Our Reporting-Tool and other Downloads
If you want to use Blocklist.de without Fail2Ban.
Use BlockList with DenyHost
All downloads are also available at the following address:
https://www.blocklist.de/downloads/
Here you can use our X-ARF-Validator -> https://www.blocklist.de/ru/xarf-validator.html to check or validate your X-ARF-Reports.
Please contact us and we can report your Fail2Ban-Reports so long our Software Reporting Tool is still in public use.
We are working on the last modules: whois-parsing and rewrite. When the two modules are finished, we can start a Beta. Now we can report 1,000 Fail2Ban-Mails in 300 Seconds. With Modul DB, ReRePorting, Black/Whitelist (all without ASN), the time is the same.
The ASN module gets the AS-Data from cymru.com and needs so (when is activated) for 1,000 Mails over 3,000 Seconds.
You can find our API-Documentaiton here: https://www.blocklist.de/ru/api.html
Also you can use our Data via DNS
Howto, Tips and a ToDo-List are available in the Forum under https://forum.blocklist.de.
Create reports without Fail2Ban:
When you don't used Fail2Ban, but another Software or Script, then you can send us attack reports as an email in the following Format (Body only in Text/Plain):Subject: [Fail2Ban] servicename: banned $ip-address
Body of Mail:
---------------------------------------------
Text....
Here are more information about $ip-address:
Whois-Output, is not required (optional)
Lines containing IP$ip-address:
here the Logfiles (required)
Regards,
Fail2Ban
---------------------------------------------
The following service-names can be parsed:
mail:
mail, postfix-blacklist, postfix, exim, postfix2, exim4, postfix-550, postfix550, postfix-554, postfix-blacklst, smtp, postfix-gl, sendmail, postfix-bl, exim-relay, postfix-strict, postfix-connection, postfixblacklist, postfix-tcpwrapper, postfix-rejected, postfix-spamers550, plesk-postfix, mail-ban, postfix-554-3, postfix-550-2, exim-greylist, postfix-554-2, postfix-450
proftpd, ftp, ftpd, vsftpd, pure-ftpd, pureftpd, proftp, proftpd-sftp, proftpd-users, containerproftpd, plesk-proftpd, proftpd2, pureftp, ftps, vsftpd-notify
pop3:
courierpop3, pop, pop3, pop3-max, dovecot-pop3, pop3d, qpopper, pdqmail-pop, pdqmail-smtp, vpopmail, smtpd, cyrus, pop-banned
imap:
imap, courierimap, courierauth, dovecot-pop3, couriersmtp, dovecot, dovecot-imap, dovecot-pop3imap, imapd, courier-auth, zimbra-account, zimbra-audit, courierauth-exim, dovecot-auth, dovecot-plain, courierimap4, cyrus-imap, plesk-dovecot, plesk-courierimap
ssh:
ssh-ddos, ssh2, ssh3, pam-generic, ssh-fail2ban, ssh, sshd, ssh1blu-main, ssh1blu-multi-domain, sh-ssh, bo-ssh, me-ssh, ssh-permaban, default, ssh-tcp, kippo, ssh1, ssh-shorewall, ssh-iptables, f2b-ssh, blocklist-sshd, containerssh, sshlocal5, fail2ban-ssh, sshd-disconnect, ssh-blocklist, ssh-repeater, ssh-repeated, ssh-iptables-blocklist.de, ssh-preauth, ssh-auth, pam-short, upload-2-ebsssh, sshd-root, sshd-ddos
mysql:
mysqld-auth, mysql-auth, mysqld, mysql, mysql-login, mysqld-login
apache-scripts:
apache-overflows, overflows, overflow, apachevm-w00tw00t, web-w00tw00t, web-w00tw00t-vm, w00tw00t, web-overflows, apache-w00t, apache-bin-bots
rfi:
phpids, rfi-attack, php-url-fopen, apache-php-url-fopen, apache-spamtrap, apache-spamtrap-rfi, apache-spamtrap-rfi2, apache-spamtrap-rfi3, apache-spamtrap-rfi4, apache-spamtrap-rfi5, apache-spamtrap-rfi6, rfi, confixxphp
sql-injection:
sql, sqli, sql-injection, sqlinjection, sql-attack, sqli-attack
badbots:
apache-badbots, Apache-GuestBook, apache-guestbook, badbots, badbot, apache-badbot, bad-bot, bad-bots, badbot-ban, drupal-mollom-spam, drupal-spambot
ddos (http-flood):
apache-ddos, apacheddos, ddos, apacheddos2, apacheddos-blocklist, http-bittorrent-fake, http-bittorrent, apache-bittorrent, fake-torrent, http-torrent
sasl:
sasl, qmail-smtp, sdgsmtp, sendmailbruteforce, smtp-sasl, qmail, sasl-iptables, sasl-password, sasl-passwort, sasl-ipt, postfix-sasl, sasl-smtp, sasl-submission, sasl-ban, zpanel-postfix, postfix-auth, postfix-sasl2, postfix.auth
sip:
asterisk, voip, sip, asterisk-iptables, voip-voip, asterisk-udp, recidive
ircbot:
irc-bot, irc-bots, ircbot, irc-bot
regbots:
reg-bot, regbot, regbots, reg-bots
shellshock:
shellshock, shellshock-attack, apache-shellshock
portflood:
portflood, sync, firewall, shorewall, portsentry, ipset
webmin/plesk:
webmin, plesk, plesk-panel, apache-ddnss
wordpress/joomla:
wp-bruteforce, brute-force-logins, wp-bruteforcelogin, wpbruteforcelogin, bruteforcelogin, brute-force-logins, wp-bruteforcelogin-fail, wordpress, apache-joomla-admin, bruteforcelogin-ban, apache-wp-login, wp-login, wplogin, apache-joomla-login, apache-wordpress-login, apache-xmlrpc, apache-wplogin, apache-scholz, apache-saegen, nginx-ratelimit, wordpress-wp-login, wordpress-https, apache-wp-xmlrpc, apache-xmlrpc, apache-bruteforce, joomla-wordpress-bruteforce, wp-auth-and-xmlrpc, nginx-http-auth, wordpress-dos, wordpress-userenum
trigger-spam:
trigger-spam
cs-rcon:
cs-rcon