serendipity_event_spamblock_rbl working?

Found a bug? Tell us!!
Post Reply
Noelb
Regular
Posts: 75
Joined: Wed Jul 27, 2011 7:16 am

serendipity_event_spamblock_rbl working?

Post by Noelb »

I've set this plugin to use several DNSBL's, including an internal, it's been the same since v 2.1
recently upgraded to 2.3.5 and blog has got loads of crap getting through.

I have verified most IP's tested are detected by the DNSBL when checked manually, but serendipity doesn't seem to do anything, I dont see those IP's in our internal rbls logs even.

Is this plugin broken in latest stable release? Or is there a new format for entering in lists?
I use the format of rbl.hostname,rbl.hostname,rbl.hostname (commas, no spaces, and there are 5 rbl's, one of which as mentioned is internal)

plugin v 1.5.1
serendipity v 2.3.5
PHP 7.4.13

There are no errors reported that I can find.
Noelb
Regular
Posts: 75
Joined: Wed Jul 27, 2011 7:16 am

Re: serendipity_event_spamblock_rbl working?

Post by Noelb »

well ive confirmed it, I put my own IP's in a local rbl and was not checked
this plugin is definitely broken
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: serendipity_event_spamblock_rbl working?

Post by onli »

Hi Noelb
Awesome that you could confirm that. I don't think that the plugin is widely used, we usually recommend to run the default spamblock plugin together with spamblock_bee and spamblock_bayes. But of course the rbl plugin should work as well.

https://github.com/s9y/additional_plugi ... ck_rbl.php shows the code, it is not too complicated. But the plugin could really use a maintainer. Maybe you have some programming experience and could fix it?
Noelb
Regular
Posts: 75
Joined: Wed Jul 27, 2011 7:16 am

Re: serendipity_event_spamblock_rbl working?

Post by Noelb »

onli wrote: Sat Dec 26, 2020 10:32 am Hi Noelb
Awesome that you could confirm that. I don't think that the plugin is widely used, we usually recommend to run the default spamblock plugin together with spamblock_bee and spamblock_bayes. But of course the rbl plugin should work as well.

https://github.com/s9y/additional_plugi ... ck_rbl.php shows the code, it is not too complicated. But the plugin could really use a maintainer. Maybe you have some programming experience and could fix it?
I'm not overly php familiar, if it was perl U'd have some chance since that's where I've been all my sys admin life, I''ll have a look in morning, but likely wont get anywhere since its like a foreign language :)

the RBL plgun used to work great when we were on older version - but that had older php (5.6) and for obvious reasons we couldnt stay on EOL'd versions anymore
Noelb
Regular
Posts: 75
Joined: Wed Jul 27, 2011 7:16 am

RESOLVED Re: serendipity_event_spamblock_rbl working?

Post by Noelb »

OK, problem solved
bundled-libs Net DNSBL is expecting to access /etc for resolv.conf
... yeah, like hell that's happening :)
I modified bundled-libs/Net/DNS2.php to set a local resolv.conf in blogs web root
So its really that module at fault, not Serendipity.
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: serendipity_event_spamblock_rbl working?

Post by onli »

Read access? That would not be crazy for a DNS related module, would it?
Noelb
Regular
Posts: 75
Joined: Wed Jul 27, 2011 7:16 am

Re: serendipity_event_spamblock_rbl working?

Post by Noelb »

onli wrote: Sun Dec 27, 2020 12:22 pm Read access? That would not be crazy for a DNS related module, would it?
I know its poor mans security, but we do use php's openbase to lock down vhosts to their own webroots, give them read access to /etc and they have half the keys to the kingdom, fairly negligible risks until someone screws up the perms on something they shouldn't access, besides, why make it easier for bad actors by giving them X amount of info on how the box is configured :)
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: serendipity_event_spamblock_rbl working?

Post by onli »

Okay. Is that a modification we need to add to serendipity itself? We bundle the lib, theoretically we can patch it, though it's something to be avoided since it makes upgrading the lib more difficult.
Noelb
Regular
Posts: 75
Joined: Wed Jul 27, 2011 7:16 am

Re: serendipity_event_spamblock_rbl working?

Post by Noelb »

onli wrote: Sun Dec 27, 2020 2:06 pm Okay. Is that a modification we need to add to serendipity itself? We bundle the lib, theoretically we can patch it, though it's something to be avoided since it makes upgrading the lib more difficult.
It might be easier to include a dummy resolv.conf using - as much as I despise them, and dont use them myself - perhaps googles nameservers, with a note in the configuration settings advising where to change the nameservers to their own if they so wish?

I'd imagine that Net/DNS2 is used in multiple plugins (looks like its used by the SURBL plugin as well), so I don't see it feasible to have the setting in the plugin itself.

Assuming many installs are on virtual hosts, and wont have access to /etc, it might be why its not a largely used feature? the users simply ignore the errors?

Ideally, this would be done in the php module itself, upstream, because it surely must affect everything that uses that type of function in locked down php configurations.
Post Reply