/**
* isBlacklistedDns is a generic function to provide extensibility
* for easily checking DNS based blacklists. It has three arguments:
* host: The IP address of the host you wish to check.
* suffix: The DNS suffix for the DNSBL service.
* pos_resp: An array containing responses that should be considered
* a positive match. If not provided, will assume that ANY
* successful DNS resolution against the DNSBL should be
* considered a positive match.
*
* For example:
* isBlacklistedDns('1.2.3.4', 'dnsbl.com')
* Returns true if 4.3.2.1.dnsbl.com returns any DNS resolution.
* isBlacklistedDns('1.2.3.4', 'dnsbl.com', 2)
* Returns true if 4.3.2.1.dnsbl.com contains '127.0.0.2' in its
* response.
* isBlacklistedDns('1.2.3.4', 'dnsbl.com', array(2, 3))
* Returns true if 4.3.2.1.dnsbl.com contains either 127.0.0.2 or
* 127.0.0.3 in its response.
*/
function isBlacklistedDns($host, $dns_suffix, $pos_responses = -1)
{
// Don't waste time checking private class IPs.
if (isPrivateIp($host)) {
return false;
}
$start_ts = microtime(true);
/**
* DNS blacklists work by storing records for ipaddr.dnsbl.com,
* but with DNS all octets are reversed. So to check if 1.2.3.4
* is blacklisted in a DNSBL, we need to query for the hostname
* 4.3.2.1.dnsbl.com.
*/
$octets = explode('.', $host);
$reverse_octets = implode('.', array_reverse($octets));
$lookup_addr = $reverse_octets . '.' . $dns_suffix . '.';
debugf('DNSBL checking %s', $lookup_addr);
$dns_result = @dns_get_record($lookup_addr, DNS_A);
if (count($dns_result) > 0) {
$dns_result = $dns_result[0]['ip'];
$resolved = true;
} else {
$dns_result = $lookup_addr;
$resolved = false;
}
$end_ts = microtime(true);
debugf('DNSBL check time elapsed: %0.4f seconds (%s = %s)', $end_ts - $start_ts, $lookup_addr, $dns_result);
// If it didn't resolve, don't check anything
if (!$resolved) {
return false;
}
// Check for any successful resolution
if ($resolved && $pos_responses == -1 || empty($pos_responses)) {
return true;
}
// Check for a match against the provided string
if (is_string($pos_responses) && !empty($pos_responses) && $dns_result == '127.0.0.' . $pos_responses) {
return true;
}
// Check for a match within the provided array
if (is_array($pos_responses)) {
foreach ($pos_responses as $tmp_match) {
$tmp_match = '127.0.0.' . $tmp_match;
if ($tmp_match == $dns_result) {
return true;
}
}
}
// All checks failed; host tested negative.
return false;
}
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
$is_new_user = $num_args > 4;
if ($is_new_user) {
$gline_host = $user->getGlineHost();
$gline_ip = $user->getGlineIp();
$gline_set = false;
foreach ($this->glines as $gline_key => $gline) {
if (!$gline->isExpired() && ($gline->matches($gline_host) || $gline->matches($gline_ip))) {
$this->enforceGline($gline);
$gline_set = true;
}
}
if (defined('CLONE_GLINE') && CLONE_GLINE == true && !$gline_set && $this->getCloneCount($user->getIp()) > CLONE_MAX && !isPrivateIp($user->getIp())) {
$gline_mask = '*@' . $user->getIp();
$gline_secs = convertDuration(CLONE_DURATION);
$new_gl = $this->addGline($gline_mask, $gline_secs, time(), CLONE_REASON);
$this->enforceGline($new_gl);
$gline_set = true;
}
if (defined('TOR_GLINE') && TOR_GLINE == true && !$gline_set && $this->isTorHost($user->getIp())) {
$gline_mask = '*@' . $user->getIp();
$gline_secs = convertDuration(TOR_DURATION);
$new_gl = $this->addGline($gline_mask, $gline_secs, time(), TOR_REASON);
$this->enforceGline($new_gl);
$gline_set = true;
}
if (defined('COMP_GLINE') && COMP_GLINE == true && !$gline_set && $this->isCompromisedHost($user->getIp())) {
$gline_mask = '*@' . $user->getIp();
