Author Topic: Stopforumspam dnsbl  (Read 7321 times)

0 Members and 1 Guest are viewing this topic.

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Stopforumspam dnsbl
« on: March 30, 2012, 01:54:32 pm »
I put a script on the site that will check with stopforumspam for every page request, thanks to their DNSBL. I'm hoping this will both cut down on bandwidth and spambot registrations.

An example of a bad request: http://omnimaga.org/?testblock&ip=109.230.251.45

The requests are cached on my DNS server after the first request, so user impact should be minimal at worst.

Here's the script I'm using:

Code: [Select]
<?PHP
session_name("dnsbl");
session_start();
$publicKey = "<Recaptcha public key>";
$privateKey = "<Recaptcha private key>";
$whitelist = array();
$checkIP = (isset($_GET['ip']) && isset($_GET['testblock'])?$_GET['ip']:$_SERVER['REMOTE_HOST']);
$ip = explode(".",$checkIP);
$dnsRequest = "$ip[3].$ip[2].$ip[1].$ip[0].dnsbl.tornevall.org";
$requestResult = gethostbyname($dnsRequest);
$isBlocked = ($requestResult!=$dnsRequest);

if (isset($_GET['captcha']))
{
$array_postvars = array();
$array_postvars[] = 'privatekey=' . $privateKey;
$array_postvars[] = 'remoteip=' . $_SERVER['REMOTE_HOST'];
$array_postvars[] = 'challenge=' . $_POST['recaptcha_challenge_field'];
$array_postvars[] = 'response=' . $_POST['recaptcha_response_field'];

$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, implode('&', $array_postvars));
curl_setopt($ch, CURLOPT_URL, "http://www.google.com/recaptcha/api/verify");
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$result = curl_exec($ch);
$error = curl_error($ch);
unset($_SESSION['recaptcha']);
if ($result == "true\nsuccess")
$_SESSION['recaptcha'] = true;

header("location: index.php");
}

if (($isBlocked || isset($_GET['testblock'])) && !in_array($checkIP,$whitelist) && !isset($_SESSION['recaptcha']))
{
header('HTTP/1.0 403 Forbidden');
$file = file_get_contents("blocked_hosts.txt");
$file .= "\n[" . date("r") . "] Blocked: $checkIP " . ($isBlocked?"Block":"Test");
file_put_contents("blocked_hosts.txt",$file);
$errorCode = explode(".",$requestResult);
$errorCode = intval($errorCode[3]);
echo "<html>
<head>
<title>Blocked</title>
</head>
<body>
Apologies, but your IP ($checkIP) is blacklisted as a spammer. <span style=\"color:#F00\">You have not been banned from Omnimaga</span>. If you believe this is in error, please e-mail
<a href=\"http://www.google.com/recaptcha/mailhide/d?k=01zMDC5OWSs7zbYNzHfWcbLg==&amp;c=xOphTe00o_PsF0UW3DYNxgM6oLOdZ92RuAQvVkgZqQM=\" onclick=\"window.open('http://www.google.com/recaptcha/mailhide/d?k\\07501zMDC5OWSs7zbYNzHfWcbLg\\75\\75\\46c\\75xOphTe00o_PsF0UW3DYNxgM6oLOdZ92RuAQvVkgZqQM\\075', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">[email protected]</a>
for help. Please remember to include your IP, $checkIP, in the message. This site is using the DNSBL provided by http://dnsbl.tornevall.org/
<br/>Code received: $errorCode<br/>Blocked for:<br/><ul>";
if ($errorCode & 1) echo "<li>Proxy has been scanned</li>";
if ($errorCode & 2) echo "<li>Proxy is working</li>";
if ($errorCode & 8) echo "<li>Proxy was tested, but timed out on connection</li>";
if ($errorCode & 16) echo "<li>Proxy was tested, but failed at connection</li>";
if ($errorCode & 32) echo "<li>Proxy was tested but the IP was different to the one connected at (Including TOR)</li>";
if ($errorCode & 64) echo "<li>IP marked as \"abusive host\". Primary target is web-form spamming (includes dnsbl_remote)</li>";
if ($errorCode & 128) echo "<li>Proxy has a different anonymous-state (web-based proxies, like anonymouse, etc)</li>";
echo "</ul><a href=\"http://dnsbl.tornevall.org/index.php?do=usage\">Please see the DNSBL for more information on the error codes</a>";
echo '<br/>You may solve the following captcha to access the site:
<form action="dnsbl.php?captcha" method="POST">
  <script type="text/javascript"
     src="http://www.google.com/recaptcha/api/challenge?k='.$publicKey.'">
  </script>
  <noscript>
     <iframe src="http://www.google.com/recaptcha/api/noscript?k='.$publicKey.'"
         height="300" width="500" frameborder="0"></iframe><br>
     <textarea name="recaptcha_challenge_field" rows="3" cols="40">
     </textarea>
     <input type="hidden" name="recaptcha_response_field"
         value="manual_challenge">
  </noscript>
</form>
</body></html>';
die();
}
if (isset($_GET['clearSession']))
{
session_destroy();
}
?>

If anyone has any issues with this, please let me know.

The e-mail code was generated by this (Thanks Juju)
The DNSBL is provided by dnsbl.tornevall.org, and is based off of stopforumspam's blocklist.

If you want to use the script, just put

Code: [Select]
<?PHP include("dnsbl.php") ?>

at the top of whatever script you wish to protect.

Edit: Added recaptcha support to it.
« Last Edit: March 30, 2012, 11:44:54 pm by Netham45 »
Omnimaga Admin

Offline Juju

  • Incredibly sexy mare
  • Coder Of Tomorrow
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 5730
  • Rating: +500/-19
  • Weird programmer
    • View Profile
    • juju2143's shed
Re: Stopforumspam dnsbl
« Reply #1 on: March 30, 2012, 02:04:45 pm »
Great! :D

You might want to hide your email with this though, in case.
« Last Edit: March 30, 2012, 02:06:36 pm by Juju »

Remember the day the walrus started to fly...

I finally cleared my sig after 4 years you're happy now?
THEGAME
This signature is ridiculously large you've been warned.

The cute mare that used to be in my avatar is Yuki Kagayaki, you can follow her on Facebook and Tumblr.

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: Stopforumspam dnsbl
« Reply #2 on: March 30, 2012, 02:10:03 pm »
I'm putting my faith into gmail's spam filter, heh.

Also, updated the script in the first post (I added logging).
Omnimaga Admin

Offline Juju

  • Incredibly sexy mare
  • Coder Of Tomorrow
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 5730
  • Rating: +500/-19
  • Weird programmer
    • View Profile
    • juju2143's shed
Re: Stopforumspam dnsbl
« Reply #3 on: March 30, 2012, 02:14:33 pm »
Yeah, I agree, Gmail's spam filter is kinda great. At least, it does a good job for me.

Remember the day the walrus started to fly...

I finally cleared my sig after 4 years you're happy now?
THEGAME
This signature is ridiculously large you've been warned.

The cute mare that used to be in my avatar is Yuki Kagayaki, you can follow her on Facebook and Tumblr.

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: Stopforumspam dnsbl
« Reply #4 on: March 30, 2012, 02:17:46 pm »
Yea. I put the captcha on it, though. Updated the first post too.
Omnimaga Admin

Offline Eeems

  • Mr. Dictator
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 6268
  • Rating: +318/-36
  • little oof
    • View Profile
    • Eeems
Re: Stopforumspam dnsbl
« Reply #5 on: March 30, 2012, 02:21:39 pm »
Sweet, hopefully it helps. I've noticed there are a ton more spambots then usual these days.

EDIT: I think it broke the ajax though for loading quick reply, quotes etc.
« Last Edit: March 30, 2012, 02:26:21 pm by Eeems »
/e

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: Stopforumspam dnsbl
« Reply #6 on: March 30, 2012, 02:28:02 pm »
Sweet, hopefully it helps. I've noticed there are a ton more spambots then usual these days.

EDIT: I think it broke the ajax though for loading quick reply, quotes etc.

Fixed. I did a stupid.
« Last Edit: March 30, 2012, 02:29:53 pm by Netham45 »
Omnimaga Admin

Offline Eeems

  • Mr. Dictator
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 6268
  • Rating: +318/-36
  • little oof
    • View Profile
    • Eeems
Re: Stopforumspam dnsbl
« Reply #7 on: March 30, 2012, 02:29:00 pm »
Thanks :P
What was the stupid if I may ask?
/e

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: Stopforumspam dnsbl
« Reply #8 on: March 30, 2012, 02:29:46 pm »
I was accidentally returning 403 Forbidden for all requests, not just those that are blocked. AJAX is reliant on the correct codes being returned.
« Last Edit: March 30, 2012, 02:31:38 pm by Netham45 »
Omnimaga Admin

Offline Eeems

  • Mr. Dictator
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 6268
  • Rating: +318/-36
  • little oof
    • View Profile
    • Eeems
Re: Stopforumspam dnsbl
« Reply #9 on: March 30, 2012, 02:34:19 pm »
Ah ok, makes sense. Glad it was an easy fix :P
/e

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: Stopforumspam dnsbl
« Reply #10 on: March 30, 2012, 03:23:00 pm »


That's after like 2 hours.

Edit: By the time I posted this, it was up to 350.
« Last Edit: March 30, 2012, 03:24:08 pm by Netham45 »
Omnimaga Admin

Offline Juju

  • Incredibly sexy mare
  • Coder Of Tomorrow
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 5730
  • Rating: +500/-19
  • Weird programmer
    • View Profile
    • juju2143's shed
Re: Stopforumspam dnsbl
« Reply #11 on: March 30, 2012, 03:48:53 pm »
inb4 that file fills up your HD... Hope not.

Remember the day the walrus started to fly...

I finally cleared my sig after 4 years you're happy now?
THEGAME
This signature is ridiculously large you've been warned.

The cute mare that used to be in my avatar is Yuki Kagayaki, you can follow her on Facebook and Tumblr.

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: Stopforumspam dnsbl
« Reply #12 on: March 30, 2012, 03:56:02 pm »
I'll wipe it before it does. :P


I just updated the script in the first post to have more in-depth error responses, and I updated the test link to a link that'll use them.
Omnimaga Admin

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: Stopforumspam dnsbl
« Reply #13 on: March 30, 2012, 03:59:28 pm »
What will happen when Stopforumspam server is down? Will this cause Omnimaga to be down for everyone in the process? That's my main worry about this script. Could you make it so when the SFS server is down, that anyone can access Omni fine? We might still get a few bots, but at least it would not be as bad.

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: Stopforumspam dnsbl
« Reply #14 on: March 30, 2012, 04:00:06 pm »
If their server is down then the dns check will fail, and they'll be allowed to access the site.
Omnimaga Admin