# Which tools to use to detect scam on the server IP?



## ICPH (Mar 11, 2016)

Hello,


please which online tools or Linux tools/scripts to use when i know only IP address of the server and want to discover if this IP doing any bad activity like spam, fraud, phishing, attacks?


So far i know these tools:


http://www.blacklistalert.org/ - SPAM
http://support.clean-mx.de/clean-mx/portals.php - spamvertising/defacedURLs
http://support.clean-mx.de/clean-mx/viruses.php - virus/malware hosted


above mentioned all allows to get result when i input IP. Please can you share online tools or Linux tools/scripts URLs which can help detecting bad activity while knowing IP only?


----------



## SaadIsmail (Mar 13, 2016)

All you need: http://mxtoolbox.com/blacklists.aspx


----------



## ICPH (Mar 14, 2016)

SaadIsmail said:


> All you need: http://mxtoolbox.com/blacklists.aspx



thx, its indeed good, but i would like to check around 15 IPs and im unable to fetch results from Linux command Line using wget, curl, lynx. Even i use URL equiped with IP (the one seen on results page), It shows the page without results. Please any more ideas where i can extract status via Linux command?


----------



## Jive (Mar 26, 2016)

ICPH said:


> thx, its indeed good, but i would like to check around 15 IPs and im unable to fetch results from Linux command Line using wget, curl, lynx. Even i use URL equiped with IP (the one seen on results page), It shows the page without results. Please any more ideas where i can extract status via Linux command?



You could probably script something that works similarly to mx toolbox and is command line friendly. Give the script a list of the IP addresses you care about, loop through and use the _dig_ command do a DNS lookup for each of the major DNSBLs from mx toolbox.


I'm most of the way through building and android app that does this and some other stuff to monitor a few machines I look after - the implementation wasn't too hard. It would be cool if you could make it a cron job and have it email you results/run it at will from the command line though.


There is a shell script at the link below that does most of the hard work, all you'd need to do is add the ability to loop through a list of IP addresses, and maybe have it only output blacklists that it finds the IP address listed in  (ie no output means all is well, and cron won't send you an email about it)


http://daemonforums.org/showthread.php?t=302


-- Edit: I added looping to the mentioned script and put it on github. If anyone has any suggestions on how to better achieve this let me know/send a PR 


https://github.com/texh/bash-dnsbl-check


----------



## kunnu (Apr 4, 2016)

Subscribe to most of anti-spam network sites who will notify you like Spamcop type site. Other option is monitor your mail server and use anti-spam tool to detect spamming. There is many options are available for control panel like cPanel, DirectAdmin, SiteWorx, etc.


----------

