views:

101

answers:

1

Is there any way to use PHP code to query a DNSBL (block list) provider and find out if the IP address submitted is a bad actor?

I would like to take an existing IP address out of a registration database, then check whether it's a known block-listed IP address by performing a lookup on it, then if it's a blacklisted, do an action on it (such as, delete entry from registration database).

Most of the instructions I have seen assume you are trying to query the blocklist via a mail server, which I can't do. I tried querying via web browser by typing in queries such as "58.64.xx.xxx.dnsbl.sorbs.net" but that didn't work.

+1  A: 

There are a bunch of examples for this available in the php manual starting at this comment

http://www.php.net/manual/en/function.checkdnsrr.php#72297

Mark
Thanks for the lead! The one I was able to get working is the function called "is_blacklisted($ip)". If you use it, it needs to be updated to include current DNSBL servers (one of the three listed is defunct). I updated my list to include (so far) 24 DNSBL servers, and I plan to keep track of which ones yield "true positive" hits on spammers and remove those that are useless to me. So far, some promising ones include blackholes.five-ten-sg.com, dnsbl-3.uceprotect.com, web.dnsbl.sorbs.net, and b.barracudacentral.com.
55skidoo
PS. This is a good site for evaluating DNSBLs: http://www.dnsbl.info/dnsbl-database-check.php
55skidoo