[Gllug] Lists of bad IPs?

Richard Jones rich at annexia.org
Sun Sep 14 13:56:26 UTC 2008

I've got a rather persistent spammer adding 'pharmaceutical' postings
to a domain that I run.  I'm tailing the logs and blackholing IPs, but
AFAICT he must be coming from / controlling at the very least 100s of
IPs, and for all I know it may be some big botnet.  (I've also
blackholed all TOR exit nodes and have scripts running to remove the
postings every few minutes).

So ... What is the current state of databases of "bad" IPs?  I'm aware
of DenyHosts but they seem to concentrate on port 22, and in any case
I'm suspicious of their policies for adding IPs and you can't just
download the list.

Are there any others?  Anyone yet doing a reputation / voting system
for bad IPs, across a wide range of suspicious activity?  What, if
anything, are people using?


Richard Jones
Red Hat
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list