A Caddy 2 module that listens for abuse and reports abuse to AbuseIPDB.
Caddy now supports adding packages via caddy add-package
. This is the easiest way to install ListenCaddy.
Just run caddy add-package github.com/Odyssey346/ListenCaddy
and you're done! You can now use ListenCaddy in your Caddyfile.
This gets built from Caddy's servers, so you don't need to build it yourself and you don't need any extra dependencies other than Caddy itself. It's also way faster than building it yourself.
Note: these instructions are made for Linux. It shouldn't be too different on other UNIX* systems, but I haven't tried (and can't). If you have instructions for Windows, please make a PR.
You will need the following before you can build Caddy with ListenCaddy:
When you have xcaddy set up, run this command to build a custom version of Caddy that includes ListenCaddy:
xcaddy build --with github.com/Odyssey346/ListenCaddy
You should get a binary called caddy
in your current directory. This is the custom Caddy server.
If you have a version of Caddy installed, I recommend you remove it. If you're on Linux, it's as simple as sudo rm /usr/bin/caddy
.
Now we move the binary to /usr/bin/caddy
and make it executable:
sudo mv caddy /usr/bin/caddy
sudo chmod +x /usr/bin/caddy
Open up your Caddyfile using your favourite editor and add the following to the top:
{
order listencaddy first
}
This tells Caddy to prioritize ListenCaddy before anything else, which is required.
Now, you can set up a website to use ListenCaddy. Here's an example (oh also, we use RegEx):
listencaddy {
api_key "yourAPIkey" # You can use an environment variable if you'd like. If you want to, do "{$YOUR_ENV_VAR_NAME}".
banned_uris "/admin|/wp-admin|/.env|/phpMyAdmin/scripts/setup.php" # TODO: add more of these. If you want to help, contribute!
whitelisted_ips "1.1.1.1|9.9.9.9" #optional
abuseipdb_message "This IP accessed the path {{.Path}}, which is banned. Powered by ListenCaddy" # Optional. This is the message that gets sent to AbuseIPDB as comment. Take a look at Template Options below for some information you can put in your report.
response_message "{{.Path}} is banned. Powered by ListenCaddy" # Optional. This is the message that gets sent to the client when they accessed a banned path.
Take a look at Template Options below for some information you can put in your response.
}
If you don't like repetition, then you can do something like this:
(listencaddy) {
listencaddy {
api_key "yourAPIkey" # You can use an environment variable if you'd like. If you want to, do "{$YOUR_ENV_VAR_NAME}".
banned_uris "/admin|/wp-admin|/.env|/phpMyAdmin/scripts/setup.php" # TODO: add more of these. If you want to help, contribute!
whitelisted_ips "1.1.1.1|9.9.9.9" #optional
abuseipdb_message "This IP accessed the path {{.Path}}, which is banned. Powered by ListenCaddy" # Optional. This is the message that gets sent to AbuseIPDB as comment. This is the message that gets sent to the client when they accessed a banned path. Take a look at Template Options below for some information you can put in your report.
response_message "{{.Path}} is banned. Powered by ListenCaddy" # Optional. This is the message that gets sent to the client when they accessed a banned path. Take a look at Template Options below for some information you can put in your response.
}
}
yourdomain.xyz {
import listencaddy
reverse_proxy http://127.0.0.1:3000
}
yourotherdomain.xyz {
import listencaddy
respond / "Hello world!" 200
}
ListenCaddy allows you to get some information about the reported user in the AbuseIPDB report or as a response.
Variable | What it does |
---|---|
.Path | Tells you what path the abusive IP accessed. For example, /admin. |
.UserAgent | Tells you what User-Agent the abusive IP used. For example, "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36". |