diff --git a/inc/config.php b/inc/config.php index de4760fd..d57f8305 100644 --- a/inc/config.php +++ b/inc/config.php @@ -23,7 +23,8 @@ 'spam' => Array(), 'flood_filters' => Array(), 'wordfilters' => Array(), - 'custom_capcode' => Array() + 'custom_capcode' => Array(), + 'dnsbl' => Array() ); // Database stuff @@ -124,7 +125,7 @@ $config['error']['unoriginal'] = 'Unoriginal content!'; $config['error']['muted'] = 'Unoriginal content! You have been muted for %d seconds.'; $config['error']['youaremuted'] = 'You are muted! Expires in %d seconds.'; - $config['error']['tor'] = 'Hmm… That looks like a Tor exit node.'; + $config['error']['dnsbl'] = 'Your IP address is listed in %s.'; $config['error']['toomanylinks'] = 'Too many links; flood detected.'; $config['error']['toomanycites'] = 'Too many cites; post discarded.'; $config['error']['toomanycross'] = 'Too many cross-board links; post discarded.'; @@ -187,7 +188,9 @@ // sha1_file, md5_file, etc. $config['file_hash'] = 'sha1_file'; - $config['block_tor'] = true; + // DNS blacklists (DNSBL) http://www.dnsbl.info/dnsbl-list.php + $config['dnsbl'][] = 'tor.dnsbl.sectoor.de'; // Tor exit nodes + // Typically spambots try to post a lot of links. Refuse a post with X standalone links? $config['max_links'] = 20; // Maximum number of cites per post (protects against abuse) diff --git a/inc/functions.php b/inc/functions.php index dd91fe62..cc12ce78 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -991,34 +991,31 @@ ))); } - function isDNSBL() { - $dns_black_lists = file('./dnsbl.txt', FILE_IGNORE_NEW_LINES); + function checkDNSBL() { + global $config; - // Reverse the IP - $rev_ip = implode(array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])), '.'); - $response = array(); - foreach ($dns_black_lists as $dns_black_list) { - $response = (gethostbynamel($rev_ip . '.' . $dns_black_list)); - if(!empty($response)) - return true; + if(isIPv6()) + return; // No IPv6 support yet. + + if(!isset($_SERVER['REMOTE_ADDR'])) + return; // Fix your web server configuration + + // Reverse IP + $ip = ReverseIPOctets($_SERVER['REMOTE_ADDR']); + + foreach($config['dnsbl'] as &$blacklist) { + $lookup = $ip . '.' . $blacklist; + if(gethostbyname($lookup) != $lookup) { + // On NXDOMAIN (meaning it's not in the blacklist), gethostbyname() returns the host unchanged. + error(sprintf($config['error']['dnsbl'], $blacklist)); + } } - - return false; } function isIPv6() { return strstr($_SERVER['REMOTE_ADDR'], ':') !== false; } - function isTor() { - if(isIPv6()) - return false; // Tor does not support IPv6 - - return gethostbyname( - ReverseIPOctets($_SERVER['REMOTE_ADDR']) . '.' . $_SERVER['SERVER_PORT'] . '.' . ReverseIPOctets($_SERVER['SERVER_ADDR']) . '.ip-port.exitlist.torproject.org' - ) == '127.0.0.2'; - } - function ReverseIPOctets($ip) { $ipoc = explode('.', $ip); return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0]; diff --git a/post.php b/post.php index 87ddf21b..478f157b 100644 --- a/post.php +++ b/post.php @@ -41,8 +41,7 @@ // Check if banned checkBan(); - if($config['block_tor'] && isTor()) - error($config['error']['tor']); + checkDNSBL(); // Check if board exists if(!openBoard($_POST['board'])) @@ -102,8 +101,7 @@ // Check if banned checkBan(); - if($config['block_tor'] && isTor()) - error($config['error']['tor']); + checkDNSBL(); // Check if board exists if(!openBoard($_POST['board'])) @@ -179,8 +177,7 @@ // Check if banned checkBan(); - if($config['block_tor'] && isTor()) - error($config['error']['tor']); + checkDNSBL(); // Check if board exists if(!openBoard($post['board']))