I think that there's always going to be an issue with this type of IP blocklist; these lists are all for the C&C for a particular malware. As time passes old malware goes out of use and hence this list becomes redundant.
I suppose it would be possible to write a script that reads the sources file and checks for changes in the list contents, and then raise a notification of some sort if a list doesn't change for say a month.
Regards, Tim On 14/10/2024 10:20, Michael Tremer wrote:
Hello Adolf,
This is indeed “great” news and I suppose this is just proving the point that we have discussed on here before…
On the website there is no note or anything else that indicates any change: https://feodotracker.abuse.ch/blocklist/
But I can confirm that the list currently have zero entries and the timestamp of the last update is 2024-08-23 12:01:06 UTC.
Unless you get a response, let’s remove the lists for now.
-Michael
On 8 Oct 2024, at 22:04, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
Here we are again with yet another three of the IP Blocklists looking like they have been forgotten about and are no longer being updated.
The FEODO_RECOMMENDED and FEODO_IP lists are both empty of any IP's and have not been updated since 23rd August 2024.
The FEODO_AGGRESSIVE list still has IP entries in it but they were last updated on 23rd August 2024.
All three lists say they are re-generated every 5 minutes but that has clearly stopped for the last 6 weeks.
I will contact the lists to see what their response on this is.
Regards,
Adolf.