Skip to content

Commit

Permalink
Importing changes towards PHPrbl version 0.2
Browse files Browse the repository at this point in the history
  • Loading branch information
sgaduuw committed Sep 3, 2010
1 parent 78f4423 commit c13565f
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 34 deletions.
33 changes: 19 additions & 14 deletions README
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,12 @@ website and include the file rbl.php as high as possible in your PHP code:

require_once('rbl.php');

Try to place this above any other PHP code since PHPrbl generates a HTTP header, and it doesn't keep an eye on any other headers.
Try to place this above any other PHP code since PHPrbl generates a HTTP
header, and it doesn't keep an eye on any other headers.

I have used PHPrbl successfully in Mambo (http://www.mamboserver.com) and in
b2evolution (http://b2evolution.net/). With both packages, the file rbl.php could be included in the top of the main index.php

b2evolution (http://b2evolution.net/). With both packages, the file rbl.php
could be included in the top of the main index.php

Logging to SQL:
If you want to log IP addresses that have been blocked using PHPrbl, you need
Expand All @@ -24,32 +25,36 @@ to create a table called `blocked` using the following structure:
-- Table structure for table `blocked`
--

DROP TABLE IF EXISTS `blocked`;
CREATE TABLE `blocked` (
`id` int(8) NOT NULL auto_increment,
`ip_address` varchar(15) NOT NULL default '0.0.0.0',
`time` varchar(11) NOT NULL default '',
`spamhaus` enum('Y','N') NOT NULL default 'N',
`ahbl` enum('Y','N') NOT NULL default 'N',
`ip` varchar(15) NOT NULL default '',
`count` int(8) NOT NULL default '0',
`lastseen` varchar(11) NOT NULL default '',
`service` varchar(255) NOT NULL default '',
`referer` varchar(255) default NULL,
PRIMARY KEY (`id`),
KEY `ip_address` (`ip_address`,`spamhaus`,`ahbl`)
UNIQUE KEY `ip` (`ip`)
) TYPE=MyISAM;



--
-- End table structure
--

Please note that the logging to MySQL has been completely rewritten since
version 0.1 , and the structure of the table is totally different, therefore
I chose to add the "DROP TABLE IF EXISTS". This means all previously gathered
data will be lost. This also means that you will need to rewrite any queries
you used to display blocked hosts.


TODO:
* Find a bigger list of RBL services that list open proxies. SORBS was nice,
but it also lists dynamic IP ranges. We'd be blocking too big an audience
if we used it.
* The logging to MySQL can definately be rewritten to be more eficcient and
more modular, so you can add your own RBL service without needing to rewrite
stuff.
* If logging to MySQL is enabled, use the timestamp as a 'lastseen' option
allowing us to block the IP address even before we do the DNS lookup. This
could speed things up, especially on servers that have DNS lookup problems.
* (create own RBL list, to block some IP addresses that are not listed as open
proxies, when bored on a rainy afternoon)
proxies, when bored on a rainy afternoon)

56 changes: 36 additions & 20 deletions rbl.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
#
# (c) Eelco Wesemann (eelco@init1.nl)
# http://phprbl.init1.nl || http://eol.init1.nl
# (Version 0.1, May 4 2005)
# (Version 0.2, May 10 2005)

# Configuration section

Expand All @@ -16,65 +16,81 @@
$rbl_services = array ('sbl-xbl.spamhaus.org', 'dnsbl.ahbl.org');

# set $mysql_enable to 1 if you want to log blocked hosts to mysql
# please note that the table structure has changed between version 0.1
# and version 0.2. The table needs to be dropped and recreated. See the
# README for more info.
$mysql_enable = 0;

# if $mysql_enable is 1, you will need to enter the following information
$mysql_host = "MYSQLSERVER";
$mysql_host = "MYSQLHOST";
$mysql_user = "MYSQLUSER";
$mysql_pass = "MYSQLPASSWORD";
$mysql_data = "DATABASENAME";
$mysql_pass = "MYSQLPASS";
$mysql_data = "MYSQLDATA";

#
# there should be no real need to edit anything below this
#

# this is what we need to do our magic
$client_ip = $_SERVER["REMOTE_ADDR"];

# get the referer the spammer wanted to pass on
$referer = $_SERVER["HTTP_REFERER"];

# reverse the IP address order for the lookups
$reverse_ip = array_reverse(explode('.', $client_ip));

# timestamp for the lastseen field
$timestamp = time();

# the default RBL services return something like 127.0.0.2 or 127.1.0.20 if
# the IP address is listed, if it's not listed, gethostbyname() will return
# the default RBL services return something like 127.0.0.2 if the IP
# address is listed, if it's not listed, gethostbyname() will return
# the host we wanted to look up.
# this is a quick and easy match
$pattern = '/127.?.0.?/';
$pattern = '/127.0.0.?/';


$matches = 0;
$service = "";
foreach ($rbl_services as $check) {
$lookup_rbl_ip = implode('.', $reverse_ip) . '.' . $check;
$do_lookup = gethostbyname($lookup_rbl_ip);
if (preg_match($pattern, $do_lookup, $pat_match)) {
$matches++;
if ($check =="sbl-xbl.spamhaus.org") {
$spamhaus = Y;
}
if ($check == "dnsbl.ahbl.org") {
$ahbl = Y;
}
$service .= "$check;";
}
}

if ($matches > 0) {
if ($mysql_enable == 1) {
$mysql_link = mysql_connect("$mysql_host", "$mysql_user", "$mysql_pass") or die("Unable to connect to database");
mysql_select_db($mysql_data, $mysql_link) or die ("Unable to select database");
mysql_query("INSERT INTO blocked (ip_address,time,spamhaus,ahbl) VALUES ('$client_ip','$timestamp', '$spamhaus', '$ahbl')") ;

$query_ip = mysql_query("SELECT count FROM blocked WHERE ip='$client_ip'", $mysql_link);
if ($row = mysql_fetch_array($query_ip)) {
$count = $row[0];
$count++;
mysql_query("UPDATE blocked SET lastseen='$timestamp', service='$service', count='$count', referer='$referer' WHERE ip='$client_ip'");
} else {
# We haven't seen the IP address yet, and will insert it for the first time with a count of 1
mysql_query("INSERT INTO blocked (ip,lastseen,service,count,referer) values ('$client_ip', '$timestamp', '$service', '1', '$referer')");
}

mysql_close($mysql_link);
}

header("HTTP/1.0 403 Forbidden");
echo "<h1>403 Forbidden</h1><br />\n";
echo "Your client IP ($client_ip - $lookup_client_ip) is listed as an open proxy at the following services:<br />\n";
echo "<ul>\n";
if ($spamhaus == Y) {
echo "<li><a href=\"http://www.spamhaus.org/query/bl?ip=$client_ip\">Spamhaus</a></li>";
}
if ($ahbl == Y) {
echo "<li><a href=\"http://www.ahbl.org/tools/lookup.php?ip=$client_ip\">AHBL</a></li>";
$blockedby = explode(";", $service);
foreach ($blockedby as $rbl) {
if (strlen($rbl) > 0) {
echo " <li>$rbl</li>\n";
}
}
echo "</ul>\n";
echo "Users of open proxies are unwanted on this site because of various types of SPAM.<br /><br />\n";
echo "Users of open proxies are unwanted on this site because of various types of SPAM.<br />\n";
echo "IP address denied and thus the page is exiting";
echo "<br /><br />";
exit("This site is protected against open proxies by <a href=\"http://phprbl.init1.nl\">PHPrbl</a>.");
Expand Down

0 comments on commit c13565f

Please sign in to comment.