-
-
Save tbreuss/74da96ff5f976ce770e6628badbd7dfc to your computer and use it in GitHub Desktop.
| <?php // Simple PHP script to lookup for blacklisted IP against multiple DNSBLs at once. ?> | |
| <html> | |
| <head> | |
| <title>DNSBL Lookup Tool - IP Blacklist Check Script</title> | |
| </head> | |
| <body> | |
| <h2>IP Blacklist Check Script</h2> | |
| <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> | |
| <input type="text" value="" name="ip"/> | |
| <input type="submit" value="LOOKUP"/> | |
| </form> | |
| <?php | |
| /** | |
| * The IP-address to be looked up. | |
| * @param string $ip | |
| */ | |
| function dnsbllookup($ip) | |
| { | |
| // Add your preferred list of DNSBL's | |
| $dnsbl_lookup = [ | |
| "dnsbl-1.uceprotect.net", | |
| "dnsbl-2.uceprotect.net", | |
| "dnsbl-3.uceprotect.net", | |
| "dnsbl.dronebl.org", | |
| "dnsbl.sorbs.net", | |
| "zen.spamhaus.org", | |
| "bl.spamcop.net", | |
| "list.dsbl.org" | |
| ]; | |
| $listed = ""; | |
| if ($ip) { | |
| $reverse_ip = implode(".", array_reverse(explode(".", $ip))); | |
| foreach ($dnsbl_lookup as $host) { | |
| if (checkdnsrr($reverse_ip . "." . $host . ".", "A")) { | |
| $listed .= $reverse_ip . '.' . $host . ' <font color="red">Listed</font><br />'; | |
| } | |
| } | |
| } | |
| if (empty($listed)) { | |
| echo '"A" record was not found'; | |
| } else { | |
| echo $listed; | |
| } | |
| } | |
| if (isset($_POST['ip']) && $_POST['ip'] != null) { | |
| $ip = $_POST['ip']; | |
| if (filter_var($ip, FILTER_VALIDATE_IP)) { | |
| echo dnsbllookup($ip); | |
| } else { | |
| echo "Please enter a valid IP"; | |
| } | |
| } | |
| ?> | |
| </body> | |
| </html> |
I removed "relays.osirusoft.com", thanks for the info.
Thanks for the code!!! But can i ask why is the reverse code plus DNS host?
Hey,
you should remove the sbl and xbl domains from the blocklists, since spamhaus advises the following:
"zen.spamhaus.org should be the only spamhaus.org DNSBL in your IP blocklist configuration. You should not use ZEN together with other Spamhaus IP blocklists, or with blocklists already included in our zones (such as the CBL) or you will simply be wasting DNS queries and slowing your mail queue."
Thanks @LevinFaber, I removed the sbl and xbl domains. For everyone interested here is the link https://www.spamhaus.org/zen/ with more information.
How we can check multiple IPs blacklist at a single hit?
Any idea , please?
I think you must change the system to ‘post’. Because anyone can see the users IP address from the address bar and this is quite dangerous
@TecDeveloper: Good idea, i changed the form to post.
@msl-durgesh Maybe this could help or inspire (https://dnsbl.tebe.ch, https://github.com/tbreuss/dns-blacklist-check)
@tbreuss You should also remove all UceProtect RBLs
Reference:
https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html
https://www.linode.com/community/questions/2324/uceprotectnet-has-us-blacklisted
https://www.titanhq.com/blog/warning-ignore-pay-for-de-listing-blacklist-service/
https://community.spiceworks.com/topic/2170592-uceprotect-blacklist-scam
https://wordtothewise.com/2018/05/uceprotect-gdpr-fallout/
http://kontech.net/uceprotect-blacklist-scheme-2020/
Thanks @istiak101. I will go through your referencies and remove the UceProect RBLs.
Be aware: zen.spamhaus.org marks a lot of private ip adresses, which don't send out spam and fill out regular forms.
I would recommend using primarily uceprotect level 1, 2 and also 3.
Be aware: zen.spamhaus.org marks a lot of private ip adresses, which don't send out spam and fill out regular forms.
I would recommend using primarily uceprotect level 1, 2 and also 3.
you do know that uceprotect is even worst than spamhaus.
At least spamhaus has a usable delisting process and keeps its listings up to date.
Not to mention uceprotect charges for removal even if it is not your problem.
Hello.
The script works ok on A records, but actually due to my type of work i do not use A records but we add Name Servers. Can you please help me on how to change the script to work on NS.
Regards,
Mond
It works perfectly. Grete work
Thank You!
Hi. You should probably remove "relays.osirusoft.com".
Check here why (a little snippet "...Then he says he's going to blacklist 'the world' (aka, ban ...) to get his point across. Later on this evening, he apparently went ahead and did just that...").
Best regards,