🕙 Last Sync: 02/20/2025 00:30 UTC
- About
- Main Lists
- Privacy Lists
- Spam Lists
- Geographical (Continents & Countries)
- Transmission (BitTorrent Client)
- Install
This repository contains a collection of dynamically updated blocklists which can be utilized to filter out traffic from communicating with your server.
These blocklists can be used with:
- ConfigServer Firewall
- FireHOL
- Crowdsec
- Transmission (BitTorrent Client)
- OPNsense
- Many others
Blocklist and statistics are updated daily, and some are updated multiple times a day depending on the category of blocklist. Others may only update once per day depending on how often they refresh.
The Severity Rating is a column shown below for each blocklist. This score is calculated depending on how many "abusive" IP addresses exist within that ipset file.
As an example, the Cloudflare CDN has a score of ★★★⚝⚝ 3 or higher, due to the fact that many people are reporting that servers hosted by Cloudflare seem to be involved in a lot of abusive activity such as port scanning and SSH bruteforce attacks. The more reports that the Ips in the Cloudflare file have, the higher the severity rating will rise. This score is based on the mean (average) report history of all IPs in the list.
This rating is calculated once a day.
These are the primary lists that most people will be interested in. They contain a large list of IP addresses which have been reported recently for abusive behavior. These statistics are gathered from numerous websites such as AbuseIPDB and IPThreat. IPs on this list have a 100% confidence level, which means you should get no false-positives from any of the IPs in these lists. IP addresses in these lists have been flagged for engaging in the following:
- SSH Bruteforcing
- Port Scanning
- DDoS Attacks
- IoT Targeting
- Phishing
For the majority of people, using the blocklists master.ipset and highrisk.ipset will be all you need. It is a massive collection, all with a 100% confidence level, which means you should get none or minimal false positives.
| Set Name | Description | Severity | View |
|---|---|---|---|
master.ipset |
Abusive IP addresses which have been reported for port scanning and SSH brute-forcing. HIGHLY recommended. Includes AbuseIPDB, IPThreat, CinsScore, GreensNow |
★★★★★ | view |
highrisk.ipset |
IPs with highest risk to your network and have a possibility that the activity which comes from them are going to be fraudulent. | ★★★★★ | view |
These blocklists give you more control over what 3rd party services can access your server, and allows you to remove bad actors or services hosting such services.
| Set | Description | Severity | View |
|---|---|---|---|
privacy_general.ipset |
Servers which scan ports for data collection and research purposes. List includes Censys, Shodan, Project25499, InternetArchive, Cyber Resilience, Internet Measurement, probe.onyphe.net, Security Trails | ★★★★⚝ | view |
privacy_ahrefs.ipset |
Ahrefs SEO and services | ★★⚝⚝⚝ | view |
privacy_amazon_aws.ipset |
Amazon AWS | ★★⚝⚝⚝ | view |
privacy_amazon_ec2.ipset |
Amazon EC2 | ★★⚝⚝⚝ | view |
privacy_applebot.ipset |
Apple Bots | ★★★⚝⚝ | view |
privacy_bing.ipset |
Microsoft Bind and Bing Crawlers / Bots | ★★⚝⚝⚝ | view |
privacy_bunnycdn.ipset |
Bunny CDN | ★★⚝⚝⚝ | view |
privacy_cloudflarecdn.ipset |
Cloudflare CDN | ★★⚝⚝⚝ | view |
privacy_cloudfront.ipset |
Cloudfront DNS | ★⚝⚝⚝⚝ | view |
privacy_duckduckgo.ipset |
DuckDuckGo Web Crawlers / Bots | ★★⚝⚝⚝ | view |
privacy_facebook.ipset |
Facebook Bots & Trackers | ★★★⚝⚝ | view |
privacy_fastly.ipset |
Fastly CDN | ★⚝⚝⚝⚝ | view |
privacy_google.ipset |
Google Crawlers | ★★⚝⚝⚝ | view |
privacy_pingdom.ipset |
Pingdom Monitoring Service | ★★⚝⚝⚝ | view |
privacy_rssapi.ipset |
RSS API Reader | ★★⚝⚝⚝ | view |
privacy_stripe_api.ipset |
Stripe Payment Gateway API | ★★⚝⚝⚝ | view |
privacy_stripe_armada_gator.ipset |
Stripe Armada Gator | ★★⚝⚝⚝ | view |
privacy_stripe_webhooks.ipset |
Stripe Webhook Service | ★★⚝⚝⚝ | view |
privacy_telegram.ipset |
Telegram Trackers and Crawlers | ★★★⚝⚝ | view |
privacy_uptimerobot.ipset |
Uptime Robot Monitoring Service | ★⚝⚝⚝⚝ | view |
privacy_webpagetest.ipset |
Webpage Test Services | ★★⚝⚝⚝ | view |
These blocklists allow you to remove the possibility of spam sources accessing your server.
| Set | Description | Severity | View |
|---|---|---|---|
spam_forums.ipset |
List of known forum / blog spammers and bots | ★★★⚝⚝ | view |
spam_spamhaus.ipset |
Bad actor IP addresses registered with Spamhaus | ★★★★⚝ | view |
These blocklists allow you to determine what geographical locations can access your server. These can be used as either a whitelist or a blacklist. Includes both continents and countries.
| Set | Description | Severity | View |
|---|---|---|---|
GeoLite2 Database |
Lists IPs by continent and country from GeoLite2 database. Contains both IPv4 and IPv6 subnets | ★★★★★ | view |
Ip2Location Database |
Coming soon | ★★★★★ | view |
This section includes blocklists which you can import into the bittorrent client Transmission.
- In this repo, copy the direct URL to the Transmission blocklist, provided below:
- Open your Transmission application; depending on the version you run, do ONE of the follow two choices:
- Paste the link to Transmission > Settings > Peers > Blocklist
- Paste the link to Transmission > Edit > Preferences > Privacy > Enable Blocklist
| Set | Description | Severity | View | Website |
|---|---|---|---|---|
bt-transmission |
A large blocklist for the BitTorrent client Transmission | ★★★★★ | view | view |
This section explains how to use these blocklists within particular software titles.
This repository contains a set of ipsets which are automatically updated every 6 hours. You may add these sets to your ConfigServer Firewall /etc/csf/csf.blocklists with the following new line:
csf|1000000|0|https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/master.ipset