# WHMCS IP Blacklist Monitor



## Steven F (Nov 19, 2014)

Hey everyone! I'm developing a WHMCS IP blacklist monitor, which will be released for free. It's all very simple stuff, but I wanted to know what features you think I should include. What blacklists should be included? I currently have Spamhaus, but maybe there are others you'd like?


----------



## tonyg (Nov 19, 2014)

The ones I use for my monitoring script:

cbl.abuseat.org
bl.spamcop.net
dnsbl.sorbs.net
zen.spamhaus.org
b.barracudacentral.org


----------



## Steven F (Nov 19, 2014)

tonyg said:


> The ones I use for my monitoring script:
> 
> cbl.abuseat.org
> 
> ...


Alright, I'll definitely look into those. Thanks!


----------



## Ishaq (Nov 19, 2014)

I think this is a bad idea, many residential ISPs are listed on blacklists.

I'm listed on Spamhaus ZEN. And my previous IPs were even though I haven't done anything.

What would the module do if someone is on the blacklist?


----------



## AMDbuilder (Nov 19, 2014)

Ishaq said:


> I think this is a bad idea, many residential ISPs are listed on blacklists.
> 
> I'm listed on Spamhaus ZEN. And my previous IPs were even though I haven't done anything.
> 
> What would the module do if someone is on the blacklist?


Um... I think the goal is to monitor your servers...


----------



## Ishaq (Nov 19, 2014)

Oh, right. That makes sense.


----------



## rmlhhd (Nov 19, 2014)

Bad idea, reasons are mentioned about. Just use Maxmind or validate orders manually.


----------



## HostUS-Alexander (Nov 19, 2014)

I think what @Steven F is saying an IP monitor that monitors your VPS IP in blacklists, which is a very smart idea.


----------



## Steven F (Nov 19, 2014)

HostUS-Alexander said:


> I think what @Steven F is saying an IP monitor that monitors your VPS IP in blacklists, which is a very smart idea.


^I thought this was clear, but apparently not...


----------



## MartinD (Nov 19, 2014)

So..random question, what if the VPS has more than 1 IP and that's not recorded in WHMCS?


----------



## Steven F (Nov 19, 2014)

MartinD said:


> So..random question, what if the VPS has more than 1 IP and that's not recorded in WHMCS?


That's not part of what this module will do, at least initially.


----------



## MartinD (Nov 19, 2014)

Okay so...what is it supposed to be doing?


----------



## Steven F (Nov 19, 2014)

MartinD said:


> Okay so...what is it supposed to be doing?


It will integrate blacklist monitoring with your WHMCS. When a blacklist is detected it can: open a ticket with the client (or in a department of your choosing, privately), send you an e-mail, and will have functionality to allow for easy suspensions (however this functionality may not be provided initially. If people would like to let me test stuff out on their SolusVM or other APIs, I'll gladly work on it).

It will also display current blacklists and contain logs, so you can keep track of your blacklists. It's meant to be a simple add-on to help hosts prevent spam. It's nothing complicated and the only reason the code is more than a few lines is because it's being integrated with WHMCS.


----------



## Wintereise (Nov 19, 2014)

Why don't you just create an external daemon that can hook into the whmcs api to create tickets.

Have users specify CIDR ranges to scan and track, seems better than your current approach.


----------



## splitice (Nov 19, 2014)

Is a WHMCS module really needed?

Perhaps just run this script on a cron, create tickets using WHMCS api (or by emailing in using a spoofed email from) and use a small database to not repeated reports...


----------



## MartinD (Nov 20, 2014)

Steven F said:


> It will integrate blacklist monitoring with your WHMCS. When a blacklist is detected it can: open a ticket with the client (or in a department of your choosing, privately), send you an e-mail, and will have functionality to allow for easy suspensions (however this functionality may not be provided initially. If people would like to let me test stuff out on their SolusVM or other APIs, I'll gladly work on it).
> 
> 
> It will also display current blacklists and contain logs, so you can keep track of your blacklists. It's meant to be a simple add-on to help hosts prevent spam. It's nothing complicated and the only reason the code is more than a few lines is because it's being integrated with WHMCS.


Then surely my question still stands. It won't check all the ips, will it?


----------



## DomainBop (Nov 20, 2014)

> It will also display current blacklists and contain logs, so you can keep track of your blacklists. It's meant to be *a simple add-on to help hosts prevent spam.*


spammer spams > IP gets blacklisted > plugin kicks in after 7 million spam emails have been sent (or doesn't kick in at all if the IP isn't in WHMCS)


----------



## Steven F (Nov 20, 2014)

MartinD said:


> Then surely my question still stands. It won't check all the ips, will it?


It will check all of the IPs which you tell it to check.



Wintereise said:


> Why don't you just create an external daemon that can hook into the whmcs api to create tickets.
> 
> Have users specify CIDR ranges to scan and track, seems better than your current approach.


Because this ends up being much more simple for most users to handle.


----------



## Steven F (Nov 20, 2014)

splitice said:


> Is a WHMCS module really needed?
> 
> Perhaps just run this script on a cron, create tickets using WHMCS api (or by emailing in using a spoofed email from) and use a small database to not repeated reports...


I'm doing this for people that would like some simple integration with their WHMCS and some blacklist checking. It's not fancy and it shouldn't be your primary anti-spam defense. It just makes life a little easier for the people that use external blacklist monitoring. That's all it does. Maybe I'll extend some functionality to make it a little bit more involved, but again, it's not a first line of defense. It's just meant for some simple monitoring.

I do intend to include additional functionality to allow people to extend the plugin and make it a bit more involved, but I most likely will not be doing anything more than that (unless people would like a SolusVM/Virtualizor/whatever addition, in which case, I have no problem helping out).


----------



## MartinD (Nov 20, 2014)

Steven F said:


> It will check all of the IPs which you tell it to check.


Is it going to check the IP's in WHMCS that are against products/services or not?

If not, what's the point in involving WHMCS? If it is, then what about extra IP addresses?

This is like pulling teeth.


----------



## Steven F (Nov 20, 2014)

MartinD said:


> Is it going to check the IP's in WHMCS that are against products/services or not?
> 
> If not, what's the point in involving WHMCS? If it is, then what about extra IP addresses?
> 
> This is like pulling teeth.


I said it wouldn't. It would check only the IPs which you tell it to check. However, I do think that's a good idea and will add the functionality in an hour or two, when I wake up a bit.

http://puu.sh/cYrKu/f197ab65f0.png

http://puu.sh/cYrNz/b1234bfbd6.png

http://puu.sh/cYrOG/2c4a12f06a.png [There will be a second template file which will display the data a bit differently, should you choose to use it that will display as 127.0.0.0/24 and 0/256 dirty IPs (two columns instead of four)]

More screenshots later. Dirty IPs will be listed on a separate page. Logs will be kept of actions, which IPs were blacklisted and when, by which clients, et cetera.


----------



## Steven F (Nov 20, 2014)

http://puu.sh/cYwZZ/2ff4b997a1.png

Again, I'd appreciate any suggestions as I go.


----------



## SGC-Hosting (Nov 20, 2014)

Having this added into WHMCS would be great - since I spend a lot of time logged into it already, I'll no longer need to go anywhere else for it.  All I would want is just to add IP ranges for me to check and that's it.

If the source will be available, maybe I'll be able to find time to add many of the blacklists that mxtoolbox checks.


----------



## GIANT_CRAB (Nov 21, 2014)

Looks really great man!

Looking forward to the release of this


----------



## IntegralHost (Nov 23, 2014)

Best wishes Steven.


----------



## Steven F (Nov 24, 2014)

Running through the last few bits of the system. I wasn't able to work on it over the weekend, so here's to hoping it gets finished tonight.


----------

