SCHEDULER-IP-DDOS.txt

:local logBuffer "failedauth"
:local blocklist "IP-DDOS-BLOCKED"
:local GDate [/system clock get date]
:local GTime [/system clock get time]
:local RName [/system identity get name];

# ------- EDIT KONFIGURASI DI BAWAH -------
:local failthreshold 2
:local NoWA "6283148752220"
:local timezone "Asia/Jakarta"
:local Pesan "IP Berhasil Di BLOCKED.";
# -------- STOP EDIT -------

# ------- NOTES -------
# Silakan di sesuaikan ya
# failthreshold 0 ==>> Jika Gagal Login 1x ip akan di block
# failthreshold 2 ==>> Jika Gagal Login 3x ip akan di block
# failthreshold 4 ==>> Jika Gagal Login 5x ip akan di block
# failthreshold 9 ==>> Jika Gagal Login 10x ip akan di block
# Rekomendasi di isi angka 4 untuk menghindari salah input password
#
# Timezone Indonesia
# Asia/Jakarta === WIB
# Asia/Makassar === WITA
# Asia/Jayapura === WIT
# ------------------------------------------

# -------- DONASI LAYANAN WA GATEWAY -------
# DANA/OVO = 083148752220
# A/N = JAENUDIN
# ------------------------------------------

:local attackiparray {0}
:local attackcountarray {0}
:local logEntryTopics
:local logEntryTime
:local logEntryMessage
:local clearedbuf
:local lines
:local datetime [/system clock get date]
:set clearedbuf 0

:local i 0

:foreach rule in=[/log print as-value where buffer=($logBuffer)] do={
# Now all data is collected in memory..

# Clear log buffer right away so new entries come in
   :if ($clearedbuf = 0) do={
      /system logging action {
         :set lines [get ($logBuffer) memory-lines]
         set ($logBuffer) memory-lines 1
         set ($logBuffer) memory-lines $lines
      }
      :set clearedbuf 1
   }
# End clear log buffer

   :set logEntryTime ""
   :set logEntryTopics ""
   :set logEntryMessage ""

:set logEntryTime ($rule->"time")
:set logEntryTopics ($rule->"topics")
:set logEntryMessage ($rule->"message")

:if ($logEntryMessage~"login failure") do={

:local attackip [:pick $logEntryMessage ([:find $logEntryMessage "from "]+5) ([:find $logEntryMessage " via"])]

:local x 0
:foreach ip in=$attackiparray do={
  :if ($ip = $attackip) do={
    :set ($attackcountarray->$x) (($attackcountarray->$x)+1)
  } else={
    :set ($attackiparray->$i) $attackip
    :set ($attackcountarray->$i) 1
  }
:set x ($x+1)
}
}
:set i ($i+1)
# end foreach rule
}

/system script run "FUNCTIONS"
:global urlEncode
:local URLoriginal "https://api.raditek.co.id/BlockUserNakal.php?phone=$NoWA&router";

:local z 0
:local result [$urlEncode $original];
:foreach ip in=$attackiparray do={
  :if ($attackcountarray->$z > $failthreshold) do={
    :set ($attackcountarray->$z) 0
	
	:local original "$RName&ip=$attackiparray&tgl=$GDate&jam=$GTime&timezone=$timezone&detail=$logEntryMessage";
	:local result [$urlEncode $original];
	:log warning $result;
	
	/ip firewall address-list add address=($attackiparray->$z) list=$blocklist comment="Create at $GDate $GTime | $logEntryMessage"
	
	:log warning "Sedang mengirim ke whatsapp.....";
	/tool fetch url="$URLoriginal=$result" keep-result=no;
	:log warning "Kirim ke Whatsapp Sukses.";
	    
  }
:set ($attackcountarray->$z) 0
:set z ($z+1)
}