Jump to content

Monitoramento De Ips Em Rbl


abobre

Recommended Posts

Boa tarde pessoal,

 

 Eu tenho um script desenvolvido em Perl que encontrei na internet para monitorar os nossos IPS nas RBLS, o script esta funcionando bem, porem gostaria de compartilhar com vocês esse script e sugerir algumas opções para uso, o que facilitaria o uso dele, sem interverção do usuários

 

Sugestões

 

Eu não entendo nada de Perl, se estiver falando besteira me descupem !

 

  • Seria ideal o script carregar uma lista de IPS apartir de um arquivo txt, exemplo meu_ips.txt
  • O script deve fazar a pesquisa do IP na RBL, caso encontre ele armazena isso, ou na memória, ou em arquivo txt e no termino da pesquisa ele envia um e-mail avisando os IPS que estãi listado nas RBLS, deve ser um e-mail só contendo um relatório, e caso seu IP esteja limpo nas RBLS, ele avisa via e-mail tambem !

Algum programador capacitado para implementar essas funções ?

 

#!/usr/bin/perl

# rbl.monitor - check RBL blacklists for an IP address.  Uses asynch I/O
# to send all the requests simultaneously

my $usage="\
Usage: rbl.monitor [options] hostname [...]

Options [and default values]:

    --listfile <list of RBL domains>                 [preset list, see script]
    --rbllist <comma separated list of RBL domains>
    --timeout  <master timeout>                      [60 seconds]
    --debug                                          [off]
";


use strict;

use Net::DNS;
use IO::Select;
use Getopt::Long;

my %opt;
GetOptions(\%opt,
        "listfile=s",
        "rbllist=s",
        "timeout=i",
        "debug",
) or die $usage;

my $listfile= $opt{listfile} || "";
my $rbllist= $opt{rbllist} || "";
my $selecttimeout = 5;
my $timeout= ($opt{timeout} || 60) + ($selecttimeout * 2);
my $debug= $opt{debug} || 0;


# Default RBLs to check - just a few of the lists most likely to block mail
# Sites with specific needs should customize via the command line
my @rbls2check=('b.barracudacentral.org', 'cbl.abuseat.org','dnsbl.invaluement.com','http.dnsbl.sorbs.net','misc.dnsbl.sorbs.net',
                'socks.dnsbl.sorbs.net','web.dnsbl.sorbs.net','dnsbl-1.uceprotect.net','dnsbl-3.uceprotect.net','sbl.spamhaus.org',
				'zen.spamhaus.org','psbl.surriel.com','dnsbl.njabl.org','rbl.spamlab.com','ircbl.ahbl.org','noptr.spamrats.com',
				'cbl.anti-spam.org.cn','dnsbl.inps.de','httpbl.abuse.ch','korea.services.net','virus.rbl.jp','wormrbl.imp.ch',
				'rbl.suresupport.com','ips.backscatterer.org','opm.tornevall.org','multi.surbl.org','tor.dan.me.uk',
				'relays.mail-abuse.org','rbl-plus.mail-abuse.org','access.redhawk.org','rbl.interserver.net', 'bogons.cymru.com',
				'bl.spamcop.net','dnsbl.sorbs.net','dul.dnsbl.sorbs.net','smtp.dnsbl.sorbs.net','spam.dnsbl.sorbs.net',
				'zombie.dnsbl.sorbs.net','dnsbl-2.uceprotect.net','pbl.spamhaus.org','xbl.spamhaus.org','bl.spamcannibal.org',
				'ubl.unsubscore.com','combined.njabl.org','dnsbl.ahbl.org','dyna.spamrats.com','spam.spamrats.com',
				'cdl.anti-spam.org.cn','drone.abuse.ch','dul.ru','short.rbl.jp','spamrbl.imp.ch','virbl.bit.nl',
				'dsn.rfc-ignorant.org','dsn.rfc-ignorant.org','netblock.pedantic.org','ix.dnsbl.manitu.net','rbl.efnetrbl.org',
				'blackholes.mail-abuse.org','dnsbl.dronebl.org','db.wpbl.info','query.senderbase.org','bl.emailbasura.org',
				'combined.rbl.msrbl.net','multi.uribl.com','black.uribl.com','cblless.anti-spam.org.cn',
				'cblplus.anti-spam.org.cn','blackholes.five-ten-sg.com','sorbs.dnsbl.net.au','rmst.dnsbl.net.au',
				'dnsbl.kempt.net','blacklist.woody.ch','rot.blackhole.cantv.net','virus.rbl.msrbl.net','phishing.rbl.msrbl.net',
				'images.rbl.msrbl.net','spam.rbl.msrbl.net','spamlist.or.kr','dnsbl.abuse.ch','bl.deadbeef.com','ricn.dnsbl.net.au',
				'forbidden.icm.edu.pl','probes.dnsbl.net.au','ubl.lashback.com','ksi.dnsbl.net.au','uribl.swinog.ch',
				'bsb.spamlookup.net','dob.sibl.support-intelligence.net','url.rbl.jp','dyndns.rbl.jp','omrs.dnsbl.net.au',
				'osrs.dnsbl.net.au','orvedb.aupads.org','relays.nether.net','relays.bl.gweep.ca','relays.bl.kundenserver.de',
				'dialups.mail-abuse.org','rdts.dnsbl.net.au','duinv.aupads.org','pool.dnsbl.solid.net','dynablock.sorbs.net',
				'residential.block.transip.nl','dynip.rothen.com','dul.blackhole.cantv.net','mail.people.it',
				'blacklist.sci.kun.nl','all.spamblock.unit.liu.se');

if ($listfile) {
        open(LIST, "< $listfile") ||
                die "$0: cannot open list file \"$listfile\": $!\n";
        @rbls2check= grep !/^\s*#/, <LIST>;
        @rbls2check= grep !/^\s*$/, @rbls2check;
        map {chomp} @rbls2check;
        close LIST;
        die "$0: no RBL names found in \"$listfile\"\n" unless @rbls2check;
}

if ($rbllist) {
        @rbls2check= split(',', $rbllist);
}

print "*** checking these RBLs:\n   " . join("\n   ", @rbls2check) . "\n"
        if $debug;

my (@summary, @detail);
my @sockets;


my $res  = Net::DNS::Resolver->new;
my $sel  = IO::Select->new();
my $starttime= time;

my %hostpart2host;

# gethostbyname is non-reentrant, so do all the queries up front
foreach my $host (@ARGV) {
        my $hostdata= gethostbyname($host);
        if (!defined($hostdata)) {
                push @summary, $host;
                push @detail, "$host: bad hostname";
                next;
        }
        my $hostpart= join(".", reverse(unpack("C4", $hostdata)));
        $hostpart2host{$hostpart}= $host;
}

# start all the queries
foreach my $hostpart (keys %hostpart2host) {
        foreach my $rbl (@rbls2check) {
                my $dnssock=  $res->bgsend(join(".", $hostpart, $rbl));
                push @sockets, $dnssock;
                $sel->add($dnssock);
        }
}

MAINLOOP:
while ($sel->handles > 0) {
        my @ready = $sel->can_read($selecttimeout);
        if ( (time - $starttime) > $timeout) { # waited too long?
                push @detail, "TIMEOUT: " . scalar($sel->handles) . " responses 
still pending";
                last MAINLOOP;
        }
        foreach my $sock (@ready) {
                my ($authority, $ipaddress, $hostpart, $host);
                my $packet = $res->bgread($sock);
                foreach my $rr ($packet->answer) {
                        if ($rr->type eq "A") {
                                $ipaddress= $rr->address;
                                $authority= $rr->name;
                                if ($authority=~ /^(\d+\.\d+\.\d+\.\d+)\./) {
                                        $hostpart= $1;
                                        $host= $hostpart2host{$hostpart};
                                } else { $host= "???" }
                                push @summary, $host
                                        unless grep /^$host$/, @summary;
                                push @detail, "$host: $authority: " . 
$rr->address;
                        }
                }
                $sel->remove($sock);
        }
}

print join(" ", (sort @summary)) if (@summary);
print "\n";

print join("\n", (sort @detail)), "\n"  if @detail;

 

Link to comment
Share on other sites

Por curiosidade, do jeito que o script está, como ele funciona?

 

Que forma ele reporta o ip na blacklist?

 

Vi um tópico do Jaime aqui se oferecendo para varios serviços de programação, derrepente ele pode fazer esse serviço p/ você.

AtarWeb.com.br • Hospedagem de Site + SSL Grátis
█ Revenda de Hospedagem CPanel e DirectAdmin SSD + SSL Grátis
Link to comment
Share on other sites

Ele reporta da seguinte forma

 

root@srv [/scripts_andre/check-rbl]# perl rbl.pl 69.163.37.58
69.163.37.58
69.163.37.58: 58.37.163.69.dnsbl.sorbs.net: 127.0.0.10
69.163.37.58: 58.37.163.69.dul.dnsbl.sorbs.net: 127.0.0.10
69.163.37.58: 58.37.163.69.residential.block.transip.nl: 127.0.0.10
root@srv [/scripts_andre/check-rbl]#
 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

Do you agree with our terms?