├── LICENSE.md ├── rblcheck ├── rbllist.txt ├── readme.txt ├── shortlist.txt └── whmplugin ├── LICENSE.md ├── rblcheck.cgi ├── rblcheck.conf ├── rblcheck.jpg ├── rblcheck_install.pl ├── rblcheck_uninstall.sh ├── readme.txt └── whmrblcheck.tar.gz /LICENSE.md: -------------------------------------------------------------------------------- 1 | This software is Copyright © 2014-2025 by WebPros, Inc. / cPanel, LLC 2 | 3 | THE SOFTWARE LICENSED HEREUNDER IS PROVIDED "AS IS" AND CPANEL HEREBY DISCLAIMS 4 | ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SOFTWARE, 5 | ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, OR THE ACCURACY, 6 | TIMELINESS, COMPLETENESS, OR ADEQUACY OF THE SOFTWARE, ITS THIRD PARTY COMPONENTS, 7 | AND ANY DATA ACCESSED THEREFROM, INCLUDING THE IMPLIED WARRANTIES OF TITLE, 8 | MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND 9 | NON-INFRINGEMENT. CPANEL DOES NOT WARRANT THAT THE SOFTWARE OR ITS THIRD PARTY 10 | COMPONENTS ARE ERROR-FREE OR WILL OPERATE WITHOUT INTERRUPTION. IF THE SOFTWARE, 11 | ITS THIRD PARTY COMPONENTS, OR ANY DATA ACCESSED THEREFROM IS DEFECTIVE, YOU ASSUME 12 | THE SOLE RESPONSIBILITY FOR THE ENTIRE COST OF ALL REPAIR OR INJURY OF ANY KIND, EVEN 13 | IF CPANEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DEFECTS OR DAMAGES. NO ORAL OR 14 | WRITTEN INFORMATION OR ADVICE GIVEN BY CPANEL, ITS AFFILIATES, LICENSEES, DEALERS, 15 | SUB-LICENSORS, AGENTS OR EMPLOYEES SHALL CREATE A WARRANTY OR IN ANY WAY. 16 | 17 | -------------------------------------------------------------------------------- /rblcheck: -------------------------------------------------------------------------------- 1 | #!/usr/local/cpanel/3rdparty/bin/perl 2 | # SCRIPT: rblcheck 3 | # AUTHOR: Peter Elsner 4 | # PURPOSE: Check an IP address against various RBL's (Realtime Blackhole Lists) 5 | # CREATED 8/9/2015 6 | # 7 | 8 | use strict; 9 | my $version = "2.0.15"; 10 | use Socket; 11 | use Getopt::Long; 12 | #use Cpanel::Config::LoadWwwAcctConf (); 13 | use Cpanel::SafeRun::Timed(); 14 | use Data::Validate::IP; 15 | use Net::IP; 16 | use Net::DNS; 17 | use Time::Piece; 18 | use Time::Seconds; 19 | use Cpanel::JSON (); 20 | use JSON::MaybeXS qw(encode_json decode_json); 21 | use Text::Tabs; 22 | $tabstop = 4; 23 | use Term::ANSIColor qw(:constants); 24 | $Term::ANSIColor::AUTORESET = 1; 25 | $| = 1; 26 | 27 | my $allrbls; 28 | my $allips; 29 | my $email; 30 | my $checkip; 31 | my $listips; 32 | my $listrbls; 33 | my $listedonly; 34 | my $help; 35 | my @rblnames; 36 | 37 | # Get servers_mainip from /etc/wwwacct.conf file. 38 | my $servers_mainip = get_mainip(); 39 | my $cpnatline; 40 | my $PrivateIP; 41 | my $PublicIP; 42 | my @MAIL2ROOT; 43 | 44 | GetOptions( 45 | 'allips' => \$allips, 46 | 'listips' => \$listips, 47 | 'listrbls' => \$listrbls, 48 | 'allrbls' => \$allrbls, 49 | 'email' => \$email, 50 | 'listedonly' => \$listedonly, 51 | 'checkip=s' => \$checkip, 52 | 'rbl=s@' => \@rblnames, 53 | 'help' => \$help, 54 | ); 55 | 56 | my @RBLS = qx[ curl -s https://raw.githubusercontent.com/cPanelPeter/rblcheck/master/shortlist.txt ]; 57 | if ($allrbls) { 58 | @RBLS = qx[ curl -s https://raw.githubusercontent.com/cPanelPeter/rblcheck/master/rbllist.txt ]; 59 | } 60 | my $totrbls=@RBLS; 61 | 62 | if (@rblnames) { 63 | my @rblnames = split(/,/,join(',',@rblnames)); 64 | my $inselected; 65 | my $inall; 66 | my @selected; 67 | foreach $inselected(@rblnames) { 68 | chomp($inselected); 69 | foreach $inall(@RBLS) { 70 | chomp($inall); 71 | if ($inselected eq $inall) { 72 | push(@selected,$inselected); 73 | } 74 | } 75 | } 76 | @RBLS = sort(@selected); 77 | $totrbls=@RBLS; 78 | } 79 | 80 | 81 | if ($checkip) { 82 | my $tocheck=$checkip; 83 | chomp($tocheck); 84 | checkit($tocheck); 85 | exit; 86 | } 87 | 88 | if ($allips) { 89 | my $getallipsJSON = get_whmapi1( 'listips' ); 90 | for my $getallips ( @{ $getallipsJSON->{data}->{ip} } ) { 91 | checkit($getallips->{public_ip}); 92 | } 93 | exit; 94 | } 95 | 96 | if ($listips) { 97 | my $getallipsJSON = get_whmapi1( 'listips' ); 98 | for my $getallips ( @{ $getallipsJSON->{data}->{ip} } ) { 99 | if ( $getallips->{mainaddr} ) { 100 | print "Main IP: $getallips->{public_ip}\n"; 101 | } 102 | else { 103 | print "IP Alias: $getallips->{public_ip}\n"; 104 | } 105 | } 106 | exit; 107 | } 108 | 109 | if ($listrbls) { 110 | foreach my $rbl(@RBLS) { 111 | chomp($rbl); 112 | print $rbl . "\n"; 113 | } 114 | exit; 115 | } 116 | 117 | if ( $help ) { 118 | help(); 119 | exit; 120 | } 121 | 122 | checkit($servers_mainip); 123 | exit; 124 | 125 | sub checkit() { 126 | my $ENTEREDIP=shift; 127 | my $start_time = Time::Piece->new; 128 | print "Scan started on $start_time\n"; 129 | print "========================================================\n"; 130 | print "Checking IP $ENTEREDIP\n\n" unless($ENTEREDIP eq ""); 131 | my $NUMLISTED=0; 132 | my $LOOKUPHOST; 133 | my $IS_IP_VALID = is_ip($ENTEREDIP); 134 | if (!($IS_IP_VALID)) { 135 | print RED "FATAL - invalid entry \"$ENTEREDIP\"\n"; 136 | exit; 137 | } 138 | if ( $ENTEREDIP =~ /:/ and $ENTEREDIP !~ /\./ ) { 139 | # IPV6 140 | my $EXPANDEDIP = new Net::IP ( $ENTEREDIP ); 141 | $LOOKUPHOST = join '.', reverse ( split '', $EXPANDEDIP->ip() ); 142 | $LOOKUPHOST =~ s/\.:\././g; 143 | } 144 | elsif ( $ENTEREDIP =~ /\./ and $ENTEREDIP !~ /:/ ) { 145 | # IPV4 146 | $LOOKUPHOST = join '.', reverse ( split /\./, $ENTEREDIP ); 147 | } 148 | my $NUMTIMEDOUT=0; 149 | foreach my $rbl(@RBLS) { 150 | chomp( $rbl ); 151 | my $lookup = $LOOKUPHOST . "." . $rbl; 152 | my $res = Net::DNS::Resolver->new; 153 | # If you want to add a timeout check, you can uncomment the two lines below, but I have found that it still moves pretty quickly 154 | # without these! 155 | #$res->udp_timeout(10); 156 | #$res->tcp_timeout(20); 157 | my $reply = $res->search( $lookup, "A"); 158 | if ( ! $listedonly ) { 159 | if ( ! $reply ) { 160 | print WHITE $rbl . ": " . GREEN "[OK]\n"; 161 | next; 162 | } 163 | } 164 | next unless( $reply ); 165 | foreach my $rr ($reply->answer) { 166 | chomp($rr); 167 | next unless( $rr->type eq "A" ); 168 | if ( $rr->address =~ m{127.255.255.254} ) { 169 | print WHITE $rbl . ": " . GREEN "[OK]\n" unless( $listedonly ); 170 | next; 171 | } 172 | if ( $rr->address ) { 173 | print WHITE $rbl . ": " . RED "[LISTED] " . " " . $rr->address, "\n"; 174 | my $txtreply = Cpanel::SafeRun::Timed::timedsaferun( 4, 'dig', '+short', 'TXT', $lookup ); 175 | chomp($txtreply); 176 | print MAGENTA expand( "\t\\_Reason: " . $txtreply . "\n" ) unless( $txtreply eq "" ); 177 | push(@MAIL2ROOT, $rbl . "- LISTED (" . $rr->address . ")\n===========================\n"); 178 | $NUMLISTED++; 179 | next; 180 | } 181 | } 182 | } 183 | 184 | print "\n"; 185 | print "Checked $totrbls Realtime Blackhole Lists (RBL's) & found $ENTEREDIP listed in $NUMLISTED of them.\n"; 186 | print $NUMTIMEDOUT . " RBL's timed out within 1 to 2 seconds.\n" if ( $NUMTIMEDOUT > 0 ); 187 | my $end_time = Time::Piece->new; 188 | print "Scan completed on $end_time\n"; 189 | my $scantimediff = ( $end_time - $start_time ); 190 | my $scanTotTime = $scantimediff->pretty; 191 | $scanTotTime = $scanTotTime . "\n"; 192 | print "Elapsed Time: $scanTotTime\n"; 193 | if ($NUMLISTED > 0 and $email) { 194 | my $SENDMAIL = "/usr/sbin/sendmail"; 195 | open(MAIL, "|$SENDMAIL -ti"); 196 | print MAIL "To: root\n"; 197 | print MAIL "From: root\n"; 198 | print MAIL "Subject: rblcheck found $ENTEREDIP listed in $NUMLISTED RBL's\n\n"; 199 | print MAIL "@MAIL2ROOT"; 200 | close(MAIL); 201 | } 202 | } 203 | 204 | sub help { 205 | print "rblcheck\n"; 206 | print " --allips checks all IP addresses on the server.\n"; 207 | print " --listips lists all IP addresses on the server.\n"; 208 | print " --allrbls uses all known RBL's (takes longer). Default: list of more common RBL's\n"; 209 | print " --listrbls lists the shortlist of rbls. Pass --allrbls to also list all RBL's that can be checked.\n"; 210 | print " --rbl [RBL NAME] check only the RBL selected. Can have multiple --rbl values.\n"; 211 | print " --listedonly only displays information if an IP address is listed in an RBL.\n"; 212 | print " --checkip [IP ADDRESS] - checks an IP address not associated with this server.\n"; 213 | print " --email sends email to root user if an IP is listed.\n"; 214 | print " --help (you're looking at it!)\n"; 215 | } 216 | 217 | sub check_for_nat() { 218 | return 1 if (-e("/var/cpanel/cpnat")); 219 | return 0; 220 | } 221 | 222 | sub get_json_from_command { 223 | my @cmd = @_; 224 | return Cpanel::JSON::Load( 225 | Cpanel::SafeRun::Timed::timedsaferun( 30, @cmd ) ); 226 | } 227 | 228 | sub get_whmapi1 { 229 | return get_json_from_command( 'whmapi1', '--output=json', @_ ); 230 | } 231 | 232 | sub get_mainip { 233 | my $getallipsJSON = get_whmapi1( 'listips' ); 234 | for my $getallips ( @{ $getallipsJSON->{data}->{ip} } ) { 235 | if ( $getallips->{mainaddr} ) { 236 | return $getallips->{public_ip}; 237 | } 238 | } 239 | } 240 | 241 | -------------------------------------------------------------------------------- /rbllist.txt: -------------------------------------------------------------------------------- 1 | 0spam-killlist.fusionzero.com 2 | 0spamurl.fusionzero.com 3 | 88.blocklist.zap 4 | Spam-RBL.fr 5 | access.redhawk.org 6 | admin.bl.kundenserver.de 7 | all.rbl.jp 8 | all.s5h.net 9 | spam.spamrats.com 10 | b.barracudacentral.org 11 | backscatter.spameatingmonkey.net 12 | bad.virusfree.cz 13 | bl.blocklist.de 14 | bl.drmx.org 15 | bl.ipv6.spameatingmonkey.net 16 | bl.konstant.no 17 | bl.mailspike.net 18 | bl.mav.com.br 19 | bl.mipspace.com 20 | bl.scientificspam.net 21 | bl.score.senderscore.com 22 | bl.spamcop.net 23 | bl.spameatingmonkey.net 24 | bl.suomispam.net 25 | bl.tiopan.com 26 | blacklist.mail.ops.asp.att.net 27 | blacklist.mailrelay.att.net 28 | blacklist.netcore.co.in 29 | blacklist.sci.kun.nl 30 | blacklist.sequoia.ops.asp.att.net 31 | blacklist.woody.ch 32 | bsb.empty.us 33 | bsb.spamlookup.net 34 | cbl.abuseat.org 35 | combined.rbl.msrbl.net 36 | db.wpbl.info 37 | dbl.tiopan.com 38 | dnsbl-0.uceprotect.net 39 | dnsbl-1.uceprotect.net 40 | dnsbl-2.uceprotect.net 41 | dnsbl-3.uceprotect.net 42 | dnsbl.cobion.com 43 | dnsbl.dronebl.org 44 | dnsbl.justspam.org 45 | dnsbl.kempt.net 46 | dnsbl.net.ua 47 | dnsbl.othello.ch 48 | dnsbl.rv-soft.info 49 | dnsbl.rymsho.ru 50 | dnsbl.spam-champuru.livedoor.com 51 | dnsbl.stopspam.org 52 | dnsbl.tornevall.org 53 | dnsbl.webequipped.com 54 | dnsbl.zapbl.net 55 | dnsbl1.dnsbl.borderware.com 56 | dnsbl2.dnsbl.borderware.com 57 | dnsbl3.dnsbl.borderware.com 58 | dnsbl6.anticaptcha.net 59 | dnsrbl.swinog.ch 60 | dob.sibl.support-intelligence.net 61 | dul.blackhole.cantv.net 62 | dul.dnsbl.borderware.com 63 | dyna.spamrats.com 64 | dyndns.rbl.jp 65 | dynip.rothen.com 66 | ex.dnsbl.org 67 | feb.spamlab.com 68 | fnrbl.fast.net 69 | forbidden.icm.edu.pl 70 | fresh.spameatingmonkey.net 71 | fresh10.spameatingmonkey.net 72 | fresh15.spameatingmonkey.net 73 | gl.suomispam.net 74 | hil.habeas.com 75 | hostkarma.junkemailfilter.com 76 | images.rbl.msrbl.net 77 | in.dnsbl.org 78 | ipbl.zeustracker.abuse.ch 79 | ips.backscatterer.org 80 | ipv6.blacklist.woody.ch 81 | ipv6.rbl.choon.net 82 | ix.dnsbl.manitu.net 83 | korea.services.net 84 | list.bbfh.org 85 | mail-abuse.blacklist.jippg.org 86 | multi.surbl.org 87 | netbl.spameatingmonkey.net 88 | netblockbl.spamgrouper.to 89 | no-more-funn.moensted.dk 90 | noptr.spamrats.com 91 | orvedb.aupads.org 92 | phishing.rbl.msrbl.net 93 | pofon.foobar.hu 94 | psbl.surriel.com 95 | public.sarbl.org 96 | q.mail-abuse.com 97 | query.senderbase.org 98 | r.mail-abuse.com 99 | rbl.abuse.ro 100 | rbl.blockedservers.com 101 | rbl.choon.net 102 | rbl.dns-servicios.com 103 | rbl.efnet.org 104 | rbl.efnetrbl.org 105 | rbl.fasthosts.co.uk 106 | rbl.interserver.net 107 | rbl.lugh.ch 108 | rbl.schulte.org 109 | rbl.spamlab.com 110 | rbl.talkactive.net 111 | rbl2.triumf.ca 112 | relays.bl.kundenserver.de 113 | relays.nether.net 114 | rhsbl.rymsho.ru 115 | rhsbl.scientificspam.net 116 | rhsbl.zapbl.net 117 | rsbl.aupads.org 118 | safe.dnsbl.prs.proofpoint.com 119 | sbl.nszones.com 120 | schizo-bl.kundenserver.de 121 | short.rbl.jp 122 | singular.ttk.pte.hu 123 | spam.dnsbl.anonmails.de 124 | spam.pedantic.org 125 | spam.rbl.msrbl.net 126 | spam.spamrats.com 127 | spamblock.kundenserver.de 128 | spamguard.leadmon.net 129 | spamlist.or.kr 130 | spamrbl.imp.ch 131 | spamsources.fabel.dk 132 | st.technovision.dk 133 | tor.dnsbl.sectoor.de 134 | tor.efnet.org 135 | torexit.dan.me.uk 136 | truncate.gbudb.net 137 | ubl.nszones.com 138 | ubl.unsubscore.com 139 | unsure.nether.net 140 | uri.blacklist.woody.ch 141 | uribl.abuse.ro 142 | uribl.pofon.foobar.hu 143 | uribl.spameatingmonkey.net 144 | uribl.swinog.ch 145 | uribl.zeustracker.abuse.ch 146 | urired.spameatingmonkey.net 147 | url.rbl.jp 148 | virbl.dnsbl.bit.nl 149 | virus.rbl.jp 150 | virus.rbl.msrbl.net 151 | vote.drbl.caravan.ru 152 | web.rbl.msrbl.net 153 | work.drbl.caravan.ru 154 | work.drbl.gremlin.ru 155 | wormrbl.imp.ch 156 | worms-bl.kundenserver.de 157 | z.mailspike.net 158 | -------------------------------------------------------------------------------- /readme.txt: -------------------------------------------------------------------------------- 1 | rblcheck - a simple command line script to check your main IP and any ipaliases against a list 2 | of RBL's (Realtime Blackhole Lists). 3 | 4 | A WHM plugin was also created with this code to be used in a walkthrough. 5 | 6 | https://forums.cpanel.net/threads/how-to-create-a-plugin-whm-cpanel.516681/ 7 | 8 | How to use this from the command line: 9 | 10 | Either download the code from github.com: 11 | 12 | # curl -s https://raw.githubusercontent.com/cPanelPeter/rblcheck/master/rblcheck > /root/rblcheck 13 | 14 | or set up an alias: 15 | 16 | alias rblcheck="/usr/bin/perl <(curl -s https://raw.githubusercontent.com/cPanelPeter/rblcheck/master/rblcheck)" 17 | 18 | Call it with the following options: 19 | 20 | -bash-4.1# ./rblcheck 21 | rblcheck 22 | --allips checks all IP addresses on the server. 23 | --listips lists all IP addresses on the server. 24 | --listrbls lists all RBL's that can be checked. 25 | --rbl [RBL NAME] check only the RBL selected. Can have multiple --rbl values. 26 | --listedonly only displays information if an IP address is listed in an RBL. 27 | --checkip [IP ADDRESS] - checks an IP address not associated with this server 28 | --mail - sends email to the root user account if any IP is found to be listed. 29 | --help (you're looking at it!) 30 | 31 | So to check the servers main IP address to see if it's listed on any RBL's you might enter: 32 | 33 | -bash-4.1# ./rblcheck --listedonly 34 | Checking IP 208.xx.xxx.xx 35 | 36 | cbl.abuseat.org: [LISTED] (127.0.0.2) 37 | \_ Reason: "Blocked - see http://www.abuseat.org/lookup.cgi?ip=208.xx.xxx.xx" 38 | cidr.bl.mcafee.com: [LISTED] (127.0.0.4) 39 | \_ Reason: "https://www.spamhaus.org/query/ip/208.xx.xxx.xx" 40 | rbl.rbldns.ru: [LISTED] (127.0.0.2) 41 | \_ Reason: "RBLDNS Server v1.0. Author VDV [ Site: WWW.RBLDNS.RU ]" 42 | zz.countries.nerd.dk: [LISTED] (127.0.3.72) 43 | \_ Reason: "us" 44 | 45 | Checked 248 Realtime Blackhole Lists (RBL's) & found 208.xx.xxx.xx listed in 4 of them. 46 | 47 | 48 | You can also set up a daily or weekly cron job. 49 | 50 | 0 23 * * * /root/rblcheck --listedonly --mail 51 | 52 | Example of passing an RBL to check using the --rbl option: 53 | 54 | 55 | -bash-4.1# ./rblcheck --listedonly --rbl zen.spamhaus.org --rbl bl.spamcop.net 56 | 57 | This would only check the 2 RBL's passed on the command line to see if the servers main IP 58 | address is listed. 59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /shortlist.txt: -------------------------------------------------------------------------------- 1 | all.s5h.net 2 | all.spamrats.com 3 | backscatter.spameatingmonkey.net 4 | b.barracudacentral.org 5 | bl.0spam.org 6 | bl.blocklist.de 7 | bl.score.senderscore.com 8 | bl.spamcop.net 9 | bl.spameatingmonkey.net 10 | bsb.spamlookup.net 11 | cbl.abuseat.org 12 | db.wpbl.info 13 | dnsbl-1.uceprotect.net 14 | dnsbl-2.uceprotect.net 15 | dnsbl-3.uceprotect.net 16 | dnsbl.dronebl.org 17 | dnsbl.inps.de 18 | dyna.spamrats.com 19 | hostkarma.junkemailfilter.com 20 | ix.dnsbl.manitu.net 21 | mail-abuse.blacklist.jippg.org 22 | multi.surbl.org 23 | nbl.0spam.org 24 | netbl.spameatingmonkey.net 25 | noptr.spamrats.com 26 | rbl.abuse.ro 27 | rbl.interserver.net 28 | spam.abuse.ch 29 | spam.spamrats.com 30 | url.0spam.org 31 | virbl.dnsbl.bit.nl 32 | -------------------------------------------------------------------------------- /whmplugin/LICENSE.md: -------------------------------------------------------------------------------- 1 | This software is Copyright © 2014-2023 by cPanel, Inc. 2 | 3 | THE SOFTWARE LICENSED HEREUNDER IS PROVIDED "AS IS" AND CPANEL HEREBY DISCLAIMS 4 | ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SOFTWARE, 5 | ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, OR THE ACCURACY, 6 | TIMELINESS, COMPLETENESS, OR ADEQUACY OF THE SOFTWARE, ITS THIRD PARTY COMPONENTS, 7 | AND ANY DATA ACCESSED THEREFROM, INCLUDING THE IMPLIED WARRANTIES OF TITLE, 8 | MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND 9 | NON-INFRINGEMENT. CPANEL DOES NOT WARRANT THAT THE SOFTWARE OR ITS THIRD PARTY 10 | COMPONENTS ARE ERROR-FREE OR WILL OPERATE WITHOUT INTERRUPTION. IF THE SOFTWARE, 11 | ITS THIRD PARTY COMPONENTS, OR ANY DATA ACCESSED THEREFROM IS DEFECTIVE, YOU ASSUME 12 | THE SOLE RESPONSIBILITY FOR THE ENTIRE COST OF ALL REPAIR OR INJURY OF ANY KIND, EVEN 13 | IF CPANEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DEFECTS OR DAMAGES. NO ORAL OR 14 | WRITTEN INFORMATION OR ADVICE GIVEN BY CPANEL, ITS AFFILIATES, LICENSEES, DEALERS, 15 | SUB-LICENSORS, AGENTS OR EMPLOYEES SHALL CREATE A WARRANTY OR IN ANY WAY. 16 | 17 | -------------------------------------------------------------------------------- /whmplugin/rblcheck.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/local/cpanel/3rdparty/bin/perl 2 | # SCRIPT: rblcheck 3 | # AUTHOR: Peter Elsner 4 | # PURPOSE: Check an IP address against various RBL's (Realtime Blackhole Lists) 5 | # CREATED 8/9/2015 6 | # 7 | 8 | #BEGIN { unshift @INC, '/usr/local/share/perl5'} 9 | #BEGIN { unshift @INC, '/usr/local/cpanel' } 10 | 11 | use strict; 12 | use warnings; 13 | use Cpanel::GeoIPfree (); 14 | use Net::DNS; 15 | use Net::IP; 16 | use Time::Piece; 17 | use Time::Seconds; 18 | use Data::Validate::IP qw(is_ip); 19 | #use Socket; 20 | #use Cpanel::Config::LoadWwwAcctConf (); 21 | use Cpanel::SafeRun::Timed (); 22 | use constant { PLUGIN_PATH => '/cgi/rblcheck' }; 23 | use Text::Tabs; 24 | $tabstop = 4; 25 | use Term::ANSIColor qw(:constants); 26 | $Term::ANSIColor::AUTORESET = 1; 27 | use CGI qw(:standard); 28 | $| = 1; 29 | use lib '/usr/local/cpanel/'; 30 | use Cpanel::Template; 31 | use Whostmgr::HTMLInterface (); 32 | print "Content-type: text/html\r\n\r\n"; 33 | 34 | Cpanel::Template::process_template('whostmgr', { 35 | 'print' => 1, 36 | 'template_file' => '_defheader.tmpl', 37 | 'theme' => "yui", 38 | 'skipheader' => 0, 39 | 'breadcrumbdata' => { 40 | 'name' => 'RBL Check', 41 | 'url' => PLUGIN_PATH . '/rblcheck.cgi', 42 | 'previous' => [{ 43 | 'name' => 'Home', 44 | 'url' => "/scripts/command?PFILE=main", 45 | }, { 46 | 'name' => "Plugins", 47 | 'url' => "/scripts/command?PFILE=Plugins", 48 | }], 49 | }, 50 | }); 51 | 52 | my $version = "2.0"; 53 | my $RBLS = Cpanel::SafeRun::Timed::timedsaferun( 6, 'curl', '-s', 'https://raw.githubusercontent.com/cPanelPeter/rblcheck/master/rbllist.txt' ); 54 | my @RBLS = split /\n/, $RBLS; 55 | my $SHORTRBLS = Cpanel::SafeRun::Timed::timedsaferun( 6, 'curl', '-s', 'https://raw.githubusercontent.com/cPanelPeter/rblcheck/master/shortlist.txt' ); 56 | my @SHORTRBLS = split /\n/, $SHORTRBLS; 57 | my $totrbls; 58 | my $ENTEREDIP; 59 | my $TXT; 60 | my $NUMLISTED=0; 61 | my $LOOKUPHOST; 62 | 63 | # Get servers_mainip for /etc/wwwacct.conf file. 64 | #my $wwwacct = Cpanel::Config::LoadWwwAcctConf::loadwwwacctconf(); 65 | my $servers_mainip = get_mainip(); 66 | my @server_ips; 67 | 68 | my $ListIPsJSON = get_whmapi1('listips'); 69 | my $main_ip_address; 70 | for my $ListOfIPs ( @{ $ListIPsJSON->{data}->{ip} } ) { 71 | if ( $ListOfIPs->{mainaddr} ) { 72 | $main_ip_address = $ListOfIPs->{public_ip}; 73 | } 74 | push @server_ips, $ListOfIPs->{public_ip}; 75 | } 76 | 77 | my ($country_code,$country_name)=""; 78 | my $aliascnt=@server_ips; 79 | 80 | my $enteredipaddr = param('ipaddr'); 81 | my $onlylisted = param('onlylisted'); 82 | my @SelectedRBLs = multi_param('selectedItems'); 83 | my $totselected=@SelectedRBLs; 84 | my $multiline; 85 | if ($enteredipaddr) { 86 | # Get Country via GEO IP free database for $servers_mainip 87 | my $geo = Cpanel::GeoIPfree->new(); 88 | ($country_code,$country_name) = $geo->LookUp($enteredipaddr); 89 | print "Checking $enteredipaddr...
\n"; 90 | if ($country_name) { 91 | print "Country: $country_name ( $country_code )
\n"; 92 | } 93 | print "
\n"; 94 | my $starttime = Time::Piece->new; 95 | print "Started: $starttime
\n"; 96 | print "
\n"; 97 | checkit($enteredipaddr, $onlylisted); 98 | my $endtime = Time::Piece->new; 99 | print "
Completed: $endtime
\n"; 100 | my $timediff = ( $endtime - $starttime ); 101 | 102 | my $TotTime = $timediff->pretty; 103 | $TotTime = $TotTime . "\n"; 104 | print "Elapsed Time: $TotTime
\n"; 105 | 106 | if ($NUMLISTED == 0) { 107 | print "

Congratulations! - $ENTEREDIP is not currently listed in the $totselected RBL's checked!\n"; 108 | print "

\n"; 109 | print "\n"; 110 | print "
\n"; 111 | } 112 | else { 113 | print < 115 | Please note that neither your provider or datacenter or cPanel, Inc. have any control over the blacklists. Each RBL provider has their own criteria for listing an IP address. You will need to contact each RBL provider where your IP is listed and check with them on what their removal process is.

116 | Don't just request to have your IP delisted without fixing the problem. If you do that, you will most likely just get listed again and next time it will be much more difficult to get removed. Make sure that your network and mail server are properly configured and that your workstations/servers are free from viruses and other malware. 117 |

118 | Follow the steps outlined in the RBL removal process. Once you have solved the problem that got you listed, go back and attempt removal. Many of them have a self-service removal process. Most of these RBL providers are professional and their goal is to have a cleaner, faster and better Internet experience for everyone. 119 |

120 |

121 | 122 |
123 | 124 | 125 | 126 | 127 | END 128 | } 129 | } 130 | else { 131 | print < 134 | 135 | 136 | 207 | 208 | 211 | RBL Check 212 | 213 | 214 | RBL Check (version $version)...

215 | Q: What is an RBL?

216 | A: RBL stands for Realtime Blackhole List. These are spam blocking lists that allow a system administrator to block email from being sent out that have a history of sending spam or are infected with something that is doing the spamming. Once your IP Address is on an RBL, any other server that subscribes to that RBL will refuse email from your server. 217 |

218 | Check your servers IP's now (or any IP) to see if it is listed. 219 |

220 | Select the RBL's to use below. A minimum set has already been added for your convenience. 221 |

222 |

223 |
224 | 289 | 290 | 291 | 292 |
293 |
294 | Show only when listed in an RBL

318 |

319 |
320 | END 321 | if ($aliascnt > 0) { 322 | print "

Here are the $aliascnt IP's on this server:

\n"; 323 | print "

Double-click on the IP address to check and press the CHECK button.

\n"; 324 | print "\n"; 335 | } 336 | print < 338 | function showSelected(){ 339 | var s=document.getElementById('selectedIP'); //refers to that select with all options 340 | var selectText=s.options[s.selectedIndex].value // takes the one which the user will select 341 | document.getElementById('field2').value = selectText; 342 | } 343 | 344 |

345 | Select an IP address above or enter an IP address NOT on this server: 346 | 347 |

348 |
349 | END 350 | } 351 | 352 | # RETURN TO MAIN MENU 353 | Whostmgr::HTMLInterface::deffooter(); 354 | exit; 355 | 356 | sub checkit { 357 | $ENTEREDIP=shift; 358 | my $LISTEDONLY=shift; 359 | my $LOOKUPHOST; 360 | my $EXPANDEDIP = new Net::IP ( $ENTEREDIP ); 361 | if ( $ENTEREDIP =~ /:/ and $ENTEREDIP !~ /\./ ) { 362 | $LOOKUPHOST = join '.', reverse ( split '', $EXPANDEDIP->ip() ); 363 | $LOOKUPHOST =~ s/\.:\././g; 364 | } 365 | elsif ( $ENTEREDIP =~ /\./ and $ENTEREDIP !~ /:/ ) { 366 | $LOOKUPHOST = join '.', reverse ( split /\./, $ENTEREDIP ); 367 | } 368 | 369 | print < 371 | #textarea_id { 372 | background-color: black; 373 | text-align:justify; 374 | } 375 | textarea { 376 | resize: none; 377 | outline: none; 378 | } 379 | 380 | 381 | \n"; 417 | print < 419 | 422 | 429 | HTML 430 | $totrbls=@SelectedRBLs; 431 | print "

\n"; 432 | print "

\n"; 433 | print "

\n"; 434 | print "Checked $totrbls Realtime Blackhole Lists (RBL's).
\n"; 435 | print "The IP: $ENTEREDIP was found to be listed in $NUMLISTED of them.
\n"; 436 | } 437 | 438 | sub get_json_from_command { 439 | my @cmd = @_; 440 | return Cpanel::JSON::Load( 441 | Cpanel::SafeRun::Timed::timedsaferun( 30, @cmd ) ); 442 | } 443 | 444 | sub get_whmapi1 { 445 | return get_json_from_command( 'whmapi1', '--output=json', @_ ); 446 | } 447 | 448 | sub get_mainip { 449 | my $getallipsJSON = get_whmapi1( 'listips' ); 450 | for my $getallips ( @{ $getallipsJSON->{data}->{ip} } ) { 451 | if ( $getallips->{mainaddr} ) { 452 | return $getallips->{public_ip}; 453 | } 454 | } 455 | } 456 | -------------------------------------------------------------------------------- /whmplugin/rblcheck.conf: -------------------------------------------------------------------------------- 1 | # The name of the plugin 2 | name=rblcheck 3 | 4 | # Service that will run the plugin/app 5 | service=whostmgr 6 | 7 | # User to run the plugin as (root) 8 | user=root 9 | 10 | # URL where the plugin program will be stored/called from (relative to /usr/local/cpanel/docroot/) 11 | url=/cgi/rblcheck 12 | 13 | # Required ACL's 14 | acls=email 15 | 16 | # Display name within the WHM (Plugins section) 17 | displayname=RBL Check - rblcheck 18 | 19 | # URL to show in WHM (again, relative to where the plugin/app is installed) 20 | entryurl=rblcheck/rblcheck.cgi 21 | 22 | # Icon that will show up in WHM => Plugins section 23 | icon=rblcheck.jpg 24 | 25 | # Target (frame). In 64 and later, this defaults to _blank. Use _self to open within WHM 26 | target=_self 27 | -------------------------------------------------------------------------------- /whmplugin/rblcheck.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cPanelPeter/rblcheck/4a93d3cb834e0d909dc545e3ac6f1480aa95535f/whmplugin/rblcheck.jpg -------------------------------------------------------------------------------- /whmplugin/rblcheck_install.pl: -------------------------------------------------------------------------------- 1 | #!/usr/local/cpanel/3rdparty/bin/perl 2 | 3 | use Net::IP; 4 | use IO::Uncompress::Gunzip qw(gunzip $GunzipError); 5 | use File::Copy; 6 | use Archive::Tar; 7 | use Cpanel::SafeRun::Timed (); 8 | use Cpanel::SafeRun::Errors(); 9 | use Term::ANSIColor qw(:constants); 10 | $Term::ANSIColor::AUTORESET = 1; 11 | 12 | system("clear"); 13 | print GREEN "Installing the RBLCheck WHM Plugin...\n"; 14 | 15 | # Create the directory for the plugin 16 | print YELLOW "Creating /usr/local/cpanel/whostmgr/docroot/cgi/rblcheck directory... "; 17 | mkdir "/usr/local/cpanel/whostmgr/docroot/cgi/rblcheck"; 18 | print CYAN " - Done\n"; 19 | 20 | # Obtain the plugin from Github 21 | print YELLOW "Downloading whmrblcheck.tar.gz... "; 22 | Cpanel::SafeRun::Timed::timedsaferun( 4, 'wget', '-O', '/root/whmrblcheck.tar.gz', '-o', '/dev/null', "https://raw.githubusercontent.com/cPanelPeter/rblcheck/master/whmplugin/whmrblcheck.tar.gz" ); 23 | print CYAN " - Done\n"; 24 | 25 | # Uncompress whmrblcheck.tar.gz 26 | print YELLOW "Extracting whmrblcheck.tar.gz... "; 27 | my $tar = Archive::Tar->new; 28 | $tar->read("/root/whmrblcheck.tar.gz"); 29 | $tar->extract(); 30 | print CYAN " - Done\n"; 31 | 32 | # Copy the rblcheck.jpg (Icon) image file to /usr/local/cpanel/whostmgr/docroot/addon_plugins 33 | print YELLOW "Copying rblcheck.jpg to /usr/local/cpanel/whostmgr/docroot/addon_plugins... "; 34 | move("/root/rblcheck.jpg","/usr/local/cpanel/whostmgr/docroot/addon_plugins") or die "Copy failed: $!"; 35 | print CYAN " - Done\n"; 36 | 37 | # Copy the rblcheck.cgi file to /usr/local/cpanel/whostmgr/docroot/cgi/rblcheck 38 | print YELLOW "Copying rblcheck.cgi to /usr/local/cpanel/whostmgr/docroot/cgi/rblcheck... "; 39 | move("/root/rblcheck.cgi","/usr/local/cpanel/whostmgr/docroot/cgi/rblcheck") or die "Copy failed: $!"; 40 | print CYAN " - Done\n"; 41 | 42 | # Set execute permissions on the rblcheck.cgi script 43 | print YELLOW "Setting permissions on /usr/local/cpanel/whostmgr/docroot/cgi/rblcheck/rblcheck.cgi to 0755..."; 44 | chmod 0755, "/usr/local/cpanel/whostmgr/docroot/cgi/rblcheck/rblcheck.cgi"; 45 | print CYAN " - Done\n"; 46 | 47 | # Register the plugin 48 | print YELLOW "Registering plugin..."; 49 | system( "/usr/local/cpanel/bin/register_appconfig /root/rblcheck.conf" ); 50 | 51 | print GREEN "\nRBL Check WHM Plugin installed!\n"; 52 | unlink( "/root/whmrblcheck.tar.gz" ); 53 | exit; 54 | -------------------------------------------------------------------------------- /whmplugin/rblcheck_uninstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Uninstalling the RBL Check WHM Plugins..." 3 | 4 | echo -n "Removing rblcheck.jpg from the /usr/local/cpanel/whostmgr/docroot/addon_plugins/ directory " 5 | rm -f /usr/local/cpanel/whostmgr/docroot/addon_plugins/rblcheck.jpg 6 | echo "Done" 7 | 8 | echo -n "Removing rblcheck.cgi from the /usr/local/cpanel/whostmgr/docroot/cgi/rblcheck/ directory " 9 | rm -f /usr/local/cpanel/whostmgr/docroot/cgi/rblcheck/rblcheck.cgi 10 | echo "Done" 11 | 12 | echo -n "Removing the rblcheck directory from the /usr/local/cpanel/whostmgr/docroot/cgi/ directory " 13 | rmdir /usr/local/cpanel/whostmgr/docroot/cgi/rblcheck 14 | echo "Done" 15 | 16 | echo -n "Removing the whmrblcheck.tar.gz file from the /root/ directory " 17 | rm -f /root/whmrblcheck.tar.gz 18 | echo "Done" 19 | 20 | echo -n "Removing the rblcheck_install.pl file from the /root/ directory " 21 | rm -f /root/rblcheck_install.pl 22 | echo "Done" 23 | 24 | echo -n "Removing the rblcheck.conf file from the /root/ directory " 25 | rm -f /root/rblcheck.conf 26 | echo "Done" 27 | 28 | echo -n "Unregistering the appconfig... " 29 | /usr/local/cpanel/bin/unregister_appconfig /var/cpanel/apps/rblcheck.conf 30 | echo "Done" 31 | 32 | 33 | echo "RBL Check WHM Plugin has been successfully removed." 34 | rm -f /root/rblcheck_uninstall.sh 35 | -------------------------------------------------------------------------------- /whmplugin/readme.txt: -------------------------------------------------------------------------------- 1 | rblcheck - a simple plugin created specifically for a walkthrough on how to create a Plugin 2 | for WHM. 3 | 4 | https://forums.cpanel.net/resources/how-to-create-a-plugin-whm-cpanel.415/ 5 | 6 | Allows you to check your servers main IP and any ipaliases against a list of RBL's 7 | (Realtime Blackhole Lists). 8 | 9 | INSTALLATION: 10 | 11 | Download the rblcheck_install.pl script to /root and run it (as root). 12 | Once completed, you should have an rblcheck plugin under WHM => Plugins. 13 | 14 | wget https://github.com/cPanelPeter/rblcheck/blob/master/whmplugin/rblcheck_install.pl 15 | chmod 0755 rblcheck_install.pl 16 | ./rblcheck_install.pl 17 | 18 | 19 | -------------------------------------------------------------------------------- /whmplugin/whmrblcheck.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cPanelPeter/rblcheck/4a93d3cb834e0d909dc545e3ac6f1480aa95535f/whmplugin/whmrblcheck.tar.gz --------------------------------------------------------------------------------