└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # IP BlackHole
 2 | 
 3 | IP blackhole.monster is an IP blacklist that uses multiple sensors to identify network attacks (e.g. SSH brute force) and spam incidents. All reports are evaluated and in case of too many incidents the responsible IP holder is informed to solve the problem.
 4 | 
 5 | ```
 6 | 🚫 ALL IPs:
 7 | https://blackhole.monster/blackhole
 8 | 
 9 | 🚫 TODAY IPs:
10 | https://blackhole.monster/blackhole-today
11 | 
12 | 🚫 15-DAYS IPs:
13 | https://blackhole.monster/blackhole-15days
14 | 
15 | 🚫 30-DAYS IPs:
16 | https://blackhole.monster/blackhole-30days
17 | ```
18 | 
19 | How to use?
20 | ----
21 | To block IPs via ipset and get a fresh and ready-to-deploy auto-ban list of "bad IPs" you can run:
22 | ```
23 | sudo su
24 | apt-get -qq install iptables ipset
25 | ipset -q flush blackhole
26 | ipset -q create blackhole hash:net
27 | for ip in $(curl --compressed https://blackhole.monster/blackhole-today 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add blackhole $ip; done
28 | iptables -D INPUT -m set --match-set blackhole src -j DROP 2>/dev/null
29 | iptables -I INPUT -m set --match-set blackhole src -j DROP
30 | ```
31 | or 
32 | 
33 | ConfigServer Security and Firewall (CSF)
34 | ```
35 | Edit CSF blocklist file:
36 | nano /etc/csf/csf.blocklists
37 | 
38 | Navigate to the end of the file and append the following:
39 | # IP.blackhole blacklist
40 | IPBLACKHOLE|3600|0|https://blackhole.monster/blackhole-today
41 | 
42 | After you finish editing the file, save it and restart CSF and lfd using:
43 | csf -ra
44 | 
45 | Check the log file to ensure that the blacklist was added correctly:
46 | cat /var/log/lfd.log
47 | ```
48 | 


--------------------------------------------------------------------------------