Why can I be registered in DNSBL ?
We distinguish two different situations.
a) When the attacker directly executes actions to damage or harm Evilnet network resources, users or staff.
In this case, there is nothing to do except check if your IP has been registered by DNSBL and you will see the information about it.
b) The origin of the attack was executed from a compromised computer without its owner or user knowing about this situation.
In this case, you can fill out the contact form with the necessary information that justifies requesting that the IP involved be removed from DNSBL.
We may request, at our discretion, documentation that verifies that you are foreign to the attack and had no intention of executing any action as described above.
In what CLASS my ipaddress can be add on EvilNet DNSBL:
127.0.0.[3] = Join/Part
127.0.0.[5] = Compromised HOST/IP
127.0.0.[6] = IRC Spam Drone
127.0.0.[7] = DDoS Drone
127.0.0.[8] = Open Proxy/HTTP Proxy
127.0.0.[10] = Abused VPN Services
127.0.0.[17] = Auto determined botnet IPs (Default)
127.0.0.[18] = Compromised DNS/MX type hostname
charybdis 2.0 and later blacklist {}
If you add the following to your blacklist {} block, your charybdis server will check DNSBL EvilNET. As an example:
blacklist {
host = "rbl.evilnet.org";
reject_reason = "You have a host listed in the DNSBL EvilNET. For more information, visit https://dnsbl.evilnet.org/ip-search";
};
If you add the following to your blacklist {} block, your charybdis server will check DNSBL EvilNET. As an example:
blacklist {
host = "rbl.evilnet.org";
reject_reason = "You have a host listed in the DNSBL EvilNET. For more information, visit https://dnsbl.evilnet.org/your?ipaddress=${ip}";
};
EvilNET-RBL.ini
[bl:rbl.evilnet.org]
ban_unknown=false
default_ban_message=Your host is listed in the EvilNet DNSBL (%reason%). https://dnsbl.evilnet.org/your?ipaddress=%ip% for info.
reply:3=Join/Part
reply:5=Compromised HOST/IP
reply:6=IRC Spam Drone
reply:7=DDOS Drone
reply:8=Open Proxy/HTTP Proxy
reply:10=Abused VPN Services
reply:17=Auto determined botnet IPs
reply:18=Compromised DNS/MX type hostname
DNSBL EvilNET.org In Linux Terminal
git clone https://github.com/unixfool/EvilIP.git
cd EvilIP
chmod +x evilip.sh
sh evilip.sh IP
NOTE: You need to install DIG for this script work well.
NOTE: Ubuntu / Debian: apt-get install dig
NOTE: CentOS: yum install dig
DNSBL EvilNET.org Fash Search for Eggdrops/IRC/Scripts
https://dnsbl.evilnet.org/your?ipaddress=IPAddress
NOTE: =IPAddress, Enter a real ip address you want to fast seach.
Using NodeJS Module Request.
API URL: https://api.evilnet.org/rbl/ip/
API Result Seach Body Template
How to: https://api.evilnet.org/rbl/ip/Your-IPAddress-Here
{
ipaddress: " ",
dateadded: " ",
reportedby: " ",
iptype: " ",
attacknotes: " ",
email: " ",
location: " ",
id: " "
}
Using NodeJS Module Request.
//Request NodeJS Module.
import request from 'request';
request({
url: "https://api.evilnet.org/rbl/ip/Your-IPAddress-HERE",
json: true
}, (error, response, body) => {
// Print the JSON for the API IP request.
console.log(body);
// Print the response status code if a response was received.
console.log('statusCode:', response && response.statusCode);
// Print the error if one occurred.
console.error('error:', error);
});
Using NodeJS Module Axios.
// Import Axios Module
import axios from 'axios';
// Get API Url Fetch in axios module.
axios.get("https://api.evilnet.org/rbl/ip/Your-IPAddress-Here")
// Show results only with data info.
.then((result) => {
console.log(result.data);
})
// IF catch a error print the result message.
.catch((err) => {
console.log(err);
})
Using NodeJS Module Https.
// Import Https from Https. This use the new module system call.
import https from 'https';
// Get API info with HTTPS
https.get('https://api.evilnet.org/rbl/ip/Your-IPAddress-HERE', (response) => {
// Create a data
let data = '';
// Chunk the date in to a chunker
response.on('data', (chunk) => {
data += chunk;
});
// Show data chunk on the https
response.on('end', () => {
console.log(data);
});
})
// Show Error message.
.on('error', (error) => {
console.log(error);
})