About ircbl

Introduction

Ircbl is a dns blacklist created by Hidden (hidden at ircbl.org) to help IRC networks fight network abuse in 2018. Hundreds of new ip addresses are added to ircbl every day: mostly open proxies and ips that are used for abuse on large IRC networks like DALnet, Undernet and Quakenet.

Who can use ircbl?

Anyone can use it. I would appreciate a "hey Hidden, I am now using ircbl for this specific purpose", but this is not mandatory.

How to use ircbl?

To check if an ip address is listed in ircbl's DB, issue a dns request on <reversed_ip>.rbl.ircbl.org

Ex. 1: Is 1.2.3.4 listed in ircbl.org?
$ host 4.3.2.1.rbl.ircbl.org
4.3.2.1.rbl.ircbl.org has address 127.0.0.21
Result: yes, 4.3.2.1 is listed as type 21.


Ex. 2: Is 6.7.8.9 listed in ircbl.org?
$ host 9.8.7.6.rbl.ircbl.org
Host 9.8.7.6.rbl.ircbl.org not found: 3(NXDOMAIN)
Result: No, 6.7.8.9 is not listed.

IRC networks

Ircbl has proven to be very effective on Undernet and later on DALnet. DALnet started using ircbl in June 2020 and uses multiple external RBLs (efnetrbl, dronebl, ircbl and others). Here’s a comment from one of dalnet’s coders written in early August 2020:

<DALnet-coder> From Oct 2019 to Mar 2020, we were averaging about 11k AKILLs per month for suspected compromised floodbot IPs.
<DALnet-coder> In April and May, we saw a large uptick to about 33k AKILLs a month for those types of connections. We started rolling out IRCBL in June and the
AKILLs fell to 11k.
<DALnet-coder> July came in at 7k AKILLs, which is our lowest month in years for floodbot AKILLs.
<DALnet-coder> It's hard to scientifically prove causation, but even if it's only partially related to ircbl ...
<DALnet-coder> thank you, it helps :)

Note: an AKILL on DALnet is a ban from the whole network



If you are an IRC server administrator and are thinking about using an (additional) RBL on your server(s), ircbl is perfect for that. It offers unique multi-network features and was designed with this specific goal in mind.

Useful links to IRC bots