You are here

function httpbl_dnslookup in http:BL 7

Same name and namespace in other branches
  1. 5 httpbl.module \httpbl_dnslookup()
  2. 6.2 httpbl.module \httpbl_dnslookup()
  3. 6 httpbl.module \httpbl_dnslookup()

Do http:BL DNS lookup

Parameters

string $ip:

string $key:

Return value

array

2 calls to httpbl_dnslookup()
httpbl_admin_settings_validate in ./httpbl.admin.inc
Form API callback to validate the httpbl settings form.
httpbl_check in ./httpbl.module
Check if an IP should be banned

File

./httpbl.module, line 540
Implementation of http:BL for Drupal. It provides IP-based blacklisting through http:BL and allows linking to a honeypot.

Code

function httpbl_dnslookup($ip, $key = NULL) {

  // Thanks to J.Wesley2 at
  // http://www.projecthoneypot.org/board/read.php?f=10&i=1&t=1
  if (!($ip = _httpbl_reverse_ip($ip))) {
    return FALSE;
  }
  if (!$key && !($key = variable_get('httpbl_accesskey', NULL))) {
    return FALSE;
  }
  $query = $key . '.' . $ip . '.dnsbl.httpbl.org.';
  $response = gethostbyname($query);
  if ($response == $query) {

    // if the domain does not resolve then it will be the same thing we passed to gethostbyname
    return FALSE;
  }
  $values = array();
  $values['raw'] = $response;
  $response = explode('.', $response);
  if ($response[0] != '127') {

    // if the first octet is not 127, the response should be considered invalid
    watchdog('httpbl', 'Lookup failed for %ip, response was %response', array(
      '%ip' => $ip,
      '%response' => $values['raw'],
    ), WATCHDOG_ERROR);
    return FALSE;
  }
  if ($logs = variable_get('httpbl_log', HTTPBL_LOG_MIN) == HTTPBL_LOG_VERBOSE) {
    watchdog('httpbl', 'Honeypot lookup results for %ip, response was %response', array(
      '%ip' => $ip,
      '%response' => $values['raw'],
    ), WATCHDOG_DEBUG);
  }
  $values['last_activity'] = $response[1];
  $values['threat'] = $response[2];
  $values['type'] = $response[3];
  if ($response[3] == 0) {

    //if it's 0 then it's only a Search Engine
    $values['search_engine'] = TRUE;
  }
  if ($response[3] & 1) {

    //does it have the same bits as 1 set
    $values['suspicious'] = TRUE;
  }
  if ($response[3] & 2) {

    //does it have the same bits as 2 set
    $values['harvester'] = TRUE;
  }
  if ($response[3] & 4) {

    //does it have the same bits as 4 set
    $values['comment_spammer'] = TRUE;
  }
  return $values;
}