Message Board

Bugs & Development

Older Posts ]   [ Newer Posts ]
 Some IPs listed are not in the DNSBL
Author: D.Daster   (26 Aug 10 9:31am)
I´ve come across a rather annoying snag when trying to use the DNSBL.
I don´t know if this is a bug, or if its some set of circumstances.

The issue is that a lot of comment spam comes from IPs that are listed on the website, but do not return on the DNSBL.

Take, for example,
95.134.180.20
89.248.172.6

They´re both comment spammers, have threat ratings of 25, and 24, respectively. They´re both active within a week, seen more than once. Unfortunately, they both also do not return in the DNSBL.

For me this is going on for some time, particularly 89.248.172.6, which has been comment spamming me for at least a month.

There are quite a number of other IPs listed, but not automatically blockable because of this problem. There are also a lot of IPs which are handled fine by the DNSBL.

Perhaps a pattern i´ve noticed is that i´ve never seen the DNSBL return a type of 4, i´ve only seen it return when it is ALSO suspicious. This seems strange though, if it is labeled a comment spammer, should it not also be suspicious?

I guess what i´m trying to figure out is why some IPs which are obviously malicious, do not end up in the DNSBL.
 
 Re: Some IPs listed are not in the DNSBL
Author: M.Prince   (30 Aug 10 12:36pm)
It was, indeed, a bug. It's now fixed.
 
 Re: Some IPs listed are not in the DNSBL
Author: L.Holloway   (30 Aug 10 1:25pm)
A subset of IPs under certain circumstances would miss the list. Fixed. Thanks for the report.
 
 Re: Some IPs listed are not in the DNSBL
Author: J.Lloyd   (18 Jun 11 6:43am)
Hi,

I believe this problem still might exist, but am not 100% certain. http://www.projecthoneypot.org/ip_85.234.20.118 returns as a dictionary attacker, but it has been a few months since last known attack.

This IP tried to spam a form on one of our sites as recently as this morning. When I run our test application the threat level is returning as 0. Is this expected behavior?

Thanks!
Josh
 
 Re: Some IPs listed are not in the DNSBL
Author: J.Lloyd   (18 Jun 11 7:46am)
One more example if it is at all helpful:

http://www.projecthoneypot.org/ip_218.16.119.52
 
 Re: Some IPs listed are not in the DNSBL
Author: O.Lydiard   (4 Jul 11 7:30am)
Same for me - every known harvester and rule breaker that I've tried gets NXDOMAIN, despite being listed on the website with a variety of threat levels. For example: addresses 74.86.209.74, 80.245.86.19, 188.143.232.201.

NB my access key shows as 'working' when tested on the 'Manage http:BL Access' page, and the example addresses such as 127.1.40.1 work OK.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email