RBL Checker for psycho v1.1

; --- Settings ---

alias -l chans { return #one }
alias -l rbls { return dnsbl.dronebl.org rbl.efnet.org dnsbl.proxybl.org tor.dnsbl.sectoor tor.dan.me.uk dnsbl.njabl.org virbl.dnsbl.bit.nl rbl.faynticrbl.org dnsbl.ipocalypse.net dnsbl.rizon.net dnsbl.swiftbl.org dnsbl.libirc.so dnsbl.bnc4free.in dnsbl.sorbs.net }
alias -l rbl_scan_on_join { return 1 } ; = This will scan a user on channel join.
alias -l rbl_ban_action { return GLINE } ; = You can use: GLINE SHUN GZLINE KILL KLINE ZLINE , this works only if $rbl_scan_on_join is enabled
alias -l rbl_ban_time { return 3600 } ; 3600 = seconds , this works only if $rbl_scan_on_join is enabled

; --- Settings ---

ON !*:JOIN:$($chans): {
  if (!$rbl_scan_on_join) { return }

  .timer[RBL_ $+ $nick $+ _SCAN] 1 2 rbl_scan_nick $nick $chan
}

alias rbl_scan_nick {
  ; /rbl_scan_nick <nick> <#channel>

  if (!$1) || ($me !ison $2) || ($1 !ison $2) || ($1 !isreg $2) { return }

  var %h = $ial($1).host

  if (!%h) { return }

  if ($iptype(%h) !== ipv4) && ($iptype(%h) !== ipv6) { hadd -mu30 RBL_USERIP $1 $2 | userip $1 | return }

  rbl_scan_ip $1 %h
}

alias rbl_scan_ip {
  ; /rbl_scan_ip <nick> <IP>

  if (!$1) || (!$2) { return }
  if ($iptype($2) !== ipv4) && ($iptype($2) !== ipv6) { return }

  hadd -mu60 RBL_SCAN_JOIN $2 $1

  var %t = $numtok($rbls,32)
  var %i = 1

  while (%i <= %t) {
    var %r = $gettok($rbls,%i,32)
    var %n = $revip($2) $+ . $+ %r

    .dns %n

    inc %i
  }
}

raw 340:*: {
  var %n = $remove($gettok($2,1,61),*)
  var %h = $gettok($2,2,64)
  var %r = $hget(RBL_USERIP,%n)

  if (%n) && (%h) && (%r) {
    haltdef

    hdel RBL_USERIP %n

    rbl_scan_ip %n %h
  }
}

ON *:TEXT:*:$($chans): {
  tokenize 32 $strip($1-)

  if ($1 == !rbl) {
    if (!$2) { msg $chan ( $+ $nick $+ ): Error, Please specify an IP Address! | return }
    if ($iptype($2) !== ipv4) && ($iptype($2) !== ipv6) { msg $chan ( $+ $nick $+ ): Error, Please specify a valid IP Address! | return }

    msg $chan ( $+ $nick $+ ): Checking $bold($2) IP Address in $bold($numtok($rbls,32)) RBL zone(s), Please wait..

    .timer[RBL_ $+ $2 $+ _ERROR] 1 5 msg $chan ( $+ $nick $+ ): The IP $bold($2) did NOT founded in any RBL zone!

    hadd -mu60 RBL_SCAN $2 $nick $chan

    rbl_ip_dns $2
  }
}

alias -l bold { return $+($chr(2),$1-,$chr(2)) }
alias -l revip { return $+($gettok($1,4,46),.,$gettok($1,3,46),.,$gettok($1,2,46),.,$gettok($1,1,46)) }

alias rbl_ip_dns {
  ; /rbl_ip_dns <IP>

  if (!$1) { return }

  var %t = $numtok($rbls,32)
  var %i = 1

  while (%i <= %t) {
    var %r = $gettok($rbls,%i,32)
    var %n = $revip($1) $+ . $+ %r

    .dns %n

    inc %i
  }
}

ON *:DNS: {
  if ($hget(RBL_SCAN_JOIN,0).item) && ($dns(1)) {
    var %s = $dns(1).ip

    var %p = $gettok($dns(1),1-4,46)
    var %r = $hget(RBL_SCAN_JOIN,$revip(%p))
    var %m = $rbl_reply_desc(%s,$gettok(%s,4,46))

    if (!$rbl_ban_action) { return }
    elseif ($rbl_ban_action == KILL) { $rbl_ban_action %r %m }
    else { $rbl_ban_action *@ $+ $revip(%p) $iif($rbl_ban_time,$v1,300) %m }

    hdel RBL_SCAN_JOIN $revip(%p)
  }

  if ($hget(RBL_SCAN,0).item) {
    var %t = $dns(0)

    while (%t) {
      var %d = $dns(%t)
      var %i = $dns(%t).ip

      var %s = $gettok(%i,4,46)
      var %r = $gettok(%d,5-,46)
      var %p = $gettok(%d,1-4,46)
      var %n = $gettok($hget(RBL_SCAN,$revip(%p)),1,32)
      var %c = $gettok($hget(RBL_SCAN,$revip(%p)),2,32)

      if (%d) && (%i) && ($istok($rbls,%r,32)) {
        .timer[RBL_ $+ $revip(%p) $+ _ERROR] off

        set -eu30 $+(%,%p,_,%r) $addtok($evalnext($+(%,%p,_,%r)),%s,32)

        .timer[MSG_ $+ %d $+ _NOW] 1 1 msg %c ( $+ %n $+ ): The IP $bold($revip(%p)) has been found in $bold(%r) BL zone with $bold($evalnext($+(%,%p,_,%r))) reply number(s).
      }

      dec %t
    }
  }
}

alias rbl_reply_desc {
  ; /rbl_reply_desc <rbl> <reply code id>

  if (undernet isin $1) {
    if ($2 == 3) { return IRC Drone }
    if ($2 == 4) { return Spambot/Drone }
    if ($2 == 5) { return Open Socks Proxy }
    if ($2 == 6) { return Botnet IPs }
    if ($2 == 7) { return Compromised host/IP }
    if ($2 == 10) { return ProxyChain }
    if ($2 == 11) { return Abused VPN Service }
  }

  if (dronebl isin $1) {
    if ($2 == 2) { return Sample }
    if ($2 == 3) { return IRC Drone }
    if ($2 == 5) { return Bottler }
    if ($2 == 6) { return Unknown Spambot/Drone }
    if ($2 == 7) { return DDOS Drone }
    if ($2 == 8) { return SOCKS Proxy }
    if ($2 == 9) { return HTTP Proxy }
    if ($2 == 10) { return Proxy Chain }
    if ($2 == 11) { return Web Page Proxy }
    if ($2 == 12) { return Open DNS Resolver }
    if ($2 == 13) { return Brute Force Attackers }
    if ($2 == 14) { return Open Wingate Proxy }
    if ($2 == 15) { return Compromised Router/Gateway }
    if ($2 == 16) { return Autorooting worms }
    if ($2 == 17) { return Automatically determined botnet IPs (experimental) }
    if ($2 == 18) { return DNS/MX type hostname detected on IRC }
  }

  if (evilnet isin $1) {
    if ($2 == 3) { return Join/Part }
    if ($2 == 5) { return Drone/Compromised }
    if ($2 == 6) { return IRC Spam Drone }
    if ($2 == 7) { return DDoS Drone }
    if ($2 == 8) { return Open Proxy/HTTP Proxy }
    if ($2 == 17) { return Auto determined botnet IPs (Default) }
    if ($2 == 18) { return Compromised DNS/MX type hostname }
  }

  if (rbl.efnet isin $1) {
    if ($2 == 1) { return Open Proxy }
    if ($2 == 2) { return Spamtrap666 }
    if ($2 == 3) { return Spamtrap50 }
    if ($2 == 4) { return TOR }
    if ($2 == 5) { return Drones/Flooding }
  }

  if (swiftbl isin $1) {
    if ($2 == 2) { return Socks }
    if ($2 == 3) { return IRC Proxy }
    if ($2 == 4) { return HTTP Proxy }
    if ($2 == 5) { return IRC Drone }
    if ($2 == 6) { return TOR }
  }

  return Unknown ( $+ $2 $+ ) Reply
}