开发者

Should I use a DNSBL to check web traffic to block spammers?

开发者 https://www.devze.com 2023-01-27 11:39 出处:网络
Rather than solely fighting off spam with CAPTCHAs and spam comment checkers - is it a good idea to check each request against a DNSBL and block the user if they are using a bad IP?

Rather than solely fighting off spam with CAPTCHAs and spam comment checkers - is it a good idea to check each request against a DNSBL and block the user if they are using a bad IP?

$blacklists = array('web.sorbs.net', 'opm.tornevall.org');
$parts  = explode('.', $_SERVER['REMOTE_ADDR']);
$ip  = implode('.', array_reverse($parts)) . '.';
foreach($blacklists as $bl)
{
    $check = $ip . $bl;
    if ($check != gethostbyname($check))
    {
        error_log('PHP Security: [DNSBL] - ' . $_SERVER['REMOTE_ADDR'] . ' - ' .开发者_运维百科 $bl);
        die('Put a detailed error here so the client knows why they have been blocked');
    }
}

It seems like the only problems would be over-zealous IP blocking of good users by the DNSBL or the large cost of making a DNS lookup each request.


The lookup you're doing there is by the way not enough, you should consider using something like the code below instead. Besides, this code also supports the kind of ipv6-resolving that dnsbl.tornevall.org is supporting.

function rblresolve ($ip = '', $rbldomain = '')
{
   if (!$ip) {return false;}                       // No data should return nothing
   if (!$rbldomain) {return false;}        // No rbl = ignore

   // New ipv6-compatible function
   $returnthis = (long2ip(ip2long($ip)) != "0.0.0.0" ? explode('.', gethostbyname(implode('.', array_reverse(explode('.', $ip))) . '.' . $rbldomain)) : explode(".", gethostbyname(v6arpa($ip) . "." . $rbldomain)));
   // 127-bug-checking
   if (implode(".", $returnthis) != (long2ip(ip2long($ip)) != "0.0.0.0" ? implode('.', array_reverse(explode('.', $ip))) . '.' . $rbldomain : v6arpa($ip) . "." . $rbldomain)) {return $returnthis;} else {return false;}
}
function v6arpa($ip)
{
   $unpack = unpack('H*hex', inet_pton($ip));
   $hex = $unpack['hex'];
   return implode('', array_reverse(str_split($hex)));
}


This might help, but you will have to take two things into consideration: False Positives and False Negatives.

DNSBLs tend to have quite a few of both. False Positives that hit innocent users, and False Negatives that will miss good chunks of botnets. The best solution I have found for dealing with spam online is to use CAPTCHAs.

0

精彩评论

暂无评论...
验证码 换一张
取 消