ipset in combination with iptables are the perfect tools to ban thousands of blacklisted IP addresses from IP blacklist providers like Project Honey Pot, Spamhaus, OpenBL and virtually anyone providing a list of “bad” IP addresses from a Linux server.
I’ve created a very simple Bash shell script which can be used to auto-update blacklisted IP addresses. Please see the documentation in the README.md on how to install it. It doesn’t matter if the blacklist comes as a raw IP list, as XML or CSV. The script will find any IPv4 including IPv4 with network prefixes (CIDR notation).
Currently, the script downloads blacklisted IP addresses from the following blacklists:
- Project Honey Pot
- Tor Exit Nodes
- MaxMind Anonymous Proxies
- BruteForceBlocker IP list from danger.rulez.sk
- Emerging Threats list from emergingthreats.net
- Spamhaus Don’t Route Or Peer List
- C.I. Army Malicious IP list
- OpenBL 30 day list
- Autoshun’s Shun list
Link to the git repository: github.com/trick77/ipset-blacklist
So, is there any benefit in banning those IP addresses? Well, it certainly reduces comment spam on a WordPress blog and there have been claims from websites owners that their servers had been attacked through Tor. The number of comment spam attempts on this blog dropped quite impressively after implementing the IP address bans: