DNSBL for Horde
Here we go with a small patch to implement DNSBL for Horde. I have again used PEAR package, this time it is the Net_DNSBL, and as usually CentOS package is in my repos - http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Net-DNSBL.html. The first patch is the important one. We let the attacker to log in, just to make sure he/she owns valid stolen credentials.
\--- imp/lib/Auth/imp.php.orig 2011-01-05 10:21:05.224155622 +0100
+++ imp/lib/Auth/imp.php 2011-01-05 10:39:24.699438519 +0100
@@ -146,6 +146,36 @@
return false;
}
+ # DNSBL START
+ ini\_set('include\_path', ini\_get('include\_path').':/usr/share/php');
+ require\_once 'Net/DNSBL.php';
+ $dnsbl = new Net\_DNSBL();
+ #$remoteIP = '41.206.12.1';
+ $remoteIP = $\_SERVER\['REMOTE\_ADDR'\];
+ $dnsbl->setBlacklists(array(
+ 'sbl-xbl.spamhaus.org',
+ 'bl.spamcop.net',
+ 'b.barracudacentral.org',
+ 'spam.spamrats.com',
+ 'dyna.spamrats.com',
+ 'noptr.spamrats.com',
+ 'bl.tiopan.com'
+ ));
+ if ($dnsbl->isListed($remoteIP, true)) {
+ $data=$dnsbl->getListingBls($remoteIP);
+ sort($data);
+ $entry = "LOGIN SUCCESS FROM BLACKLISTED IP \[$remoteIP\] FOR $userID: " . implode(", ", $data);
+ Horde::logMessage($entry, \_\_FILE\_\_, \_\_LINE\_\_, PEAR\_LOG\_ERR);
+
+ unset($\_SESSION\['imp'\]);
+ if (isset($prefs)) {
+ $prefs->cleanup(true);
+ }
+ $this->\_setAuthError(AUTH\_REASON\_BADLOGIN);
+ return false;
+ }
+ # DNSBL END
+
return true;
}
The second one is just to log only access from blocked IPs.
\--- imp/login.php.orig 2011-01-05 09:08:44.510891298 +0100
+++ imp/login.php 2011-01-05 10:34:26.763968526 +0100
@@ -449,6 +449,33 @@
'var nomenu = ' . intval(empty($conf\['menu'\]\['always'\])),
));
+# DNSBL START
+ini\_set('include\_path', ini\_get('include\_path').':/usr/share/php');
+require\_once 'Net/DNSBL.php';
+$dnsbl = new Net\_DNSBL();
+#$remoteIP = '41.206.12.1';
+$remoteIP = $\_SERVER\['REMOTE\_ADDR'\];
+$dnsbl->setBlacklists(array(
+ 'sbl-xbl.spamhaus.org',
+ 'bl.spamcop.net',
+ 'b.barracudacentral.org',
+ 'spam.spamrats.com',
+ 'dyna.spamrats.com',
+ 'noptr.spamrats.com',
+ 'bl.tiopan.com'
+ ));
+if ($dnsbl->isListed($remoteIP, true)) {
+ $data=$dnsbl->getListingBls($remoteIP);
+ sort($data);
+ $entry = "BLACKLISTED IP $remoteIP: " . implode(", ", $data);
+ Horde::logMessage($entry, \_\_FILE\_\_, \_\_LINE\_\_, PEAR\_LOG\_ERR);
+} else {
+ $entry = "Not blacklisted ip $remoteIP" . implode(", ", $data);
+ Horde::logMessage($entry, \_\_FILE\_\_, \_\_LINE\_\_, PEAR\_LOG\_INFO);
+}
+
+# DNSBL END
+
// ZMENA
ini\_set('include\_path', ini\_get('include\_path').':/usr/share/php');