Blocklist

What is Blocklist?

Configure your host to send blocked IPs to Blocklist

Website

Register on the website and create a new server.

Server

Edit your jail.local (Fail2Ban) to send the IPs and logs via mail to Blocklist

[ssh]
 
enabled  = true
port     = ssh
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois-lines[name=SSH, dest="[email protected],<[email protected]>", sender=fail2ban@<yourhostname.com>, sendername="Fail2Ban", logpath=/var/log/auth.log]
logpath  = /var/log/auth.log
maxretry = 3

Troubleshooting

There are no logs included in the mail

You might see an error like

Lines containing IP:10.1.1.1 in /dev/null

Make sure that the correct logpath is included inside the “sendmail-whois-lines[]” brackets.

I see attacks but no reports

You dont see a report if the provider already received an abusemail in the last 24h, you can check all the reports for a specific IP by clicking on the “man-with-hat”-icon

Lunetikk's IT Wiki

Table of Contents

Blocklist

What is Blocklist?

Configure your host to send blocked IPs to Blocklist

Website

Server

Troubleshooting

There are no logs included in the mail

I see attacks but no reports

Lunetikk's IT Wiki

User Tools

Site Tools

Table of Contents

Blocklist

What is Blocklist?

Configure your host to send blocked IPs to Blocklist

Website

Server

Troubleshooting

There are no logs included in the mail

I see attacks but no reports

Page Tools