check subnet RBL listing?

GIANT_CRAB · Mar 14, 2014

Hello,

I know its possible to check IP addresses against RBLs individually through PHP scripts. (using checkdnsrr against the RBLs)

I was thinking of using a method to list all the IP in the range of the subnet but its a bit of a headache and will cause quite some overhead.

Does anyone here have any easy method of doing this in PHP?

Thanks.

drmike · Mar 14, 2014

Which RBLs? I am interested in such a concept... Might cobble something...

jarland · Mar 14, 2014

It's theoretically stupid easy, as it's easy to check RBL status of an IP via CLI, and yet the logic loses me as I try to plan out a script to check subnets against RBLs. Any script I've found that was pre made to do it fails.

qrwteyrutiyoup · Mar 14, 2014

jarland said:
It's theoretically stupid easy, as it's easy to check RBL status of an IP via CLI, and yet the logic loses me as I try to plan out a script to check subnets against RBLs. Any script I've found that was pre made to do it fails.

How do they fail? And what is their approach, e.g. do they just check every IP in the given subnet?

GIANT_CRAB · Mar 14, 2014

drmike said:
Which RBLs? I am interested in such a concept... Might cobble something...

Well, the script must allow the user to configure the RBLs to lookup.

There's a perl script I saw that works but it isn't in PHP. - http://search.cpan.org/~luismunoz/Mail-Abuse/bin/scan

jarland · Mar 14, 2014

qrwteyrutiyoup said:
How do they fail? And what is their approach, e.g. do they just check every IP in the given subnet?

Here's the one that I recall specifically: https://github.com/DjinnS/check-rbl

GIANT_CRAB · Mar 14, 2014

jarland said:
Here's the one that I recall specifically: https://github.com/DjinnS/check-rbl

That only checks a single IP address and its a complete fail.

Why does it even exist on Github.

Wintereise · Mar 14, 2014

GIANT_CRAB said:
That only checks a single IP address and its a complete fail.

Why does it even exist on Github.

You could use something like this to convert from CIDR to an array of singular addresses, and then call whatever functions that one is calling to check, you know.

class networkManagement
{
private $cidr = null;

public function __construct ($cidr)
{
$this->cidr = $cidr;
}

public function getList ()
{
$arr = explode('/', $this->cidr);
$binary = '';
for ($i = 0; $i <= 32; $i++)
{
$binary .= $arr[1] >= $i ? '1' : '0';
}
$arr[1] = bindec($binary);
$ip = ip2long($arr[0]);
$netmask = ip2long(($arr[1]));
$network = ($ip & $netmask);
$broadcast = $network | (~$netmask);
$returnValue = array();
$returnValue['hosts'] = ($broadcast - $network - 1);
$returnValue['begin'] = long2ip($network + 1);
$returnValue['end'] = long2ip($broadcast - 1);
$returnValue['list'] = array();
$returnValue['nibble'] = null; //implementation not included
$returnValue['reverse'] = null; //implementation not included
for ($i = 1; ($network + $i) <= ($broadcast - 1); $i++)
{
$returnValue['list'][$i] = long2ip($network + $i);
//$temp = $this->convertIPToNibbleFormat($returnValue['list'][$i], 'ipv4');
//$returnValue['nibble'][$i] = $temp['val'];
//$returnValue['reverse'][$i] = $temp['host'];
}
return $returnValue;
}
}

We use this thing to autogen reverse entries for CIDR blocks, has a lot more useful functions -- but only the relevant one quoted.

Andrei @ Ghesi · Jul 13, 2014

GIANT_CRAB said:
Hello,

I know its possible to check IP addresses against RBLs individually through PHP scripts. (using checkdnsrr against the RBLs)

I was thinking of using a method to list all the IP in the range of the subnet but its a bit of a headache and will cause quite some overhead.

Does anyone here have any easy method of doing this in PHP?

Thanks.

here is a perl script I wrote to check hundred/thousand of ip's, is not perfect but it does what I want

Code:

#!/usr/bin/perl

use Net::DNS;
use IPC::System::Simple qw(capture);
use Mail::Sendmail;
use POSIX qw(strftime);

my $IPclass1 = "xx.xx.xx.";  my $IPclass4 = "xx.xx.xx.";
my $date = strftime "%d/%m/%Y", localtime;
my @range = (2 .. 254);
my @allIPs = ();

my %list = (
        'b.barracudacentral.org' => 'http://barracudacentral.org/rbl',
        'dnsbl.ahbl.org' => 'http://www.ahbl.org/',
        'cblplus.anti-spam.org.cn' => 'http://www.anti-spam.org.cn/CID/17',
        'ips.backscatterer.org' => 'http://www.backscatterer.org/',
        'cbl.abuseat.org' => 'http://cbl.abuseat.org/',
        'rbl.abuse.ro' => 'http://www.abuse.ro',
        'uribl.abuse.ro' => 'http://www.abuse.ro',
        'bl.spamcop.net' => 'http://spamcop.net/bl.shtml',
        'zen.spamhaus.org' => 'http://www.spamhaus.org/zen/index.lasso',
        'dnsbl-2.uceprotect.net' => 'http://www.uceprotect.net/',
        'dnsbl-3.uceprotect.net' => 'http://www.uceprotect.net/',
        'sbl.spamhaus.org' => 'www.spamhaus.org/sbl/index.lasso',
        'xbl.spamhaus.org' => 'www.spamhaus.org/xbl',
        'dnsbl-1.uceprotect.net' => 'http://www.uceprotect.net/',
        'dnsbl.sorbs.net' => 'http://www.sorbs.net/',
        'bl.mailspike.net' => 'http://mailspike.org'
        );

for my $ip(@range) {
        push (@allIPs, "$IPclass1$ip");
        push (@allIPs, "$IPclass4$ip");
}

@bundetrimis = ();

foreach $dick(@allIPs){
$ip = join(".", reverse(split(/\./,"$dick")));
foreach $line (keys %list) {

        $host = "$ip.$line";
        $res = Net::DNS::Resolver->new;
        $query = $res->search("$host");

        if($query) {
                foreach $rr ($query->answer) {
                        next unless $rr->type eq "A";
                }
                push(@bundetrimis, "$dick is listed in $line.\n");
                }       else {}

        }
}



my @gatadetrimis = ();
foreach (@bundetrimis) {
    push @gatadetrimis, $_ if $_ ne '';
}


#send mail
my %mail = ( To      => '[email protected]',
             From    => '[email protected]',
             Message => "
Listed ip on $date\n\n

@gatadetrimis\n\n_____________________\nHave a nice day.

                        ",

             Subject => "Blocked IP's in RBL"
         );
sendmail(%mail) or die $Mail::Sendmail::error;

Aldryic C'boas · Jul 13, 2014

No use strict;?

Andrei @ Ghesi · Jul 13, 2014

Aldryic C said:
No use strict;?

no no

as I said, is not perfect but it does what I want

Aldryic C'boas · Jul 13, 2014

Eh, use strict; isn't related to what your script does - it's something you should be using regardless of what you write.

fisle · Jul 13, 2014

Aldryic C said:
Eh, use strict; isn't related to what your script does - it's something you should be using regardless of what you write.

Then shouldn't it be enabled by default?

AThomasHowe · Jul 13, 2014

fisle said:
Then shouldn't it be enabled by default?

If you want to break thousands of legacy scripts sure...

Aldryic C'boas · Jul 13, 2014

fisle said:
Then shouldn't it be enabled by default?

Backward compatibility. Perl4 didn't have an enable-able strict in this manner. There are also tons of situations where someone just needs to run a quick bit of perl on commandline (like when I corrected Rallias' horrid regex the other day using perl -ne), where strict is not necessary.

Jonathan · Jul 29, 2014

I've got a PHP script I wrote a few months back which will accept a CIDR format, convert it out properly then scan each address in it against a list of RBLs. Is this what you're looking for?

uniweb · Dec 21, 2014

hm, only https://github.com/DjinnS/check-rbl

splitice · Dec 22, 2014

use system()/exec()/proc_open() and just call bash?

https://github.com/splitice/bulkdnsblcheck

check subnet RBL listing?

GIANT_CRAB

New Member

drmike

100% Tier-1 Gogent

jarland

The ocean is digital

qrwteyrutiyoup

Member

GIANT_CRAB

New Member

jarland

The ocean is digital

GIANT_CRAB

New Member

Wintereise

New Member

Andrei @ Ghesi

New Member

Aldryic C'boas

The Pony

Andrei @ Ghesi

New Member

Aldryic C'boas

The Pony

fisle

Active Member

AThomasHowe

New Member

Aldryic C'boas

The Pony

Jonathan

Woohoo

uniweb

New Member

splitice

Just a little bit crazy...