All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
A community project idea, shared IP blacklist repository for self hosted publicly exposed servers
Protocol903
Member
I've been thinking of making something like how abuseipdb.com is, but without rate limit. And this is only shared with people who contribute to the repository.
Something community created. We setup fail2ban and capture SSH failed login attempts with banip set to -1. Any IP that makes more than 2 attempts is in the list. Every 10 minutes or 1 hour(or whatever ideal), this updates the "Repository". People can pull and push stuff in it.
Data can be exported from our infamous idlers or simply people who are self hosting their stuff with their ports/services exposed online(for whatever reason). This data can be further aggregated into IP-ASN or IP-Country and ban suggestion can be made through a portal.
Several arguments can be made about false positives. That's why it'll be for people who mostly self host and have audience limited to few people.
NOTE: This is just a thought that I had. Maybe something like this already exist and I'm just looking at the wrong place. Regardless, this serves as a discussion thread. I want to see if people would be interested. If yes, how we can pool resources and implement this. If not, why this might be a bad idea. This would also be useful side service for idlers. Do something with your idle VPS. Can't mine crypto? Help share banned IPs on your server with others.
Comments
this seems similar to crowdsec
Interesting. I found it overcomplicated, to be honest. Like is there any way to simply download and import bans for fail2ban? And same for exporting my existing ban?
what you describe is similar workflow to maltrail. you do have friends right? just ask them to also host it, later you can retrieve the IP list from maltrail's
/fail2banendpointyour ideas are silly at best