BOPM / DNSBL's

Talk about pretty much anything here, but DO NOT USE FOR SUPPORT.

Moderator: Supporters

arbiter
Posts: 10
Joined: Mon Feb 28, 2005 1:06 pm

BOPM / DNSBL's

Post by arbiter »

I found this BL zones usefull , take a look on their websites ferequently for their dns replies ..


****************************
dnsbl.sorbs.net
127.0.0.2 = "HTTP"
127.0.0.3 = "Socks"
127.0.0.4 = "misc"
****************************
dnsbl.ahbl.org
127.0.0.3 = "Open Proxy"
127.0.0.19 = "Open Proxy"
****************************
dnsbl.njabl.org
127.0.0.9 = "Open proxy"
****************************
bl.spamcop.net
127.0.0.2 = "Blocked"
****************************
dnsbl-1.uceprotect.net
127.0.0.2 = "Black Listed"


there are much more , but use them with care , some listed whole ISP's or they have old IP's in their lists .

if you like just to see who uses Open Proxy/Black Listed IP (in defined channel in conf file) and not Gline/Zline it , in kline part just put " " , e.g:
kline = " ";
there are some other ways , but needs code changing in scan.c dnsbl.c ...
Winbots
Posts: 65
Joined: Wed Apr 21, 2004 12:26 am
Location: irc://irc.winbots.org/Winbots
Contact:

Post by Winbots »

heh, I did this a while back... http://searchirc.com/boards/viewtopic.php?t=2499
Casey
Posts: 26
Joined: Sat Aug 26, 2006 12:38 pm

Post by Casey »

What are the best DNSBL to use be ?

and what other ones to use ?


dnsbl.sorbs.net
tor.dnsbl.sectoor.de
cbl.abuseat.org
dnsbl.njabl.org
list.dsbl.org
Node Rebellion DroneBL
AHBL - ircbl.ahbl.org / tor.ahbl.org
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe »

The best DNSBL's would be a matter of personal choice to be honest. So it really all depends on which ones work best for you and your network. So i would suggest giving them a trial period to see which ones give you the most false positives and then dont use those.
JanisB
Posts: 128
Joined: Fri Apr 22, 2005 9:05 am
Location: LV
Contact:

Post by JanisB »

dnsbl.sorbs.net sux, too many false positives, that wasn't checked again since 2002.

bl.spamcop.net - most common usage - DNSBL for mail, not for IRC.

cbl.abuseat.org - vewy-vewy good BlockList.
ircbl.ahbl.org - the same
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop »

AHBL is said to be ok.
opm.blitzed was good but is dead now, as you might know.

SORBS, NJABL, spamcop are ones I would never run, and probably nobody else should either[*]. Too many false positives (innocent users being banned), as mentioned by pretty much everyone who has used it :P.

The TOR blacklists can be a good addition as well. Haven't tried them. Be sure you use the correct replies though (see documentation of the blacklist), because some have the option to mark the whole subnet a TOR server is on as blacklisted, which is IMO a bad idea (server at 1.2.3.4 would also tag 1.2.3.5 as bad).

[*] You can still make BOPM send a notice or whatever instead of klining, if it matches such blacklists.
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe »

If you want information on the Tor black lists have a look at this thread: http://forums.unrealircd.com/viewtopic. ... =tor+dnsbl
Casey
Posts: 26
Joined: Sat Aug 26, 2006 12:38 pm

Post by Casey »

I've been gathering up some good DNSBL to use - seeing what is good and what not --- personal choice.


the ones to use

cbl.abuseat.org
ircbl.ahbl.org
tor.dnsbl.sectoor.de - exit server
DeadNotBuried
Posts: 44
Joined: Wed Mar 10, 2004 5:30 am
Location: irc.majestic-liaisons.com
Contact:

Post by DeadNotBuried »

personally i've found ABHL to give way more positives that real proxies, and have stopped using it, as they don't seem to do anything about dynamic ip addresses.

tor.dnsbl.sectoor.de also has exitnodes.tor.dnsbl.sectoor.de which just lists the exit nodes themselves without responding for the whole subnet/class
Majestic Liaisons Adult Chat - [url=irc://irc.majestic-liaisons.com:6667]IRC[/url] , Java
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe »

For the Tor DNSBL's you can chose whether to block the whole subnet or just the exit node depending on the response you get back from the DNSBL.
Capitaine
Posts: 27
Joined: Mon Apr 26, 2004 6:09 pm

Re: BOPM / DNSBL's

Post by Capitaine »

I stopped using sectoor.de BL today.... 98% of lookups were timed out.

Now switching to another one for testing.
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: BOPM / DNSBL's

Post by Stealth »

A list of DNSBLs I found the other day http://rbl.efnet.org
Oyarsa
Posts: 54
Joined: Wed Feb 14, 2007 12:35 pm
Location: irc.otherworlders.org
Contact:

Re:

Post by Oyarsa »

JanisB wrote:
cbl.abuseat.org - vewy-vewy good BlockList.

What are the responses for this one?
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Re:

Post by Jobe »

Oyarsa wrote:What are the responses for this one?
Goto http://cbl.abuseat.org/faq.html then scroll down to "DNSBL Setup Recommendations"
Your IP: Image
Your Country: Image
Oyarsa
Posts: 54
Joined: Wed Feb 14, 2007 12:35 pm
Location: irc.otherworlders.org
Contact:

Re: BOPM / DNSBL's

Post by Oyarsa »

This one looks like its meant more for email than for IRC though. Any false positives on this for those that are using it?
Locked