mikelynn2 / blacklistmonitor Goto Github PK

Web based application for monitoring Domains and IPs on RBLs

License: MIT License

PHP 99.19% CSS 0.75% Hack 0.06%

blacklistmonitor's Introduction

BlacklistMonitor

Copyright (c) by respective owners. All rights reserved.  Released under license as described in the file LICENSE.txt

Application for monitoring Domains and IPs on RBLs. With blacklistmonitor you can monitor and document IP ranges and domain names for showing up on RBL servers. It is intended for ISPs, Web Hosting, anyone who provides IP space to monitor and protect their networks.

Docker Version

This is a useful unoffical docker container from a 3rd party. Docker Download

Features

Supports All Major Blacklists. You can customize this list
Monitor blocks of IPs in CIDR Format and your domains
Web based reporting
API for integration or access the mysql database directly
Email, SMS, and Twitter Alerts

Prerequisite software

MySQL or MariaDB are needed for the database.
Most likely you'll need your own DNS server as well. You can use Bind or even unbound. Bind is easier, unbound may be faster. You can attempt to use your ISPs name servers (see your /etc/resolve.conf). Some large ISPs name servers won't work and you'll need to run your own. Blacklistmonitor will not by default use your OS name servers.
Apache or Nginx
SMTP Mail server like postfix

Installation Ubuntu Server 14.04 LTS

#install
apt-get -y install apache2
apt-get -y install mariadb-server mariadb-client mariadb-common
apt-get -y install php5 php5-mysqlnd php5-cli php5-curl
apt-get -y install bind9 dnsutils

#set to start on boot
update-rc.d bind9 defaults
update-rc.d apache2 defaults
update-rc.d mysql defaults

Go into the directory you want to install BlacklistMonitor into and clone the git repo. Usually this would be a web server directory like /var/www/html/. The rest of the commands below assume you're using this dir and the default config files do as well.

cd /var/www/html/
git clone git://github.com/mikelynn2/blacklistmonitor.git

Initialize Data

mysql -p < /var/www/html/blacklistmonitor/setup/blacklistmonitor.sql

Setup Apache

cp /var/www/html/blacklistmonitor/setup/blacklistmonitor-apache.conf /etc/apache2/sites-enabled/

Copy Default Config

cp /var/www/html/blacklistmonitor/setup/blacklistmonitor.cfg /etc/

After you've copied the config file you need to edit it to customize it for your setup here: /etc/blacklistmonitor.cfg

Don't even try to use google or opendns public DNS servers. Many RBLs block these from queries.

Schedule Cron

Add the contents of this file into cron

cat /var/www/html/blacklistmonitor/setup/blacklistmonitor.cron

edit crontab

crontab -e

Service

cp /var/www/html/blacklistmonitor/setup/blacklistmonitor-ubuntu-upstart.conf /etc/init/blacklistmonitor.conf

start/stop/restart

start blacklistmonitor
stop blacklistmonitor
restart blacklistmonitor

Website

The default username and password to the portal is admin/pa55w0rd It's recommended to change both. Especially if you're installing this on a public network.

Timezone Setup

dpkg-reconfigure tzdata

Then edit your the value for date.timezone in /etc/php5/apache2/php.ini

Watch your log for issues/performance

tail -f /var/log/blacklistmonitor.log

blacklistmonitor's People

Contributors

Stargazers

Watchers

blacklistmonitor's Issues

On a cPanel Environment

I have managed to install this on a cPanel / CentOS environment on a server with root access. But the automatic checks do not seem to be functioning. I believe it is something due to the service integration.

Can you please advise, what changes if any are to be made for a CentOS environment?

Is there a reason why you need to install it in /var/www/ ?

As A sysadmin point of view i don't see any reason why you would install this script in /var/www and set the settings path to /etc/blacklist...

To run this you require the script to run as mod-php on a box, if there would ever be a bug in the software they would have to much user rights on the system?

Debian 8 and Service Upstart

Copied the upstart but the commands

start blacklistmonitor
stop blacklistmonitor
restart blacklistmonitor

do not work. I get error

root@blacklistmonitor:/var/www/html# start blacklistmonitor
bash: start: command not found
root@blacklistmonitor:/var/www/html# stop blacklistmonitor
bash: stop: command not found
root@blacklistmonitor:/var/www/html# restart blacklistmonitor
bash: restart: command not found
root@blacklistmonitor:/var/www/html#

Current status cleanup

Would be nice to have some sort of cleaner way of showing the information of blacklisted IPs when an IP is on more than one blacklist.

I have one IP that is on 3-4 blacklists and the current status section takes up 28 lines.

Init script for centos

Hi, can you add init script for centos? Thanks!

Admin panel

I think an admin panel of sort would be useful

Create / delete users
Set limits on # of subnets
Global stats
Move enabling of DNSBLs here
API to do this as well

Only 2 cores?

It seems this app/program is only taking advantage of 2 cores when I have 8 cores in a VM
I increased the worker processes but it still is confining them to 2 cores and both those cores are at 100% 24/7

I have approximately 90000 IP addresses in blacklistmonitor so if I'm able to get it to span across more cores i'm sure it would go a lot faster

Bind & dnsutils

Hello,

If you don't install dnsutils, dig command is missing.

apt-get -y install bind9 dnsutils

Thank you for your work! 👍

PHP Warning and PHP Notice

Info at blacklistmonitor.log

[11-Jul-2016 23:47:46 UTC] PHP Warning: mysqli_fetch_array() expects parameter 2 to be integer, string given in /var/www/SERVERNAME/htdocs/blacklistmonitor/classes/_MySQL.class.php on line 72
[11-Jul-2016 23:47:55 UTC] PHP Notice: Use of undefined constant MYSQL_NUM - assumed 'MYSQL_NUM' in /var/www/SERVERNAME/htdocs/blacklistmonitor/classes/_MySQL.class.php on line 72

Using PHP 7.0.8 and NGINX

Count Limitation Doesn't work

On the hosts page the length limiters don't work:

any
20
100

Each one of them shows all the addresses.

Hosts not working, IPs are

If I enter a host, it reports its not in on a blacklist. If I enter the hosts IP, it reports it IS on a blacklist.

I would have thought it should get the IP of the host and then check that. Its not good entering IPs as when there's an issue it takes time to find what server/hostname that is. It would be great if I could just enter hostnames, and not the IP of all of them.

Thanks

Invalid RBL Lists

bl.spamcannibal.org | seems to be offline or under unknown ownership?

Does this work? How to confirm?

I installed this software because I know one of our servers is on SPAMCOP and SORBS. MXToolbox free account told me. But this software reports all my servers are OK. So is this software working/accurate? How can I confirm?

Thanks

cron isnt running

groups of hosts

Change text at "current status" cell for IP-s blacklisted at barracudacentral.org

Hello,
When one IP is blacklisted in barracuda networks I want to change what is shown in "current status" cell from:

b.barracudacentral.org - Client host blocked using Barracuda Reputation, see http://www.barracudanetworks.com/reputation/?r=1&ip=104.223.xxx.xxx

to
b.barracudacentral.org - Client host blocked using Barracuda Reputation, see http://barracudacentral.org/rbl/removal-request/104.223.xxx.xxx

Please can you help what files to change for this.

Your help is really appreciated.

External SMTP Servers

Allow setting of external SMTP providers, such as mandrill.

Current settings in config file don't let you specify a remote username, pass port etc.

SMTP SSL issue

PHP Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /var/www/html/blacklistmonitor/classes/class.smtp.php on line 343

not getting email notifications

I am not getting email notifications... Do I need to make any changes in any file? if so then please guide me...

IPs randomly going clean

Some of my IPs have been on multiple blacklists then suddenly they go clean then blacklisted again a few days later, why would this happen? I've also seen that a lot of IPs aren't being marked as listed on Spamhaus when they are. I use my own internal DNS servers and have the DNS lookup timeout set to 10 seconds.

small fix needed in userjob.php

in two places, search this:
"/hostHistory.php
and replace with this:
/hostHistory.php

Thats will fix small issue in report email

PHP 7 issue

PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; _FileCache has a deprecated constructor in /var/www/html/classes/blacklistmonitor/_FileCache.class.php on line 3

PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; _MeasurePerformance has a deprecated constructor in /var/www/html/classes/_MeasurePerformance.class.php on line 3

integrate senderscore

score.senderscore.com - sender score
cmplt.rating.senderscore.com - complaint score
vol.rating.senderscore.com - volume score
uus.rating.senderscore.com - unknown user score
filtered.rating.senderscore.com - filtered score

Can I install on Centos with cpanel?

I am trying to install on centos with capnel... But dont know its not working. When I am trying to login, it shows blank page... could you please help on this...

IP LISTED ON https://mxtoolbox.com/ BUT NOT ON THE PANEL

Dear,

i don't know why but for some reason all the IPs are marked as OK (not reported).
Unfortunately this is not"real" and some are reported with other tools for example:
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a91.244.197.103&run=toolpage

What should I do?

Thank You