I put a script on the site that will check with stopforumspam for every page request, thanks to their DNSBL. I'm hoping this will both cut down on bandwidth and spambot registrations.

An example of a bad request: http://omnimaga.org/?testblock&ip=109.230.251.45

The requests are cached on my DNS server after the first request, so user impact should be minimal at worst.

Here's the script I'm using:

<?PHP
session_name("dnsbl");
session_start();
$publicKey = "<Recaptcha public key>";
$privateKey = "<Recaptcha private key>";
$whitelist = array();
$checkIP = (isset($_GET['ip']) && isset($_GET['testblock'])?$_GET['ip']:$_SERVER['REMOTE_HOST']);
$ip = explode(".",$checkIP);
$dnsRequest = "$ip[3].$ip[2].$ip[1].$ip[0].dnsbl.tornevall.org";
$requestResult = gethostbyname($dnsRequest);
$isBlocked = ($requestResult!=$dnsRequest);

if (isset($_GET['captcha']))
{
$array_postvars = array();
$array_postvars[] = 'privatekey=' . $privateKey;
$array_postvars[] = 'remoteip=' . $_SERVER['REMOTE_HOST'];
$array_postvars[] = 'challenge=' . $_POST['recaptcha_challenge_field'];
$array_postvars[] = 'response=' . $_POST['recaptcha_response_field'];

$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, implode('&', $array_postvars));
curl_setopt($ch, CURLOPT_URL, "http://www.google.com/recaptcha/api/verify");
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$result = curl_exec($ch);
$error = curl_error($ch);
unset($_SESSION['recaptcha']);
if ($result == "true\nsuccess")
$_SESSION['recaptcha'] = true;

header("location: index.php");
}

if (($isBlocked || isset($_GET['testblock'])) && !in_array($checkIP,$whitelist) && !isset($_SESSION['recaptcha']))
{
header('HTTP/1.0 403 Forbidden');
$file = file_get_contents("blocked_hosts.txt");
$file .= "\n[" . date("r") . "] Blocked: $checkIP " . ($isBlocked?"Block":"Test");
file_put_contents("blocked_hosts.txt",$file);
$errorCode = explode(".",$requestResult);
$errorCode = intval($errorCode[3]);
echo "<html>
<head>
<title>Blocked</title>
</head>
<body>
Apologies, but your IP ($checkIP) is blacklisted as a spammer. <span style=\"color:#F00\">You have not been banned from Omnimaga</span>. If you believe this is in error, please e-mail
<a href=\"http://www.google.com/recaptcha/mailhide/d?k=01zMDC5OWSs7zbYNzHfWcbLg==&amp;c=xOphTe00o_PsF0UW3DYNxgM6oLOdZ92RuAQvVkgZqQM=\" onclick=\"window.open('http://www.google.com/recaptcha/mailhide/d?k\\07501zMDC5OWSs7zbYNzHfWcbLg\\75\\75\\46c\\75xOphTe00o_PsF0UW3DYNxgM6oLOdZ92RuAQvVkgZqQM\\075', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">[email protected]</a>
for help. Please remember to include your IP, $checkIP, in the message. This site is using the DNSBL provided by http://dnsbl.tornevall.org/
<br/>Code received: $errorCode<br/>Blocked for:<br/><ul>";
if ($errorCode & 1) echo "<li>Proxy has been scanned</li>";
if ($errorCode & 2) echo "<li>Proxy is working</li>";
if ($errorCode & 8) echo "<li>Proxy was tested, but timed out on connection</li>";
if ($errorCode & 16) echo "<li>Proxy was tested, but failed at connection</li>";
if ($errorCode & 32) echo "<li>Proxy was tested but the IP was different to the one connected at (Including TOR)</li>";
if ($errorCode & 64) echo "<li>IP marked as \"abusive host\". Primary target is web-form spamming (includes dnsbl_remote)</li>";
if ($errorCode & 128) echo "<li>Proxy has a different anonymous-state (web-based proxies, like anonymouse, etc)</li>";
echo "</ul><a href=\"http://dnsbl.tornevall.org/index.php?do=usage\">Please see the DNSBL for more information on the error codes</a>";
echo '<br/>You may solve the following captcha to access the site:
<form action="dnsbl.php?captcha" method="POST">
  <script type="text/javascript"
     src="http://www.google.com/recaptcha/api/challenge?k='.$publicKey.'">
  </script>
  <noscript>
     <iframe src="http://www.google.com/recaptcha/api/noscript?k='.$publicKey.'"
         height="300" width="500" frameborder="0"></iframe><br>
     <textarea name="recaptcha_challenge_field" rows="3" cols="40">
     </textarea>
     <input type="hidden" name="recaptcha_response_field"
         value="manual_challenge">
  </noscript>
</form>
</body></html>';
die();
}
if (isset($_GET['clearSession']))
{
session_destroy();
}
?>

If anyone has any issues with this, please let me know.

The e-mail code was generated by this (Thanks Juju)
The DNSBL is provided by dnsbl.tornevall.org, and is based off of stopforumspam's blocklist.

If you want to use the script, just put

<?PHP include("dnsbl.php") ?>

at the top of whatever script you wish to protect.

Edit: Added recaptcha support to it.

I'm putting my faith into gmail's spam filter, heh.

Also, updated the script in the first post (I added logging).

Yea. I put the captcha on it, though. Updated the first post too.

Sweet, hopefully it helps. I've noticed there are a ton more spambots then usual these days.

EDIT: I think it broke the ajax though for loading quick reply, quotes etc.

Fixed. I did a stupid.

I was accidentally returning 403 Forbidden for all requests, not just those that are blocked. AJAX is reliant on the correct codes being returned.

That's after like 2 hours.

Edit: By the time I posted this, it was up to 350.

I'll wipe it before it does.


I just updated the script in the first post to have more in-depth error responses, and I updated the test link to a link that'll use them.

If their server is down then the dns check will fail, and they'll be allowed to access the site.