Re: [Httpbl-beta] DNS lookups not corresponding to incoming http client addresses - fixed

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

All mod_httpbl testers,
   It looks like I goofed on the newest version of the code.  I'm going to
be updating the CVS tonight with a version of code that _does_not_ look up
only a single hardcoded IP (as well as a few other minor changes that I've
made since the last update).  I stilldon't have the ability to test Apache
2.2.x so if you have any compile errors, please let me know and I will try
to fix them ASAP.

THanks,
Dave

On 5/30/07, James Beckett <jmb...@ha...> wrote:
>
> James Beckett wrote:
> > So far, I've only seen httpBL DNS lookups
> > for two IP addresses - one of them around 4200 times and the other only
> once,
> > since installation on 2007-05-02.
>
> (apache log)
>
> > 80.237.210.109 - - [15/May/2007:16:31:46 +0100] "GET / HTTP/1.0" 200
> 4154 "-"
> >     "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6c"
>
> > but the corresponding entry in named.querylog is
> >
> > 15-May-2007 16:31:46.757 client 127.0.0.1#50330: query:
> >     (my ID).235.1.194.62.dnsbl.httpbl.org IN A +
> >
> > The address 62.192.1.235 doesn't appear in any other apache log files,
> and
> > seems entirely spurious.
>
> More so for me mis-reversing it: 62.194.1.235 is the only address that
> gets
> looked up. Now that I've spotted my bozo error it's clear in the code - it
> looks as though a test setting has been left in place:
>
>
> http://httpbl.cvs.sourceforge.net/httpbl/mod_httpbl_for_apache_2.0/mod_httpbl_source/mod_httpbl.c?revision=1.1.1.1&view=markup#l_309
>
> #define IP_TO_LOOKUP                            "62.194.1.235"
>         // a known spammer's IP ; just for testing
>
> and later:
>
>     ha = r->connection->remote_ip; // get the requesting IP from the
> request_rec
> #ifdef IP_TO_LOOKUP     // if a macro is set to a hardcoded IP (for
> testing purposes)
>     ha = IP_TO_LOOKUP;
> #endif
>
> With this here, check_via() always looks up this address, not the remote
> IP
> address from the request - which presumably means that all current beta
> testers (unless they've quietly fixed this themselves locally, or have an
> earlier version without it) are unknowingly not actually testing anything
> useful! (This test IP returns 127.86.74.3 - 86 days since activity, pretty
> high threat, suspicious+harvester - the sample config should return "deny"
> for this, so I'd expect any typical beta tester setup to show 100% page
> denial)
>
> With the #define commented out, I'm finally seeing lookups of actual
> client
> addresses taking place:
>
> 30-May-2007 20:07:30.533 client 127.0.0.1#57023: view internal:
>         query: (my ID).109.210.237.80.dnsbl.httpbl.org IN A +
>
>
> I'd highly recommend anyone running http:BL to run and use their own local
> caching nameserver, both for reducing lookup overheads and for being able
> to check the logs and see what's going on.
>
> cheers,
> James
> --
> James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
> F601 C085 1482 B92A C812  556C A985 1497 209B 4E65
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>