You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-03-12 6:50 pm
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,076
New DNS RBL is running for testing
I've been working on it a while while we feed data to Tornevall. Whilst this worked well for a while, the queue of new data swamped poor Tomas and he had to move the feed method which was to pull the download files for the IP zones.
Well, today I finally managed to push the API to a new server (for testing) as wrapped it in a DNS RBL configuration.
It supports IP, email, username and emailhash lookups and is available at the rbl.stopforumspam.org DNS address
eg
IP address lookup. You reserve the octets (or the 16 bit blocks for IPv6) and lookup like this
- testing for IP address 1.2.3.4
#nslookup 4.3.2.1.i.rbl.stopforumspam.org
Non-authoritative answer:
Name: 4.3.2.1.i.rbl.stopforumspam.org
Address: 127.64.22.43
- testing for IPv6 address 2001:41d0:52:d00:0000:def0:3333:4444
reverse the fully expanded 16 bit blocks
#nslookup 4444.3333.def0.0000.0d00.0052.41d0.2001.i.rbl.stopforumspam.org
Non-authoritative answer:
Name: 4444.3333.def0.0000.0d00.0052.41d0.2001.i.rbl.stopforumspam.org
Address: 127.1.31.1
- testing for email hash address retikiplo@yandex.com (this is the md5 of the LOWER CASE of the email. It must be converted to lower case prior to testing). As with the HTTP API, no wildcard / domain blacklist is performed)
#nslookup 492ce9c78753b16092f0586275935ac4.h.rbl.stopforumspam.org
Non-authoritative answer:
Name: 492ce9c78753b16092f0586275935ac4.h.rbl.stopforumspam.org
Address: 127.255.0.100
username and email address testing is a little different. As DNS is case insensitive and is limited to alphanumeric characters with restrictions, username and the username part of an email address must be converted to Base32 first. The Base32 padding must not be passed
Examples (case insensitive, does not need to be case forced prior to testing)
- testing for xrumer@gmail.com
Base32 for xrumer is PBZHK3LFOI====== (using https://emn178.github.io/online-tools/b … ncode.html)
So test with PBZHK3LFOI.gmail.com.e.rbl.stopforumspam.org
#nslookup PBZHK3LFOI.gmail.com.e.rbl.stopforumspam.org
Non-authoritative answer:
Name: PBZHK3LFOI.gmail.com.e.rbl.stopforumspam.org
Address: 127.255.0.100
- testing for username spam.xrumer.is.spam (which is Base32 - ONYGC3JOPBZHK3LFOIXGS4ZOONYGC3I=)
#nslookup ONYGC3JOPBZHK3LFOIXGS4ZOONYGC3I.u.rbl.stopforumspam.org
Non-authoritative answer:
Name: ONYGC3JOPBZHK3LFOIXGS4ZOONYGC3I.u.rbl.stopforumspam.org
Address: 127.255.0.100
if there is no API hit found then you will get a NXDOMAIN result
If there is data to return then the format will be as follows
- If we use 127.255.0.100 as a result
127 = listed in the API
255 = number of records for the test, referred in the API as frequency (capped at 255)
0 = days since the last seen record (called at 255)
100 = confidence score, likelihood of the record being a spammer
- If we use 127.64.22.43 as a result
127 = listed in the API
64 = the data has been listed 64 times
22 = it has been 22 days since the record was last submitted
43 = 43% confidence score of the record being a spammer
Offline
Pages: 1