New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
If you wanted to look at a way to accept data from other honeypots without depending on your own or volunteer instance access requirements. Hpfeeds would be a way you could accept feeds from other honeypots. TPOT is the most popular honeypot that I am aware of that uses it.
@pointgod
no need for Hpfeeds.
i still dont get it, anyone can install cowrie, redirect ports they like to ssh or telnet, then send us logs
also TPOT, idk, seems so big, again, all you need is cowrie and redirecting the ports to ssh or telnet.
@dIsK want my f2b logs with a buncho IP's? Got a total of atleast 20k unique ones here on my end. They're all on a 125 year ban, so I'm pretty chill that I dont need to care about them anyways.
@CheepCluck
for now we only accept cowrie log files, not a plain IP list or f2b logs
2023 April 18
Version: 0.20-βeta 🔥
- Removed /tcpdump old page
- Created new TcpDump page
-> Logging the network to see what is going on.
-> tcpdump.blackhole.monster
- Added #1 new server (tcpdump) - 🇱🇺 Luxembourg
- Added #2 new server (tcpdump) - 🇦🇿 Azerbaijan
- Added #3 new server (tcpdump) - 🇺🇦 Ukraine
i see you have an ALL IPs and a TODAY IPs List.
Are IPs ever taken off the ALL list if they arent attacking anymore?
Or would you consider offering something like a LAST30DAYS list?
Hi @mrTom,
once the IP is in "ALL" list, it stay there.
But maybe later we can create that 30 day list, nice idea.
Using the same logic you may blacklist entire routable address space.
@tentor
yes but why we keep that file of "ALL" is due to the history of IP you can search on our site, ALL means ALL
I think for history purpose it is better to aggregate statistics to an AS keeping their name in history as well.
well if the IP attacked once, it can attack second time too, thats why we keep ALL list
There is no sense in such blacklist. Even spamhaus delists the worst offenders prefixes once the problem fixed (i.e. botnet cnc removed, phishing site deleted, spam stopped).
you dont need to use it, there is "today" list and also coming "15 days" and "30 days" soon, i need that ALL list for example
2023 April 19
Version: 0.21-βeta 🔥
- Added new IP blacklist (list contains only IP from attack not older than 15 days)
-> /blackhole-15days
- Added new IP blacklist (list contains only IP from attack not older than 30 days)
-> /blackhole-30days
2023 April 21
Version: 0.22-βeta 🔥
- Added #16 new server - 🇲🇩 Moldova
- Added #17 new server - 🇦🇲 Armenia
- Added #18 new server - 🇵🇱 Poland
ConfigServer Security and Firewall (CSF)
Couldnt paste it there due to CF - https://pastebin.com/raw/9XUb0Jfv
You could at least leave the copyright notice from the status page you are using.
I was kinda curious, why it looks so similar to statibus and had no copyright notice.
https://github.com/Ne00n/statibus
@Neoon
I inspired by your code, but thats all.
2023 April 23
Version: 0.23-βeta 🔥
- Added #19 new server - 🇮🇳 India
- Added #20 new server - 🇿🇦 South Africa
2023 April 25
Version: 0.25-βeta 🔥
- Added #21 new server - 🇲🇽 Mexico
- Added #22 new server - 🇧🇷 Brazil
- Added #23 new server - 🇨🇱 Chile
- Added #24 new server - 🇳🇬 Nigeria
2023 April 24
Version: 0.24-βeta 🔥
- Created main page - blackhole.monster
2023 May 14
Version: 0.26-βeta 🔥
- Got our third sponsor - Hjelm Enterprises AB
-> Server #25 - 🇸🇪 Sweden
ip mail block list https://xiaoyu.net/bgp/spam.txt
2023 May 18
Version: 0.27-βeta 🔥
- Got our fourth sponsor - PT Atharva Telematika Persada
-> Server #26 - 🇮🇩 Indonesia
2023 May 21
Version: 0.28-βeta 🔥
- Got our fifth sponsor - Virtury Cloud
-> Server #27 - 🇵🇰 Pakistan
2023 November 30
Version: 0.29-βeta 🔥
- Removed servers:
-> #1 - 🇷🇴 Romania
-> #5 - 🇵🇱 Poland
-> #7 - 🇩🇪 Germany
-> #8 - 🇸🇬 Singapore
-> #9 - 🇦🇺 Australia
-> #10 - 🇫🇷 France
-> #11 - 🇬🇧 Great Britain
-> #12 - 🇨🇦 Canada
-> #15 - 🇦🇱 Albania
-> #16 - 🇲🇩 Moldova
-> #17 - 🇦🇲 Armenia
-> #18 - 🇵🇱 Poland
-> #19 - 🇮🇳 India
-> #20 - 🇿🇦 South Africa
-> #21 - 🇲🇽 Mexico
-> #22 - 🇧🇷 Brazil
-> #23 - 🇨🇱 Chile
-> #24 - 🇳🇬 Nigeria
-> #26 - 🇮🇩 Indonesia
If anyone out there can sponsor little server i would be super happy
I can share this threat intelligence with you (40k-60k connections daily)
I just use crowdsec on my servers