It’s useful for ISP’s and email service providers to run occasional RBL checks against their IPs to know when they are being blacklisted by populate CBL services. I’ve written a simple script that utilizes the DNSBL pear library to check against common blacklists, when given a list of IPs in a file.

First, you need to download or install the NET_DNSBL pear module. (Command: pear install NET_DNSBL)

<?php
require_once('Net/DNSBL.php');

$iplist = file("/path/to/iplist");

foreach ($iplist as $ip){

$dnsbl = new Net_DNSBL();

$dnsbl->setBlacklists(array(
'sbl-xbl.spamhaus.org',
'dnsbl.sorbs.net',
'bl.spamcop.net',
'dnsbl-1.uceprotect.net',
'dnsbl-2.uceprotect.net',
'dnsbl-3.uceprotect.net',
'isps.spamblocked.com',
'zen.spamhaus.org'
));

if ($dnsbl->isListed($ip)) {

echo "IP $ip is blacklisted!\n";

}

else {
echo "IP $ip not listed\n";
}
}

?>

Of course, this script can be very easily modified to pull IPs from a database, or assign the $ip variable from a GET or POST request (like from a form or API).  Here’s an exclusive list of some RBL’s you can check against using this script, by adding them to the array shown:

asiaspam.spamblocked.com
bl.deadbeef.com
bl.emailbasura.org
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org    cdl.anti-spam.org.cn
combined.abuse.ch
combined.rbl.msrbl.net
db.wpbl.info
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.abuse.ch
dnsbl.ahbl.org
dnsbl.cyberlogic.net
dnsbl.inps.de
dnsbl.njabl.org
dnsbl.sorbs.net
drone.abuse.ch
duinv.aupads.org
dul.dnsbl.sorbs.net
dul.ru
dyna.spamrats.com
dynip.rothen.com
eurospam.spamblocked.com
fl.chickenboner.biz
http.dnsbl.sorbs.net
images.rbl.msrbl.net
ips.backscatterer.org
isps.spamblocked.com
ix.dnsbl.manitu.net
korea.services.net
lacnic.spamblocked.com
misc.dnsbl.sorbs.net
noptr.spamrats.com
ohps.dnsbl.net.au
omrs.dnsbl.net.au
orvedb.aupads.org
osps.dnsbl.net.au
osrs.dnsbl.net.au
owfs.dnsbl.net.au
owps.dnsbl.net.au
pbl.spamhaus.org
phishing.rbl.msrbl.net
probes.dnsbl.net.au
proxy.bl.gweep.ca
proxy.block.transip.nl
psbl.surriel.com
rbl.interserver.net
rdts.dnsbl.net.au
relays.bl.gweep.ca
relays.bl.kundenserver.de
relays.nether.net
residential.block.transip.nl
ricn.dnsbl.net.au
rmst.dnsbl.net.au
sbl.spamhaus.org
short.rbl.jp
smtp.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
spam.dnsbl.sorbs.net
spam.rbl.msrbl.net
spam.spamrats.com
spamlist.or.kr
spamrbl.imp.ch
t3direct.dnsbl.net.au
tor.ahbl.org
tor.dnsbl.sectoor.de
torserver.tor.dnsbl.sectoor.de
ubl.lashback.com
ubl.unsubscore.com
virbl.bit.nl
virus.rbl.jp
virus.rbl.msrbl.net
web.dnsbl.sorbs.net
wormrbl.imp.ch
xbl.spamhaus.org
zen.spamhaus.org

PHP has a couple DNS functions you can use to perform record lookups.

Most of us are familiar with the two basic ones – gethostbyname() and gethostbyaddr(), both of which perform a single function – returning a hostname or IP address. Here’s an example of both:

<?php

$ip = gethostbyname("v-nessa.net");
$host = gethostbyaddr("69.174.114.71");

echo "v-nessa.net has the IP $ip, which reverses to $host";
?>

The above will return:

v-nessa.net has the IP 69.174.114.71, which has a PTR of server.v-nessa.net

Similarly to gethostbyname, there’s gethostbynamel which is useful for hostnames with multiple A records:

$ips = gethostbynamel("test.v-nessa.net");
foreach ($ips as $ip => $value){
echo $value . "\n";
}

Will return:

69.174.114.71
69.174.115.243

A more advanced function is dns_get_record, which can pull any valid record for a hostname or IP.  Think about the dig command you use in Unix to find DNS records:

nessa@nessa-desktop:~$ dig +short v-nessa.net A
69.174.114.71

The dns_get_record function works in a similar way, and can obtain the following DNS record types:

DNS_A, DNS_CNAME, DNS_HINFO, DNS_MX, DNS_NS, DNS_PTR, DNS_SOA, DNS_TXT, DNS_AAAA, DNS_SRV, DNS_NAPTR, DNS_A6, DNS_ALL or DNS_ANY.

The following will give you a similar result:

$recs = dns_get_record("v-nessa.net", DNS_A);
print_r($recs);

Will return:

Array
(
[0] => Array
(
[host] => v-nessa.net
[type] => A
[ip] => 69.174.114.71
[class] => IN
[ttl] => 13728
)
)

If you want to obtain multiple DNS types, you can do so by separating the record types with a plus sign:

$recs = dns_get_record("v-nessa.net", DNS_A + DNS_MX);

Will return:

Array
(
[0] => Array
(
[host] => v-nessa.net
[type] => A
[ip] => 69.174.114.71
[class] => IN
[ttl] => 13736
)

[1] => Array
(
[host] => v-nessa.net
[type] => MX
[pri] => 0
[target] => v-nessa.net
[class] => IN
[ttl] => 14145
)

)

You’ll notice that the output is a double array, so to call individual values you can do either of the following:

// will return the IP for array 0 ( A record)

echo $recs[0]['ip'];

// will return results for common records

foreach ($recs as $type => $value){
echo $value[ip] . "\n";
}

Similar to the example above, you can use the DNS_ALL type to show any records available for the hostname, and use a minus sign to exclude certain record types. For example, the below code will return all DNS results for v-nessa.net, but exclude NS records:

$recs = dns_get_record("v-nessa.net", DNS_ALL - DNS_NS );

foreach ($recs as $type => $value){
echo $value[type] . "\n";
}

The following records were returned:

A
SOA
MX
TXT

Here’s a more practical example – a simple PHP DNS lookup script. Say you have a form on your site that allows a user to type in a hostname and select a type of record: A, MX, NS, and TXT. The passed form values are $host and $type, and the below script will accept the variables and output the results according to the record type:

HTML Form:

<form action="dns.php" method="POST">
Hostname: <input type="text" name="host" />
Type: <select name="type">
<option value="a">A</option>
<option value="mx">MX</option>
<option value="ns">NS</option>
<option value="txt">TXT</option> </select>
</form>

PHP Script (dns.php):

<?php

if(!empty($_POST['host']) && !empty($_POST['type'])){

    // Grab variable from form and define valid types

    $host = $_POST['host'];
    $type = strtoupper($_POST['type');
    $validtypes=array("A","MX","NS","TXT");

    // Check that dns type is defined or allowed

    if(!defined("DNS_" . $type) or !in_array($type,$validtypes)){
       echo "Invalid DNS Type!";
    }else{

       $type = constant("DNS_" . $type);
       $rec = dns_get_record($host, $type);

       // Set result types - can be modified by using available elements from $rec array

       switch($type){
             case DNS_A:
                    $recvals=array("Hostname" => "host","Type" => "type", "IP" => "ip");
                    break;
             case DNS_MX:
                    $recvals=array("Hostname" => "host","Type" => "type", "Target" => "target", "Priority" => "pri");
                    break;
             case DNS_NS:
                    $recvals=array("Hostname" => "host","Type" => "type", "Target" => "target");
                    break;
             case DNS_TXT:
                    $recvals=array("Hostname" => "host","Type" => "type", "Record" => "txt");
                    break;
        }

      // Output results

      foreach ($rec as $arr => $num){
             foreach ($recvals as $title => $value){
                    echo $title . " : " . $num[$value] . "\n";
             }
      }

    }
} else {

     echo "Either hostname or record type is missing";
}

It’s of course easy to modify the above code accordingly, and I’m sure there may be better ways to do this. Feel free to post your own code snippets or comments.

The Developer Obsession with Code Names – Pingdom

Website feeling overweight? Slim it down with Smush.it – Diary of a Ninja

Really Useful Tutorials You Should Have Read in May 2010 – W3 Avenue

Beautiful and Useful 404 Error Pages for Inspiration – 6 Revisions

15 Great Content Management Systems for Designers – Design Tutorials 4 U

10 Easy Solutions for PHP String Manipulation – PHP Builder

12 Cross-Browser Compatibility Tools for Designers – Web Hosting Help Guy

If I had a Viagra pill for every time I confronted a spammer who pulled the “email marketing” excuse…

There’s no debate, no exceptions, and no justification. If you’re sending out massive amounts of unsolicited email, you’re a spammer. Period.  You’re not running a legitimate or respected marketing campaign, you’re not helping anyone with their emotional or erectile dysfunction problems, and in reality, no one cares to read what you have to say.

A lot of hosting providers are cracking down on spammers – and from experience, I can tell you why:  Spammers are an inconvenience to everyone – even themselves. They are an inconvenience to me, the system administrator that has to sift through spam complaints and spend hours every week tracking them down.  They are an inconvenience to our customers, who find their email being blacklisted because of a spammer on their network. And finally, they are an inconvenience to you, the Internet user, that has to deal with getting spam on a daily basis because some people have nothing better to do.

And here’s how you know if you’re one of those some people:

• You purposely find ways to circumvent your ISP or host’s mailing limits instead of simply asking
• You’re harvesting or purchasing email addresses off of websites, other mailing lists, or third parties to compose your recipient base
• You’re sending those people [unsolicited] email advertising yourself, a product, or a website
• You use spoofing or other tactics to hide your email address or server information
• You don’t give your victims recipients a way to opt out of your torturous email campaigns
• You hide behind the CAN SPAM law to justify your behavior
• You get the slight inkling that people hate you for what you do

So what’s the fine line between spam and email marketing?

It’s all about honesty and consent.  If I contact a fellow blog owner requesting a link exchange, I wouldn’t technically consider that spam. If I send the same email to 40 other people, I’m crossing the line.  A legitimate, non-spammy email campaign would consist of a database of opted-in users, and email content consistent with what those users requested to be in the loop for.  If any of those users decide they don’t want to participate anymore, they are given a quick and easy way to remove themselves from the list.  The fine line between spamming and email marketing is the concept of opting in. Simply put, email marketers use opt-in lists, spammers don’t.

And no, I’m not talking about purchasing opt-in lists that other people have compiled.

Spammers have ruined the concept of email marketing enough to where now even legitimate email marketers are being accused of spamming, and many hosts won’t even work with them.  That’s not all hosts are doing to fight back, either.  Many larger hosting providers are so tired of dealing with spammers on their network that they impose mailing limitations that tend to inconvenience other users. Here are just a few:

• Limiting the number of emails sent per minute, hour, or day
• Limiting the number of recipients that can exist in a single email or BCC field
• Locking outbound SMTP connections so scripts can’t send email from remote servers
• Blocking email sent from certain system users (like the Apache user), requiring the use of authenticated mail sessions

For everyone else, here are a few tips on dealing with SPAM:

• Delete it – it takes two seconds
• Learn what a spam filter is, and use it
• Stop trying to play Internet police. Feel free to report spam to the ISP or host, but don’t start spouting off with legal threats. It’s not going to change the fact that millions of spam emails are sent every day, and no court is going to waste their time on you
• Don’t assume that the ISP or host can read minds – do you think they would have intentionally allowed a spammer to sign up for their service?

And for ISP’s and hosts, you have responsibilities as well:

• Don’t be afraid to impose the aforementioned limitations on your servers. Your goal should be to look out for the best interests of your customers as a whole
• Require justification from users that want to send large mailing lists, asking them how much email they are sending, who they are sending to, and whether they have an opt-in/out method
• Set up abuse@ and postmaster@ email addresses, which will usually be where complaints are sent to. This way you’re aware of users that may be abusing your network, even if
• Sign up for feedback loops, so automated spam reports from various email providers are sent to you to review
• Deal with spammers ASAP. Not doing so can end up causing your network to get blacklisted, or have complaints escalated to cancellations from your customers – or even legal threats

Any programmer knows the golden rule of programming – no matter how well you’ve coded an application, there’s always going to be something wrong with it. I’ve done enough development work to have a lasting suspicion that if there’s a bug or hole to be found, someone will stumble upon it and rub it in your face.

Here’s an interesting fact:

There’s no such thing as a bug-free application.

No amount of poking, prodding, testing, slurping, or caressing is going to find every possible fault that can exist in an application. Somewhere along the line, one of your users is going to trigger a problem and cause you to spend a few hours patching code.  It’s like idiot-proofing a microwave – you can’t reasonably predict every possible thing that a user can do, you just do what you can and hope for the best.

The good thing about these idiots is that they make us better programmers.  To be a better programmer, you have to think like an idiot and apply some basic principles:

1. Validation

Check and maybe even double-check all types of input and assume the worst. Sure, maybe that user didn’t know that Sex referred to gender, but you should have thought of that.  Always take into account blank, malformed, incorrect, malicious, and duplicate data.

2. Default Actions

Any time you use conditionals, always combine validation with a default action, in case something unexpected happens. Do you know what your application is going to do if a specified condition isn’t met?

3. User behavior

Some people do things you don’t want them to, but you have to be ready for it anyways.  Does your application work correctly if people hit the “back” or “refresh” buttons? Is it going to cause a problem if someone bypasses your lightbox and opens a link in a new tab instead? Or bookmarks a page that was meant to be accessed from a login screen?

4. Acceptance

Accept the fact that no matter what advice I give, you’re still never going to make it perfect.

And don’t forget – testing, testing, testing. While some people I deal with like to believe that I don’t actually test anything, I do – I just also know the golden rule of programming and that there’s no way around it.  Testing is an ongoing process and requires both automated and manual work. Don’t knowingly leave a bug or security flaw in place and assume it will go unnoticed – trust me, it won’t.  If there’s one thing idiots are good at, it’s making you look like an idiot.

There’s a common understanding in the developer community that when you’re testing code, don’t do it on a live site. And if you do, make sure it’s transparent to the user.  This faux pas tends to be unforgivable when you’re a major review site getting thousands of hits per day.

I hope I don’t get sued for this.

The other night I was logged into my ReviewMe account to add one of my sites, and upon addition some code popped up that probably shouldn’t have:

It looks like someone was doing some testing and was echoing out some post variables as an array, and forgot to remove it.  This goes to show: don’t test this kind of stuff on a live site where your users will be able to see it.

How to Design a Clean and Minimal Business Website :: Voosh Themes

10+1 Things they Never Teach In College About Programming :: Making Good Software

10 Free Web Hosting Control Panels to Manage Servers Easier :: Web Resources Depot

How to Fix PHP Vulnerabilities (So Your Site Won’t Get Hacked) :: Code Diesel

How to manage a PHP application’s users and passwords :: PHP Security

How to Create a Captcha System with PHP :: Webdesign Spot

Best Practices for Coding HTML Emails :: Cats Who Code

It’s been almost a year since the PHP 5.3 branch was released to the PHP community, and yet we’re all still in the shadow of PHP 5.2.  If you’re just a faithful customer wondering why your host isn’t getting with the times, I’ll tell you exactly why: We don’t stock enough diapers to keep up with that ish.

Let me talk about you, the common website owner, that runs a simple Drupal or WordPress site.  You didn’t sign up with your host to go around in circles over compatibility problems that could have been avoided by your host doing a little research. As a programmer, I would hold it to any site owner to check their site’s requirements and the offerings of their host before they unnecessarily waste a lot of time and money, but as a system administrator I frown upon shared hosting providers offering software with known compatibility issues just to be able to advertise as the “latest and greatest”. The latest isn’t always the greatest, and it won’t be until the community catches up with what the greatest has to offer.

I’ve had numerous discussions with my superiors about whether to upgrade to PHP 5.3, and the end result is pretty much the same – we’re just not ready. And neither are our customers, or the developers of the applications they use.  And trust me – this is normal. We all went through the same thing when PHP 4.2 came out, and again with PHP 5, and again with PHP 5.2.  That being said, this is why all the good hosts are now also holding off jumping on the PHP 5.3 bandwagon:

• Lack of compatibility:  Many open source applications and frameworks (such as Drupal, Joomla, Magento, and even parts of WordPress) are not fully compatible with PHP 5.3 yet
• No Zend Optimizer or Zend Guard support
• It’s not required for PCI compliance yet, which is one of the main reasons why hosts upgrade PHP on their servers

PHP 5.3 does have a lot of new features and functions to offer, and it will eventually wiggle its way into mainstream hosting -  it’s just not ready for the shared hosting population yet until everyone else catches up.  Most hosts (including IMH) will still offer PHP 5.3 as an optional upgrade for customers on VPS or Dedicated servers, or as an optional move to a server that has that version. In the meantime, start upgrading your applications and keep tabs on your softwares’ developers to find out when php 5.3 support will be available.  PHP 5.2 will likely become obscure near the end of 2010 or early 2011 in favor of 5.3, and you should be ready when it is.

I wrote a guest post today on Associated Content – my first ever post on this media site. Have a look!

http://www.associatedcontent.com/article/5418390/is_the_internet_getting_too_cluttered.html?cat=15

This is part third and final part in my PHP command line tutorial series. If you didn’t see parts 1 and 2:

Command Line PHP: Part 1

Command Line PHP: Part 2

More File and Disk Functions

Getting Disk Space and Usage

The disk_total_size and disk_free_space functions can tell you how much disk space you have and how much is available, respectively:

$disksize = disk_total_space("/");
$size = round(number_format($disksize / 1024 / 1024 / 1024, 2));

$diskfree = disk_free_space("/");
$freesize = round(number_format($diskfree / 1024 / 1024 / 1024, 2));

echo "Total Disk Size: $size GB\n";
echo "Free Disk Space: $freesize GB";

Finding Files

A little-known function called glob works sort of like the locate command, in that it will find files that match a certain string, but it only looks in the current folder and is not recursive. For example, the below code will search for all files in the current folder that end with .txt:

foreach (glob("*.txt") as $file) {
echo "$file size " . filesize($file) . "\n";
}

You can also use something like this example to run as a loop and recursively search through folders.

Getting File Path Information

The famous pathinfo function can give you information about a file on your system:

$file = "/etc/php5/cli/php.ini";
if(file_exists($file)){
$info = pathinfo($file);
print_r($info);
}

This will print out an array like below:

Array
(
[dirname] => /etc/php5/cli
[basename] => php.ini
[extension] => ini
[filename] => php
)

Which you can echo out values to and use in your scripts, for example:

$file = "/etc/php5/cli/php.ini";
if(file_exists($file)){
$info = pathinfo($file);
$dir = $info[dirname];
chdir($dir);
echo "Changed directory to" . getcwd();
}

There are also similar functions that will provide the same information, individually:

$file = "/etc/php5/cli/php.ini";

echo "Absolute File Name: " . realpath($file) . "\n";
echo "File Name: " . basename($file) . "\n";
echo "File path: " . dirname($file) . "\n";

This will return:

Absolute File Name: /etc/php5/cli/php.ini
File Name: php.ini
File path: /etc/php5/cli

Some Random Script Fragments and Functions

Prompt a user for input:

fwrite(STDOUT, "Hello...\nWhat is your name? ");
$name = trim(fgets(STDIN));
fwrite(STDOUT, "Hello, $name!\n");

Print out your username and date:

$me = exec('whoami');
echo "Hello, " . $me . " The time is currently " .date("r") . "\n";

Generate random strings and passwords:

echo crypt("mypassword","randomsalt");
echo md5("mypassword");

Random password, variable length:

function randomPass($length) {

$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;

while ($i <= $length) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}

return $pass;
}

$password = randomPass(10);

echo "Your random password is: $password";

List loaded PHP extensions, check is specific extension is loaded:

$extensions = get_loaded_extensions();
foreach ($extensions as &$value) {
echo $value . "\n";
}

if (!extension_loaded('gd')) {
echo "GD extension is not loaded";
exit;
}

Get Server’s CPU Load:

$load = sys_getloadavg();
echo "Current: " . $load[0] . "\n";
echo "5-min: " . $load[1] . "\n";
echo "15-min: " . $load[2] . "\n";

Get PHP memory limit and convert to human-readable format:

function convert($size)
{
$unit=array('b','kb','mb','gb','tb','pb');
return @round($size/pow(1024,($i=floor(log($size,1024)))),2).' '.$unit[$i];
}
echo convert(memory_get_usage(true));

Some Useful Links/Tutorials

Command Line PHP Tutorial
Simple System Maintenance with PHP-CLI – Simple System Maintenance with PHP-CLI
Command Line PHP (IBM)
Running Daemons in PHP
PHP Class for Coloring Command Line Output
PHP Command Line Progress Bar