For a long time, I've been looking for a way to effectively exploit the hacking data blocked by my servers. Intrusion attempts are constant, but thanks to security systems such as Fail2ban, attacks are stopped before they cause any damage. However, beyond simply protecting my systems and customers, I wanted to go further: share this information and make the Internet a safer place for everyone.
Over 2,000 malicious IPs reported in just 48 hours!
With this in mind LRob has started contributing to attacker reporting via AbuseIPDBa platform that allows anyone to report malicious IPs. In just 48 hoursover 2000 IP have already been reported, showing just how significant the impact of this initiative can be.
Why report malicious IPs?
Hackers attack everything, all the time. Whether you're a small business, an individual or a large organization, you're a target. However, while these attacks are relentless, the resources of cybercriminals are limited. By identifying them, we have a chance of combating them more effectively and limiting their scope for action.
There are two main reasons why reporting malicious IPs is crucial:
- Identify and block attackers By reporting these IPs, you contribute to the creation of a database accessible to all, making it easier to block potential threats before they reach other infrastructures.
- Informing legitimate guests Some legitimate hosts can be infected or hijacked without their knowledge, serving as relays for attacks. By reporting these IPs, you give them a chance to react and correct the situation.
Sharing information via platforms such asAbuseIPDB makes the web safer, not just for you, but for the whole community.
A simple API for efficient reporting
One of AbuseIPDB's great strengths is its ease of use. Via a API accessible to all, it's easy to contribute to the reporting of malicious IPs. By validating your identity, you can even increase the reporting limit to 5000 IP per daywhich covers a wider spectrum of attacks.
So I decided to set up a system for automate these postponements, so that the community can benefit from my data on blocked hacks. A banner is now visible at the bottom of my LRob.fr site, linking directly to my AbuseIPDB profile, where anyone can see the IPs I've reported (see my profile here).
Automated reporting with Plesk and Fail2ban
For those who, like LRob, use Plesk to manage their servers, I developed a script to automatically report malicious IPs via the AbuseIPDB API using the Fail2ban.
This script is freely available on GitHub and can be used by any sysadmin wishing to automate this process. Simply configure your API key and you're ready to get started!
You can find it here: GitHub - Report AbuseIPDB.
(Don't hesitate to suggest improvements if you see ways to optimize the script or make it more efficient!)
All you have to do is create a CRON and you're done, for example :
#Run /root/report_abuseipdb.sh every 6 hours
30 */6 * * * /root/report_abuseipdb.sh
Towards a more secure internet, together 💪
We all have a role to play in building a healthier, more secure Internet. Every IP reported is one less potential attack on our infrastructures, one less threat to businesses and individuals. Thanks to the combined efforts of contributors and platforms such as AbuseIPDBwe can reduce the impact of cyber attacks and make the web safer for everyone. 🌐
So, whether you're an experienced sysadmin or an individual user wishing to contribute, I encourage you to join this initiative. Together, we can make a real difference and make the web more secure. 👊
Leave a Reply