All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Who provide best list of spammer/crawler bot IPs?
Hello,
i prefer if its file with one line per IP (or subnets)
Would like to prevent known forum/blog spammers mainly.
Found https://www.abuseipdb.com/ to be good place where one can discover details of bad IPs and submit own details too. But they do not provide any IP list (only limitted API) if im correct.
Im already using these in my Config Server Firewall:
Spamhaus Don't Route Or Peer List (DROP) - CIDR
Details: http://www.spamhaus.org/drop/
SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.lasso
Spamhaus Extended DROP List (EDROP) - CIDR
Details: http://www.spamhaus.org/drop/
SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.lasso
DShield.org Recommended Block List - CIDR
Details: http://dshield.org
DSHIELD|86400|0|http://www.dshield.org/block.txt
BOGON list
Details: http://www.team-cymru.org/Services/Bogons/
BOGON|86400|0|http://www.cymru.com/Documents/bogon-bn-agg.txt
Project Honey Pot Directory of Dictionary Attacker IPs
Details: http://www.projecthoneypot.org
HONEYPOT|86400|0|http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
BruteForceBlocker IP List
Details: http://danger.rulez.sk/index.php/bruteforceblocker/
BFB|86400|20|http://danger.rulez.sk/projects/bruteforceblocker/blist.php
But still malicious traffic is there.
Comments
you probably will never get a complete list, especially forum/blog spam may come from a lot of daily or hourly changing IPs including ranges of residential IPs...
https://github.com/firehol/blocklist-ipsets
is a big sources of a lot of known lists and even delivers own combinations of the ones you already mentioned above.
you can add the raw-data url like such https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
directly into something like:
https://github.com/trick77/ipset-blacklist
and get it working. I do use the combined list level1 and level2 which include most of your listed...
there are some additional lists related to comment and forum spam though, like:
https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt
http://www.projecthoneypot.org/list_of_ips.php?by=1&t=p&rss=1
(also note, if you register with project honey pot you may be able to receive a list of 50 IPs instead of 25 or again use the firehol lists above, which congruate manually for list over the last seven days)
I don't know why you would think that public lists built on past abuse could prevent new abuse from unblocked addresses. The "best list" is the list I have; IPs that have directly attacked my servers. The best list you have should be of the ones attacking your servers. Use fail2ban to stop the high-volume attempts, and manually firewall any ranges that show a long-term pattern of abuse. There may be some value in sharing the data (I toy with the idea of a share2ban tool to extend fail2ban), but unless it is nearly real time, it isn't going to help much.
agreed. fail2ban is another good brick in the wall especially against brute force attacks.