DNSBL v4 (Update)

By TophBeiFong on Jan 22, 2010

Screenshots

This allows you to scan incoming connects on your IRC network and checks if they are blacklisted, you can set up to 6 dnsbl hosts name
IRCOP is Required
Ban method: G-Line

command to open: /dnsblset

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;this was made by TophBeiFong;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

alias dnsblset { 
  dialog -m dnsblset dnsblset
}
dialog dnsblset {
  title "DNSBL settings v4.0 by TophBeiFong"
  size -1 -1 245 200
  edit "", 1, 70 20 160 20
  edit "", 2, 70 40 160 20
  edit "", 3, 70 60 160 20
  edit "", 4, 70 80 160 20
  edit "", 5, 70 100 160 20
  edit "", 6, 70 120 160 20
  text "Host 1", 7, 20 20 40 20
  text "Host 2", 8, 20 40 40 20
  text "Host 3", 9, 20 60 40 20
  text "Host 4", 10, 20 80 40 20
  text "Host 5", 11, 20 100 40 20
  text "Host 6", 12, 20 120 40 20
  button "OFF", 13, 20 140 50 20
  button "ON", 14, 70 140 50 20
  text "", 15, 127 143 100 20
  button "Save settings", 16, 20 160 100 20
}

on *:DIALOG:dnsblset:sclick:13: {
  disable #dnsbl
}
on *:DIALOG:dnsblset:sclick:14: {
  enable #dnsbl
}
on *:DIALOG:dnsblset:sclick:16: {
  set %dnsbl1 $did(1)
  set %dnsbl2 $did(2)
  set %dnsbl3 $did(3)
  set %dnsbl4 $did(4)
  set %dnsbl5 $did(5)
  set %dnsbl6 $did(6)
  dialog -x dnsblset 

}
on *:DIALOG:dnsblset:*:*: {
  if ($devent == init) {
    did -a dnsblset 15 $iif($group(#dnsbl).status iswm on, Status: Enabled, Status: Disabled) 
    did -a dnsblset 1 %dnsbl1
    did -a dnsblset 2 %dnsbl2
    did -a dnsblset 3 %dnsbl3
    did -a dnsblset 4 %dnsbl4
    did -a dnsblset 5 %dnsbl5
    did -a dnsblset 6 %dnsbl6

  } 
}

#dnsbl on
on 1:snotice:*Client connecting*:{
  whois $9
}
raw 378:*:{ 
  set %RBLdns.ip $7 
  var %dnsC1 $+($gettok($7,4,46),.,$gettok($7,3,46),.,$gettok($7,2,46),.,$gettok($7,1,46),)
  var %dnsC2 $+($gettok($7,4,46),.,$gettok($7,3,46),.,$gettok($7,2,46),.,$gettok($7,1,46),)
  var %dnsC3 $+($gettok($7,4,46),.,$gettok($7,3,46),.,$gettok($7,2,46),.,$gettok($7,1,46),)
  var %dnsC4 $+($gettok($7,4,46),.,$gettok($7,3,46),.,$gettok($7,2,46),.,$gettok($7,1,46),)
  var %dnsC5 $+($gettok($7,4,46),.,$gettok($7,3,46),.,$gettok($7,2,46),.,$gettok($7,1,46),)
  var %dnsC6 $+($gettok($7,4,46),.,$gettok($7,3,46),.,$gettok($7,2,46),.,$gettok($7,1,46),)
  dns %dnsC1 $+ . $+ %dnsbl1
  dns %dnsC2 $+ . $+ %dnsbl2
  dns %dnsC3 $+ . $+ %dnsbl3
  dns %dnsC4 $+ . $+ %dnsbl4
  dns %dnsC5 $+ . $+ %dnsbl5
  dns %dnsC6 $+ . $+ %dnsbl6

}
On 1:DNS: { 
  if ($dns(0)) { gline *@ $+ %RBLdns.ip 14h Your IP is blacklisted } 
}

#dnsbl end

TophBeiFong

Like Page Follow Author

Comments

Sign in to comment.
master_zwerg   -  May 03, 2011

Hi
I had since mal ne question and although can man who tells me e.g. 127.0.0.1 is a friend create A friend of ip list. Because I have a problem that my server ip 62.112 running the BNC and according to a black list of the 62.112 is only the last three numbers in the blacklist

 Respond  
PiRATi   -  Mar 04, 2011

Hello. What command will be for AUTOKILL for CR servers? This doesnt work : On 1:DNS: {
if ($dns(0)) { gline *@ $+ %RBLdns.ip 14h Your IP is blacklisted }
}

 Respond  
TophBeiFong   -  Feb 04, 2011

Updated

 Respond  
master_zwerg   -  Jan 17, 2011

I regret to say that a small macke has the addon, the bans all IP addresses. and even the changes brought nothing because I be bannt been am.
what times a better version?

Z.B.
on 1:snotice:Client connecting:{
whois $9
}
raw 340::{
set %dns.ip $1-
tokenize 46 %dns.ip
.dns $+($4,.,$3,.,$2,.,$1,.dnsbl.dronebl.org)
}
On 1:DNS: {
if ($dns(0)) {
tokenize 46 $address
zline $+(@,$4,.,$3,.,$2,.,$1) - Unauthorized Connection, Your Ip Is Blacklisted
}
}
unset %dns.ip
unset %*.ip
}

or is this False ???

 Respond  
FordLawnmower   -  Feb 12, 2010

I noticed this also Gummo, but since most of my suggestions were falling on deaf ears, I didn't bother to go into it. Using a variable for something like this will never work and was never needed because you have $address. The on dns should look more like this:

On 1:DNS: {
  if ($dns(0)) {
    tokenize 46 $address 
    zline $+(*@,$4,.,$3,.,$2,.,$1) - Unauthorized Connection, Your Ip Is Blacklisted
  }
}

IMO this script should still be using /userip instead of /whois and the output should still be suppressed by using #groups and haltdef. All stuff I already said in the other 10 comments I made on this post that were deleted ;/

 Respond  
Gummo   -  Feb 12, 2010 
tokenize 46 $7
var %dronebl.ip $+($4,.,$3,.,$2,.,$1,.dnsbl.dronebl.org)

Also, you seem to be z:lining the saved address after /dns. That's probably a bad idea because:

  1. If you get another /dns response before the one you want, you'll z:line the address regardless of whether it's a proxy.
  2. If you do a /dns without having the variable set, you'll z:line @ which should go to @* and ban everyone on the network.

You should check that the variable is equal to the DNS returned with $dns(N).ip

 Respond  
TophBeiFong   -  Jan 28, 2010

i add 4 new DNSBL's they work really good too :) more protection for Your Servers :3

 Respond  
TophBeiFong   -  Jan 24, 2010

well you can ask the other owner of the network to use the script

 Respond  
Gemster   -  Jan 24, 2010

Well my network has a few servers and hideserver mod to disable /map and /links. This meens we dont see global snotices only local. So i guess this would be good on single servers not networks.

Gemster

 Respond  
Midnight_Lynx   -  Jan 24, 2010

Looks good Alex, Even though its complicated looking to me lol.

 Respond  
FordLawnmower   -  Jan 23, 2010

The script is much better now TophBeiFong :)

I would, however, suggest using /userip and raw 340 instead of using /whois

In raw 340 this -->> $gettok($1-,2,64) <<-- will be the ip address
So if you changed whois to userip, you would need a raw 340 something like this.

raw 340:*:{
  set %dns.ip $1-
  tokenize 46 %dns.ip
  .dns $+($4,.,$3,.,$2,.,$1,.dnsbl.dronebl.org)
}

You should also #group the On DNS and raw 340 and enable/disable them when this script is inuse/notinuse. If you don't group the events, they will trigger when you don't want them to.

After you group them, I would suggest adding haltdef at the top of the events to save resources.

Much better script now though TophBeiFong. Good work :)

By the way, imo, you should take a little more time and consideration when making a decision to delete someones comments. Some people spend more time on their comments then you did on the original script you posted. A lot of the comments you deleted could have been very useful to others browsing this site and looking for an answer to a specific question.

While I still don't like people putting giant code blocks on my posts, this was a lesson I also had to learn.

 Respond  
TophBeiFong   -  Jan 23, 2010

@FordLawnmower
so if i use that /dns thing you gave well it be fine to use as a script? its not socking

 Respond  
napa182   -  Jan 22, 2010

lol they dont like you much TophBeiFong

@FordLawnmower no problem yeah i wouldn't use it for an on connect event

but only on ip's that the BOPM let in that i thought were iffy.

 Respond  
FordLawnmower   -  Jan 22, 2010

Yea, I'm sure it's allowed. It's no different than visiting the site.
I was just referencing the script that is posted here which checks everyone who connects to the server.
Obviously, in the case of an on connect script, it would just be plain rude to abuse a wonderful free service like this by using their bandwidth for no reason. Plus dns is almost instant.

Sorry for any confusion napa182, I wasn't responding to your comment. I Only just now read your comment with the trigger suggestion. I saw this post right after sunslayers first comment and I went out to dinner and didn't refresh the page when I got back.

 Respond  
Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.