harmacist/vichan
1
0
Fork 0
forked from GithubBackups/vichan
Code Pull Requests Activity
vichan/docs/config/dnsbl.md

55 lines
2.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

DNS Blacklists (DNSBL)
======================
To further prevent spam and abuse, you can use DNS blacklists (DNSBL). A DNSBL is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time.
By default, Tinyboard checks all addresses against just one blacklist:
```
tor.dnsbl.sectoor.de
```
This prevents Tor exit nodes from making posts and is recommended as a large majority of abuse comes from Tor because of the strong anonymity associated with it.
You can add more blacklists by [putting them in your configuration](../config.md). You should refer to the blacklists documentation to figure out which responses you wish to block.
```php
// Block "127.0.0.2" responses from this blacklist.
$config['dnsbl'][] = array('bl.spamcannibal.org', 2);
// This does exactly the same thing as above:
// $config['dnsbl'][] = array('bl.spamcannibal.org', array(2));
// $config['dnsbl'][] = array('bl.spamcannibal.org', '127.0.0.2');
// Block "127.0.0.8" and "127.0.0.9" responses from this blacklist.
$config['disbl'][] = array('dnsbl.dronebl.org', array(8, 9));
// Determine whether or not to block listed users with an anonymous function (PHP 5.3.0+)
// This is especially relevant if you plan to use Http:BL.
$config['dnsbl'][] = array('<your access key>.%.dnsbl.httpbl.org', function($ip) {
$octets = explode('.', $ip);
// days since last activity
if ($octets[1] > 14)
return false;
// "threat score" (http://www.projecthoneypot.org/threat_info.php)
if ($octets[2] < 5)
return false;
return true;
}, 'dnsbl.httpbl.org'); // hide our access key
// Just block anything listed in here (ie. not NXDOMAIN)
$config['dnsbl'][] = 'another.blacklist.net';
```
See [here](https://web.archive.org/web/20121003095945/http://www.dnsbl.info/dnsbl-list.php) for a larger list of blacklists.
This syntax for configuring DNSBL servers was stolen (with permission) from [Frank Usrs](https://web.archive.org/web/20121003095945/mailto:frankusrs@gmail.com).
Exceptions
----------
To combat false positives, administrators can add “exceptions” to these lists, meaning that certain IP addresses will skip the DNSBL check entirely.
```php
$config['dnsbl_exceptions'][] = '8.8.8.8';
$config['dnsbl_exceptions'][] = '55.55.55.55';
```
View Git Blame Copy Permalink