As far as I understood from the instructions on the link https://ircbl.org/about
the correct values to check would in your case be will be like this:
reason="[K-banned:[exp/comp] Compromised host on this IP. See http://ircbl.org/lookup?ip=%ip% for more information."
This is the same as if you manually check each proxy address using the command. For example, such an IP address "184.108.40.206
" is written in reverse order:
If an answer is received in the form "127.0.0.21
", this means that the IP address was found in the database lists of this DNSBL server as a (bad) address that is being used by attackers.
For those using my script, which is presented in the post #Post268254
you need to add a line inside the alias "proxyscanner_list
.hadd -m ps-dnsbl rbl.ircbl.org 21
This way will require additional on the working capacity rechecking to catch user connections through proxy addresses. You can report your observations here.