amuck-landowner

check subnet RBL listing?

GIANT_CRAB

New Member
Hello,

I know its possible to check IP addresses against RBLs individually through PHP scripts. (using checkdnsrr against the RBLs)

I was thinking of using a method to list all the IP in the range of the subnet but its a bit of a headache and will cause quite some overhead.

Does anyone here have any easy method of doing this in PHP?

Thanks.
 

jarland

The ocean is digital
It's theoretically stupid easy, as it's easy to check RBL status of an IP via CLI, and yet the logic loses me as I try to plan out a script to check subnets against RBLs. Any script I've found that was pre made to do it fails.
 
Last edited by a moderator:
It's theoretically stupid easy, as it's easy to check RBL status of an IP via CLI, and yet the logic loses me as I try to plan out a script to check subnets against RBLs. Any script I've found that was pre made to do it fails.
How do they fail? And what is their approach, e.g. do they just check every IP in the given subnet?
 

Wintereise

New Member
That only checks a single IP address and its a complete fail.

Why does it even exist on Github.
You could use something like this to convert from CIDR to an array of singular addresses, and then call whatever functions that one is calling to check, you know.


class networkManagement
{
private $cidr = null;

public function __construct ($cidr)
{
$this->cidr = $cidr;
}

public function getList ()
{
$arr = explode('/', $this->cidr);
$binary = '';
for ($i = 0; $i <= 32; $i++)
{
$binary .= $arr[1] >= $i ? '1' : '0';
}
$arr[1] = bindec($binary);
$ip = ip2long($arr[0]);
$netmask = ip2long(($arr[1]));
$network = ($ip & $netmask);
$broadcast = $network | (~$netmask);
$returnValue = array();
$returnValue['hosts'] = ($broadcast - $network - 1);
$returnValue['begin'] = long2ip($network + 1);
$returnValue['end'] = long2ip($broadcast - 1);
$returnValue['list'] = array();
$returnValue['nibble'] = null; //implementation not included
$returnValue['reverse'] = null; //implementation not included
for ($i = 1; ($network + $i) <= ($broadcast - 1); $i++)
{
$returnValue['list'][$i] = long2ip($network + $i);
//$temp = $this->convertIPToNibbleFormat($returnValue['list'][$i], 'ipv4');
//$returnValue['nibble'][$i] = $temp['val'];
//$returnValue['reverse'][$i] = $temp['host'];
}
return $returnValue;
}
}

We use this thing to autogen reverse entries for CIDR blocks, has a lot more useful functions -- but only the relevant one quoted.
 
Last edited by a moderator:

Andrei @ Ghesi

New Member
Verified Provider
Hello,

I know its possible to check IP addresses against RBLs individually through PHP scripts. (using checkdnsrr against the RBLs)

I was thinking of using a method to list all the IP in the range of the subnet but its a bit of a headache and will cause quite some overhead.

Does anyone here have any easy method of doing this in PHP?

Thanks.

here is a perl script I wrote to check hundred/thousand of ip's, is not perfect but it does what I want

Code:
#!/usr/bin/perl

use Net::DNS;
use IPC::System::Simple qw(capture);
use Mail::Sendmail;
use POSIX qw(strftime);

my $IPclass1 = "xx.xx.xx.";  my $IPclass4 = "xx.xx.xx.";
my $date = strftime "%d/%m/%Y", localtime;
my @range = (2 .. 254);
my @allIPs = ();

my %list = (
        'b.barracudacentral.org' => 'http://barracudacentral.org/rbl',
        'dnsbl.ahbl.org' => 'http://www.ahbl.org/',
        'cblplus.anti-spam.org.cn' => 'http://www.anti-spam.org.cn/CID/17',
        'ips.backscatterer.org' => 'http://www.backscatterer.org/',
        'cbl.abuseat.org' => 'http://cbl.abuseat.org/',
        'rbl.abuse.ro' => 'http://www.abuse.ro',
        'uribl.abuse.ro' => 'http://www.abuse.ro',
        'bl.spamcop.net' => 'http://spamcop.net/bl.shtml',
        'zen.spamhaus.org' => 'http://www.spamhaus.org/zen/index.lasso',
        'dnsbl-2.uceprotect.net' => 'http://www.uceprotect.net/',
        'dnsbl-3.uceprotect.net' => 'http://www.uceprotect.net/',
        'sbl.spamhaus.org' => 'www.spamhaus.org/sbl/index.lasso',
        'xbl.spamhaus.org' => 'www.spamhaus.org/xbl',
        'dnsbl-1.uceprotect.net' => 'http://www.uceprotect.net/',
        'dnsbl.sorbs.net' => 'http://www.sorbs.net/',
        'bl.mailspike.net' => 'http://mailspike.org'
        );

for my $ip(@range) {
        push (@allIPs, "$IPclass1$ip");
        push (@allIPs, "$IPclass4$ip");
}

@bundetrimis = ();

foreach $dick(@allIPs){
$ip = join(".", reverse(split(/\./,"$dick")));
foreach $line (keys %list) {

        $host = "$ip.$line";
        $res = Net::DNS::Resolver->new;
        $query = $res->search("$host");

        if($query) {
                foreach $rr ($query->answer) {
                        next unless $rr->type eq "A";
                }
                push(@bundetrimis, "$dick is listed in $line.\n");
                }       else {}

        }
}



my @gatadetrimis = ();
foreach (@bundetrimis) {
    push @gatadetrimis, $_ if $_ ne '';
}


#send mail
my %mail = ( To      => '[email protected]',
             From    => '[email protected]',
             Message => "
Listed ip on $date\n\n

@gatadetrimis\n\n_____________________\nHave a nice day.

                        ",

             Subject => "Blocked IP's in RBL"
         );
sendmail(%mail) or die $Mail::Sendmail::error;
 

Aldryic C'boas

The Pony
Then shouldn't it be enabled by default?
Backward compatibility.  Perl4 didn't have an enable-able strict in this manner.  There are also tons of situations where someone just needs to run a quick bit of perl on commandline (like when I corrected Rallias' horrid regex the other day using perl -ne), where strict is not necessary.
 

Jonathan

Woohoo
Verified Provider
I've got a PHP script I wrote a few months back which will accept a CIDR format, convert it out properly then scan each address in it against a list of RBLs.  Is this what you're looking for?
 
Top
amuck-landowner