Merge pull request #299 from Moonlight-Panel/AddNewScan
Added discord nuke bot scan
This commit is contained in:
commit
f48ec2245c
54
Moonlight/App/MalwareScans/DiscordNukeScan.cs
Normal file
54
Moonlight/App/MalwareScans/DiscordNukeScan.cs
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
using Moonlight.App.Database.Entities;
|
||||||
|
using Moonlight.App.Models.Misc;
|
||||||
|
using Moonlight.App.Services;
|
||||||
|
|
||||||
|
namespace Moonlight.App.MalwareScans;
|
||||||
|
|
||||||
|
public class DiscordNukeScan : MalwareScan
|
||||||
|
{
|
||||||
|
public override string Name => "Discord nuke";
|
||||||
|
public override string Description => "Discord nuke bot detector";
|
||||||
|
public override async Task<MalwareScanResult?> Scan(Server server, IServiceProvider serviceProvider)
|
||||||
|
{
|
||||||
|
var serverService = serviceProvider.GetRequiredService<ServerService>();
|
||||||
|
var access = await serverService.CreateFileAccess(server, null!);
|
||||||
|
|
||||||
|
var files = await access.Ls();
|
||||||
|
var filteredFiles = files.Where(x =>
|
||||||
|
x.Name.EndsWith(".py") ||
|
||||||
|
x.Name.EndsWith(".js") ||
|
||||||
|
x.Name.EndsWith(".json") ||
|
||||||
|
x.Name.EndsWith(".env"));
|
||||||
|
|
||||||
|
foreach (var file in filteredFiles)
|
||||||
|
{
|
||||||
|
var content = await access.Read(file);
|
||||||
|
var filteredContent = content.ToLower();
|
||||||
|
|
||||||
|
if (filteredContent.Contains("quake") ||
|
||||||
|
filteredContent.Contains("nuked by") ||
|
||||||
|
filteredContent.Contains("nuke bot") ||
|
||||||
|
(filteredContent.Contains("fucked by") && filteredContent.Contains("nuke"))) // fucked by in context with nuke
|
||||||
|
{
|
||||||
|
return new()
|
||||||
|
{
|
||||||
|
Title = "Discord nuke bot",
|
||||||
|
Description = "Found suspicious content which may indicate there is a nuke bot running",
|
||||||
|
Author = "Marcel Baumgartner"
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
if (files.Any(x => x.Name == "nukes.json"))
|
||||||
|
{
|
||||||
|
return new()
|
||||||
|
{
|
||||||
|
Title = "Discord nuke bot",
|
||||||
|
Description = "Found suspicious content which may indicate there is a nuke bot running",
|
||||||
|
Author = "Marcel Baumgartner"
|
||||||
|
};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -25,7 +25,8 @@ public class MalwareScanService
|
||||||
new SelfBotCodeScan(),
|
new SelfBotCodeScan(),
|
||||||
new FakePlayerPluginScan(),
|
new FakePlayerPluginScan(),
|
||||||
new MinerScan(),
|
new MinerScan(),
|
||||||
new ProxyScan()
|
new ProxyScan(),
|
||||||
|
new DiscordNukeScan()
|
||||||
};
|
};
|
||||||
|
|
||||||
var scans = await PluginService.BuildMalwareScans(defaultScans.ToArray());
|
var scans = await PluginService.BuildMalwareScans(defaultScans.ToArray());
|
||||||
|
|
|
@ -120,7 +120,7 @@ public class ServerService
|
||||||
|
|
||||||
if (result != null)
|
if (result != null)
|
||||||
{
|
{
|
||||||
Logger.Warn($"Found malware on server {server.Uuid}. Result: " + result.Title);
|
Logger.Warn($"Found malware on server {server.Uuid}. Result: " + result.Title, "security");
|
||||||
|
|
||||||
throw new DisplayException(
|
throw new DisplayException(
|
||||||
$"Unable to start server. Found following malware on this server: {result.Title}. Please contact the support if you think this detection is a false positive",
|
$"Unable to start server. Found following malware on this server: {result.Title}. Please contact the support if you think this detection is a false positive",
|
||||||
|
|
Loading…
Reference in a new issue