admin/quick-n-dirty
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Save Tinyboard docs (2012-10-16) from web.archive.org

Browse Source
This commit is contained in:
Amsemy Teladi
2019-04-18 16:15:46 +07:00
committed by Fredrick Brennan
parent 997326af59
commit a99c45de22
37 changed files with 690 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
docs/config/dnsbl.md Normal file
View File

@@ -0,0 +1,54 @@
DNS Blacklists (DNSBL)
======================
To further prevent spam and abuse, you can use DNS blacklists (DNSBL). A DNSBL is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time.
By default, Tinyboard checks all addresses against just one blacklist:
```
tor.dnsbl.sectoor.de
```
This prevents Tor exit nodes from making posts and is recommended as a large majority of abuse comes from Tor because of the strong anonymity associated with it.
You can add more blacklists by [putting them in your configuration](../config.md). You should refer to the blacklists documentation to figure out which responses you wish to block.
```php
// Block "127.0.0.2" responses from this blacklist.
$config['dnsbl'][] = array('bl.spamcannibal.org', 2);
// This does exactly the same thing as above:
// $config['dnsbl'][] = array('bl.spamcannibal.org', array(2));
// $config['dnsbl'][] = array('bl.spamcannibal.org', '127.0.0.2');
// Block "127.0.0.8" and "127.0.0.9" responses from this blacklist.
$config['disbl'][] = array('dnsbl.dronebl.org', array(8, 9));
// Determine whether or not to block listed users with an anonymous function (PHP 5.3.0+)
// This is especially relevant if you plan to use Http:BL.
$config['dnsbl'][] = array('<your access key>.%.dnsbl.httpbl.org', function($ip) {
$octets = explode('.', $ip);
// days since last activity
if ($octets[1] > 14)
return false;
// "threat score" (http://www.projecthoneypot.org/threat_info.php)
if ($octets[2] < 5)
return false;
return true;
}, 'dnsbl.httpbl.org'); // hide our access key
// Just block anything listed in here (ie. not NXDOMAIN)
$config['dnsbl'][] = 'another.blacklist.net';
```
See [here](https://web.archive.org/web/20121003095945/http://www.dnsbl.info/dnsbl-list.php) for a larger list of blacklists.
This syntax for configuring DNSBL servers was stolen (with permission) from [Frank Usrs](https://web.archive.org/web/20121003095945/mailto:frankusrs@gmail.com).
Exceptions
----------
To combat false positives, administrators can add “exceptions” to these lists, meaning that certain IP addresses will skip the DNSBL check entirely.
```php
$config['dnsbl_exceptions'][] = '8.8.8.8';
$config['dnsbl_exceptions'][] = '55.55.55.55';
```