BOPM / DNSBL's

Talk about pretty much anything here, but DO NOT USE FOR SUPPORT.

Moderator: Supporters

arbiter
Posts: 10
Joined: Mon Feb 28, 2005 1:06 pm

BOPM / DNSBL's

Post by arbiter » Mon Mar 14, 2005 8:46 am

I found this BL zones usefull , take a look on their websites ferequently for their dns replies ..


****************************
dnsbl.sorbs.net
127.0.0.2 = "HTTP"
127.0.0.3 = "Socks"
127.0.0.4 = "misc"
****************************
dnsbl.ahbl.org
127.0.0.3 = "Open Proxy"
127.0.0.19 = "Open Proxy"
****************************
dnsbl.njabl.org
127.0.0.9 = "Open proxy"
****************************
bl.spamcop.net
127.0.0.2 = "Blocked"
****************************
dnsbl-1.uceprotect.net
127.0.0.2 = "Black Listed"


there are much more , but use them with care , some listed whole ISP's or they have old IP's in their lists .

if you like just to see who uses Open Proxy/Black Listed IP (in defined channel in conf file) and not Gline/Zline it , in kline part just put " " , e.g:
kline = " ";
there are some other ways , but needs code changing in scan.c dnsbl.c ...

Winbots
Posts: 65
Joined: Wed Apr 21, 2004 12:26 am
Location: irc://irc.winbots.org/Winbots
Contact:

Post by Winbots » Mon Mar 14, 2005 8:56 pm

heh, I did this a while back... http://searchirc.com/boards/viewtopic.php?t=2499

Casey
Posts: 26
Joined: Sat Aug 26, 2006 12:38 pm

Post by Casey » Wed Sep 27, 2006 11:33 am

What are the best DNSBL to use be ?

and what other ones to use ?


dnsbl.sorbs.net
tor.dnsbl.sectoor.de
cbl.abuseat.org
dnsbl.njabl.org
list.dsbl.org
Node Rebellion DroneBL
AHBL - ircbl.ahbl.org / tor.ahbl.org

Jobe1986
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe1986 » Wed Sep 27, 2006 12:34 pm

The best DNSBL's would be a matter of personal choice to be honest. So it really all depends on which ones work best for you and your network. So i would suggest giving them a trial period to see which ones give you the most false positives and then dont use those.

JanisB
Posts: 128
Joined: Fri Apr 22, 2005 9:05 am
Location: LV
Contact:

Post by JanisB » Wed Sep 27, 2006 5:31 pm

dnsbl.sorbs.net sux, too many false positives, that wasn't checked again since 2002.

bl.spamcop.net - most common usage - DNSBL for mail, not for IRC.

cbl.abuseat.org - vewy-vewy good BlockList.
ircbl.ahbl.org - the same

Syzop
UnrealIRCd head coder
Posts: 1875
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Wed Sep 27, 2006 6:31 pm

AHBL is said to be ok.
opm.blitzed was good but is dead now, as you might know.

SORBS, NJABL, spamcop are ones I would never run, and probably nobody else should either[*]. Too many false positives (innocent users being banned), as mentioned by pretty much everyone who has used it :P.

The TOR blacklists can be a good addition as well. Haven't tried them. Be sure you use the correct replies though (see documentation of the blacklist), because some have the option to mark the whole subnet a TOR server is on as blacklisted, which is IMO a bad idea (server at 1.2.3.4 would also tag 1.2.3.5 as bad).

[*] You can still make BOPM send a notice or whatever instead of klining, if it matches such blacklists.

Jobe1986
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe1986 » Wed Sep 27, 2006 7:02 pm

If you want information on the Tor black lists have a look at this thread: http://forums.unrealircd.com/viewtopic. ... =tor+dnsbl

Casey
Posts: 26
Joined: Sat Aug 26, 2006 12:38 pm

Post by Casey » Wed Sep 27, 2006 10:00 pm

I've been gathering up some good DNSBL to use - seeing what is good and what not --- personal choice.


the ones to use

cbl.abuseat.org
ircbl.ahbl.org
tor.dnsbl.sectoor.de - exit server

DeadNotBuried
Posts: 44
Joined: Wed Mar 10, 2004 5:30 am
Location: irc.majestic-liaisons.com
Contact:

Post by DeadNotBuried » Thu Sep 28, 2006 11:38 am

personally i've found ABHL to give way more positives that real proxies, and have stopped using it, as they don't seem to do anything about dynamic ip addresses.

tor.dnsbl.sectoor.de also has exitnodes.tor.dnsbl.sectoor.de which just lists the exit nodes themselves without responding for the whole subnet/class
Majestic Liaisons Adult Chat - [url=irc://irc.majestic-liaisons.com:6667]IRC[/url] , Java

Jobe1986
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe1986 » Thu Sep 28, 2006 12:53 pm

For the Tor DNSBL's you can chose whether to block the whole subnet or just the exit node depending on the response you get back from the DNSBL.

Capitaine
Posts: 27
Joined: Mon Apr 26, 2004 6:09 pm

Re: BOPM / DNSBL's

Post by Capitaine » Fri Aug 17, 2007 12:30 pm

I stopped using sectoor.de BL today.... 98% of lookups were timed out.

Now switching to another one for testing.

Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: BOPM / DNSBL's

Post by Stealth » Fri Aug 17, 2007 6:29 pm

A list of DNSBLs I found the other day http://rbl.efnet.org

Oyarsa
Posts: 54
Joined: Wed Feb 14, 2007 12:35 pm
Location: irc.otherworlders.org
Contact:

Re:

Post by Oyarsa » Fri Aug 17, 2007 9:17 pm

JanisB wrote:
cbl.abuseat.org - vewy-vewy good BlockList.

What are the responses for this one?

Jobe1986
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Re:

Post by Jobe1986 » Sat Aug 18, 2007 1:25 am

Oyarsa wrote:What are the responses for this one?
Goto http://cbl.abuseat.org/faq.html then scroll down to "DNSBL Setup Recommendations"
Your IP: Image

Oyarsa
Posts: 54
Joined: Wed Feb 14, 2007 12:35 pm
Location: irc.otherworlders.org
Contact:

Re: BOPM / DNSBL's

Post by Oyarsa » Sat Aug 18, 2007 1:40 am

This one looks like its meant more for email than for IRC though. Any false positives on this for those that are using it?

Post Reply