Category Archives: RBLTracker

Python SDK for the RBLTracker REST API

Originally Posted on RBLTracker.

We’re extremely excited to announce the release of the office RBLTracker Python SDK. Developers can us this simple wrapper library to integrate all the features of the RBLTracker API into their existing processes.

Installation

The Python SDK can be installed via the Python package manager:

pip install rbltracker

Or if you prefer, you can clone the source code from the official GitHub repository.

API Access Token

To authenticate API requests, you must use the Account SID and Access Token, available from the Account -> API Access section of the RBLTracker Portal.

Example Usage

Using the Python SDK only requires a few lines of code. In this example, we’ll request a list of hosts from our account:

import rbltracker

try:
 client = rbltracker.Client('Your Account SID', 'Your Auth Token')

data = client.hosts.get();

except rbltracker.RBLTrackerException as err:
 print(err)

In this example, we’ll start a manual check process, using the real-time check features of the RBLTracker API:

import rbltracker

try:
 client = rbltracker.Client('Your Account SID', 'Your Auth Token')

data = client.check.start({

"host": "10.10.10.11",
 "callback": "https://your.website.com/callback.php",
 "details": 1
 });

except rbltracker.RBLTrackerException as err:
 print(err)

See our API Reference for a complete list of all the Python SDK features.

RBLTracker – Updated Two-Factor Authentication

Originally posted on Updated Two-Factor Authentication with RBLTracker

Your account security is extremely important to us here at RBLTracker. Since our initial inception, we’ve supported two-factor authentication using the Clef application, which provided an easy-to-use two-factor authentication, and single sign-on application.

With the recent news that Clef will be shutting down its services in early June (you can read all about it on the Clef blog), we’ve opted to remove support for it early, and implement an alternative two-factor authentication option using TOTP (Time-Based One-Time Passwords), a standard that won’t be going anywhere anytime soon.

TOTP uses an algorithm to compute a one-time password, based on a shared secret and the current time. One benefit of TOTP, is that the 6-digit authentication token that is generated automatically rolls over with time, which dramatically reduces the susceptibility to phishing schemes.

There are many freely available TOTP clients, but RBLTracker recommends the Google Authenticator application, available for free, for Android, iOS, and Blackberry devices. You can learn more about it here:

https://support.google.com/accounts/answer/1066447?visit_id=1-636261663713116260-4136591499&hl=en&rd=1

Two-factor authentication is available today, and can optionally be enabled on any account on the RBLTracker system. For a complete tutorial on setting up two-factor authentication, see the Setting up Two-Factor Authentication guide.

Blacklist Monitoring for Cloud Hosting

Originally Posted on Blacklist Monitoring with RBLTracker.

Since our inception, we’ve helped thousands of companies and individuals, from all around the world, stay on top of day-to-day threats related to their email and websites. Recently, with the addition of our Facebook Threat Exchange monitoring, we’re helping those same customers battle social media related threats.

Some of our earliest customers have been cloud hosting and cloud computing companies- companies that provide the backbone of the Internet as we know it today.

Cloud Hosting Providers

One specific challenge with this type of company, is the sheer number of IP addresses and domains to monitor, and the regular re-use of these IP addresses. The last thing you want, is a brand new customer getting an IP address that is already blacklisted because of something the last owner did.

Another key challenge, is making sure that resources are used “only as needed”. Let’s face it- you don’t want to pay to monitor hosts that aren’t being used- and you shouldn’t have to.

We offer a few key features that makes blacklist monitoring for cloud hosting providers, easier and more affordable.

IP Range Host Type

Normally customers add IP addresses and domains (aka “Hosts”) to the RBLTracker portal individually. If you have 10 to 15 Hosts, this isn’t really a big deal. You can add hosts using our bulk loader, or individually. You can also add Hosts as a range or CIDR block (x.x.x.x/y).

But what if you have thousands of Hosts to monitor? At some point it’s going to become unwieldy to provision, and impossible to manage.

To support this, we built a custom “IP Range” Host type. This lets you add IP addresses as a range or CIDR block, but rather than thousands of IP addresses showing under your account, a single Host entry is shown. Our system will still monitor every single IP address individually– but the full block of IP addresses can be managed as a single entry.

ip_range_add

So whether you have a few /24’s or a whole /18- you can easily manage the full IP block with ease.

ip_range_view

API Provisioning

Loading all your IP addresses into the system is great, but what if you only want to monitor a sub-set of those hosts? Or if you only want to enable monitoring for hosts that are currently in-use?

Several of our customers have opted to integrate with our web-based API, to provision monitoring on IP addresses as they’re allocated to their customers. That way only active IP addresses are being monitored. This ensures that you’re only paying for monitoring that matters- that will actually impact your business or your customers.

The RBLTracker API is easily integrated into any provisioning or monitoring platform, with just a few simple lines of code:

# wget --post-data="type=rbl&name=Test&host=10.10.10.10" -qO- https://rbltrack.com/api/host/add.json?api_token=x

{
    "status_code": 200,
    "status_message": "Hosts added successfully.",
    "data": [
        {
            "id": "37c46a725dd8adab28d35b9f200c198d",
            "host": "10.10.10.10",
            "name": "Test"
        }
    ],
    "version": "2.0"
}

Easily enable monitoring on a Host when it’s allocated to a customer, and then disable it when it’s de-allocated- it’s a simple as that.

Contact Groups

When we identify an issue with any of your Hosts, we’ll immediately notify you via several different notification methods. These contacts can be broken down into custom contact groups, and assigned to Host. The end result, is that you can have a unique contact for every host under your account:

contact_group_add_host

Cloud Hosting companies can optionally send alerts directly to their customers, notifying them about issues with their IP addresses and domains, and alleviating some of the burden from their network operations staff.

We regularly add new features and tools to make managing and provisioning monitoring services, easier and more effective for our customers.

What Is DMARC and Why Is It Important?

Originally Posted on the RBLTracker Blacklist Monitoring Blog.

dmarc_blogDMARC, or “Domain-Based Message Authentication, Reporting, and Conformance”, allows a domain owner to publish policies in DNS, telling remote mailers what to do with messages that do not align with these polices. DMARC is built on top of two existing technologies: SPF, or “Sender Policy Framework”, and DKIM, or “DomainKeys Identified Mail”.

By publishing a DMARC policy via DNS, domain owners can instruct remote mailers on what to do with messages that do not pass either a SPF or DKIM test. It also provides a mechanism for reporting under those policies. This gives remote mailers a channel for letting domain owners know that they received messages that did or did not align with those policies.

Why Is This Good?

The main goal of DMARC (and SPF and DKIM), is to detect and prevent email spoofing. For example, phishing scams that are designed to look like they’re coming from your bank or Paypal, prompting you to click on a link to reset your password or to give them your information.

Ultimately, SPF and DKIM are doing the hard work here. By designating email systems that are permitted to send email for a domain, and by cryptographically signing messages to avoid header modification en-route.

But DMARC ties the two technologies together, providing a single interface for instructing remote mailers on the domains policies, and actions to take when not met. It also opens up the possibilities of adding additional anti-spoofing or SPAM control software, which could also be handled under the DMARC umbrella.

For Example

As a domain owner of example.com, I can publish both SPF and DKIM records identifying my mail system (x.x.x.x) as the only authorized mail relay for my domain. I can then publish a DMARC record that tells remote mailers, that they should reject any messages that do not pass both a SPF and DKIM check, and that they should send reports to abuse@example.com to let me know if and when this happens.

A DMARC policy record, via a DNS TXT record, using the hostname _dmarc.example.com, would look something like this:

"v=DMARC1;p=reject;rua=mailto:abuse@example.com"

If a remote mail receives an inbound email from an email address @example.com, but not from my mail system (x.x.x.x), the SPF check should fail, and they should reject the email in accordance with my DMARC policy.

Technologies like DMARC, SPF, and DKIM are great tools in the seemingly never ending fight against email SPAM and spoofing.

For more information, see:

RBLTracker: Facebook Threat Exchange, New Website, and More!

After more than six month of design and development, we’ve launched a brand new version of the RBLTracker Blacklist Monitoring service and website. This release includes some long sought-after features, including a completely redesigned management portal, support for the Facebook Threat Exchange, and much much more.

New Management Portal

With a completely redesigned web portal, customers can easily manage all aspects of their RBLTracker account.

interface

Some key new features include:

  • Improved reporting and graphing features.
  • Additional payment options, including credit card payments, and auto-recharging account balances.
  • Easier management of accounts with large number of hosts.
  • Support for sub-accounts to split up account management roles for billing, development, and for read-only access users.
  • Support for contact groups by host, which allows custom alerting options by host.

Facebook Threat Exchange

threat_exchange_logosSupport for the new Facebook Threat Exchange service is now part of the standard RBLTracker monitoring process.

Facebook Threat Exchange is a shared network of malware and phishing attack targets, shared by a collaborative of social media and SaaS organizations, including Facebook, Pinterest, Tumblr, Dropbox, and Yahoo.

RBLTracker monitors your host IP addresses and domains, against data collected from sources like Facebook posts, Dropbox files, and Pinterest pins. If your domain or IP address was used to try and spread malware or viruses on any of the supported platforms, you’ll receive alerts from RBLTracker.