I love logs. (By the way, greetings, after very-very long time!)
I love reading log files, deeply investigating them.
I dedicate a large amount of my time to reading log files of the servers I’ve been managing since decades. While they actually do work fine as they should, I still investigate them and check for their health – through the logs – from time to time.
And within all those log files, there’re always *bad guyz* scanning the servers I manage/administrate. Brute-forcing ports, spamming&relay-checking SMTP servers, scanning entire ports, trying to hack e-mail accounts, filling SSH’s/FTP’s auth. log files, et cetera.
I usually collect&merge them into a text file and while they usually waste disk, I/O and bandwidth, I block them by OpenBSD’s great PF.
Today, I wanted to share them in public. The IPs are here for your reference/usage. They were/are rapidly filling logs!
I will be updating the link frequently. More bad guyz -> ban-me.txt
ban-me.txt – (Updated)
P.S.: In addition to my manual ban-me PF block table, I use few other scripts as well.
I can say the best one is implemented by Jordan Geoghegan, a very good script called pf-badhost – working on OpenBSD, FreeBSD, DragonflyBSD, NetBSD and MacOS, a simple, network filtering tool that uses PF firewall to block many of the internet’s biggest irritants.
“Annoyances such as SSH and SMTP bruteforcers are largely eliminated.” it says. And that’s true! I use it on almost every server I set and/or manage. Brings my servers way much cleaner network traffic and very much relaxed disk I/O rate.
I’m going to write an article on further details of pf-badhost.
UPDATE: My much detailed write-up about pf-badhost is here: