we have blocked 101955 IP's now.
useful Links
- www.fail2ban.org
- Example Configuration Debian 5
- Example Configuration Debian 6
- The Global Reporting Project
- Example Report (postfix)
- Example Report (ssh, again)
- stopforumspam.com
N e w s:
27.01.2012X-ARF-Validator fixed and online
21.12.2011
since 20.12 T12am, we dont send new reports, because the database field for the report-id was to small. Is now fixed.
03.12.2011
Blocklist is now running on a ex6 and 2 webserver
05.11.2011
The Spamer register Accounts in other Forums and Blogs with @blocklist.de This User/Comments are not from blocklist.de! Please create a Police Report against the spaming IP!
04.11.2011
A Server 178.73.218.201 (wserv201.woodcrane.com) has send over 7000 registrations and a lot of contactforms and creating over 7000 konsole-h-ac counts with @blocklist.de..... The case is open on the police.
04.08.2010
The IP-Lists are now included in www.ipvoid.com.
PC infected / slow?
What is www.blocklist.de?
www.blocklist.de is a free and voluntary service provided by a Fraud/Abuse-specialist, whose servers are often attacked on SSH-, Mail-Login-, FTP-, Webserver- and other services.
The mission is to report all attacks to the abuse deparmtents of the infected PCs/servers to ensure that the responsible provider can inform the customer about the infection and disable them.
We report more than 42000 attacks in 12 hours in Realtime and use the Whois (abuse-mailbox, abuse@, security@, email, remarks), the
Ripe-Abuse-Finder
and the contact-database from
abusix.org to find the abuse-address assigned to the attacking host. Our reports are based on
X-Arf (Network Abuse Reporting 2.0),
so the abuse-department of the provider of the attacking host can parse our reports automatically.
blocklist is comparable with spamcop.net for attacks of any kind except for spam.
We're winning more partners every day, who report attacks on their servers.
If you also want to report the attacks on your server, please register an Account and add your Server.
On our Statistics you can see the top-countries of attacking PCs, the top-providers and the top attacker-IPs.
On "Search (IP, ASN)" you can search in our Database for your IP-address or your AS-Number to check the status of blocked IPs or how many IPs had attacked on of our parnter-server.
Also you can pause reports for 7 days for a IP and the assigned abuse-address when you need more time to fix the problem.
We hope our service makes the Internet better, safer and helps to clean the infected PCs.
Currently, we can use the following
Attacks-Typ:
- ssh* || ssh-ddos
- postfix || mail || exim || exim4
- amavis
- proftpd || ftp* || pure-ftpd || pureftpd
- courierpop3 || pop || pop3 || dovecot-pop3
- courierimap || imap || dovecot || dovecot-pop3imap || dovecot-smtp || dovecot-*
- sasl
- BadBots || irc-bot || irc-bots || reg-bots || reg-bot
- php-url-fopen || rfi-attack (wie in filter.d/apache-spamtrap-rfi.conf)
-
w00tw00t || apache-w00tw00tDisable because of majestic12 Bot - ApacheDDOS || DDoS
- Asterisk || sip || voip
- SQL-Injection