeck',
        'networkshosting.com$' => 'vdeck',
        'niuedomains.nu$' => 'vdeck',
        'powweb.com$' => 'vdeck',
        'privacypost.com$' => 'vdeck',
        'purehost.com$' => 'vdeck',
        'readyhosting.com$' => 'vdeck',
        'registernames.com$' => 'vdeck',
        'samoandomains.com$' => 'vdeck',
        'spry.com$' => 'vdeck',
        'startlogic.com$' => 'vdeck',
        'tuvaludomains.tv$' => 'vdeck',
        'unitedkingdomdomains.com$' => 'vdeck',
        'newdentity.com$' => 'vdeck',
        'usanethosting.com$' => 'vdeck',
        'vdeck.com$' => 'vdeck',
        'verio.com$' => 'vdeck',
        'virtualave.com$' => 'vdeck',
        'vpslink.com$' => 'vdeck',
        'webhost4life.com$' => 'vdeck',
        'webifybiz.com$' => 'vdeck',
        'xeran.com$' => 'vdeck'
    );
    foreach my $regex ( keys %brands ) {
        if ( $data{'hostdomain'} =~ /^$regex$/i ) {
            $data{'brand'} = $brands{$regex};
            last;
        }
    }
    $data{'brand'} = 'Unknown' unless defined($data{'brand'});
    return(1);
}

sub get_ips {
    open(my $f, '-|', '/sbin/ip addr');
        while(<$f>) {
            if ( /^\s+inet\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\// ) {
                next if is_rfc1918($1);
                $data{'primaryip'} = $1 unless defined($data{'primaryip'});
                $data{'ips'}->{$1} = [];
            }
        }
    close($f);
    # container IP's aren't bound to the server so we need to grab them from the vz db.
    # If they aren't in our hash then we wont be able to match domains off of them.
    if ( -f '/usr/sbin/vzlist' ) {
        open(my $f, '-|', '/usr/sbin/vzlist -a -H -o ip');
            while(<$f>) {
                foreach my $ip ( split(/\s+/, $_) ) {
                    next if is_rfc1918($ip);
                    $data{'ips'}->{$ip} = [];
                }
            }
        close($f);
    }
    return(1);
}

sub get_type {
    my %types = (
        '/var/cpanel' => 'cpanel',
        '/usr/sbin/vzctl' => 'virtuozzo',
    );
    foreach my $file ( keys %types ) {
        if (( -f $file ) || ( -d $file )) {
            return($types{$file});
        }
    }
    return('generic');
}

sub get_generic {
    my $named_dir = get_named_dir('/etc/named.conf');
    opendir(my $d, $named_dir);
        foreach my $file ( map { $named_dir . '/' . $_ } grep { ! /^\.(\.)?$/ } readdir($d) ) {
            next unless $file =~ /\.db$/;
            read_zone($file);
        }
    closedir($d);
    return(1);
}

sub get_virtuozzo {
    open(my $f, '-|', '/usr/sbin/vzlist -a -H');
        while(<$f>) {
            my ( undef, $ctid ) = split(/\s+/, $_);
            next unless $ctid =~ /^[0-9]+$/;
            my $partition;
            open(my $fh, '<', '/etc/vz/conf/' . $ctid . '.conf');
                while(<$fh>) {
                    my ( $key, $value ) = split('=', $_);
                    next unless $key eq 'VE_PRIVATE';
                    $value =~ s/(\"|\')//g;
                    ( undef, $partition ) = split('/', $value);
                    last unless $partition =~ /^vz([0-9]+)?$/;
                }
            close($fh);
            my $named_dir = get_named_dir("/$partition/private/$ctid/fs/root/etc/named.conf");
            # this is to get around plesk having a chrooted named dir.
            if (( ! $named_dir ) && ( -d "/$partition/private/$ctid/fs/root/etc/psa" )) {
                $named_dir = '/var/named/run-root/var/';
            }
            next unless $named_dir;
            opendir(my $d, "/$partition/private/$ctid/fs/root/$named_dir");
                foreach my $file ( map { "/$partition/private/$ctid/fs/root/$named_dir" . '/' . $_ } grep { ! /^\.(\.)?$/ } readdir($d) ) {


                    read_zone($file);
                }
            closedir($d);
        }
    close($f);
    return(1);
}

sub submit {
    my $json = encode_json(\%data);
    my $auth = 'U0euhTxP1kc2BMRtN6IPG3aakhcfp8sMqwQ4Kcwk09VyngQPcK36jjMgGOOrg4rQTrwp1DREzs1DA66a4zd2R3V8G9uPfify4nR2lbUeebOIxd7v9y0u22vwlI4KLGRF';
    my $url = 'https://eigid.endurance.com/eigid.php';
    my $ua = LWP::UserAgent->new();
    my $req = HTTP::Request->new( POST => $url );
    $req->header('Content-Type' => 'application/json');
    $req->header('X-Auth-Token' => $auth);
    $req->content($json);
    my $response = $ua->request($req);
    unless ( $response->is_success ) {
        print '[!] Unable to post data to eigid:', $response->code, $response->message, "\n";
        exit();
    }
}

sub is_rfc1918 {
    my $ip = shift;
    my @private_subnets = (
        '^127\.',
        '^10\.',
        '^172\.1[6-9]\.',
        '^172\.2[0-9]\.',
        '^172\.3[0-1]\.',
        '^192\.168\.',
    );
    foreach my $regex ( @private_subnets ) {
        if ( $ip =~ /$regex/ ) {
            return(1);
        }
    }
    return(0);
}

sub get_named_dir {
    my $file = shift;
    my $dir;
    open(my $fh, '<', $file);
        while(<$fh>) {
            if ( /^\s+?directory\s+(\'|\")([a-z0-9\/]+)(\'|\")/ ) {
                $dir = $2;
                last;
            }
        }
    close($fh);
    return($dir);
}

sub read_zone {
    my $file = shift;
    open(my $f, '<', $file);
        while(<$f>) {
            my ( $one, $two, $three, $four, $five ) = split(/\s+/);
            my ( $domain, $type, $record );
            # if a TTL is there
            if ( $two =~ /^[0-9]+$/ ) {
                ( $domain, $type, $record ) = ( $one, $four, $five );
            } else {
                ( $domain, $type, $record ) = ( $one, $three, $four );
            }
            next unless $type =~ /^a$/i;
            next unless $domain =~ /\.$/;
            next unless $data{'ips'}->{$record};
            $domain =~ s/\.$//g;
            push(@{$data{'ips'}->{$record}}, $domain);
        }
    close($f);
}

__END__