| Current Path : /var/www/html/administrator/components/com_rsfirewall/helpers/ |
| Current File : /var/www/html/administrator/components/com_rsfirewall/helpers/spamcheck.php |
<?php
/*
* @package RSFirewall!
* @copyright (c) 2009 - 2024 RSJoomla!
* @link https://www.rsjoomla.com/joomla-extensions/joomla-security.html
* @license GNU General Public License https://www.gnu.org/licenses/gpl-3.0.en.html
*/
\defined('_JEXEC') or die;
class RSFirewallSpamCheck {
protected $resolver;
protected $ip;
protected $dnsbls = array();
protected $interpreter = array(
'dnsbl.justspam.org' => array(
'2' => 'IP listed on JustSpam.org'
),
'dnsbl.tornevall.org' => array(
'64' => 'IP marked as "abusive host"'
),
'sbl-xbl.spamhaus.org' => array(
'2' => 'Direct UBE sources, spam operations & spam services',
'3' => 'Direct snowshoe spam sources detected via automation',
'4' => 'CBL (3rd party exploits such as proxies, trojans, etc.)',
'5' => 'CBL (3rd party exploits such as proxies, trojans, etc.)',
'6' => 'CBL (3rd party exploits such as proxies, trojans, etc.)',
'7' => 'CBL (3rd party exploits such as proxies, trojans, etc.)'
)
);
public function filterIp($ip)
{
return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
}
public function __construct($ip) {
try {
require_once __DIR__ . '/ip/ip.php';
// Check if the IP is IPv4 compatible
$ipClass = new RSFirewallIP($ip);
if ($ipClass->version != 4) {
return false;
}
$this->ip = $ip;
$nameservers = array(
'208.67.222.222', '208.67.220.220', // Open DNS
'8.26.56.26', '8.20.247.20', // Comodo
'1.1.1.1', '1.0.0.1', // Cloudflare
'8.8.8.8', '8.8.4.4', // Google
);
// Let's see if we have our own DNS
if ($addresses = RSFirewallConfig::getInstance()->get('dns_address', '', true))
{
$addresses = array_filter($addresses, array($this, 'filterIp'));
if (!empty($addresses))
{
$nameservers = $addresses;
}
}
require_once __DIR__ . '/Net/DNS2.php';
$this->resolver = new Net_DNS2_Resolver(array(
'nameservers' => $nameservers,
'timeout' => 1
));
$this->dnsbls = array_filter(RSFirewallConfig::getInstance()->get('abusive_ips_checks'));
} catch (Exception $e) {
return false;
}
return true;
}
public function isListed() {
// The resolver could not be initialized - can't check so assuming IP is safe.
if (!$this->resolver) {
return false;
}
// Get the reverse IP
$reverseip = implode('.', array_reverse(explode('.', $this->ip)));
if (empty($this->dnsbls) || !is_array($this->dnsbls))
{
return false;
}
// Loop through DNSBL lists
foreach ($this->dnsbls as $dnsbl)
{
if (!$dnsbl)
{
continue;
}
try
{
$result = $this->resolver->query($reverseip.'.'.$dnsbl, 'A');
if ($result && isset($result->answer[0]->address))
{
// These are error codes
if ($dnsbl === 'sbl-xbl.spamhaus.org' && in_array($result->answer[0]->address, array('127.255.255.254', '127.255.255.255')))
{
continue;
}
// Start parsing the result
$parts = explode('.', $result->answer[0]->address);
// Get the last bit of the address
$bit = end($parts);
if (isset($this->interpreter[$dnsbl][$bit]))
{
return (object) array(
'dnsbl' => $dnsbl,
'reason' => $this->interpreter[$dnsbl][$bit]
);
}
}
} catch (Exception $e) {
continue;
}
}
return false;
}
}