Last modified: 2014-10-24 14:33:40 UTC
Requested 115.108.187.192.proxies.dnsbl.sorbs.net., not found in proxies.dnsbl.sorbs.net.. Noticed a few of these. Probably wants digging into a bit more soon
Where's this coming from?
I noticed it in logstash-beta
{ "_index": "logstash-2014.10.09", "_type": "dnsblacklist", "_id": "CeX-WiVqTPerC4N8uRXoog", "_score": null, "_source": { "message": "Requested 240.214.240.192.proxies.dnsbl.sorbs.net., not found in proxies.dnsbl.sorbs.net..", "@version": "1", "@timestamp": "2014-10-09T18:48:35.000Z", "type": "dnsblacklist", "host": "deployment-mediawiki01", "sequence_id": "3326566", "tags": [ "udp2log", "es", "logdate", "normalized_message_untrimmed" ], "udp_sender": "10.68.16.58", "wikidb": "eswiki", "normalized_message": "Requested 240.214.240.192.proxies.dnsbl.sorbs.net., not found in proxies.dnsbl.sorbs.net.." }, "sort": [ 1412880515000 ] }
On beta we have: # Attempt to auto block users using faulty servers # See also http://www.us.sorbs.net/general/using.shtml $wgEnableDnsBlacklist = true; $wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', ); That has been added very early as a way to potentially prevent spam. But maybe it never matches anything and can be removed.
The message is logged from includes/User.php: if ( $ipList ) { wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $base!" ); $found = true; break; } else { wfDebugLog( 'dnsblacklist', "Requested $host, not found in $base." ); } If we supported different logging levels, we could make the first (match) to be an info message instead of debug. Meanwhile, working as expected.