DNSBLCheck
DNSBLCheck is a Wordpress plugin that enables checking of DNSBLs (DNS Blacklists) for an IP address attempting to make a comment or trackback/pingback. If it’s found, the comment is not allowed. If you don’t know what a DNSBL is, you may want to read Wikipedia’s article on the topic before using this plugin.
The current version of DNSBLCheck is 0.1, and it should be considered beta software. It is compatible with Wordpress 1.5 and above (including 2.0, at the time of this writing). I am currently using it on this blog with no problems.
You can download the plugin here.
Instructions for installation:
- Download dnsblcheck.php.txt.
- Rename dnsblcheck.php.txt to dnsblcheck.php
- Place the file in your Wordpress plugins directory (wp-content/plugins)
- Go to the “Plugins” page and enable the plugin. NOTE: The plugin, despite being activated, is still not enabled at this time.
- Go to Options — DNSBLCheck, and verify the settings, including the DNSBLs you wish to use. When you are satisfied, check the “Enabled” box to enable DNSBL checking.
Comments and suggestions are welcome. Be sure to read the documentation below:
Frequently Asked Questions (FAQ)
- Couldn’t I just do this in .htaccess with something like mod_access_rbl?
- Yes, although mod_access_rbl is pretty rare to find pre-installed, so it won’t be at the disposal of your average user. This provides a slightly more accessible way for Wordpress users to use DNSBLs to prevent comment/trackback spam.
Usage and Configuration:
DNSBLs is a list of DNS blacklists to use. Each entry is listed on its own line. The DNSBL you wish to use comes first, followed by the response you expect for blacklisted hosts, separated by whitespace. If you do not enter a response, it will set 127.0.0.2 as the default. Example:
cbl.abuseat.org 127.0.0.2 relays.ordb.org 127.0.0.2 ...
The plugin is “primed” with one popular DNSBL, cbl.abuseat.org. This blacklist was chosen because it tends to track PCs compromised by viruses or other exploits that tend to comprise botnets, which are a large source of comment spam. You can find a more extensive list of DNSBLs at rbls.org. Please take time to read about each DNSBL and their criteria for listing — some blacklists merely track categories of IP addresses, for example dial-up users. You don’t want to inadvertantly blacklist legitimate users.
Error Page is the template that is displayed when an IP is found in the blacklist. You have three variables at your disposal for substitution:
- %%IP_ADDRESS%% — The offending IP address.
- %%BLACKLIST%% — the name of the blacklist that was triggered.
- %%CONTACT_EMAIL%% — the optional contact address.
Contact E-mail can be provided in the error page for the benefit of people that may be inadvertantly blocked can send mail. This is optional, since there’s likely little you can do about them being listed on a blacklist, but you may want to know nonetheless so you can disable a particular DNSBL if it’s over-aggressive for your needs.
Enabled is a checkbox that must be checked for the plugin to operate properly. It’s unchecked at the time of installation so you can check the DNSBLs being checked before enabling. Without this box checked, the plugin will not check any DNSBLs and will not interfere with the comment-posting process.
[...] I have written a new Wordpress plugin called DNSBLCheck. As you might expect from the name, it’s a plugin that allows you to .. check DNSBLs before allowing comments/trackbacks. [...]