In this post, I showed a geolocation lookup method for hMailserver, using a free geolocation webservice. At some point in time this webservice arrived in the DNSBL blacklist, and the geolocation lookups failed.
I do not have a clue why this service was placed on the blacklist, but during the time that it worked, I noticed that some malicious IP addresses were mapped to NL/Amsterdam instead of the country/locations that other geolocation services provide (so the trust in de geolocation webservice is lost here).
There are two things that we can do: place the existing geolocation service on the whitelist or use a local geolocation database. Since IPv4 addresses/subnets will not change that fast (anymore), it is a feasable solution to use a local database for lookups. So here we go!
You need to download the database itself and a (command line) tool to query the database. Create an account with Maxmind (https://www.maxmind.com/en/home) and download GeoLite2-Country.mmdb and mmdbinspect.exe
This is the modified geolookup function:
function IPtoGeoLocal(IPaddr)
const geoDbPath = "{path to}\GeoLite2-Country.mmdb"
const geoLookupExe = "{path to}\mmdbinspect.exe"
const tempPath = "c:\temp"
const searchString = "iso_code"
dim wsh, fso
set wsh = createobject("wscript.shell")
set fso = createobject("scripting.filesystemobject")
'--- Create a temp file with a unique filename to prevent conflicts...
tempFile = tempPath & "\" & IPaddr & ".dat"
geoLoc = "XX"
'--- Invoke Maxmind command line tool, do a lookup and pipe the result in tempFile...
runString = "cmd /c " & geoLookupExe & " --db " & geoDbPath & " " & IPaddr & " | find """ & searchString & """ > " & tempFile
wsh.run runString,0,true
'--- Read one line from tempFile...
set f = fso.openTextFile(tempFile) : s = f.readLine : f.Close
fso.deleteFile tempFile, true
t = split(s, chr(34))
if Instr(s, searchString) > 0 then IPtoGeoLocal = t(3)
end function
When the function is called:
wscript.echo IPtoGeoLocal("8.8.8.8")
You will get the two character ISO3166 code back ("US") or "XX" when the IP address is not found in the database.
No comments :
Post a Comment