Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Who provide best list of spammer/crawler bot IPs?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Who provide best list of spammer/crawler bot IPs?

Hello,

i prefer if its file with one line per IP (or subnets)

Would like to prevent known forum/blog spammers mainly.

Found https://www.abuseipdb.com/ to be good place where one can discover details of bad IPs and submit own details too. But they do not provide any IP list (only limitted API) if im correct.

Im already using these in my Config Server Firewall:

Spamhaus Don't Route Or Peer List (DROP) - CIDR

Details: http://www.spamhaus.org/drop/

SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.lasso

Spamhaus Extended DROP List (EDROP) - CIDR

Details: http://www.spamhaus.org/drop/

SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.lasso

DShield.org Recommended Block List - CIDR

Details: http://dshield.org

DSHIELD|86400|0|http://www.dshield.org/block.txt

BOGON list

Details: http://www.team-cymru.org/Services/Bogons/

BOGON|86400|0|http://www.cymru.com/Documents/bogon-bn-agg.txt

Project Honey Pot Directory of Dictionary Attacker IPs

Details: http://www.projecthoneypot.org

HONEYPOT|86400|0|http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1

BruteForceBlocker IP List

Details: http://danger.rulez.sk/index.php/bruteforceblocker/

BFB|86400|20|http://danger.rulez.sk/projects/bruteforceblocker/blist.php

But still malicious traffic is there.

Comments

  • FalzoFalzo Member
    edited August 2016

    you probably will never get a complete list, especially forum/blog spam may come from a lot of daily or hourly changing IPs including ranges of residential IPs...

    https://github.com/firehol/blocklist-ipsets

    is a big sources of a lot of known lists and even delivers own combinations of the ones you already mentioned above.

    you can add the raw-data url like such https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset

    directly into something like:
    https://github.com/trick77/ipset-blacklist

    and get it working. I do use the combined list level1 and level2 which include most of your listed...

    there are some additional lists related to comment and forum spam though, like:

    https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt

    http://www.projecthoneypot.org/list_of_ips.php?by=1&t=p&rss=1

    (also note, if you register with project honey pot you may be able to receive a list of 50 IPs instead of 25 or again use the firehol lists above, which congruate manually for list over the last seven days)

    Thanked by 1pechspilz
  • @postcd said:
    But still malicious traffic is there.

    I don't know why you would think that public lists built on past abuse could prevent new abuse from unblocked addresses. The "best list" is the list I have; IPs that have directly attacked my servers. The best list you have should be of the ones attacking your servers. Use fail2ban to stop the high-volume attempts, and manually firewall any ranges that show a long-term pattern of abuse. There may be some value in sharing the data (I toy with the idea of a share2ban tool to extend fail2ban), but unless it is nearly real time, it isn't going to help much.

  • impossiblystupid said: Use fail2ban to stop the high-volume attempts, and manually firewall any ranges that show a long-term pattern of abuse.

    agreed. fail2ban is another good brick in the wall especially against brute force attacks.

Sign In or Register to comment.