3

I want write a php function that takes the user's ip address, checks it against known blacklists and redirects users from blacklisted ip addresses to a default "Access Forbidden" page. I only want to allow access to my home page to users from IP addresses that have not been blacklisted. Can anyone help? Here's what I have so far.

<?php $ip=$_SERVER["REMOTE_ADDR"]; function flush_buffers() { ini_set('output_buffering','on'); ini_set('zlib.output_compression', 0); ini_set('implicit_flush',1); ob_implicit_flush(); echo ("<html><head><head><body>"); for($i=0;$i<20;$i++) { echo $i; echo str_repeat(" ", 500); ob_flush(); flush(); sleep(1); } } function dnsbllookup($ip) { $dnsbl_lookup=array( "access.redhawk.org", "b.barracudacentral.org", "bl.csma.biz", "bl.emailbasura.org", "bl.spamcannibal.org", "bl.spamcop.net", "bl.technovision.dk", "blackholes.five-ten-sg.com", "blackholes.wirehub.net", "blacklist.sci.kun.nl", "block.dnsbl.sorbs.net", "blocked.hilli.dk", "bogons.cymru.com", "cart00ney.surriel.com", "cbl.abuseat.org", "dev.null.dk", "dialup.blacklist.jippg.org", "dialups.mail-abuse.org", "dialups.visi.com", "dnsbl.ahbl.org", "dnsbl.antispam.or.id", "dnsbl.cyberlogic.net", "dnsbl.kempt.net", "dnsbl.njabl.org", "dnsbl.sorbs.net", "dnsbl-1.uceprotect.net", "dnsbl-2.uceprotect.net", "dnsbl-3.uceprotect.net", "duinv.aupads.org", "dul.dnsbl.sorbs.net", "dul.ru", "escalations.dnsbl.sorbs.net", "hil.habeas.com", "http.dnsbl.sorbs.net", "intruders.docs.uu.se", "ips.backscatterer.org", "korea.services.net", "mail-abuse.blacklist.jippg.org", "misc.dnsbl.sorbs.net", "msgid.bl.gweep.ca", "new.dnsbl.sorbs.net", "no-more-funn.moensted.dk", "old.dnsbl.sorbs.net", "pbl.spamhaus.org", "proxy.bl.gweep.ca", "psbl.surriel.com", "pss.spambusters.org.ar", "rbl.schulte.org", "rbl.snark.net", "recent.dnsbl.sorbs.net", "relays.bl.gweep.ca", "relays.bl.kundenserver.de", "relays.mail-abuse.org", "relays.nether.net", "rsbl.aupads.org", "sbl.spamhaus.org", "smtp.dnsbl.sorbs.net", "socks.dnsbl.sorbs.net", "spam.dnsbl.sorbs.net", "spam.olsentech.net", "spamguard.leadmon.net", "spamsources.fabel.dk", "tor.ahbl.org", "web.dnsbl.sorbs.net", "whois.rfc-ignorant.org", "xbl.spamhaus.org", "zen.spamhaus.org", "zombie.dnsbl.sorbs.net", "bl.tiopan.com", "dnsbl.abuse.ch", "tor.dnsbl.sectoor.de", "ubl.unsubscore.com", "cblless.anti-spam.org.cn", "dnsbl.tornevall.org", "dnsbl.anticaptcha.net", "dnsbl.dronebl.org" ); // Add your preferred list of DNSBL's $AllCount = count($dnsbl_lookup); $BadCount = 0; if($ip) { $reverse_ip = implode(".", array_reverse(explode(".", $ip))); foreach($dnsbl_lookup as $host) { if(checkdnsrr($reverse_ip.".".$host.".", "A")) { // echo "<span color='#339933'>Listed on ".$reverse_ip.'.'.$host."!</span><br/>"; flush_buffers(); $BadCount++; } else { // echo "Not listed on ".$reverse_ip.'.'.$host."!<br/>"; flush_buffers(); } } } else { // echo "Empty ip!<br/>"; flush_buffers(); } // echo "This ip has ".$BadCount." bad listings of ".$AllCount."!<br/>"; flush_buffers(); if($BadCount==0) { include("index.php"); } else { include("default.htm"); } } if(preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/",@$ip) == true) { dnsbllookup($ip); }?>
Improve this question
5
  • 1
    What problem are you having? Commented Aug 25, 2017 at 1:13
  • 1
    @Barmar his problem in the dnsbllookup function. i used the same function some time ago and ANY ip was marked as blacklisted. so nobody will open his site as not blacklisted. Commented Aug 25, 2017 at 2:15
  • It looks like flush_buffers creates invalid HTML. Every time you call that it sends <html><head><head><body>. But it never sends the closing tags. Commented Aug 25, 2017 at 8:51
  • @diavolic - did you come up with a solution when you encountered the problem? Commented Aug 26, 2017 at 11:37
  • I figured it out folks. Thanks!! Commented Aug 26, 2017 at 18:55

2 Answers 2

Reset to default
1

the real problem with this is how long it takes.

Made a few changes to show what I mean

average time 60 seconds and that is a long time to wait at a website

<?php $ip=$_SERVER["REMOTE_ADDR"]; $tstart=time(); echo $ip."<BR>"; function flush_buffers() { ini_set('output_buffering','on'); //ini_set('zlib.output_compression', 0); ini_set('implicit_flush',1); ob_implicit_flush(); //echo ("<html><head><head><body>"); for($i=0;$i<20;$i++) { // echo $i; echo str_repeat(" ", 500); ob_flush(); flush(); // sleep(1); } } function dnsbllookup($ip) { $dnsbl_lookup=array( "access.redhawk.org", "b.barracudacentral.org", "bl.csma.biz", "bl.emailbasura.org", "bl.spamcannibal.org", "bl.spamcop.net", "bl.technovision.dk", "blackholes.five-ten-sg.com", "blackholes.wirehub.net", "blacklist.sci.kun.nl", "block.dnsbl.sorbs.net", "blocked.hilli.dk", "bogons.cymru.com", "cart00ney.surriel.com", "cbl.abuseat.org", "dev.null.dk", "dialup.blacklist.jippg.org", "dialups.mail-abuse.org", "dialups.visi.com", "dnsbl.ahbl.org", "dnsbl.antispam.or.id", "dnsbl.cyberlogic.net", "dnsbl.kempt.net", "dnsbl.njabl.org", "dnsbl.sorbs.net", "dnsbl-1.uceprotect.net", "dnsbl-2.uceprotect.net", "dnsbl-3.uceprotect.net", "duinv.aupads.org", "dul.dnsbl.sorbs.net", "dul.ru", "escalations.dnsbl.sorbs.net", "hil.habeas.com", "http.dnsbl.sorbs.net", "intruders.docs.uu.se", "ips.backscatterer.org", "korea.services.net", "mail-abuse.blacklist.jippg.org", "misc.dnsbl.sorbs.net", "msgid.bl.gweep.ca", "new.dnsbl.sorbs.net", "no-more-funn.moensted.dk", "old.dnsbl.sorbs.net", "pbl.spamhaus.org", "zen.spamhaus.org", "proxy.bl.gweep.ca", "psbl.surriel.com", "pss.spambusters.org.ar", "rbl.schulte.org", "rbl.snark.net", "recent.dnsbl.sorbs.net", "relays.bl.gweep.ca", "relays.bl.kundenserver.de", "relays.mail-abuse.org", "relays.nether.net", "rsbl.aupads.org", "sbl.spamhaus.org", "smtp.dnsbl.sorbs.net", "socks.dnsbl.sorbs.net", "spam.dnsbl.sorbs.net", "spam.olsentech.net", "spamguard.leadmon.net", "spamsources.fabel.dk", "tor.ahbl.org", "web.dnsbl.sorbs.net", "whois.rfc-ignorant.org", "xbl.spamhaus.org", "zen.spamhaus.org", "zombie.dnsbl.sorbs.net", "bl.tiopan.com", "dnsbl.abuse.ch", "tor.dnsbl.sectoor.de", "ubl.unsubscore.com", "cblless.anti-spam.org.cn", "dnsbl.tornevall.org", "dnsbl.anticaptcha.net", "dnsbl.dronebl.org" ); // Add your preferred list of DNSBL's $AllCount = count($dnsbl_lookup); $BadCount = 0; if($ip) { $reverse_ip = implode(".", array_reverse(explode(".", $ip))); foreach($dnsbl_lookup as $host) { if(checkdnsrr($reverse_ip.".".$host.".", "A")) { echo "<span color='#339933'>Listed on ".$reverse_ip.'.'.$host."!</span><br/>"; flush_buffers(); $BadCount++; } else { // echo "Not listed on ".$reverse_ip.'.'.$host."!<br/>"; flush_buffers(); } } } else { // echo "Empty ip!<br/>"; flush_buffers(); } echo "This ip has ".$BadCount." bad listings of ".$AllCount."!<br/>"; flush_buffers(); if($BadCount==0) { // include("index.php"); echo "Not blacklisted "; } else { // include("default.htm"); echo "Blacklisted"; } } if(preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/",@$ip) == true) { dnsbllookup($ip); } $tend=time(); $tvar=$tend-$tstart; echo "<BR> took $tvar seconds <br>"; ?>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It does take a while, some of which is in just rendering it to the screen but I can't image it would be much faster if it just returned true or false. However, it really doesn't need to check all of the lookup options. Odd, however, that some of these return an error on local IPs, such as 1.0.0.127 which means that it will give errors when run on many local development systems.
Returning only true or false, if it finds one it should end, which would be much faster but not sure how to do that. Then the more common sites could be listed first but I supposed it would make a difference only if there IS an entry found in which case who cares how long it takes! Legitimate (non-blocked) IPs would still have to go through the entire list so the listing itself would have to be really pared down to only a few to make it faster.
0

After pondering the nice but slow solution above, I came up with a much-simplified listing of bad IPs that returns only TRUE (if blacklisted) or FALSE (if it is not). Not as all-inclusive as the above, of course, but it seems to cover any test I could throw at it and it is quite fast.

Unremark the $UserIP value at the top to see one that fails or pass your own to (hopefully) see one that does not. Although I didn't actually time it, it seems to load quickly, especially as all of the blocklist.de sites have only raw IPs and nothing else to have to filter through. In fact, perhaps SpamHouse alone would do the job for most users.

Credit for this code is James who posted the another example and I just simplified it and I also eliminated flush_buffers() as I don't see a need for it.

function dnsblLookup($UserIP) { //$UserIP = "216.145.14.142"; $dnsbl_lookup=array( "blocklist.de/lists/ssh.txt", "blocklist.de/lists/apache.txt", "blocklist.de/lists/asterisk.txt", "blocklist.de/lists/bots.txt", "blocklist.de/lists/courierimap.txt", "blocklist.de/lists/courierpop3.txt", "blocklist.de/lists/email.txt", "blocklist.de/lmostists/ftp.txt", "blocklist.de/lists/imap.txt", "blocklist.de/lists/pop3.txt", "blocklist.de/lists/postfix.txt", "blocklist.de/lists/proftpd.txt", "blocklist.de/lists/sip.txt", "ciarmy.com/list/ci-badguys.txt", "sbl.spamhaus.org", "xbl.spamhaus.org", "zen.spamhaus.org" ); $BadCount = 0; if ($UserIP) : $reverse_ip = implode(".", array_reverse(explode(".", $UserIP))); foreach($dnsbl_lookup as $host) : if (checkdnsrr($reverse_ip.".".$host.".", "A")) : $BadCount++; if ($BadCount > 0) : break; endif; endif; endforeach; endif; if ($BadCount == 0) : return FALSE; else : return TRUE; endif; }
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.