New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Maybe this helps:
http://trick77.com/2013/10/12/using-ipset-to-ban-bad-ip-addresses-from-project-honey-pot-spamhaus-tor-openbl-and-more/
ipset may not work on OpenVZ.
There is an alternate suggestion here (using nginx, which is a good idea):
http://lowendtalk.com/discussion/comment/599545/#Comment_599545
Project Honey Pot provides an "Http:BL" API, with which you can lookup any visitor IP in real time. Registration is required in order to use the API.
https://www.projecthoneypot.org/httpbl_api.php
Alternatively, if you manage to get a list of active spammer IPs, you can try to adapt the scripts mentioned in my IPset tutorial for your purpose:
http://lowendtalk.com/discussion/27172/securing-your-server-using-ipset-and-dynamic-blocklists
Hmm...
LOL!
@cassa ugh, I'm confused at what you are getting at?
@hwdsl2 Actually I already have a script built for Stop Forum Spam so I am all set there, I just need the list so I can parse it and make it into a nginx deny list.
@m66b It seems the source for Project Honey Pot is just an RSS feed with ~30 ips. Not really a list. Also, yes Stop Forum Spam is a good database for forums and blogs, but not so much for wikis. I was trying to find Project Honey Pots lists so that I could create another list for nginx as well.
In regards to Iptables, I have asked around and after ~10k records you might have issues (from what I have heard), so I used nginx instead which seems to be very efficient with ~400k ip addresses in the list currently.
@Mun sorry I missed you were the same person. I never look who is posting, but maybe I should.
Your nginx solution is clever, given that iptables for a large number of addresses would be too slow. ipset does't have this disadvantage, since it uses hashed IP addresses. Unfortunately ipset will not wotk when using OpenVZ.
I detect malware-infected computers from the spam they sent. Their IP list is made available for download after giving the victims enough time (10 days) to clean up. You can get the list here.
Sorry, haven't seen the word "forum"
Is it possible to download (automatically) this list, for further processign and usage?
I use several such sources, parse them if necessary and create ipset-based filtering. Works fantastically or me, keeps much cyberjunk off my sites.
Not supported. However, they seem to consider that and there's some activity in that direction: bug 2644.
This is how they get project honey pot's ips:
http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
It isn't as effective as I want.