The subject of using IP Blacklists is an exciting topic. It brings up great debates between people in communities about how effective they are. Still, cybercrime is an ever-growing issue facing commercial entities, small businesses, and even personal websites such as blogs are prime targets.
Today more server administrators and website owners are finding the need to secure services more in these times. IP Blacklists maintained to the highest level provide quick and immediate protection to your website by blocking out elements that should never visit or have access to your website.
One main issue is finding good projects, mainly lists outdated or not maintained, leading to ineffective lists. We will look at a few Github projects actively working on Blacklists that are accessible, open-source. You can download and apply immediately to your set-up with a maintenance schedule to maintain for future updates.
Firehol Blacklist IPSets Project
Firehol Blocklist IPSets Github repository is the mecca for finding IP Blacklists. This Github project includes many blacklists that are currently maintained. Firehol does have historical IP Blacklists that are dead. I would suggest not blindly using all the lists featured on Github, instead visit the main website as it will tell you how long since the last physical source update, where you do not see this on Github as easily. Some lists have not received maintenance for a year plus.
The lists are freely available as it’s all open source, but given so many lists, it’s easy to get carried away without researching what IP Blacklists source and how they collect and create the list. Some IP lists are very good with low chances of banning innocent visitors, where some admit to having high positives, so checking is vital.
Visit Firehol List Github
Visit Firehol Website
IPSum IP Threat Intelligence Blacklist
IPSum is a project that is based on 30+ publically available lists of malicious or suspicious IP addresses. Like FireHol blacklists, IPSum combines the lists into levels, making it much easier to download and apply. All source lists are automatically parsed daily. The Github project is updated once every 24 hours with fresh results.
What is excellent about IPSum, the level system 1 to 8, is how many times an IP address has appeared on one of the sources IPSum uses. If the malicious IP address has appeared on 5 source files, it will be added to level 5. This means that if you use that list, you will rarely face an incident of having an innocent person blocked or banned from your server. IPSum recommends using level 3 at the minimum. Using anything less will give you a lot more IP addresses, but chances of false positives are, of course, much higher. Going further up the level list, as explained, will further reduce your chance with level 8 IP addresses you should not remove.
The only downside, if you could call it that, IPSum does not list sources like Firehol IPBlockset does, making looking into who is making the lists, the conditions and other information a bit harder to view.
Visit IPsum Github
Suspicious, Snooping, Sniffing, Hacking IP Blacklist
This IP Blacklist project maintained by Mitchell Krogza, whom many know behind Apache/NGINX Ultimate Bad Bot blocker. These lists are smaller than others listed since they are from his servers. The chances of false positives from these lists are meagre, given Mitchell’s reputation in the security industry. They are certainly worth the time to investigate and use.
Visit Suspicious, Snooping, Sniffing, Hacking IP Blacklist Github
Visit our guide on How to use NGINX Bad Bot Blocker for Ubuntu by Mitchell Krogza.