Use the zone lookup.dnsbl.iip.lu for your DNSBL requests.
We list the IPs that have not been successfully stopped using a combination of greylisting and (real-time) blacklists, and that have subsequently passed our spam filter with a high score.
New (08/2008): SSH scans (i.e. several connection attempts to port 22 where noone should use it) are listed with score -3 and also included in the blacklist.
New (11/2008): We show where some of the recent vermin is coming from, according to GeoIP.
New (01/2009): SMTP scans (i.e. several delivery attempts to non-existent accounts) are listed with score -4 and also included in the blacklist. Additionally we show a list of longterm compromised hosts.
You can test it using the standard syntax of the IP address to check for in reverse notation, e.g. 2.0.0.127.lookup.dnsbl.iip.lu which should always result in a positive answer, e.g. 127.0.0.2.
You can view the list in text form here.
Amongst the last seen time of spam and the concerned IP, we show how many hits (re-listings after periodic delisting, currently 24 hours) there were. We also show the last score and the average score of all hits, as well as the hostname, if there is a reverse DNS entry.
There also is an RSS Feed here.
Note that we only show the elements that we could somehow automatically identify as spam after passing all our other checks, which we do not disclose.
For consulting, please do not hesitate to contact us.
| +10 days resilient spammers/scanners (last seen recently) | |
|---|---|
| Hostname (IP) | Number of days |
| 67.137.238.164 | 453 |
| 219.139.76.173 | 145 |
| 116.228.164.2 | 86 |
| 210.13.73.29 | 76 |
| 119.10.114.60 | 45 |
| ec2-46-51-218-117.ap-southeast-1.compute.amazonaws.com (46.51.218.117) | 10 |
.
To list all of UCEPROTECT Level 3 in your firewall, you can use update-iptables-ucelevel3.sh
This script includes incremental updates, so you may just run it using cron (e.g. 45 minutes past the hour, since all mirrors should have synced by then).