API/RBL/DNS from www.blocklist.de
get blocklist.de results via DNS
The rbldnsd-Zone-Files
get the most recently added IPs
HTTP-API to report Attacks without Mails (GET/POST)
The API can currently only issue attacks and reports per user, server or ip-address.
The appeal therefore is not very well protected.
For a stable query, we recommend query IP-Addresses over the dns/rbl (eg ddos to blocklist.de, then the http-api is not available, but the rbl-System is available).
General call begins always like: http://api.blocklist.de/api.php?
The following parameters are required (server or email or ip - at least one):
To query an IP, there is no apikey needed!
Optional parameters:
Should be passed as no start, then the current time - 24 hours chosen.
When querying IP-Addresses (?ip=xxx.xxx.xxx) are no additional parameters needed (optional "start", "end").
Examples:
Query server 25 from 01/04/2010 04:05:00 until today:
server=25
apikey=server-key
start=1270087500
http://api.blocklist.de/api.php?server=25&apikey=xxxx&start=1270087500
Query for Server 10 from 01/04/2010 04:05:00 until 06/10/2010 20:10:00:
server=10
apikey=server-key
start=1270087500
ende=1276193400
http://api.blocklist.de/api.php?server=25&apikey=xxxx&start=1270087500&ende=1276193400
Query for the user "test" of the whole period to today:
email=email@adresse-wie-im-profil.tld
apikey=user-key
start=1
http://api.blocklist.de/api.php?email=email@adresse-wie-im-profil.tld&apikey=xxxx&start=1
Query for one IP-Address of the whole period to today:
ip=78.46.91.239
start=1
http://api.blocklist.de/api.php?ip=78.46.91.239&start=1
Example-Code for PHP (it is better to use a cache):
<?php
$url = 'http://api.blocklist.de/api.php?email=user@adresse.tld&apikey=xxxxxxx&start=1&format=php';
$cachefile = './blocklist.de.cache';
$cachetime = filemtime($cachefile);
$diff = time() - $cachetime;
if($diff <= 3600)
{
if(filesize($cachefile) >= 5)
{
$result = file_get_contents($cachefile);
}
else
{
$result = unserialize(file_get_contents($url));
}
}
else
{
$result = unserialize(file_get_contents($url));
}
$attacks = $result['attacks'];
$reports = $result['reports'];
echo 'Attacks: '.$attacks.'<br />';
echo 'Reports: '.$reports;
echo '<br />Powered by <a href="http://www.blocklist.de/en/" target="_blank">www.blocklist.de</a>';
?>
http://api.blocklist.de/getlast.php?time=xx:xx
time = unixtime
OR
time = hh:ii
OR
time = diff in seconds
http://api.blocklist.de/getlast.php?time=xx:xx&service=xxx
time = unixtime
OR
time = hh:ii
OR
time = diff in seconds
service = ssh, apache, imap, pop3, mail, all..... -> see DNS RBL
Policy:
In the Export-/DNS-Lists was all IP-Addresses listen there was attack one of our systems/partners in the last 48 hours and not used the Delist-Link
Note: BlockList.de itself does not block e-mails or access. The administrators configure the server, which has refused the connection in blocklist.de through an entry in the list.
The rbldnsd-Zone-Files
get the most recently added IPs
HTTP-API to report Attacks without Mails (GET/POST)
The API can currently only issue attacks and reports per user, server or ip-address.
The appeal therefore is not very well protected.
For a stable query, we recommend query IP-Addresses over the dns/rbl (eg ddos to blocklist.de, then the http-api is not available, but the rbl-System is available).
General call begins always like: http://api.blocklist.de/api.php?
The following parameters are required (server or email or ip - at least one):
server | ID of the server to query (int) |
E-mail address of the user (string) | |
ip | IP-Address to check the Attacks (string) |
apikey | The API Key from the server or user (string) |
Optional parameters:
start | Start time as a Unix timestamp (int) if the number is passed one is being sought for the first time (takes a while) |
end | should end as a Unix timestamp (int), to find where (End of Time-List) |
format | Output format: text (default, two rows), php (serialized), xml (xml file), json (json encoded) |
Should be passed as no start, then the current time - 24 hours chosen.
When querying IP-Addresses (?ip=xxx.xxx.xxx) are no additional parameters needed (optional "start", "end").
Examples:
Query server 25 from 01/04/2010 04:05:00 until today:
server=25
apikey=server-key
start=1270087500
http://api.blocklist.de/api.php?server=25&apikey=xxxx&start=1270087500
Query for Server 10 from 01/04/2010 04:05:00 until 06/10/2010 20:10:00:
server=10
apikey=server-key
start=1270087500
ende=1276193400
http://api.blocklist.de/api.php?server=25&apikey=xxxx&start=1270087500&ende=1276193400
Query for the user "test" of the whole period to today:
email=email@adresse-wie-im-profil.tld
apikey=user-key
start=1
http://api.blocklist.de/api.php?email=email@adresse-wie-im-profil.tld&apikey=xxxx&start=1
Query for one IP-Address of the whole period to today:
ip=78.46.91.239
start=1
http://api.blocklist.de/api.php?ip=78.46.91.239&start=1
Example-Code for PHP (it is better to use a cache):
<?php
$url = 'http://api.blocklist.de/api.php?email=user@adresse.tld&apikey=xxxxxxx&start=1&format=php';
$cachefile = './blocklist.de.cache';
$cachetime = filemtime($cachefile);
$diff = time() - $cachetime;
if($diff <= 3600)
{
if(filesize($cachefile) >= 5)
{
$result = file_get_contents($cachefile);
}
else
{
$result = unserialize(file_get_contents($url));
}
}
else
{
$result = unserialize(file_get_contents($url));
}
$attacks = $result['attacks'];
$reports = $result['reports'];
echo 'Attacks: '.$attacks.'<br />';
echo 'Reports: '.$reports;
echo '<br />Powered by <a href="http://www.blocklist.de/en/" target="_blank">www.blocklist.de</a>';
?>
Get only the last added IP-Adresses:
Use the API:http://api.blocklist.de/getlast.php?time=xx:xx
time = unixtime
OR
time = hh:ii
OR
time = diff in seconds
Get only the last added IP-Adresses for one Service:
Use the API:http://api.blocklist.de/getlast.php?time=xx:xx&service=xxx
time = unixtime
OR
time = hh:ii
OR
time = diff in seconds
service = ssh, apache, imap, pop3, mail, all..... -> see DNS RBL
Policy:
In the Export-/DNS-Lists was all IP-Addresses listen there was attack one of our systems/partners in the last 48 hours and not used the Delist-Link
Note: BlockList.de itself does not block e-mails or access. The administrators configure the server, which has refused the connection in blocklist.de through an entry in the list.