You are not logged in.

Pages: 1

#1 2017-03-12 6:50 pm

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,056

New DNS RBL is running for testing

I've been working on it a while while we feed data to Tornevall.  Whilst this worked well for a while, the queue of new data swamped poor Tomas and he had to move the feed method which was to pull the download files for the IP zones.

Well, today I finally managed to push the API to a new server (for testing) as wrapped it in a DNS RBL configuration.

It supports IP, email, username and emailhash lookups and is available at the rbl.stopforumspam.org DNS address

eg

IP address lookup.  You reserve the octets (or the 16 bit blocks for IPv6) and lookup like this

- testing for IP address 1.2.3.4

#nslookup 4.3.2.1.i.rbl.stopforumspam.org

Non-authoritative answer:
Name:   4.3.2.1.i.rbl.stopforumspam.org
Address: 127.64.22.43

- testing for IPv6 address 2001:41d0:52:d00:0000:def0:3333:4444

reverse the fully expanded 16 bit blocks

#nslookup 4444.3333.def0.0000.0d00.0052.41d0.2001.i.rbl.stopforumspam.org

Non-authoritative answer:
Name:   4444.3333.def0.0000.0d00.0052.41d0.2001.i.rbl.stopforumspam.org
Address: 127.1.31.1

- testing for email hash address retikiplo@yandex.com    (this is the md5 of the LOWER CASE of the email.  It must be converted to lower case prior to testing).  As with the HTTP API, no wildcard / domain blacklist is performed)

#nslookup 492ce9c78753b16092f0586275935ac4.h.rbl.stopforumspam.org

Non-authoritative answer:
Name:   492ce9c78753b16092f0586275935ac4.h.rbl.stopforumspam.org
Address: 127.255.0.100

username and email address testing is a little different.  As DNS is case insensitive and is limited to alphanumeric characters with restrictions, username and the username part of an email address must be converted to Base32 first.  The Base32 padding must not be passed

Examples (case insensitive, does not need to be case forced prior to testing)

- testing for xrumer@gmail.com

Base32 for xrumer is PBZHK3LFOI====== (using https://emn178.github.io/online-tools/b … ncode.html)

So test with PBZHK3LFOI.gmail.com.e.rbl.stopforumspam.org

#nslookup PBZHK3LFOI.gmail.com.e.rbl.stopforumspam.org

Non-authoritative answer:
Name:   PBZHK3LFOI.gmail.com.e.rbl.stopforumspam.org
Address: 127.255.0.100

- testing for username spam.xrumer.is.spam (which is Base32 - ONYGC3JOPBZHK3LFOIXGS4ZOONYGC3I=)

#nslookup ONYGC3JOPBZHK3LFOIXGS4ZOONYGC3I.u.rbl.stopforumspam.org

Non-authoritative answer:
Name:   ONYGC3JOPBZHK3LFOIXGS4ZOONYGC3I.u.rbl.stopforumspam.org
Address: 127.255.0.100

if there is no API hit found then you will get a NXDOMAIN result

If there is data to return then the format will be as follows

- If we use 127.255.0.100 as a result

127 = listed in the API
255 = number of records for the test, referred in the API as frequency (capped at 255)
0 = days since the last seen record (called at 255)
100 = confidence score, likelihood of the record being a spammer

- If we use 127.64.22.43 as a result

127 = listed in the API
64 = the data has been listed 64 times
22 = it has been 22 days since the record was last submitted
43 = 43% confidence score of the record being a spammer

Offline

Pages: 1

Board footer

Powered by FluxBB

Close
Close

About StopForumSpam

We provide details of those reported as spammers, those that persist in abusing forums and blogs with their scams, ripoffs, exploits and other annoyances. We provide these lists so that you don't have to endure the never ending job of having to moderate, filter and delete their rubbish.

We Are Social

Copyright © Stop Forum Spam. All rights reserved