Bug #4 (CRITICAL): ip_file variable was NEVER DEFINED in the SYN detection
while loop, but was used at lines 2717-2729 for threat intelligence bonuses.
Result: All threat intel bonus calculations read from undefined path ("")
which always returns default data "0|0|human||0|0", never reading actual data.
Impact: AbuseIPDB reputation bonuses (+30, +15, +5 points) never applied
because they always read empty/default data instead of actual ip_file data.
Fix: Define ip_file at line 2655 as: $TEMP_DIR/ip_${ip//./_}
This matches the pattern used in all other monitoring functions and provides
the path for individual IP tracking files used by threat intel bonuses.
Now threat intel bonuses work correctly:
- Read from correct ip_file path
- Get actual data for abuse_conf checks
- Apply proper reputation boost (+30 for high confidence, +15 for medium, etc)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
cschantz
8f61919361