====== Blocklist ======

===== What is Blocklist? =====

[[https://www.blocklist.de/en/index.html|Blocklist.de]]

===== Configure your host to send blocked IPs to Blocklist =====

==== Website ====

Register on the website and create a new server.

{{:linux:ubuntu:pasted:20190212-111400.png}}

==== Server ====

Edit your jail.local ([[linux:ubuntu:fail2ban|Fail2Ban]]) to send the IPs and logs via mail to Blocklist

<code bash>
[ssh]

enabled  = true
port     = ssh
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois-lines[name=SSH, dest="fail2ban@blocklist.de,<info@yourhostname.com>", sender=fail2ban@<yourhostname.com>, sendername="Fail2Ban", logpath=/var/log/auth.log]
logpath  = /var/log/auth.log
maxretry = 3
</code>

==== Troubleshooting ====

=== There are no logs included in the mail ===

You might see something like the following in your mails 
<code>Lines containing IP:10.1.1.1 in /dev/null</code>

Make sure that the correct logpath is included inside the "sendmail-whois-lines[]" brackets.

=== There are attacks but no reports ===

You dont see a report if the provider already received an abusemail in the last 24h, you can check all the reports for a specific IP by clicking on the "man-with-hat"-icon

{{:linux:ubuntu:pasted:20190212-114941.png}}

You also need to send a specific amount of logfileentries in order to prove the abusive behaviour