Closed PHB-fra closed 2 weeks ago
romainmarcoux
commented
3 weeks ago In addition to the sources indicated on the README, I add IPs having carrying out illegitimate traffic on the systems of my few customers. This represents quite a few IP addresses on all the IP addresses of my aggregation. This IP address is one of the IP addresses to "weak signals" and has carried out not indexed web service scans several times.
Do you know the owner of this IP address?
PHB-fra
commented
2 weeks ago Owner of this IP is zaacom (compagny SEO Agency with botnet/crawlers).
romainmarcoux
commented
2 weeks ago Digging deeper, I see that the IP address is considered malicious on app[.]crowdsec[.]net/cti/92.182.103.132 I have no problem whitelisting the IP address but I have no information on this IP address:
PHB-fra
commented
2 weeks ago hi romain,
I understand your point of view and you are right. It is up to them to make the necessary effort to not get blacklisted and to behave ethically.
just in evolution on the sources directory it is possible to have the "super-romain-filter.txt" file with what you have blacklisted in order to be compliant with the full-* files ?
How long do you keep the IP banned? (30D?)
romainmarcoux
commented
2 weeks ago This is a very good idea. I just added the source "sekio-a*.txt' (my company name). I updated the list of sources in the README. If you know someone at Zaacom, you can tell them to contact me so that I can authenticate their IP addresses and whitelist them. Thank you for helping to improve the project.
romainmarcoux
commented
2 weeks ago A person from Zaacom contacted me. I whitelisted the IP address.
Hi romain,
this ip 92.182.103.132 is on your file ( https://github.com/romainmarcoux/malicious-ip/blob/main/malicious-ip-by-country/full-fr-aa.txt ) 28/08/24 at 14h44 UTC+1
but a can't find it on your source : https://github.com/romainmarcoux/malicious-ip/tree/main/sources
Why this ip is on your list without source ?
Best regards,