DNSBL for Horde | David Hrbáč

Here we go with a small patch to implement DNSBL for Horde. I have again used PEAR package, this time it is the Net_DNSBL, and as usually CentOS package is in my repos - http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Net-DNSBL.html. The first patch is the important one. We let the attacker to log in, just to make sure he/she owns valid stolen credentials.

\--- imp/lib/Auth/imp.php.orig   2011-01-05 10:21:05.224155622 +0100
+++ imp/lib/Auth/imp.php        2011-01-05 10:39:24.699438519 +0100
@@ -146,6 +146,36 @@
             return false;
         }

+        # DNSBL START
+        ini\_set('include\_path', ini\_get('include\_path').':/usr/share/php');
+        require\_once 'Net/DNSBL.php';
+        $dnsbl = new Net\_DNSBL();
+        #$remoteIP = '41.206.12.1';
+        $remoteIP = $\_SERVER\['REMOTE\_ADDR'\];
+        $dnsbl->setBlacklists(array(
+                'sbl-xbl.spamhaus.org',
+                'bl.spamcop.net',
+                'b.barracudacentral.org',
+                'spam.spamrats.com',
+                'dyna.spamrats.com',
+                'noptr.spamrats.com',
+                'bl.tiopan.com'
+                ));
+        if ($dnsbl->isListed($remoteIP, true)) {
+            $data=$dnsbl->getListingBls($remoteIP);
+            sort($data);
+            $entry = "LOGIN SUCCESS FROM BLACKLISTED IP \[$remoteIP\] FOR $userID: " . implode(", ", $data);
+            Horde::logMessage($entry, \_\_FILE\_\_, \_\_LINE\_\_, PEAR\_LOG\_ERR);
+
+            unset($\_SESSION\['imp'\]);
+            if (isset($prefs)) {
+                $prefs->cleanup(true);
+            }
+            $this->\_setAuthError(AUTH\_REASON\_BADLOGIN);
+            return false;
+        }
+        # DNSBL END
+
         return true;
     }

The second one is just to log only access from blocked IPs.

\--- imp/login.php.orig  2011-01-05 09:08:44.510891298 +0100
+++ imp/login.php       2011-01-05 10:34:26.763968526 +0100
@@ -449,6 +449,33 @@
     'var nomenu = ' . intval(empty($conf\['menu'\]\['always'\])),
 ));

+# DNSBL START
+ini\_set('include\_path', ini\_get('include\_path').':/usr/share/php');
+require\_once 'Net/DNSBL.php';
+$dnsbl = new Net\_DNSBL();
+#$remoteIP = '41.206.12.1';
+$remoteIP = $\_SERVER\['REMOTE\_ADDR'\];
+$dnsbl->setBlacklists(array(
+        'sbl-xbl.spamhaus.org',
+        'bl.spamcop.net',
+        'b.barracudacentral.org',
+        'spam.spamrats.com',
+        'dyna.spamrats.com',
+        'noptr.spamrats.com',
+        'bl.tiopan.com'
+        ));
+if ($dnsbl->isListed($remoteIP, true)) {
+    $data=$dnsbl->getListingBls($remoteIP);
+    sort($data);
+    $entry = "BLACKLISTED IP $remoteIP: " . implode(", ", $data);
+    Horde::logMessage($entry, \_\_FILE\_\_, \_\_LINE\_\_, PEAR\_LOG\_ERR);
+} else {
+    $entry = "Not blacklisted ip $remoteIP" . implode(", ", $data);
+    Horde::logMessage($entry, \_\_FILE\_\_, \_\_LINE\_\_, PEAR\_LOG\_INFO);
+}
+
+# DNSBL END
+
 // ZMENA
 ini\_set('include\_path', ini\_get('include\_path').':/usr/share/php');