Anope IRC Services

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: Test m_dnsbl  (Read 3547 times)

0 Members and 1 Guest are viewing this topic.

CrazyCat

  • Anope User
  • Offline Offline
  • Posts: 240
    • French Eggdrop community
Test m_dnsbl
« on: November 16, 2017, 01:27:51 PM »

Hello there,

I had configured this module, turn off hopm and now I'm waiting...
hopm (and bopm) had a check command, allowing to test IP, I used it to test my blacklists.

I didn't find any equivalent in anope, so how can I verify that it works well ?

Regards,
CrazyCat

CrazyCat

  • Anope User
  • Offline Offline
  • Posts: 240
    • French Eggdrop community
Re: Test m_dnsbl
« Reply #1 on: November 16, 2017, 02:06:14 PM »

Sorry, but I think there's an error in the wiki.


The m_dnsbl page gives the following configuration:
Code: [Select]
blacklist
        {
                /* Name of the blacklist. */
                name = "rbl.efnetrbl.org"
 
                /* How long to set the ban for. */
                time = 4h
 
                /* Reason for akill.
                 * %n is the nick of the user
                 * %u is the ident/username of the user
                 * %g is the realname of the user
                 * %h is the hostname of the user
                 * %i is the IP of the user
                 * %r is the reason (configured below). Will be nothing if not configured.
                 * %N is the network name set in networkinfo:networkname
                 */
                reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
 
                /* Replies to ban and their reason. If this is totally omitted all replies get banned. */
                1 = "Open Proxy"
                /* Don't ban for result 2 or 3 */
                #2 = "spamtrap666"
                #3 = "spamtrap50"
                4 = "TOR"
                5 = "Drones / Flooding"
        }
(similar to bopm.conf)

but in the last module.example.conf, the replies use the following syntax:
Code: [Select]
blacklist
        {
                /* Name of the blacklist. */
                name = "rbl.efnetrbl.org"

                /* How long to set the ban for. */
                time = 4h

                /* Reason for akill.
                 * %n is the nick of the user
                 * %u is the ident/username of the user
                 * %g is the realname of the user
                 * %h is the hostname of the user
                 * %i is the IP of the user
                 * %r is the reply reason (configured below). Will be nothing if not configured.
                 * %N is the network name set in networkinfo:networkname
                 */
                reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"

                /* Replies to ban and their reason. If no replies are configured, all replies get banned. */
                reply
                {
                        code = 1
                        reason = "Open Proxy"
                }

                #reply
                {
                        code = 2
                        reason = "spamtrap666"
                }

                #reply
                {
                        code = 3
                        reason = "spamtrap50"
                }

                reply
                {
                        code = 4
                        reason = "TOR"

                        /*
                         * If set, users identified to services at the time the result comes back
                         * will not be banned.
                         */
                        #allow_account = yes
                }

                reply
                {
                        code = 5
                        reason = "Drones / Flooding"
                }
        }

CrazyCat

  • Anope User
  • Offline Offline
  • Posts: 240
    • French Eggdrop community
Re: Test m_dnsbl
« Reply #2 on: November 20, 2017, 12:58:42 PM »

Sorry replying myself, but I think I misconfigured my blacklists.

I saw a suspect connexion but anope didn't kill it. So i launch hopm:
Quote
13:49:28 <CrazyCat> BlitzServ check WW.XX.YY.ZZ
13:49:28 <BlitzServ> CHECK -> Checking 'WW.XX.YY.ZZ' for open proxies on all scanners
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ does not appear in BL zone tor.dnsbl.sectoor.de
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ does not appear in BL zone dnsbl.swiftbl.net
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ does not appear in BL zone dnsbl.sorbs.net
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ appears in BL zone dnsbl.dronebl.org (SOCKS Proxy)
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ does not appear in BL zone rbl.efnet.org
13:49:58 <BlitzServ> CHECK -> All tests on WW.XX.YY.ZZ completed.

Here is my blacklist configuration using dronebl (I didn't copy the others blacklists here)
Code: [Select]
module
{
        name = "m_dnsbl"
        check_on_connect = yes
        check_on_netburst = no
        add_to_akill = yes
        blacklist
        {
                name = "dnsbl.dronebl.org"
                time = 4h
                reason = "%n, You have a host listed in the DroneBL. Visit http://dronebl.org/lookup_branded.do?ip=%i&network=Zeolia"
                reply
                {
                        code = 2
                        reason = "Sample"
                }
                reply
                {
                        code = 3
                        reason = "IRC Drone"
                }
                reply
                {
                        code = 5
                        reason = "Bottler"
                }
                reply
                {
                        code = 6
                        reason = "Unknown spambot or drone"
                }
                reply
                {
                        code = 7
                        reason = "DDOS Drone"
                }
                reply
                {
                        code = 8
                        reason = "SOCKS Proxy"
                }
                reply
                {
                        code = 9
                        reason = "HTTP Proxy"
                }
                reply
                {
                        code = 10
                        reason = "Proxychain"
                }
                reply
                {
                        code = 13
                        reason = "Brute force attackers"
                }
                reply
                {
                        code = 14
                        reason = "Open Wingate Proxy"
                }
                reply
                {
                        code = 15
                        reason = "Compromised router / gateway"
                }

        }
}
Did I do something wrong ?

Taylor

  • Contributor
  • *
  • Offline Offline
  • Posts: 100
Re: Test m_dnsbl
« Reply #3 on: November 20, 2017, 05:09:56 PM »

Do you have m_dns loaded?
Logged
Cronus
irc.cncirc.net
http://CnCIRC.net

CrazyCat

  • Anope User
  • Offline Offline
  • Posts: 240
    • French Eggdrop community
Re: Test m_dnsbl
« Reply #4 on: November 21, 2017, 08:14:37 AM »

Yes, I can see it in the /msg operserv modlist reply. And m_dnsbl is loaded too.
« Last Edit: November 27, 2017, 01:12:41 PM by CrazyCat »
Logged
Pages: [1]   Go Up