Krysti.Engineer Official Chat
You are viewing an inferior version of the site because your browser does not support WebP. Do upgrade to something like Chrome or Firefox. Loading websites like this causes them to require a fallback set of images and they are almost always lower quality and larger in size.

Using PEAR's DNSBL To Stop Spam & Misbehaving Users

IPs that belong to TOR, VPNs and other services often are abused so users can bypass the original bans you set on them some time ago. Much the same with spam ranges, even sometimes the same ranges when it comes down to TOR connection attempts.
2022-07-19T:00:00:00+00:00 July 19 2022 00:00:00

pear install Net_DNSBL

This will facilitate how we make requests to DNSBL databases. You will need the php-pear package installed from your repository.

<?php
require_once('Net/DNSBL.php');
class K_DNSBL {
	private $dnsbl_details;
	public $dnsbl_list;
	private $info = array();
	var $dnsbl;
	function __construct($addr) {
		$this->info['ipaddr'] = $addr;
	}
	function is_Blocked() {
		if(!isset($this->dnsbl)) {
			$chk_dnsbl = new Net_DNSBL();
			$chk_dnsbl->setBlacklists(array('torexit.dan.me.uk','dnsbl-1.uceprotect.net','proxies.dnsbl.sorbs.net','dnsbl.dronebl.org'));
			if ($chk_dnsbl->isListed($this->info['ipaddr'])) {
				$this->dnsbl_details = $chk_dnsbl->getDetails($this->info['ipaddr']);
				$this->dnsbl_list = $chk_dnsbl->getListingBl($this->info['ipaddr']);
				$this->dnsbl = 1;
			} else {
				$this->dnsbl = 0;
			}
			return $this->dnsbl;
		}
	}
	function get_DNSBL() {
		return $this->dnsbl_details;
	}
}
$chk_bl = new K_DNSBL($_SERVER['REMOTE_ADDR']);
echo "Blocked: ". $chk_bl->is_Blocked(). "
"; echo "Details: ". print_r($chk_bl->get_DNSBL(),true); ?>
This PHP class will allow you to return whether an IP matches one of the provided DNSBL databases. Keep in mind that if you modify these lists I've added myself (and have used for a long time) that you do NOT need to add multiple TOR exitnode DNSBL databases. The exitnode list is public and it would be redundant to have more checking. Keep only one for TOR. With that, you can look up the exit node list and test this code by adding one of the IPs to that '$chk_bl' K_DNSBL parameter calling for '$_SERVER['REMOTE_ADDR']'.
Expanding this project and the UDP to IRC bot is pretty easy as well and you can keep an eye on what comes through with your DNSBL implementation. I don't recommend implementing this or any DNSBL methods as a per visitor situation. You don't want the latency in that function of your site. Use it for things that add data (comments, forums) or login to things, sensitive data access, etc. If people want to use TOR or something to READ the site, fine. If they want to add data people should understand why these posts are denied. Explain it well in a returned message to the user about why you block these things.

Contact Krysti

@itskrystibitch Twitter Photo
Twitter:
@KrystiOnline
Facebook:
@KrystiOnline
IRC:
Official Chat
Direct.Me:
@Krysti
Ko-fi:
@Krysti
Photos:
Virtual Krysti
E-Mail / Notify of errors:
coder [@] krysti.engineer
Please be patient contacting me, I don't really check much of social media or anything. If you use the IRC be sure to stick around because that's how IRC works, silly. :P