search

firehol / blocklist-ipsets

ipsets dynamically updated with firehol's update-ipsets.sh script
https://iplists.firehol.org
3.14k stars 382 forks source link

ip blacklisted but can be removed #39

Open zoon01 opened 7 years ago

zoon01 commented 7 years ago

Hi please remove ip address: 92.48.206.226 this is used by NAS4Free nas4free.org and not used for spam.

thanks, zoon01 developer NAS4Free

ktsaou commented 7 years ago

Hi,

This IP is matched by these lists:

# echo 92.48.206.226 | iprange - --compare-next *.{ip,net}set | grep -v ",0$"
stdin,firehol_webserver.netset,1,64887,1,34742775,34742775,1
stdin,ransomware_feed.ipset,1,5041,1,5041,5041,1
stdin,hphosts_emd.ipset,1,25980,1,25980,25980,1

In firehol_webserver is included because it is in hphosts_emd. hphosts EMD, is listing malware hostnames. One of the hostnames listed there resolves to this IP.

In general, I never filter ip lists. So, to settle this issue, you have to contact the list maintainers or fix the root cause of this listing.

If this IP is assigned to you by a shared hosting provider, it is probably that the same IP is used by other sites that are infected by malware.

So, the only action I can take, is to exclude hphosts_emd from firehol_webserver. However, I don't see why is could be problematic for you. firehol_webserver is is a list to be used for protecting web servers, so unless you provide an API other web servers are expected to query, the inclusion of this IP in firehol_webserver should not affect you.