Local and remote (RBL) blacklisting for your web site!

• Version 0.1.1 (20050112): minor changes;
• Version 0.1 (20050111): First public release.

You're wondering how to black spam in your blog, wiki, web forum or web site? You can use this little script I wrote.

phpBlacklist is a PHP script I wrote that check the current visitor IP address against a blacklist file. If there are no local matches it check the IP on realtime black list services (see DNSBL entry on Wikipedia).

It has support for whitelisting too, so you can exclude certain IPs from being checked.

I wrote phpBlacklist starting from adjusting a portion of PHPrbl's source code to my needs. PHPrbl is a more complex spam-blocking script that comes with MySQL support and other interesting features as referrer spam blocking, but I embrace KISS philosophy: my script it's lighter because I wanted it to be so.

This software is released under the terms of the version 2 of the GNU GPL.

Mail me if you have any tips, corrections, or so on… Thanks!

• Local IP blacklisting (through
• Remote blacklisting through RBL services
• Whitelist support
• Logging (while I'm reworking this part of the code I removed it from this release)

phpBlacklist uses these configuration files in text format:

• blacklist.txt: blacklisted IP addresses, one per line;
• whitelist.txt: the whitelist, same format of the blacklist file;
• serviceslist.txt: list of the remote RBL services to use, one per line.

Simply save the script source code below in your website directory as phpbl.php and add this line to the PHP files you want to protect:

<?php require_once('phpbl.php'); ?>

<?php
/*  phpBlacklist 0.1.1
 *  Copyright (C) 2006 Federico Quagliata
 *  federico [at] REMOVETHIS quagliata [dot] org
 *
 *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the version 2 of the GNU General
 *  Public License as published by the Free Software Foundation.
 *
 *  Originally based on code from PHPrbl 0.4
 *  (c) Eelco Wesemann (eelco [at] init1 [dot] nl)
 */
 
$blacklist_file = "blacklist.txt";
$whitelist_file = "whitelist.txt";
$services_file = "serviceslist.txt";
 
function forbidden ($client_ip, $service) {
	header("HTTP/1.0 403 Forbidden");
	echo "<html><head>\n";
	echo "<title>403 Forbidden - phpBlacklist</title>\n";
	echo "</head><body>\n";
	echo "<h1>403 Forbidden</h1><br />\n";
	echo "Your client IP ($client_ip) is listed as an open proxy or abusive host at the following service:<br/>\n";
	echo "<ul>\n<li>$service</li>\n</ul>\n";
	echo "Users of open proxies are unwanted on this site.<br />\n";
	echo "IP address denied and thus the page is exiting<br /><br />\nThis site is protected against abusive hosts by ";
	exit("<a href=\"http://www.quaqo.org/wiki/phpblacklist\">phpBlacklist</a>.\n</body></html>");
}
 
function list_check ($rem_addr, $list_file) {
	$found = 0;
	$ip_list = file($list_file);
	foreach ($ip_list as $ip_addr) {
		if (rtrim($ip_addr) == $rem_addr) {
			$found = 1;
			break;
		}
	}
	return ($found == 1) ? 1 : 0;
}
 
$client_ip = $_SERVER["REMOTE_ADDR"];
 
if (list_check($client_ip, $whitelist_file) != 1) {
	if (list_check($client_ip, $blacklist_file) == 1) {
		$service = "Blacklist";
		forbidden($client_ip, $service);
	}
 
	$reverse = array_reverse(explode('.', $client_ip));
	$rbl_services = file($services_file);
	foreach ($rbl_services as $rbl) {
		$rbl = rtrim($rbl);
		$lookup_rbl = implode('.', $reverse) . '.' . $rbl;
		if ($lookup_rbl != gethostbyname($lookup_rbl)) { 
			$service = $rbl;
			forbidden($client_ip, $service);
		}
	}
}
?>