For a long time, I'd been looking for a way to effectively exploit the hacking data blocked by my servers. And as a’WordPress hosting specialist, believe me, I thwart hundreds, if not thousands, of hacking attempts every day (and I'm not the only one). regularly repairs hacked WordPress sites from other hosts). Intrusion attempts are constant, but thanks to security systems such as Fail2ban, attacks are automatically stopped before they cause any damage. However, beyond simply protecting my systems and customers, I wanted to go further: share this information and make the Internet a safer place for everyone.
Over 2,000 malicious IPs reported in just 48 hours!
With this in mind LRob has started contributing to attacker reporting via AbuseIPDB, a platform that allows anyone to report malicious IPs. In just 48 hours, over 2000 IP have already been reported, showing just how significant an impact this initiative can have.
Here's the total number of IPs reported since LRob joined AbuseIPDB (updated in August 2025 to 8000/day):
Why report malicious IPs?
Hackers attack everything, all the time. Whether you're a small business, an individual or a large organization, you're a target. However, while these attacks are relentless, the resources of cybercriminals are limited. By identifying them, we have a chance to combat them more effectively and limit their scope for action.
There are two main reasons why reporting malicious IPs is crucial:
- Identify and block attackers By reporting these IPs, you contribute to the creation of a database accessible to all, making it easier to block potential threats before they reach other infrastructures.
- Informing legitimate guests Some legitimate hosts can be infected or hijacked without their knowledge, serving as relays for attacks. By reporting these IPs, you give them a chance to react and correct the situation.
Sharing information via platforms such as’AbuseIPDB makes the web safer, not just for you, but for the whole community.
A simple API for efficient reporting
One of AbuseIPDB's greatest strengths is its ease of use. Via a API accessible to all, it's easy to contribute to the reporting of malicious IPs. By validating your identity, you can even increase the reporting limit to 5000 IP per day, which covers a wider spectrum of attacks.
So I decided to set up a system for automate these postponements, so that the community can benefit from my data on blocked hacks. A banner is now visible at the bottom of my LRob.fr site, linking directly to my AbuseIPDB profile, where anyone can see the IPs I've reported (see my profile here).
Automated reporting with Plesk and Fail2ban
For those who, like LRob, use Plesk to manage their servers, I developed a script to automatically report malicious IPs via the AbuseIPDB API using the Fail2ban.
This script is freely available on GitHub and can be used by any sysadmin wishing to automate this process. Simply configure your API key and you're ready to get started!
You can find it here: GitHub - Report AbuseIPDB.
(Feel free to suggest improvements if you see ways to optimize the script or make it more efficient!)
All you have to do is create a CRON and you're done, for example :
#Run /root/report_abuseipdb.sh every 6 hours
30 */6 * * * /root/report_abuseipdb.shTowards a more secure internet, together 💪
We all have a role to play in building a healthier, more secure Internet. Every IP reported is one less potential attack on our infrastructures, one less threat to businesses and individuals. Thanks to the combined efforts of contributors and platforms such as AbuseIPDB, we can reduce the impact of cyber attacks and make the web safer for everyone. 🌐
So, whether you're an experienced sysadmin or an individual user wishing to contribute, I encourage you to join this initiative. Together, we can make a real difference and make the web more secure. 👊
And if you're simply looking for a secure hosting provider specializing in WordPress, I invite you to discover my offers :
Leave a Reply
You must be logged in to post a comment.