[MokoCBRegGuard] [FEATURE] DNSBL (DNS Blackhole List) integration #20

New Issue

2026-06-02T19:31:35Z

jmiller commented

2026-06-02 19:31:35 +00:00

Migrated from MokoCBRegGuard#20

Feature Description

Add support for querying DNS Blackhole Lists (DNSBLs) to check registrant IPs against established spam/abuse databases.

Problem or Use Case

StopForumSpam is one data source, but established DNSBLs like Spamhaus (SBL/XBL), Barracuda (BRBL), and SORBS maintain broader threat intelligence. Many malicious IPs are listed in DNSBLs but not in StopForumSpam. There is currently no DNSBL support.

Proposed Solution

Add configurable DNSBL server lookups:

New params: enable_dnsbl_check, dnsbl_servers (textarea, one server per line, defaults to common free DNSBLs)
Perform reverse-IP DNS query against each DNSBL server
A successful DNS resolution means the IP is listed

Generate DNSBL_LISTED flag (weight: 3) with the specific list name included in the flag detail.

Alternative Solutions

Rely solely on StopForumSpam (misses threats tracked by DNSBLs)
Server-level DNSBL blocking (blocks all traffic, not just registrations)

Benefits

Who: Any site wanting broader threat intelligence coverage
Problem solved: Catches malicious IPs from sources StopForumSpam does not cover
Value: Lightweight DNS-based check (fast, no HTTP overhead, no API keys needed)

Implementation Details (Optional)

New params in cbregguard.xml
New RegGuardHelper::checkDNSBL() static method
Reverse IP octets, perform DNS lookup
Skip private/reserved IPs (reuse existing _isPrivateIp() helper)
Timeout handling to avoid blocking registration on slow DNS responses

Relevant Standards

Security best practices
Code quality standards

Checklist

I have searched for similar feature requests before creating this one
I have clearly described the use case and benefits
I have considered alternative solutions
This feature aligns with the project's goals and scope

> Migrated from MokoCBRegGuard#20 ## Feature Description Add support for querying DNS Blackhole Lists (DNSBLs) to check registrant IPs against established spam/abuse databases. ## Problem or Use Case StopForumSpam is one data source, but established DNSBLs like Spamhaus (SBL/XBL), Barracuda (BRBL), and SORBS maintain broader threat intelligence. Many malicious IPs are listed in DNSBLs but not in StopForumSpam. There is currently no DNSBL support. ## Proposed Solution Add configurable DNSBL server lookups: - New params: `enable_dnsbl_check`, `dnsbl_servers` (textarea, one server per line, defaults to common free DNSBLs) - Perform reverse-IP DNS query against each DNSBL server - A successful DNS resolution means the IP is listed Generate `DNSBL_LISTED` flag (weight: 3) with the specific list name included in the flag detail. ## Alternative Solutions - Rely solely on StopForumSpam (misses threats tracked by DNSBLs) - Server-level DNSBL blocking (blocks all traffic, not just registrations) ## Benefits - **Who:** Any site wanting broader threat intelligence coverage - **Problem solved:** Catches malicious IPs from sources StopForumSpam does not cover - **Value:** Lightweight DNS-based check (fast, no HTTP overhead, no API keys needed) ## Implementation Details (Optional) - New params in `cbregguard.xml` - New `RegGuardHelper::checkDNSBL()` static method - Reverse IP octets, perform DNS lookup - Skip private/reserved IPs (reuse existing `_isPrivateIp()` helper) - Timeout handling to avoid blocking registration on slow DNS responses ## Relevant Standards - [x] Security best practices - [x] Code quality standards ## Checklist - [x] I have searched for similar feature requests before creating this one - [x] I have clearly described the use case and benefits - [x] I have considered alternative solutions - [x] This feature aligns with the project's goals and scope

jmiller added the pending: testing regguard labels 2026-06-02 19:52:03 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoJoomCommunity#20