API tools faq
paste
Advertisement
Ghostriax-Atrocity

RBL.cpp

Ghostriax-Atrocity
Apr 11th, 2015
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.79 KB | None | 0 0
raw download clone embed print report
  1. #include "stdafx.h"
  2. #include "RBL.h"
  3.  
  4. //bl.spamcop.net, recent.spam.dnsbl.sorbs.net zombie.dnsbl.sorbs.net
  5.  
  6. bool RBL::check(const char* ip)
  7. {
  8. if(!ip || 0 == strlen(ip) || INADDR_NONE == inet_addr(ip))
  9. return false;
  10.  
  11. // Get the RBL info
  12. RBLINFO* rbl = NULL;
  13. get_RBL_info(rbl);
  14.  
  15. // Build the lookup domain
  16. std::string lookupDomain;
  17. build_request_domain(ip, rbl->domain, lookupDomain);
  18.  
  19. // Do the lookup
  20. IP4_ADDRESS resultIP = 0;
  21. if(!lookup(lookupDomain.c_str(), &resultIP))
  22. return false;
  23.  
  24. // Iterate over types to find if one matches
  25. for(unsigned int i = 0; i < rbl->numberOfTypes; i++)
  26. {
  27. if(rbl->types[i].ip == resultIP)
  28. {
  29. printf("Bad! You're a %s\n", rbl->types[i].type);
  30. return true;
  31. }
  32. }
  33.  
  34. return false;
  35. }
  36.  
  37. void RBL::get_RBL_info(RBLINFO* info)
  38. {
  39. IP2TYPE spamhausTypes[] = {
  40. {"ROSKO and known Spammers", inet_addr("127.0.0.2")},
  41. {"ROSKO and known Spammers", inet_addr("127.0.0.3")},
  42. {"3rd party exploits", inet_addr("127.0.0.4")},
  43. {"3rd party exploits", inet_addr("127.0.0.5")},
  44. {"3rd party exploits", inet_addr("127.0.0.6")},
  45. {"3rd party exploits", inet_addr("127.0.0.7")},
  46. {"Dynamic IP", inet_addr("127.0.0.10")},
  47. {"Dynamic IP", inet_addr("127.0.0.11")},
  48. };
  49. static RBLINFO spamhaus = {spamhausTypes, _countof(spamhausTypes), "zen.spamhaus.org"};
  50.  
  51. info = &spamhaus;
  52. }
  53.  
  54.  
  55. bool RBL::lookup(const char* name, PIP4_ADDRESS result)
  56. {
  57. if(!name || !result)
  58. return false;
  59.  
  60. /* Set dns server to query.
  61. It is important to not use the users DNS servers - some ISPs hijack non existing domains.
  62. That could be misinterpreted. */
  63. IP4_ARRAY serverList = {1, inet_addr("8.8.8.8")};
  64.  
  65. PDNS_RECORD pDnsRecord = NULL;
  66. DNS_STATUS status = DnsQuery_A(name, DNS_TYPE_A, DNS_QUERY_STANDARD, &serverList, &pDnsRecord, NULL);
  67.  
  68. // status == 9003 would mean no assosciated IP thus not in the RBL
  69. if(DNS_RCODE_NOERROR != status)
  70. {
  71. return false;
  72. }
  73.  
  74. for (PDNS_RECORD pRecord = pDnsRecord; pRecord != NULL; pRecord = pRecord->pNext)
  75. {
  76. printf("%X\n", pRecord->Data.A.IpAddress);
  77. }
  78.  
  79. // No need for anything more than one result.
  80. *result = pDnsRecord->Data.A.IpAddress;
  81.  
  82. DnsRecordListFree(pDnsRecord, DnsFreeRecordListDeep);
  83. return true;
  84. }
  85.  
  86. void RBL::build_request_domain(const std::string& ip, const std::string& end, std::string& result)
  87. {
  88. std::vector<std::string> ipParts;
  89.  
  90. string_explode(ip, ".", ipParts);
  91.  
  92. result = ipParts.at(3) + "." + ipParts.at(2) + "." + ipParts.at(1)
  93. + "." + ipParts.at(0) + "." + end;
  94. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!