V 0.3.4

🆕 Fix V 0.3.4

Json Files should not loose Data anymore when several write processes trying to write the json file at the same time.

    firewall-update.sh: Added FLOCK to lock json when writing
    block-ip.php: Added FLOCK to lock json when writing
    unblock-ip.php: Added FLOCK to lock json when writing

Author: SubleXBle

README.md

@@ -1,5 +1,5 @@
 # Fail2Ban-Report
-> Beta 3.3 | Version 0.3.3
+> Beta 3.4 | Version 0.3.4
 
 > A simple and clean web-based dashboard to turn your daily Fail2Ban logs into searchable and filterable JSON reports — with optional IP blocklist management for UFW.
 
@@ -78,6 +78,16 @@ It provides optional tools to:
 
 ---
 
+## 🆕 Fix V 0.3.4
+Json Files should not loose Data anymore when several write processes trying to write the json file at the same time.
+
+- `firewall-update.sh`: Added FLOCK to lock json when writing
+- `block-ip.php`: Added FLOCK to lock json when writing
+- `unblock-ip.php`: Added FLOCK to lock json when writing
+
+just copy those 3 Files to apply the hotfix.
+
+
 ## 🆕 What's New in V 0.3.3 (QoL Update)
 ### ⚠️ Warning System and Pending Status Indicators
 - 🚨 New [Warnings] section in .config to configure warning & critical thresholds (events per minute per jail) in format warning:critical (e.g: 20:50).
@@ -138,6 +148,7 @@ This is especially useful if you want to manually patch or update individual fil
 - ✅ **Blocklist Path on unblocking** fixed a possible bug that could lead to not finding the blocklist.json when unblocking from the Blocklist view.  
   → Hotfixed on 05.08.2025 at 13:10 (UTC+2) directly in latest
 - ✅ **Installer** should now ask if you want to delete and reclone repo when allready existing
+- ✅ **Added FLOCK** to lock json files to not loose data when several write processes write at the same time
 
 ---
 

changelog.md

@@ -1,5 +1,15 @@
 # changelog
 
+## Changes made for V 0.3.4 (Fix)
+
+Json Files should not loose Data anymore when several write processes trying to write the json file at the same time.
+
+- `firewall-update.sh`: Added FLOCK to lock json when writing
+- `block-ip.php`: Added FLOCK to lock json when writing
+- `unblock-ip.php`: Added FLOCK to lock json when writing
+
+
+
 ## Changes made for V 0.3.3 (QoL Update)
 
 - **Warning System and Pending Status Indicators**

firewall-update.sh

@@ -3,9 +3,9 @@
 set -euo pipefail
 
 # --- Configuration ---
-BLOCKLIST_DIR="/var/www/vhosts/suble.org/xbkupx/Fail2Ban-Report/archive"
-LOGFILE="/opt/Fail2Ban-Report/fail2ban_blocklist.log"
-LOGGING=false  # Set to true to enable logging
+BLOCKLIST_DIR="/path/to/web/archive"
+LOGFILE="/var/log/Fail2Ban-Report.log"
+LOGGING=true  # Set to true to enable logging
 
 # --- Set PATH ---
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
@@ -36,8 +36,18 @@ ufw status numbered | grep "DENY IN" | awk '{print $3}' > "$TMP_BLOCKED" || true
 for FILE in "$BLOCKLIST_DIR"/*.blocklist.json; do
   [ -e "$FILE" ] || continue  # skip if no files match
 
+  JAIL_NAME=$(basename "$FILE" .blocklist.json)
+  LOCKFILE="/tmp/${JAIL_NAME}.blocklist.lock"
+
   log "Processing blocklist: $FILE"
 
+  # === Acquire lock ===
+  exec {lock_fd}>"$LOCKFILE"
+  if ! flock -x "$lock_fd"; then
+    log "ERROR: Could not acquire lock for $JAIL_NAME"
+    continue
+  fi
+
   # Extract active and inactive IPs
   active_ips=$(jq -r '.[] | select(.active != false) | .ip' "$FILE")
   inactive_ips=$(jq -r '.[] | select(.active == false) | .ip' "$FILE")
@@ -48,9 +58,9 @@ for FILE in "$BLOCKLIST_DIR"/*.blocklist.json; do
       log "Blocking IP: $ip"
       if ufw deny from "$ip"; then
         log "Blocked $ip successfully, updating pending flag"
-        # Update pending to false for this IP in JSON
         tmp_file=$(mktemp)
-        jq --arg ip "$ip" 'map(if .ip == $ip then .pending = false else . end)' "$FILE" > "$tmp_file" && mv "$tmp_file" "$FILE"
+        jq --arg ip "$ip" 'map(if .ip == $ip then .pending = false else . end)' "$FILE" > "$tmp_file" \
+          && mv "$tmp_file" "$FILE"
       else
         log "Failed to block $ip via ufw"
       fi
@@ -59,7 +69,6 @@ for FILE in "$BLOCKLIST_DIR"/*.blocklist.json; do
 
   # Remove UFW rules for inactive IPs
   for ip in $inactive_ips; do
-    # Reverse order to avoid shifting rule numbers
     mapfile -t rules < <(ufw status numbered | grep "$ip" | grep "DENY IN" | tac)
     for rule in "${rules[@]}"; do
       rule_number=$(echo "$rule" | awk -F'[][]' '{print $2}')
@@ -75,6 +84,10 @@ for FILE in "$BLOCKLIST_DIR"/*.blocklist.json; do
   # Set ownership and permissions
   chown www-data:www-data "$FILE"
   chmod 644 "$FILE"
+
+  # === Release lock ===
+  flock -u "$lock_fd"
+  exec {lock_fd}>&-
 done
 
 log "All blocklists processed successfully."

includes/block-ip.php

@@ -37,18 +37,43 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
         }
 
         $jsonFile = dirname(__DIR__, 1) . "/archive/{$safeJail}.blocklist.json";
+        $lockFile = "/tmp/{$safeJail}.blocklist.lock"; // same lock file name as shell script
 
-        $data = [];
+        // Open lock file
+        $lockHandle = fopen($lockFile, 'c');
+        if (!$lockHandle) {
+            $results[] = [
+                'ip' => $ip,
+                'success' => false,
+                'message' => "Unable to open lock file for {$safeJail}.",
+                'type' => 'error'
+            ];
+            continue;
+        }
+
+        // Acquire exclusive lock
+        if (!flock($lockHandle, LOCK_EX)) {
+            fclose($lockHandle);
+            $results[] = [
+                'ip' => $ip,
+                'success' => false,
+                'message' => "Could not acquire lock for {$safeJail}.",
+                'type' => 'error'
+            ];
+            continue;
+        }
 
+        // Load existing JSON
+        $data = [];
         if (file_exists($jsonFile)) {
             $existing = file_get_contents($jsonFile);
             $data = json_decode($existing, true);
             if (!is_array($data)) {
-                $data = []; // fallback bei Dateibeschädigung
+                $data = []; // fallback if file is corrupted
             }
         }
 
-        // Prüfen, ob IP schon vorhanden und aktiv
+        // Check if IP already exists
         $found = false;
         foreach ($data as &$item) {
             if ($item['ip'] === $ip) {
@@ -57,6 +82,8 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
                     $item['active'] = true;
                     $item['lastModified'] = date('c');
                     if (file_put_contents($jsonFile, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)) === false) {
+                        flock($lockHandle, LOCK_UN);
+                        fclose($lockHandle);
                         $results[] = [
                             'ip' => $ip,
                             'success' => false,
@@ -65,6 +92,8 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
                         ];
                         continue 2;
                     }
+                    flock($lockHandle, LOCK_UN);
+                    fclose($lockHandle);
                     $results[] = [
                         'ip' => $ip,
                         'success' => true,
@@ -73,6 +102,8 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
                     ];
                     continue 2;
                 } else {
+                    flock($lockHandle, LOCK_UN);
+                    fclose($lockHandle);
                     $results[] = [
                         'ip' => $ip,
                         'success' => true,
@@ -85,7 +116,7 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
         }
         unset($item);
 
-        // Neu hinzufügen
+        // Add new entry if not found
         if (!$found) {
             $entry = [
                 'ip' => $ip,
@@ -102,6 +133,8 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
             $data[] = $entry;
 
             if (file_put_contents($jsonFile, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)) === false) {
+                flock($lockHandle, LOCK_UN);
+                fclose($lockHandle);
                 $results[] = [
                     'ip' => $ip,
                     'success' => false,
@@ -110,6 +143,9 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
                 ];
                 continue;
             }
+
+            flock($lockHandle, LOCK_UN);
+            fclose($lockHandle);
             $results[] = [
                 'ip' => $ip,
                 'success' => true,
@@ -119,7 +155,7 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
         }
     }
 
-    // Bei nur einem Ergebnis flach zurückgeben
+    // Flatten result if only one entry
     if (count($results) === 1) {
         return $results[0];
     }

includes/header.php

@@ -29,7 +29,7 @@
   <div>
     <h1>Fail2Ban-Report</h1>
     <h2>Let's catch the bad guys!</h2>
-    <div><span title="Beta 3.3"><small>Version : 0.3.3</small></span></div>
+    <div><span title="Beta 3.4"><small>Version : 0.3.4</small></span></div>
   </div>