[TOOL] IP BlackHole
Just a new project. Nothing big.
IP.blackhole.monster
Is an IP blacklist that uses multiple sensors to identify network attacks (e.g. SSH brute force) and spam incidents. All reports are evaluated and in case of too many incidents the responsible IP holder is informed to solve the problem.
P.S.: If you have some idle servers or can sponsor us a server, please mail us at [email protected]
https://github.com/BlackHoleMonster/IP-BlackHole
🚫 ALL IPs:
https://ip.blackhole.monster/blackhole
🚫 TODAY IPs:
https://ip.blackhole.monster/blackhole-today
How to use?
To get a fresh and ready-to-deploy auto-ban list of "bad IPs" you can run:
sudo su
apt-get -qq install iptables ipset
ipset -q flush blackhole
ipset -q create blackhole hash:net
for ip in $(curl --compressed https://ip.blackhole.monster/blackhole-today 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add blackhole $ip; done
iptables -D INPUT -m set --match-set blackhole src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set blackhole src -j DROP
Comments
how do you release the hash:net list safely? last time I tried similar method using maltrail, it refuses to drop the list until i reboot the machine.
after some times if the stuck list is too big, it'll start screwing with your network (timed outs, not responding, packet dropped in the interface). but this is a non-issue if the machine has more than 256mb RAM
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
@Encoders
https://ipset.netfilter.org/ipset.man.html
flush [ SETNAME ]
Flush all entries from the specified set or flush all sets if none is given.
This looks like a nice project. Good luck!
Talistech.com — ICT Consultancy and NVMe web hosting solutions.
@Talistech
thanks soon we will add live tcpdump output from attacked servers listening on every ports, just to see whats happening in real-time
cool project, will use the 'All IPs' on my pfsense with pfblockerng. What update interval do you suggest 8hrs, 24hrs, weekly?
@xyphos10
i am glad you like it
about that update, hmm, ip lists are re-generated every 20min. so depend on you how much freq. you wanna update
Update:
Added #5 new server - 🇵🇱 Poland
i liked this if you continue updates and the fact you use ipset, its clean.
Thank you
@ehab
enjoy, yeah i will be keeping this updating, adding more server too
btw footer also have dynamic generated image with stats:
Another update:
was added to maltrail - https://github.com/stamparm/maltrail/commit/886da5bde55128390bdab5d0345bdf47f1ebd0f4
Version: 0.3-βeta 🔥
wow nice project!!
C1V Hosting is a leading data center, cloud, hosting, and connectivity provider based in Italy. Our state-of-the-art datacenter is located in Pomezia (Rome) and offers a range of services including VPS, dedicated servers, colocation, and connectivity solutions.
looks very interesting, thanks
Version: 0.4-βeta 🔥
Added #6 new server - 🇳🇱 Netherlands
Version: 0.5-βeta 🔥
Added #7 new server - 🇩🇪 Germany
Whats the best way to use your script? By making a cron job and running it daily by updating the daily-IP addresses?
Talistech.com — ICT Consultancy and NVMe web hosting solutions.
@Talistech
that depend how you want to use it, if you want to block only daily ips only then as the example in first post - run it in cron and you are set for daily ips.
also you can parse the ips as you want, for example transform them in to iptables rules or ip route add blackhole ...
I'll try that out, thanks!
Talistech.com — ICT Consultancy and NVMe web hosting solutions.
Version: 0.6-βeta 🔥
Added #8 new server - 🇸🇬 Singapore
Version: 0.7-βeta 🔥
Added #9 new server - 🇦🇺 Australia
Version: 0.8-βeta 🔥
Added #10 new server - 🇫🇷 France
2023 April 16
Version: 0.15-βeta 🔥
- Added #11 new server - 🇬🇧 Great Britain
- Added #12 new server - 🇨🇦 Canada
- Added #13 new server - 🇳🇱 Netherlands
- Added #14 new server - 🇺🇸 United States
2023 April 15
Version: 0.14-βeta 🔥
- When searching now the output is sorted properly, newest attacks at the top
2023 April 15
Version: 0.13-βeta 🔥
- When searching for IP you can now see which server is sponsored
- Clicking to the sponsor favicon will take you to our page /sponsors
2023 April 15
Version: 0.12-βeta 🔥
- Created new page for Sponsors
-> /sponsors
- Got our first sponsor - IncogNet.io
-> Server #13 - 🇳🇱 Netherlands
-> Server #14 - 🇺🇸 United States
2023 April 15
Version: 0.11-βeta 🔥
- Page ASNs moved to IPs
-> /ips
- Created new page for ASNs
-> /asns
-> Possible to filter the ASN by name to get all the IPs logged
2023 April 15
Version: 0.10-βeta 🔥
- Created this changelog page 😊
-> /changelog
2023 April 15
Version: 0.9-βeta 🔥
- Upgraded the main server
-> 2 CPU cores to 4 CPU cores
-> 4 GB RAM to 8 GB RAM
-> HDD to SSD
- Search for IP should also be little faster
2023 April 16
Version: 0.16-βeta 🔥
Thanks goes out to @AlbaHost
2023 April 18
Version: 0.20-βeta 🔥
-> Logging the network to see what is going on.
-> tcpdump.blackhole.monster
2023 April 19
Version: 0.21-βeta 🔥
- Added new IP blacklist (list contains only IP from attack not older than 15 days)
-> /blackhole-15days
- Added new IP blacklist (list contains only IP from attack not older than 30 days)
-> /blackhole-30days
Added your blacklist into my csf firewall, let's see how much records can my vm handle
2023 April 21
Version: 0.22-βeta 🔥
- Added #16 new server - 🇲🇩 Moldova
- Added #17 new server - 🇦🇲 Armenia
- Added #18 new server - 🇵🇱 Poland
ConfigServer Security and Firewall (CSF)
2023 April 23
Version: 0.23-βeta 🔥
- Added #19 new server - 🇮🇳 India
- Added #20 new server - 🇿🇦 South Africa