IPv4 Fremnet Logo
TOOLS, TINKERINGS & CODE

Appreciate me

DNS Blacklist Checker · Mar 12, 19:31 by Shannon Wynter

Is it just me or is the amount of spam increasing at an unreasonable rate?

You join channels on IRC and get spammed by half a dozen trojin bots to download “free porn” and the likes (which usualy are trojins designed to turn your pc into YAZ

Well, later I might deal with the PM side of the spam, but today I’m going to give you a script that will help identify and remove these bots/hosts from your channel.

While it’s fair to say not every host that has an open proxy spams, and not every spammer is an open proxy.

It is also fair to say that a large number of attack drones from large botnets go unreported

The idea is not to catch every one, you’d go insane – but every one that you can catch, that’s one less for you to deal with.

As an added bonus, this script can back end into mysql for reporting and analysis if you chose to enable that feature.

  1. ## DNS Blacklist Checker-       Version 1.0
  2.  
  3. ## INSTRUCTIONS
  4. ###############################################################################
  5.  
  6. # This script will check the hosts of people joining channels against one or
  7. # RBLs. Choose your RBLs wisely, some of them list DIALUP &/or DYNAMIC IP SPACE
  8. # and that would be a bad thing to be matching your IRC users against
  9. #
  10. # Enable the 'dnsblcheck' flag for channels you want the script active on
  11. # --> .chanset #somechannel +dnsblcheck
  12. #
  13. # To enable manual queries enable the 'dnsblmanual' flag
  14. # --> .chanset #somechannel +dnsblmanual  
  15. #
  16. # Users who are +o, +v, or +f in your bot (local or global) won't be checked.
  17. #
  18. # Turn on console level d on the partyline to see some debug from the script
  19. # --> .console +d (to enable)
  20. # --> .console -d (to disable)
  21.  
  22. ## Mysql Table Creation (if you choose to use mysql. Default OFF)
  23. ###############################################################################
  24.  
  25. # CREATE TABLE `DNSBLLog` (
  26. #   `Stamp` timestamp(14) NOT NULL,
  27. #   `Nick` char(15) default NULL,
  28. #   `Hostmask` char(255) NOT NULL default '',
  29. #   `Chan` char(201) default NULL,
  30. #   `IP` int(10) unsigned default NULL,
  31. #   `DNSBL` char(60) default NULL,
  32. #   `Response` int(10) unsigned default NULL,
  33. #   KEY `Nick` (`Nick`),
  34. #   KEY `Chan` (`Chan`),
  35. #   KEY `DNSBL` (`DNSBL`)
  36. # ) TYPE=MyISAM;
  37.  
  38. ## Contact
  39. ##############################################################################
  40.  
  41. # You'll see me (Freman) floating around IRC
  42. #
  43. # Undernet:
  44. ##australia, #freak, #ozchat, #brisbane, #gentoo, #mysql, #php, #xchat
  45. #
  46. # EnterTheGame:
  47. ##ign
  48. #
  49. # Or you can send me email via the contact form at http://fremnet.net/contact
  50.  
  51. ## CONFIG
  52. ###############################################################################
  53.  
  54. # Space-separated list of RBLs to look in
  55. set dnsblcheck("RBLs")       { "cbl.abuseat.org" "opm.blitzed.org" "dnsbl.ahbl.org" }
  56.  
  57. # Space-seperated list of domains to ignore
  58. set dnsblcheck("Ignore")     { "undernet.org" }
  59.  
  60. # Time in minutes to ban for
  61. set dnsblcheck("Bantime")    15
  62.  
  63. # Flags we don't match
  64. set dnsblcheck("SafeFlags")  "fov"
  65.  
  66. # MySQL Details
  67. # - Set UseMySQL to 1 if you intend to use mysql for logging and reporting
  68. set dnsblcheck("UseMySQL")   0
  69. set dnsblcheck("MySQLHost")  "hostname"
  70. set dnsblcheck("MySQLUser")  "username"
  71. set dnsblcheck("MySQLPass")  "password"
  72. set dnsblcheck("MySQLDB")    "database"
  73. set dnsblcheck("MySQLTable") "DNSBLLog"
  74.  
  75. # Now would be a good time to turn back
  76.  
  77. ## CODE
  78. ###############################################################################
  79.  
  80. # Add our channel flags
  81. setudef flag dnsblcheck
  82. setudef flag dnsblmanual
  83.  
  84. # Bind our events
  85. bind join - *!*@* dnsblcheck_join
  86. bind pub - "!dnsblcheck" dnsblcheck_manual
  87.  
  88. # Process Manual Requests
  89. proc dnsblcheck_manual { nick host handle chan rest } {
  90.     global dnsblcheck
  91.     # Check that we are active on this channel
  92.     if {![channel get $chan dnsblmanual]} {
  93. return 0
  94.     }
  95.  
  96.     # Fill out the rest of the hostmask
  97.     if {![string match "*\@*" $rest]} {
  98. set rest "manual@$rest"
  99.     }
  100.  
  101.     # Off to our first set of checks
  102.     dnsblcheck_check1 $nick $rest $chan 1
  103. }
  104.  
  105. # Catch joins
  106. proc dnsblcheck_join { nick host handle chan } {
  107.     global dnsblcheck
  108.     # Check that we are active on this channel
  109.     if {![channel get $chan dnsblcheck]} {
  110. return 0
  111.     }
  112.  
  113.     # Check that the joiner doesn't match our flags
  114.     if {[matchattr $handle $dnsblcheck("SafeFlags")|$dnsblcheck("SafeFlags") $chan]} {
  115. return 0
  116.     }
  117.  
  118.     dnsblcheck_check1 $nick $host $chan 0
  119. }
  120.  
  121. # First check (Makes sure we get an IP Address)
  122. proc dnsblcheck_check1 {nick host chan manual} {
  123.     global dnsblcheck
  124.  
  125.     # Check to see if it's an ignored domain
  126.     foreach ignore $dnsblcheck("Ignore") {
  127. if [string match "*$ignore" $host] {
  128.      if {$manual == 1} {
  129.   putchan $chan "\[DNSBL\] Unable to check host, ignored by $ignore"
  130.      }
  131.          return 0
  132. }
  133.      }
  134.  
  135.     # Get the actual host
  136.     regexp ".+@(.+)" $host matches newhost
  137.     if [regexp {[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$} $newhost] {
  138. # It's an IP Address, we don't need to do a lookup on this
  139. dnsblcheck_check2 $newhost $newhost 1 $nick $newhost $chan $manual $host
  140.     } else {
  141. putloglev d * "dnsblcheck: doing dns lookup on $newhost to get IP"
  142. dnslookup $newhost dnsblcheck_check2 $nick $newhost $chan $manual $host
  143.     }
  144. }
  145.  
  146. # Second check (runs RBL checks)
  147. proc dnsblcheck_check2 { ip host status nick orighost chan manual hostmask} {
  148.     global dnsblcheck
  149.  
  150.     if {$status} {
  151. putloglev d * "dnsblcheck: $host resolves to $ip"
  152.  
  153. # Reverse the IP Address
  154. regexp {([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})} $ip matches a b c d
  155. set newip "$d.$c.$b.$a"
  156.  
  157. # Look it up in the blacklists
  158. foreach rbl $dnsblcheck("RBLs") {
  159.          putloglev d * "dnsblcheck: looking up $newip.$rbl"
  160.          dnslookup "$newip.$rbl" dnsblcheck_check3 $nick $host $chan $rbl $manual $hostmask $ip
  161. }
  162.     } else {
  163. if {$manual == 1} {
  164.      putchan $chan "\[DNSBL\] Couldn't resolve $host."
  165. } else {
  166.      putlog "dnsblcheck: Couldn't resolve $host. (No further action taken.)"
  167. }
  168.     }
  169. }
  170.  
  171. # Third check (catches RBL results)
  172. proc dnsblcheck_check3 { ip host status nick orighost chan rbl manual hostmask origip} {
  173.     global dnsblcheck
  174.  
  175.     if {$status} {
  176. if {$manual == 1} {
  177.      putchan $chan "\[DNSBL\] RBL $rbl returned $ip for $host (This means it's bannable)"
  178. } else {
  179.      putlog "dnsblcheck: got host $host = ip $ip from RBL $rbl ... banning"
  180.      newchanban $chan "*@$orighost" "dnsbl" "Failed DNSBL Check: $rbl" $dnsblcheck("Bantime")
  181.      if {$dnsblcheck("UseMySQL")} {
  182.       set h [ mysqlconnect -host $dnsblcheck("MySQLHost") -user $dnsblcheck("MySQLUser") -password $dnsblcheck("MySQLPass") -db $dnsblcheck("MySQLDB") ]
  183.   mysqlexec $h "INSERT INTO $dnsblcheck("MySQLTable") VALUES (NOW(),'$nick','$hostmask','$chan',inet_aton('$host'),'$rbl',inet_aton('$ip'))"
  184.       mysqlclose $h
  185.      }
  186. }
  187.     } else {
  188. if {$manual == 1} {
  189.      putchan $chan "\[DNSBL\] RBL $rbl did not return for $host (Either DNS failure, or host is clean)"
  190. }
  191.     }
  192.     #if we didn't get a host, they're not in RBL
  193. }
  194.  
  195. putlog "DNSBLCheck 1.0 by Freman loaded"
  196. if {$dnsblcheck("UseMySQL")} {
  197.     package require mysqltcl
  198.     putlog "DNSBLCheck 1.0 - Using MySQL for Logging and Reporting"
  199. }
  200.  
  201. Download this code: dnsblcheck.tcl (Downloaded 258 time(s))
Comments

Spam no more - rel=nofollow is active here, spamming my comments will not help your page rank.

  Textile help
---== Copyright Shannon Wynter - All rights reserved - All wrongs avenged ==--- email