|(Versión en castellano)|
Here I share blacklists created from IP addresses I collect from my server logs (exclusively.) You can use them in your firewall. (Updated hourly.)
Below I include a new list (IPs also collected from my http server logs.) These are not from attackers but web bots (like mj12bot or Semrush) which collect data not for general public use (search engines) but to provide SEO and other researches services to paying customers. It's up to you to decide if you want to block them.
In case you don't know it, this project generates IP addresses databases and sells the lists to big enterprises (as Microsoft or Google) to be used in anti SPAM software.
There is one of those lists in particular, the PBL that is especially annoying. It assumes any home machine is susceptible to be hacked and used by spammers, so they include in this list IP ranges reported by ISPs as destined to residential type internet connections. While this is mostly true there are “identifiable” exceptions, as in my case. I run a web-mail server at home, that I administer myself. I have a few users with a few email addresses in use, this means I'm by far more able than any big enterprise (managing thousands of users spread among thousands of servers) to monitor my log files and be sure that no SPAM is sent from my machine. What justifies to pay 5 euros month extra for a name reverse resolving static IP:
$ host server.roquesor.com server.roquesor.com has address 18.104.22.168 $ host 22.214.171.124 126.96.36.199.in-addr.arpa domain name pointer server.roquesor.com.
Spamhaus could perfectly add a check like the above in their database software to avoid including FCrDNS (forward-confirmed reverse DNS) IPs in their PBL list but, why would they bother themselves in doing that? On the contrary, big companies do have interest in discouraging people from running their own mail servers at home, as well as sweeping small entrepreneurs away from the market, don't be surprised this is actually the service (not honestly fighting spam) they are paying Spamhaus (probably spammers also) for.
An interesting fact that supports my theory. Let some ignorant lazy ISP admin assert the opposite, I've tried including in my firewall not only the PBL but all Spamhaus' IP lists “exclusively” and guess what, they didn't reduce the incoming volume of spam even a bit. If you have knowledge in the matter you can check this yourself and make your own conclusions.
GO BACK HOME