check subnet RBL listing?

Discussion in 'Coding, Scripting & Programming' started by GIANT_CRAB, Mar 14, 2014.

Tags:
  1. GIANT_CRAB

    GIANT_CRAB New Member

    525
    270
    May 21, 2013
    Hello,

    I know its possible to check IP addresses against RBLs individually through PHP scripts. (using checkdnsrr against the RBLs)

    I was thinking of using a method to list all the IP in the range of the subnet but its a bit of a headache and will cause quite some overhead.

    Does anyone here have any easy method of doing this in PHP?

    Thanks.
     
  2. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Which RBLs?   I am interested in such a concept... Might cobble something...
     
  3. jarland

    jarland The ocean is digital

    873
    562
    Apr 4, 2013
    It's theoretically stupid easy, as it's easy to check RBL status of an IP via CLI, and yet the logic loses me as I try to plan out a script to check subnets against RBLs. Any script I've found that was pre made to do it fails.
     
    Last edited by a moderator: Mar 14, 2014
  4. qrwteyrutiyoup

    qrwteyrutiyoup Member

    75
    24
    Mar 9, 2014
    How do they fail? And what is their approach, e.g. do they just check every IP in the given subnet?
     
  5. GIANT_CRAB

    GIANT_CRAB New Member

    525
    270
    May 21, 2013
    Well, the script must allow the user to configure the RBLs to lookup.

    There's a perl script I saw that works but it isn't in PHP. - http://search.cpan.org/~luismunoz/Mail-Abuse/bin/scan
     
  6. jarland

    jarland The ocean is digital

    873
    562
    Apr 4, 2013
    Here's the one that I recall specifically: https://github.com/DjinnS/check-rbl
     
  7. GIANT_CRAB

    GIANT_CRAB New Member

    525
    270
    May 21, 2013
    That only checks a single IP address and its a complete fail.

    Why does it even exist on Github.
     
  8. Wintereise

    Wintereise New Member

    241
    159
    May 16, 2013
    You could use something like this to convert from CIDR to an array of singular addresses, and then call whatever functions that one is calling to check, you know.


    class networkManagement
    {
    private $cidr = null;

    public function __construct ($cidr)
    {
    $this->cidr = $cidr;
    }

    public function getList ()
    {
    $arr = explode('/', $this->cidr);
    $binary = '';
    for ($i = 0; $i <= 32; $i++)
    {
    $binary .= $arr[1] >= $i ? '1' : '0';
    }
    $arr[1] = bindec($binary);
    $ip = ip2long($arr[0]);
    $netmask = ip2long(($arr[1]));
    $network = ($ip & $netmask);
    $broadcast = $network | (~$netmask);
    $returnValue = array();
    $returnValue['hosts'] = ($broadcast - $network - 1);
    $returnValue['begin'] = long2ip($network + 1);
    $returnValue['end'] = long2ip($broadcast - 1);
    $returnValue['list'] = array();
    $returnValue['nibble'] = null; //implementation not included
    $returnValue['reverse'] = null; //implementation not included
    for ($i = 1; ($network + $i) <= ($broadcast - 1); $i++)
    {
    $returnValue['list'][$i] = long2ip($network + $i);
    //$temp = $this->convertIPToNibbleFormat($returnValue['list'][$i], 'ipv4');
    //$returnValue['nibble'][$i] = $temp['val'];
    //$returnValue['reverse'][$i] = $temp['host'];
    }
    return $returnValue;
    }
    }

    We use this thing to autogen reverse entries for CIDR blocks, has a lot more useful functions -- but only the relevant one quoted.
     
    Last edited by a moderator: Mar 14, 2014
    qrwteyrutiyoup and GIANT_CRAB like this.
  9. Andrei @ Ghesi

    Andrei @ Ghesi New Member Verified Provider

    3
    0
    Jan 9, 2014
    here is a perl script I wrote to check hundred/thousand of ip's, is not perfect but it does what I want

    Code:
    #!/usr/bin/perl
    
    use Net::DNS;
    use IPC::System::Simple qw(capture);
    use Mail::Sendmail;
    use POSIX qw(strftime);
    
    my $IPclass1 = "xx.xx.xx.";  my $IPclass4 = "xx.xx.xx.";
    my $date = strftime "%d/%m/%Y", localtime;
    my @range = (2 .. 254);
    my @allIPs = ();
    
    my %list = (
            'b.barracudacentral.org' => 'http://barracudacentral.org/rbl',
            'dnsbl.ahbl.org' => 'http://www.ahbl.org/',
            'cblplus.anti-spam.org.cn' => 'http://www.anti-spam.org.cn/CID/17',
            'ips.backscatterer.org' => 'http://www.backscatterer.org/',
            'cbl.abuseat.org' => 'http://cbl.abuseat.org/',
            'rbl.abuse.ro' => 'http://www.abuse.ro',
            'uribl.abuse.ro' => 'http://www.abuse.ro',
            'bl.spamcop.net' => 'http://spamcop.net/bl.shtml',
            'zen.spamhaus.org' => 'http://www.spamhaus.org/zen/index.lasso',
            'dnsbl-2.uceprotect.net' => 'http://www.uceprotect.net/',
            'dnsbl-3.uceprotect.net' => 'http://www.uceprotect.net/',
            'sbl.spamhaus.org' => 'www.spamhaus.org/sbl/index.lasso',
            'xbl.spamhaus.org' => 'www.spamhaus.org/xbl',
            'dnsbl-1.uceprotect.net' => 'http://www.uceprotect.net/',
            'dnsbl.sorbs.net' => 'http://www.sorbs.net/',
            'bl.mailspike.net' => 'http://mailspike.org'
            );
    
    for my $ip(@range) {
            push (@allIPs, "$IPclass1$ip");
            push (@allIPs, "$IPclass4$ip");
    }
    
    @bundetrimis = ();
    
    foreach $dick(@allIPs){
    $ip = join(".", reverse(split(/\./,"$dick")));
    foreach $line (keys %list) {
    
            $host = "$ip.$line";
            $res = Net::DNS::Resolver->new;
            $query = $res->search("$host");
    
            if($query) {
                    foreach $rr ($query->answer) {
                            next unless $rr->type eq "A";
                    }
                    push(@bundetrimis, "$dick is listed in $line.\n");
                    }       else {}
    
            }
    }
    
    
    
    my @gatadetrimis = ();
    foreach (@bundetrimis) {
        push @gatadetrimis, $_ if $_ ne '';
    }
    
    
    #send mail
    my %mail = ( To      => '[email protected]',
                 From    => '[email protected]',
                 Message => "
    Listed ip on $date\n\n
    
    @gatadetrimis\n\n_____________________\nHave a nice day.
    
                            ",
    
                 Subject => "Blocked IP's in RBL"
             );
    sendmail(%mail) or die $Mail::Sendmail::error;
    
    
     
  10. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
    No use strict;?
     
  11. Andrei @ Ghesi

    Andrei @ Ghesi New Member Verified Provider

    3
    0
    Jan 9, 2014
    no no :)

    as I said, is not perfect but it does what I want
     
  12. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
    Eh, use strict; isn't related to what your script does - it's something you should be using regardless of what you write.
     
  13. fisle

    fisle Active Member

    151
    71
    May 16, 2013
    Then shouldn't it be enabled by default?
     
  14. AThomasHowe

    AThomasHowe New Member

    190
    49
    Jun 3, 2014
    If you want to break thousands of legacy scripts sure...
     
  15. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
    Backward compatibility.  Perl4 didn't have an enable-able strict in this manner.  There are also tons of situations where someone just needs to run a quick bit of perl on commandline (like when I corrected Rallias' horrid regex the other day using perl -ne), where strict is not necessary.
     
    fisle likes this.
  16. Jonathan

    Jonathan Woohoo Administrator Verified Provider

    389
    196
    May 27, 2013
    jonspw
    I've got a PHP script I wrote a few months back which will accept a CIDR format, convert it out properly then scan each address in it against a list of RBLs.  Is this what you're looking for?
     
  17. uniweb

    uniweb New Member

    12
    0
    Dec 21, 2014
  18. splitice

    splitice Just a little bit crazy... Verified Provider

    550
    252
    Jun 16, 2013
    perennate likes this.