Blacklist Check
Overview
This plugin is designed to use public DNS Blacklist servers to check incoming connections and disallow anyone using a known public proxy from being able to connect. The list of DNSBL servers used is configurable.
Features
- Stop grief before they even connect
- Increased security
- (v0.2) Whitelist known IP addresses to always allow connections
- (v0.3) Whitelist entire IP subnets
- (v0.5) Choose to block the connection until the address may be verified, or allow the connection and kick if they are blacklisted
Configuration
Plugin Configuration
- DNSBLServers (v0.1) A list of DNS servers that will resolve blacklisted IP addresses
- Whitelist (v0.2) A list of IP addresses that will always be allowed in and will not be checked against the DNSBL servers. NOTE: As of v0.3 these addresses must be in CIDR notation. For example to enter a single IP address use "127.0.0.1/32" to allow an entire class C subnet use "192.168.1.0/24". Please be sure to update the config file when upgrading from v0.2.
- Debug (v0.3) (Boolean) [Default: false] A directive to have the plugin print more information to the console
- LogDisconnects (v0.4) (Boolean) [Default: true] A directive to have the plugin output connection refusals to the console
- DelayCheck (v0.5) (Boolean) [Default: false] A directive to have the plugin allow the connection, then thread the DNS lookups. This option is not recommended, as there will be a period of time when they will be connected to the server until the DNS lookup returns. It will, however, not delay the connection process.
- DisconnectMessage (v0.5) (String) [Default: "Connected from a publicly blacklisted server!"] The configurable message to send along with the disconnect / kick.
- LogToFile (v0.6) (Boolean) [Default: true] A directive to have the system log to the BlacklistCheck.log file in the plugin's directory for debug and disconnect messages.
Installation
- To install the plugin, simply place the jar in the plugins directory
Bugs / Known Limitations
- The default server list contains 8 DNS servers, checking each one takes time. Increasing this list will cause client timeout errors (without the DelayCheck configuration directive)
- The client will be disconnected if even one DNS server returns a result for the address
Future Plans
- Try to incorporate any additional user requests.
See Also
DNSBL is a common practice to block spammers and other unwanted traffic. For a full description about how DNSBL operates, a list of available public DNSBL servers, and other information, use Google.
