Home
Search
Delist
Partners
Statistics
Graphical Statistics
Downloads
X-ARF Validator
API - DNS
DNS (RBL)
API-Reporting
Export IP-List
Register
Login
Imprint
Contact
Terms/Privacy
Twitter
Blog
Using blocklist over DNS/RBL faster
get blocklist.de results via DNS
The rbldnsd-Zone-Files
get the last added IPs
HTTP-API to report Attacks without Mails (GET/POST)
Example DNS-Query:
For a Query to check all Lists for the IP IP 127.0.0.2 use the following:
host -t any 2.0.0.127.bl.blocklist.de
Answer:
2.0.0.127.bl.blocklist.de TXT "Infected System (Service: w00tw00t, Last-Attack: $unixtimestamp), see http://www.blocklist.de/en/view.html?ip=127.0.0.2"
2.0.0.127.bl.blocklist.de A 127.0.0.15
More examples for DNS-Querys and other Services are in the Forum under:
https://forum.blocklist.de/viewtopic.php?f=11&t=17
On the DNS blacklist all the IP addresses of attackers over the past 48 hours are saved.
The blacklist can be used for the evaluation of e-mails or users (bots, forum spam). When a refusal occurs it is due to the Administrator, using the lists from bl.blocklist.de.
To use the RBL-Server there stands in Germany, use xxx.de.bl.blocklist.de
To use the RBL-Server there stands in the USA, use: xxx.usa.bl.blocklist.de
If you use all.bl.blocklist.de or bl.blocklist.de and the Return-IP was different:
amavis = 127.0.0.2
apacheddos = 127.0.0.3
asterisk = 127.0.0.4
badbot = 127.0.0.5
ftp = 127.0.0.6
imap = 127.0.0.7
ircbot = 127.0.0.8
mail = 127.0.0.9
pop3 = 127.0.0.10
regbot = 127.0.0.11
rfi-attack = 127.0.0.12
sasl = 127.0.0.13
ssh = 127.0.0.14
w00tw00t = 127.0.0.15
portflood = 127.0.0.16
sql-injection = 127.0.0.17
webmin = 127.0.0.18
trigger-spam = 127.0.0.19
manuall = 127.0.0.20
bruteforcelogin = 127.0.0.21
mysql = 127.0.0.22
Policy:
In the Export-/DNS-Lists was all IP-Addresses listen there was attack one of our systems/partners in the last 48 hours and not used the Delist-Link
Note: BlockList.de itself does not block E-Mails or Requests. These administrators configure the server, which has rejected the connection because of an entry in blocklist.de.
The rbldnsd-Zone-Files
get the last added IPs
HTTP-API to report Attacks without Mails (GET/POST)
DNS - bl.blocklist.de
Example DNS-Query:
For a Query to check all Lists for the IP IP 127.0.0.2 use the following:
host -t any 2.0.0.127.bl.blocklist.de
Answer:
2.0.0.127.bl.blocklist.de TXT "Infected System (Service: w00tw00t, Last-Attack: $unixtimestamp), see http://www.blocklist.de/en/view.html?ip=127.0.0.2"
2.0.0.127.bl.blocklist.de A 127.0.0.15
More examples for DNS-Querys and other Services are in the Forum under:
https://forum.blocklist.de/viewtopic.php?f=11&t=17
On the DNS blacklist all the IP addresses of attackers over the past 48 hours are saved.
The blacklist can be used for the evaluation of e-mails or users (bots, forum spam). When a refusal occurs it is due to the Administrator, using the lists from bl.blocklist.de.
To use the RBL-Server there stands in Germany, use xxx.de.bl.blocklist.de
To use the RBL-Server there stands in the USA, use: xxx.usa.bl.blocklist.de
| Name / URL | Description / Content |
| apache.bl.blocklist.de | Apache, RFI, w00tw00t, SQL-Injection, Forum-Spam |
| bruteforcelogin.bl.blocklist.de | All IPs, which have attacked Joomla, Wordpress and other Web-Logins with Brute-Force |
| bl.blocklist.de | All IP-Addresses (all Services) |
| all.bl.blocklist.de | All IP-Addresses (all Services) |
| ftp.bl.blocklist.de | FTP -> only IP's there have run FTP Brute-Force-Attacks. |
| imap.bl.blocklist.de | imap, pop3, sasl, webmail-Logins.... |
| mail.bl.blocklist.de | mail/postfix, 5xx-Errors (Blacklist-Entries), Relaying... |
| ssh.bl.blocklist.de | IPs there runs SSH-Attacks. |
| sip.bl.blocklist.de | IPs, who has tried a Sip/Asterisk Brute-Force-Login-Attack. |
If you use all.bl.blocklist.de or bl.blocklist.de and the Return-IP was different:
amavis = 127.0.0.2
apacheddos = 127.0.0.3
asterisk = 127.0.0.4
badbot = 127.0.0.5
ftp = 127.0.0.6
imap = 127.0.0.7
ircbot = 127.0.0.8
mail = 127.0.0.9
pop3 = 127.0.0.10
regbot = 127.0.0.11
rfi-attack = 127.0.0.12
sasl = 127.0.0.13
ssh = 127.0.0.14
w00tw00t = 127.0.0.15
portflood = 127.0.0.16
sql-injection = 127.0.0.17
webmin = 127.0.0.18
trigger-spam = 127.0.0.19
manuall = 127.0.0.20
bruteforcelogin = 127.0.0.21
mysql = 127.0.0.22
Policy:
In the Export-/DNS-Lists was all IP-Addresses listen there was attack one of our systems/partners in the last 48 hours and not used the Delist-Link
Note: BlockList.de itself does not block E-Mails or Requests. These administrators configure the server, which has rejected the connection because of an entry in blocklist.de.
