Farmacy

Aug 19 2017

Fail2Ban-Reporting Service (we sent Reports from Attacks on Postfix, SSH, Apache-Attacks, Spambots, irc-Bots, Reg-Bots, DDos

#

What is www.BlockList.de?

www.blocklist.de is a free and voluntary service provided by a Fraud/Abuse-specialist, whose servers are often attacked via SSH-, Mail-Login-, FTP-, Webserver- and other services.
The mission is to report any and all attacks to the respective abuse departments of the infected PCs/servers, to ensure that the responsible provider can inform their customer about the infection and disable the attacker.

blocklist is comparable with spamcop.net for attacks of any nature, with an exception for spam.

We use the Whitelist from www.dnswl.org. www.spamhauswhitelist.org and the Blacklist from torproject.org to reduce false-positive results.
These users can create their own servers/IPs whitelist, which is applied to their own reports, and thus prevents the reporting of their own servers.

We’re winning more partners every day (over 4097 Users), who report attacks on their servers.
If you also would like to report attacks on your server, please register an account and add your server(s).

On our statistics page, you can see the top countries of attacking PCs, the top providers and the top attacker IPs.

On “Search (IP, ASN)” you can search in our database for your IP-address or your AS-Number to check the status of blocked IPs or how many IPs had attacked our partner’s servers.
Also you can pause reports for 7 days for a IP and the assigned abuse-address when you need more time to fix the problem.

We hope our service makes the Internet better, safer and helps to clean infected PCs.

Note: BlockList.de itself does not block E-Mails or Requests. Third party administrators configure their servers, which may reject a connection because of an entry in blocklist.de.

Currently, we can use the following Fail2Ban-/DenyHost-Attacks-Type.
Complete List of Service-Names

  • ssh* || ssh-ddos
  • postfix || mail || exim || exim4
  • amavis
  • proftpd || ftp* || pure-ftpd || pureftpd
  • courierpop3 || pop || pop3 || dovecot-pop3
  • courierimap || imap || dovecot || dovecot-pop3imap || dovecot-smtp || dovecot-*
  • sasl
  • BadBots || irc-bot || irc-bots || reg-bots || reg-bot
  • php-url-fopen || rfi-attack (wie in filter.d/apache-spamtrap-rfi.conf) || shellshock
  • w00tw00t || apache-w00tw00t Disabled because of majestic12 Bot
  • ApacheDDOS || DDoS
  • Asterisk || sip || voip
  • SQL-Injection
  • webmin || plesk -> brute-force-logins (set maxentry to 5 or higher)

ads





Written by admin


Leave a Reply

Your email address will not be published. Required fields are marked *