search

borestad / blocklist-abuseipdb

Aggregated AbuseIPDB blocklists with worst IPv4 & IPv6 offenders (~100% confidence)
85 stars 9 forks source link

Categories #6

Closed ehnwebmaster closed 1 week ago

ehnwebmaster commented 1 month ago

Hello,

What about filtering the Ip's by categories?

For example

A list with DDoS reported Ip's (category 4)

https://www.abuseipdb.com/categories

Thank you in advance

borestad commented 1 month ago

Hi! Unfortunately AbuseIPDB does not expose that information via their API. The data retrieved looks like this:

... 64.23.182.34 43.163.229.92 43.156.236.44 43.156.79.21 89.252.169.173 49.51.187.152 43.134.20.26 218.92.0.97 ...

...without any way of distinguish them. There might be usecases for this, but since this list has such high accuracy without false positives, it is considered a route to /dev/null

Providing more statistics might be possible though. If so, is there anything in particular that would be interesting to know?

ehnwebmaster commented 1 month ago

You're right, is not possible to do with AbuseIPDB. Will contact with them to suggest add this feature, filter by categories.

Just interested in use large ip's with ipset to block open proxys or other ip's able to do DDoS attacks.

We can scrap all the abuseipdb web page but that's not a great solution, will be banned jejeje

Just checked https://iplists.firehol.org/ among others and there's just a few and outdated lists about DDoS ip's abusives.

Thank you for you response!

Hello,

Just and idea: Filter by categories.

Will be really nice use your API blacklist and be able to filter by cateogies.

For example, imagine a list of ip's by category 4 (DDoS) to block http/s requests via iptables or ipset.

Or block just the category 5 (FTP) service, or SSH service (22)

Imagine just have an e-mail server and want to block only category 11 and 17 (E-mail spam), not the other offensive ip's.

Your servie is great, but too much ip's without filtering might be not really useful.