I've been speaking lately with folks from Spamhaus about anti spam measure in YOURLS and a YOURLS plugin for this. Currently the #1 result in Google for "spamhaus PHP" is a post on Lockergnome which gets it totally wrong and provides a script that does not work, so here is a PHP script that does work.
This script checks a URL (its domain part, in fact) against the 3 major black lists: Spamhaus, SURBL and URIBL.
The script:
- /**
- * Check a URL against the 3 major blacklists
- *
- * @param string $url The URL to check
- * @return mixed true if blacklisted, false if not blacklisted, 'malformed' if URL looks weird
- */
- function ozh_is_blacklisted( $url ) {
- $parsed = parse_url( $url );
- if( !isset( $parsed['host'] ) )
- return 'malformed';
- // Remove www. from domain (but not from www.com)
- $parsed['host'] = preg_replace( '/^www\.(.+\.)/i', '$1', $parsed['host'] );
- // The 3 major blacklists
- $blacklists = array(
- 'zen.spamhaus.org',
- 'multi.surbl.org',
- 'black.uribl.com',
- );
- // Check against each black list, exit if blacklisted
- foreach( $blacklists as $blacklist ) {
- $domain = $parsed['host'] . '.' . $blacklist;
- $record = dns_get_record( $domain );
- if( count( $record ) > 0 )
- return true;
- }
- // All clear, probably not spam
- return false;
- }
Usage:
- if( ozh_is_blacklisted( $url ) ) {
- // do something brutal (eg die() your script, yell at user, etc...)
- }
- // all is fine *for today*, do your regular stuff.
- // This said, it'd be nice to recheck every couple of days
Feel free to steal.
Shorter URL
Want to share or tweet this post? Please use this short URL: http://ozh.in/vk
thought, on 24/Nov/12 at 6:50 pm # :
So, is this plugin available? I just got YOURLS set up last night. LOVE it.
replied, on 25/Nov/12 at 10:21 pm # :
Daniel Johnson, Jr. » It is. Check the official plugin list
said, on 27/Dec/12 at 7:28 pm # :
Great work. But Spamhaus says you need to reverse the IP, I don't see where your code does that. (FYI: http://www.spamhaus.org/faq/section/DNSBL%20Usage#252) Also, ZEN checks the PBL which should not be used to determine if an IP address belongs to a spammer. The query result needs to be parsed to see if the IP is on the SBL or XBL only.
commented, on 27/Dec/12 at 9:11 pm # :
JP » Yep you're right. I should update the code. Fancy doing it? :)
said, on 27/Dec/12 at 10:19 pm # :
I'm not familiar with SURBL and URIBL, but I'll try. I'll focus on Spamhaus because I was already working on a MyBB plugin for it. It will take a few days, in the meantime here's how to take the IP and reverse it for Spamhaus:
thought, on 28/Dec/12 at 4:55 pm # :
OK, I might be wrong but it may have been easier than I thought. Spamhaus and URIBL both return 127.0.0.2 if the IP address is on their blacklist. I'm not sure about SURBL but it may be the same. I was not able to test this. Could you test and let me know?
wrote, on 28/Dec/12 at 5:14 pm # :
JP » The thing is, except Spamhaus, I don't think you're supposed to reverse IPs, yet your code does it for all providers :)
wrote, on 28/Dec/12 at 6:10 pm # :
Ozh, you have to reverse IP for all three.
http://www.uribl.com/about.shtml#implementation
http://www.surbl.org/guidelines
http://www.spamhaus.org/faq/section/DNSBL%20Usage#252
replied, on 28/Dec/12 at 7:47 pm # :
JP » Oh yeah, sorry, I mixed up things. Your script is very fine for checking IPs (like, before accepting mail for instance) but this doesn't work well for web spam since a domain can be blacklisted (evil.com) but the IP it's hosted on can be clear (201.202.203.204 shared hosting with lots of clean sites), or the other way round