Thanks for the reply Michael. You can download the entire list in text format in a single API call, it just requires your API key. There is a free level of service from them that will provide a basic list of 10000 high confidence offenders.
https://docs.abuseipdb.com/#plaintext-blacklist
curl -G https://api.abuseipdb.com/api/v2/blacklist \ -d confidenceMinimum=85 \ -d limit=500000 \ -H "Key: $YOUR_API_KEY" \ -H "Accept: text/plain"
We've just noticed that the majority of malicious web requests comes in from an IP with a confidence score of 85% or above from this list.
Thanks again!
Chris
On Wed, Oct 12, 2022 at 5:35 AM Michael Tremer michael.tremer@ipfire.org wrote:
Hello Chris,
On 11 Oct 2022, at 14:35, Chris Multari cmultari@gmail.com wrote:
IPFire Devs - The IP Blocklist feature has been absolutely great.
Thanks for the feedback!
Has been any consideration given to adding something like the
abuseipdb.com blocklist? The list does require an API key and will return a different amount of IPs depending on your subscription level/account config, but bad actors are picked up quickly.
Currently, we only process offline blocklists, since it isn’t feasible to send any API requests out. A busy firewall might get many thousands of packets in a second that need checking (and that includes any potential caching of responses).
As far as I can see, there is no way to download the entire list in text format.
-Michael
Thanks! Chris