php check if users ip address is blacklisted and block it from my application

Question

I want write a php function that takes the user's ip address, checks it against known blacklists and redirects users from blacklisted ip addresses to a default "Access Forbidden" page. I only want to allow access to my home page to users from IP addresses that have not been blacklisted. Can anyone help? Here's what I have so far.

<?php

$ip=$_SERVER["REMOTE_ADDR"];

function flush_buffers()
{ 
    ini_set('output_buffering','on');
    ini_set('zlib.output_compression', 0);
    ini_set('implicit_flush',1);
    ob_implicit_flush();

    echo ("<html><head><head><body>");
    for($i=0;$i<20;$i++) {
        echo $i;
        echo str_repeat(" ", 500);
        ob_flush();
        flush();
        sleep(1);
    }
}

function dnsbllookup($ip)
{
    $dnsbl_lookup=array(
    "access.redhawk.org",
    "b.barracudacentral.org",
    "bl.csma.biz",
    "bl.emailbasura.org",
    "bl.spamcannibal.org",
    "bl.spamcop.net",
    "bl.technovision.dk",
    "blackholes.five-ten-sg.com",
    "blackholes.wirehub.net",
    "blacklist.sci.kun.nl",
    "block.dnsbl.sorbs.net",
    "blocked.hilli.dk",
    "bogons.cymru.com",
    "cart00ney.surriel.com",
    "cbl.abuseat.org",
    "dev.null.dk",
    "dialup.blacklist.jippg.org",
    "dialups.mail-abuse.org",
    "dialups.visi.com",
    "dnsbl.ahbl.org",
    "dnsbl.antispam.or.id",
    "dnsbl.cyberlogic.net",
    "dnsbl.kempt.net",
    "dnsbl.njabl.org",
    "dnsbl.sorbs.net",
    "dnsbl-1.uceprotect.net",
    "dnsbl-2.uceprotect.net",
    "dnsbl-3.uceprotect.net",
    "duinv.aupads.org",
    "dul.dnsbl.sorbs.net",
    "dul.ru",
    "escalations.dnsbl.sorbs.net",
    "hil.habeas.com",
    "http.dnsbl.sorbs.net",
    "intruders.docs.uu.se",
    "ips.backscatterer.org",
    "korea.services.net",
    "mail-abuse.blacklist.jippg.org",
    "misc.dnsbl.sorbs.net",
    "msgid.bl.gweep.ca",
    "new.dnsbl.sorbs.net",
    "no-more-funn.moensted.dk",
    "old.dnsbl.sorbs.net",
    "pbl.spamhaus.org",
    "proxy.bl.gweep.ca",
    "psbl.surriel.com",
    "pss.spambusters.org.ar",
    "rbl.schulte.org",
    "rbl.snark.net",
    "recent.dnsbl.sorbs.net",
    "relays.bl.gweep.ca",
    "relays.bl.kundenserver.de",
    "relays.mail-abuse.org",
    "relays.nether.net",
    "rsbl.aupads.org",
    "sbl.spamhaus.org",
    "smtp.dnsbl.sorbs.net",
    "socks.dnsbl.sorbs.net",
    "spam.dnsbl.sorbs.net",
    "spam.olsentech.net",
    "spamguard.leadmon.net",
    "spamsources.fabel.dk",
    "tor.ahbl.org",
    "web.dnsbl.sorbs.net",
    "whois.rfc-ignorant.org",
    "xbl.spamhaus.org",
    "zen.spamhaus.org",
    "zombie.dnsbl.sorbs.net",
    "bl.tiopan.com",
    "dnsbl.abuse.ch",
    "tor.dnsbl.sectoor.de",
    "ubl.unsubscore.com",
    "cblless.anti-spam.org.cn",
    "dnsbl.tornevall.org",
    "dnsbl.anticaptcha.net",
    "dnsbl.dronebl.org"
    ); // Add your preferred list of DNSBL's
    $AllCount = count($dnsbl_lookup);
    $BadCount = 0;
    if($ip)
    {
        $reverse_ip = implode(".", array_reverse(explode(".", $ip)));
        foreach($dnsbl_lookup as $host)
        {
            if(checkdnsrr($reverse_ip.".".$host.".", "A"))
            {
//                echo "<span color='#339933'>Listed on ".$reverse_ip.'.'.$host."!</span><br/>";
                flush_buffers();
                $BadCount++;
            }
            else
            {
//                echo "Not listed on ".$reverse_ip.'.'.$host."!<br/>";
                flush_buffers();
            }
        }
    }
    else
    {
//        echo "Empty ip!<br/>";
        flush_buffers();
    }

//    echo "This ip has ".$BadCount." bad listings of ".$AllCount."!<br/>";

    flush_buffers();

    if($BadCount==0)
    {
        include("index.php");
    }
    else
    {
        include("default.htm");
    }

}

if(preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/",@$ip) == true)
{
    dnsbllookup($ip);
}?>

@Barmar his problem in the dnsbllookup function. i used the same function some time ago and ANY ip was marked as blacklisted. so nobody will open his site as not blacklisted. — diavolic, Aug 25 '17 at 02:15
It looks like `flush_buffers` creates invalid HTML. Every time you call that it sends ``. But it never sends the closing tags. — Barmar, Aug 25 '17 at 08:51
@diavolic - did you come up with a solution when you encountered the problem? — buckibooster, Aug 26 '17 at 11:37

score 2 · Answer 1 · answered Feb 03 '18 at 05:19

the real problem with this is how long it takes.

Made a few changes to show what I mean

average time 60 seconds and that is a long time to wait at a website

<?php

$ip=$_SERVER["REMOTE_ADDR"];
$tstart=time();
echo $ip."<BR>";

function flush_buffers()
{ 
    ini_set('output_buffering','on');
    //ini_set('zlib.output_compression', 0);
    ini_set('implicit_flush',1);
    ob_implicit_flush();

    //echo ("<html><head><head><body>");
    for($i=0;$i<20;$i++) {
       // echo $i;
        echo str_repeat(" ", 500);
        ob_flush();
        flush();
       // sleep(1);
    }
}

function dnsbllookup($ip)
{
    $dnsbl_lookup=array(
    "access.redhawk.org",
    "b.barracudacentral.org",
    "bl.csma.biz",
    "bl.emailbasura.org",
    "bl.spamcannibal.org",
    "bl.spamcop.net",
    "bl.technovision.dk",
    "blackholes.five-ten-sg.com",
    "blackholes.wirehub.net",
    "blacklist.sci.kun.nl",
    "block.dnsbl.sorbs.net",
    "blocked.hilli.dk",
    "bogons.cymru.com",
    "cart00ney.surriel.com",
    "cbl.abuseat.org",
    "dev.null.dk",
    "dialup.blacklist.jippg.org",
    "dialups.mail-abuse.org",
    "dialups.visi.com",
    "dnsbl.ahbl.org",
    "dnsbl.antispam.or.id",
    "dnsbl.cyberlogic.net",
    "dnsbl.kempt.net",
    "dnsbl.njabl.org",
    "dnsbl.sorbs.net",
    "dnsbl-1.uceprotect.net",
    "dnsbl-2.uceprotect.net",
    "dnsbl-3.uceprotect.net",
    "duinv.aupads.org",
    "dul.dnsbl.sorbs.net",
    "dul.ru",
    "escalations.dnsbl.sorbs.net",
    "hil.habeas.com",
    "http.dnsbl.sorbs.net",
    "intruders.docs.uu.se",
    "ips.backscatterer.org",
    "korea.services.net",
    "mail-abuse.blacklist.jippg.org",
    "misc.dnsbl.sorbs.net",
    "msgid.bl.gweep.ca",
    "new.dnsbl.sorbs.net",
    "no-more-funn.moensted.dk",
    "old.dnsbl.sorbs.net",
    "pbl.spamhaus.org",
"zen.spamhaus.org",
    "proxy.bl.gweep.ca",
    "psbl.surriel.com",
    "pss.spambusters.org.ar",
    "rbl.schulte.org",
    "rbl.snark.net",
    "recent.dnsbl.sorbs.net",
    "relays.bl.gweep.ca",
    "relays.bl.kundenserver.de",
    "relays.mail-abuse.org",
    "relays.nether.net",
    "rsbl.aupads.org",
    "sbl.spamhaus.org",
    "smtp.dnsbl.sorbs.net",
    "socks.dnsbl.sorbs.net",
    "spam.dnsbl.sorbs.net",
    "spam.olsentech.net",
    "spamguard.leadmon.net",
    "spamsources.fabel.dk",
    "tor.ahbl.org",
    "web.dnsbl.sorbs.net",
    "whois.rfc-ignorant.org",
    "xbl.spamhaus.org",
    "zen.spamhaus.org",
    "zombie.dnsbl.sorbs.net",
    "bl.tiopan.com",
    "dnsbl.abuse.ch",
    "tor.dnsbl.sectoor.de",
    "ubl.unsubscore.com",
    "cblless.anti-spam.org.cn",
    "dnsbl.tornevall.org",
    "dnsbl.anticaptcha.net",
    "dnsbl.dronebl.org"
    ); // Add your preferred list of DNSBL's
    $AllCount = count($dnsbl_lookup);
    $BadCount = 0;
    if($ip)
    {
        $reverse_ip = implode(".", array_reverse(explode(".", $ip)));
        foreach($dnsbl_lookup as $host)
        {
            if(checkdnsrr($reverse_ip.".".$host.".", "A"))
            {
               echo "<span color='#339933'>Listed on ".$reverse_ip.'.'.$host."!</span><br/>";
                flush_buffers();
                $BadCount++;
            }
            else
            {
//                echo "Not listed on ".$reverse_ip.'.'.$host."!<br/>";
                flush_buffers();
            }
        }
    }
    else
    {
//        echo "Empty ip!<br/>";
        flush_buffers();
    }

  echo "This ip has ".$BadCount." bad listings of ".$AllCount."!<br/>";

    flush_buffers();

    if($BadCount==0)
    {
   //     include("index.php");
 echo "Not blacklisted ";
    }
    else
    {
    //    include("default.htm");
 echo "Blacklisted";
    }

}

if(preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/",@$ip) == true)
{
    dnsbllookup($ip);
}
$tend=time();

$tvar=$tend-$tstart;
echo "<BR> took $tvar seconds <br>";
?>

It does take a while, some of which is in just rendering it to the screen but I can't image it would be much faster if it just returned true or false. However, it really doesn't need to check all of the lookup options. Odd, however, that some of these return an error on local IPs, such as 1.0.0.127 which means that it will give errors when run on many local development systems. — DonP, Feb 21 '19 at 18:37
Returning only true or false, if it finds one it should end, which would be much faster but not sure how to do that. Then the more common sites could be listed first but I supposed it would make a difference only if there IS an entry found in which case who cares how long it takes! Legitimate (non-blocked) IPs would still have to go through the entire list so the listing itself would have to be really pared down to only a few to make it faster. — DonP, Feb 21 '19 at 18:37

DonP · Answer 2 · 2019-02-26T08:57:50.857

After pondering the nice but slow solution above, I came up with a much-simplified listing of bad IPs that returns only TRUE (if blacklisted) or FALSE (if it is not). Not as all-inclusive as the above, of course, but it seems to cover any test I could throw at it and it is quite fast.

Unremark the $UserIP value at the top to see one that fails or pass your own to (hopefully) see one that does not. Although I didn't actually time it, it seems to load quickly, especially as all of the blocklist.de sites have only raw IPs and nothing else to have to filter through. In fact, perhaps SpamHouse alone would do the job for most users.

Credit for this code is James who posted the another example and I just simplified it and I also eliminated flush_buffers() as I don't see a need for it.

function dnsblLookup($UserIP) {
    //$UserIP = "216.145.14.142";

    $dnsbl_lookup=array(    
                        "blocklist.de/lists/ssh.txt",
                        "blocklist.de/lists/apache.txt",
                        "blocklist.de/lists/asterisk.txt",
                        "blocklist.de/lists/bots.txt",
                        "blocklist.de/lists/courierimap.txt",
                        "blocklist.de/lists/courierpop3.txt",
                        "blocklist.de/lists/email.txt",
                        "blocklist.de/lmostists/ftp.txt",
                        "blocklist.de/lists/imap.txt",
                        "blocklist.de/lists/pop3.txt",
                        "blocklist.de/lists/postfix.txt",
                        "blocklist.de/lists/proftpd.txt",
                        "blocklist.de/lists/sip.txt",
                        "ciarmy.com/list/ci-badguys.txt",
                        "sbl.spamhaus.org",
                        "xbl.spamhaus.org",
                        "zen.spamhaus.org"
                        );

    $BadCount = 0;

    if ($UserIP) :
        $reverse_ip = implode(".", array_reverse(explode(".", $UserIP)));
        foreach($dnsbl_lookup as $host)  :
            if (checkdnsrr($reverse_ip.".".$host.".", "A"))  :
                $BadCount++;
                if ($BadCount > 0) :
                    break;
                endif;
            endif;
        endforeach;
    endif;

    if ($BadCount == 0) :
        return FALSE;
    else :
        return TRUE;
    endif;
}

php check if users ip address is blacklisted and block it from my application

2 Answers2

Linked