What is www.BlockList.de?
www.blocklist.de is a free and voluntary service provided by a Fraud/Abuse-specialist, whose servers are often attacked on SSH-, Mail-Login-, FTP-, Webserver- and other services.
The mission is to report all attacks to the abuse deparments of the infected PCs/servers to ensure that the responsible provider can inform the customer about the infection and disable them.
We report more than 70,000 attacks in 12 hours in real time and use the Whois (abuse-mailbox, abuse@, security@, email, remarks), the Ripe-Abuse-Finder and the contact-database from abusix.com to find the abuse-address assigned to the attacking host. Our reports are based on X-Arf (Network Abuse Reporting 2.0), so the abuse-department of the provider of the attacking host can parse our reports automatically.
blocklist is comparable with spamcop.net for attacks of any kind except for spam.
We use the Whitelist from www.dnswl.org, www.spamhauswhitelist.org and the Blacklist from torproject.org to reduce false-positives.
These users can for their own servers/IPs whitelist, which is applied to their own reports and thus prevents the reporting of their own servers.
We're winning more partners every day (over 6736 Users), who report attacks on their servers.
If you also want to report attacks on your server, please register an account and add your server.
On our statistics page, you can see the top countries of attacking PCs, the top providers and the top attacker IPs.
On "Search (IP, ASN)" you can search in our database for your IP-address or your AS-Number to check the status of blocked IPs or how many IPs had attacked our partner's servers.
Also you can pause reports for 7 days for a IP and the assigned abuse-address when you need more time to fix the problem.
We hope our service makes the Internet better, safer and helps to clean infected PCs.
Note: BlockList.de itself does not block E-Mails or Requests. Third party administrators configure their servers, which may reject a connection because of an entry in blocklist.de.
Currently, we can use the following Fail2Ban-/DenyHost-Attacks-Type:
complete List of Service-Names
The mission is to report all attacks to the abuse deparments of the infected PCs/servers to ensure that the responsible provider can inform the customer about the infection and disable them.
We report more than 70,000 attacks in 12 hours in real time and use the Whois (abuse-mailbox, abuse@, security@, email, remarks), the Ripe-Abuse-Finder and the contact-database from abusix.com to find the abuse-address assigned to the attacking host. Our reports are based on X-Arf (Network Abuse Reporting 2.0), so the abuse-department of the provider of the attacking host can parse our reports automatically.
blocklist is comparable with spamcop.net for attacks of any kind except for spam.
We use the Whitelist from www.dnswl.org, www.spamhauswhitelist.org and the Blacklist from torproject.org to reduce false-positives.
These users can for their own servers/IPs whitelist, which is applied to their own reports and thus prevents the reporting of their own servers.
We're winning more partners every day (over 6736 Users), who report attacks on their servers.
If you also want to report attacks on your server, please register an account and add your server.
On our statistics page, you can see the top countries of attacking PCs, the top providers and the top attacker IPs.
On "Search (IP, ASN)" you can search in our database for your IP-address or your AS-Number to check the status of blocked IPs or how many IPs had attacked our partner's servers.
Also you can pause reports for 7 days for a IP and the assigned abuse-address when you need more time to fix the problem.
We hope our service makes the Internet better, safer and helps to clean infected PCs.
Note: BlockList.de itself does not block E-Mails or Requests. Third party administrators configure their servers, which may reject a connection because of an entry in blocklist.de.
Currently, we can use the following Fail2Ban-/DenyHost-Attacks-Type:
complete List of Service-Names
- ssh* || ssh-ddos
- postfix || mail || exim || exim4
- amavis
- proftpd || ftp* || pure-ftpd || pureftpd
- courierpop3 || pop || pop3 || dovecot-pop3
- courierimap || imap || dovecot || dovecot-pop3imap || dovecot-smtp || dovecot-*
- sasl
- BadBots || irc-bot || irc-bots || reg-bots || reg-bot
- php-url-fopen || rfi-attack (wie in filter.d/apache-spamtrap-rfi.conf) || shellshock
- w00tw00t || apache-w00tw00t Disabled because of majestic12 Bot
- ApacheDDOS || DDoS
- Asterisk || sip || voip
- SQL-Injection
- webmin || plesk -> brute-force-logins (set maxentry to 5 or higher)