Should I use a DNSBL to check web traffic to block spammers?

StackOverflow https://stackoverflow.com/questions/4295511

  •  28-09-2019
  •  | 
  •  

Question

Rather than solely fighting off spam with CAPTCHAs and spam comment checkers - is it a good idea to check each request against a DNSBL and block the user if they are using a bad IP?

$blacklists = array('web.sorbs.net', 'opm.tornevall.org');
$parts  = explode('.', $_SERVER['REMOTE_ADDR']);
$ip  = implode('.', array_reverse($parts)) . '.';
foreach($blacklists as $bl)
{
    $check = $ip . $bl;
    if ($check != gethostbyname($check))
    {
        error_log('PHP Security: [DNSBL] - ' . $_SERVER['REMOTE_ADDR'] . ' - ' . $bl);
        die('Put a detailed error here so the client knows why they have been blocked');
    }
}

It seems like the only problems would be over-zealous IP blocking of good users by the DNSBL or the large cost of making a DNS lookup each request.

Was it helpful?

Solution

This might help, but you will have to take two things into consideration: False Positives and False Negatives.

DNSBLs tend to have quite a few of both. False Positives that hit innocent users, and False Negatives that will miss good chunks of botnets. The best solution I have found for dealing with spam online is to use CAPTCHAs.

OTHER TIPS

The lookup you're doing there is by the way not enough, you should consider using something like the code below instead. Besides, this code also supports the kind of ipv6-resolving that dnsbl.tornevall.org is supporting.

function rblresolve ($ip = '', $rbldomain = '')
{
   if (!$ip) {return false;}                       // No data should return nothing
   if (!$rbldomain) {return false;}        // No rbl = ignore

   // New ipv6-compatible function
   $returnthis = (long2ip(ip2long($ip)) != "0.0.0.0" ? explode('.', gethostbyname(implode('.', array_reverse(explode('.', $ip))) . '.' . $rbldomain)) : explode(".", gethostbyname(v6arpa($ip) . "." . $rbldomain)));
   // 127-bug-checking
   if (implode(".", $returnthis) != (long2ip(ip2long($ip)) != "0.0.0.0" ? implode('.', array_reverse(explode('.', $ip))) . '.' . $rbldomain : v6arpa($ip) . "." . $rbldomain)) {return $returnthis;} else {return false;}
}
function v6arpa($ip)
{
   $unpack = unpack('H*hex', inet_pton($ip));
   $hex = $unpack['hex'];
   return implode('', array_reverse(str_split($hex)));
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top