Recent Topics

dnsbl antispam kink

Started by on Jul 15, 2006 – Contents updated: Jul 15, 2006

Jul 15, 2006 20:55    

Ok, if I try to enable dnsbl antispam...I am locked out and told that my numeric IP is banned in the main banlist. This happened with 1.6 and I just let it slip, hoping it would change in 1.8. It didn't, and my IP has changed since the 1.6 trial.

Am I on the central banlist or is b2evo burping?

Version 1.8 Summer Beta

http://terra.portsphere.com/

It is turned off now, since I am not allowed in with it on.

This is a test site to roll out the kinks.

Sep 17, 2006 04:14

nope.

I can safely say, you are on a network or LAN. The DNSBL antispam blacklist, listed all network/LAN IP addresses, so any computers in the world who are connected behind a networl/LAN will be blocked.

It's a hassle yes. But most spammers are behind a network/LAN, so it's one way to block them really early. Other than blocking their public IP addy.

Sep 17, 2006 05:16

mrdav, what's your (external) IP?

You can either enable the Debuglog (set $debug to 1 in /conf/_advanced.php) or replace

Code

$error_ip_blocked = sprintf( /* TRANS: %s is the name of a DNS blacklist */ T_('Your IP address is listed in «%s».'), $ip_blocked_by );

with

Code

$error_ip_blocked = sprintf( /* TRANS: %s is the name of a DNS blacklist */ T_('Your IP address (%s) is listed in «%s».'), $Hit->IP, $ip_blocked_by );

in /plugins/_dnsbl_antispam.plugin.php to get it displayed with the error.

Maybe editing the list of used block lists would help (in the plugin settings)?! If so, please tell us which was the bad one (list.dsbl.org and sbl-xbl.spamhaus.org should get used by defaults)

Sep 17, 2006 07:45

his current PUBLIC IP is not listed in any dnsbls (I used a tool to check 120 at a time)

Sep 17, 2006 09:32

Hmm... interesting.

Though in my blog, I noticed that all PCs behind a network/LAN get the said message but they can confirm their identity via the captcha code.

Using the same IP addy on a computer not behind a network/LAN, everything is fine.

So its not supposed to block network/LAN PCs / IP Addys?

Sep 17, 2006 13:50

Sorry for the delay. I've been on vacation. Laibcoms solution works. I now have the catpcha working and was able to validate with it.

Thanks.

:lol:

Sep 17, 2006 16:31

Technical detail: dnsbl is not antispam central. dnsbl is an external list of IPs (I think it's IPs - could be more!) and antispam central is a list of keywords specific to b2evolution.

Sep 17, 2006 21:04

If you are behind a proxy, this one will send a HTTP_X_FORWARDED_FOR header with your (local) IP address. But it gets no higher priortity for b2evo than the REMOTE_ADDR.

So, therefor, mrdav, please tell us what the IP is that gets reported as being blocked? Is it your public or local IP?

Sep 17, 2006 22:08

Oh, it's been awhile, but I am sure it was my public, which is - 69.97.192.166 . But when it first occured it was on 1.6, and the ip was different( still my public IP, a different one tho)...I made some hardware changes, which changed my mac address... which changed my IP.

The internal IP I have kept the same, but it is common to most routers of my type. I dunno if this gtes reported as a proxy or no.

I use a proxy for a server program, but it is only used for that program as far as I know, and I only use it infrequently. mIRC, for instance reports my public IP correctly.

Sep 17, 2006 22:46

The above IP is not listed in the default DNSBLs.

So, I guess that gethostbyname() is broken on your setup and therefor probably all IPs are considered listed there.

What does

Code

<?php
$r = gethostbyname( '166.192.67.69.sbl-xbl.spamhaus.org' );
var_dump($r);
?>

output?

And if you have SSH/shell access on the server, what does

Code

nslookup 166.192.67.69.sbl-xbl.spamhaus.org

say?

You may also want to try 2.0.0.127.sbl-xbl.spamhaus.org (test/always matches) and sbl-xbl.spamhaus.org alone.

Sep 17, 2006 23:22

hmmm...it outputs - string(13) "66.193.46.112"

You will have to clue me in...I don't know what I am looking at.

Sep 18, 2006 19:37

The expected result would be this:

Code

$ php -r '$r = gethostbyname( "166.192.67.69.sbl-xbl.spamhaus.org" ); var_dump($r);'
string(34) "166.192.67.69.sbl-xbl.spamhaus.org"

For a match it would look like:

Code

$ php -r '$r = gethostbyname( "2.0.0.127.sbl-xbl.spamhaus.org" ); var_dump($r);'
string(9) "127.0.0.2"

And a no-match:

Code

daniel@base { ~ }$ php -r '$r = gethostbyname( "1.0.0.127.sbl-xbl.spamhaus.org" ); var_dump($r);'
string(30) "1.0.0.127.sbl-xbl.spamhaus.org"

Sep 18, 2006 21:31

blueyed, i have to step up and say that perhaps a little more info than that might be needed -- since none of those 3 items are what he saw.

Truth be told, these are prolly the issues that cause the most frustration with users -- and always they seem to take a gazillion posts to resolve.

Here is my take: whatever is looking up the ip is only seeing the ip of the domain. So go from there..? A DNS issue on the box perhaps? Broke getaddrinfo?

Sep 18, 2006 21:48

He should try:

Code

daniel@base { ~ }$ php -r '$r = gethostbyname( "1.0.0.127.sbl-xbl.spamhaus.org" ); var_dump($r);'
string(30) "1.0.0.127.sbl-xbl.spamhaus.org"

If that also returns only the IP, then getaddrinfo() may be borken.

DNSBL work like this:
the reverse IP gets askes as a subdomain and if the address can be resolved it's in the BL.
127.0.0.2 should always be in. 127.0.0.1 not.

Sep 18, 2006 22:03

alrighty then!! I see this thread having some sort of resolution in < gazillion threads :) Might not be the best resolution we can hope for, but all the same...

Mar 03, 2007 17:53

Hi,

I installed this dnsbl_antispam plugin to 1.9.2 and received this error message in the tools tab.

Fatal error: Call to undefined function: param_arrayindex() in C:\Documents and Settings\HP_Administrator\My Documents\websites\b2evolution\blogs\plugins\_dnsbl_antispam.plugin.php on line 185

it installed fine and there are no other error messages...

Any ideas?

Mar 11, 2007 21:01

will give it another try... thanks!

Mar 11, 2007 21:09

fyi, error message is gone in the tools tab

really nice anti-spam tool!


Form is loading...

multi-blog platform – This forum is powered by b2evolution CMS, a complete engine for your website.