Add IP lookup capabilities to the watchdog module
baudolino - May 10, 2005 - 03:27
| Project: | Drupal |
| Version: | 7.x-dev |
| Component: | watchdog.module |
| Category: | feature request |
| Priority: | minor |
| Assigned: | Unassigned |
| Status: | active |
Description
This small patch adds IP lookup capabilities to the watchdog module using the free external site http://whois.sc. Basically, the IP becomes clickable, and a new window opens which displays a lot of data about the address in question. Might be useful for site administrators who need to look at suspicious activites, spiders, harvesters etc.
I got this idea from the phpBB bulletin board software, which offers this feature for administrators.
One line patch attached.
| Attachment | Size |
|---|---|
| watchdog.add_IP_lookup.diff | 972 bytes |
#1
+1 for this patch.
Shouldn't target="blank" read target="_blank" (with under score)?
#2
-1 for using the target attribute. That's browsers UI functionality.
#3
another -1 on target blank; As nielsen points out (http://www.useit.com/alertbox/9605.html #9) opening new windows is
#4
Updated version, removed "target=_blank".
#5
removed target? Then now I can +1 this.
#6
Why is this usefull? Can't you set up Apache to do the looking up?
Just two random questions.
#7
Several reasons:
1. Yes, Apache can be configured to do this. However, it is resource intensive. Apache would have to do a DNS reverse lookup request for every IP address. This is generally considered to be a bad idea on any Apache server that has any kind of load. Thus, it will be turned off on most hosting arrangements.
2. Not everybody runs Apache. :-)
3. It's convenient, somewhat useful and very lightweight to provide it.
#8
ok, more questions: How long is that service already there? How long will it stay available? Does their TOS allow this kind of integration?
#9
This is very useful.
Not all apache installations enable DNS name resolution, and if you are on a shared hosting that does not have it, you are out of luck.
This patch does the lookup selectively for links that are interesting to the admin when viewing the logs.
Moreover, it provides way more info than just a name resolution every did, or will do. You as the site admin can detect abuse, get organization contacts, blacklisted status, ...etc.
whois.sc has been available for a while, and provides a lot of nifty info. For example try http://whois.sc/drupal.org for some fun. Run it on your domain and see more fun.
As far as ToS, this is something that needs to be checked.
#10
Regarding the TOS, the best that I could find on their website is http://whois.sc/info/webmasters/remote-search.html
It seems to me they allow FREE queries using their website; from my experience I know that you can do around 100 queries per day without a having a FREE account on their website. They implemented the account policy to prevent abuse from automatic bots doing tons of queries per day, so the account is just a means of autentifying yourself as a real person.
If this patch is accepted, it seems to me that we'd have to give credit for the service, as a common courtesy gesture. The search boxes they provide on the link above have the "Powered by whois source" text embedded, although they say at the bottom of the page "Feel free to modify our search boxes on your own site."
BTW, let me assign this issue to myself, since I already suggested a patch.
#11
I too would prefer to use PHP's
gethostbyaddrto lookup the hostname. I'm not too fond of using external services.Plus, we should probably introduce a
format_ip_address()function because there are more places where IP addresses are shown (eg. statistics module).I'm marking this active.
#12
Since I already have an account at whois.sc I am able to use their service as much as I want; I feel that this module feature should be as configurable as generally required:
= Chose to use internal php gethost;
= Chose to use external source (like WhoIS.sc)
= Chose to use internal (read Private DNS) for intranet sites.
= Chose _self or _blank
= Chose active - flowed JS window to auto-display when each details page is requested from watchdog.
Making somethings automatic doesnt mean that there would be anyone other than the site admin looking -- therefore there should not be a possibility of repeated robitic activity causing WHoIS or similar harm.
#13
+1 as well
Agree with sneex, a few configuration options would be great. Use the PHP function on as-needed-basis, choose whether to use an external source for a list of drop downs, or enter your own, and checkbox to turn this on/off as needed.
#14
Let me get out of the way; the feature list becomes more complex than what I had originally in mind.
#15
I guess I should do it as I have a good idea what I want (and hopefully other would desire them as well) -- It will give me a chance to learn more about Drupal and PHP. Any help during my learning curve would be most appreciate =)
#16
sneex i'm interested in helping out as well, let me know! be on IRC monday morning to chat.
#17
As I am still learning PHP, and related things (mostly inside MediaWiki at present), I do not wish to hold up this plug-ins development; I apologize to the group for butt'ing in -- this module is definitely needed for Drupal but after my long research into the API, etc, I do not feel capable of writing/adding it at this time. I hope to be a strong, value-adding community member when I am better at PHP, etc.
#18
I submitted a patch with this functionality for the statistics module. Details can be found here:
http://drupal.org/node/63544
#19
Still a feature request?
Moving to cvs.