APIban MySQL client

Introduction

APIBAN helps prevent unwanted SIP traffic by identifying addresses of known bad actors before they attack your system. Bad actors are collected through globally deployed honeypots and curated by LOD/APIBAN.

APIBAN-MySQL client

We have put together a node client that fetches SIP attackers’ IPs from APIBan REST API and saves them to the MySQL database. it also keeps track of the last fetched IPs ID and continues the next sync from there.

Project URL: https://github.com/ajamous/apiban-mysql

apiban-mysql client in action

How to install apiban-mysql ?

Download Project

git clone https://github.com/ajamous/apiban-mysql.git

Change Directory

cd apiban-mysql/

Install dependencies

npm install 

Created required tables in your MySQL DB

CREATE TABLE "last_fetched_id" (
  "id" varchar(32) NOT NULL DEFAULT '',
  PRIMARY KEY ("id")
);

CREATE TABLE "apiban_banned_ips" (
  "ip" varchar(15) NOT NULL DEFAULT '',
  PRIMARY KEY ("ip")
);

INSERT INTO last_fetched_id(id) values('');

Enter APIBan API key and DB Credentials

vi sync.js 
/* validate environment */
const APIBAN_API_KEY = "XXXXXXXXXXXXXXXXX"
const APIBAN_MYSQL_SERVER = "replace_with_mysql_ip_or_host"
const APIBAN_MYSQL_PORT = 3306
const APIBAN_MYSQL_DATABASE = "replace_with_db_name"
const APIBAN_MYSQL_USER = "replace_with_mysql_user"
const APIBAN_MYSQL_PASSWORD = "replace_with_mysql_password"

Run the script

node sync.js

Sample output

$ node sync.js 

getting ips list...
starting from ID: undefined
fetched 250 ips, next ID 1663924065
fetched 250 ips, next ID 1663954967
fetched 250 ips, next ID 1663970136
fetched 250 ips, next ID 1663991432
fetched 250 ips, next ID 1664018643
fetched 250 ips, next ID 1664039285
fetched 250 ips, next ID 1664058709
fetched 250 ips, next ID 1664082297
fetched 250 ips, next ID 1664111965
fetched 250 ips, next ID 1664130848
fetched 250 ips, next ID 1664160433
fetched 250 ips, next ID 1664198153
fetched 250 ips, next ID 1664229896
fetched 250 ips, next ID 1664259993
fetched 250 ips, next ID 1664287578
fetched 250 ips, next ID 1664321167
fetched 250 ips, next ID 1664330768
fetched 250 ips, next ID 1664351231
fetched 250 ips, next ID 1664373761
fetched 250 ips, next ID 1664386920
saving ips list into DB...
done.

When there is no more IPs to add

$ node sync.js

getting ips list...
starting from ID: 1664386920
no new banned IPs since last sync, exiting...