OpenBL.org - Abuse Reporting and Blacklisting

OpenBL.org Abuse Reporting and Blacklisting

Home	News	Lists	Statistics	Services	Privacy	Donate!	FAQ	Contact	MyLogin

The OpenBL.org project (formerly known as the SSH blacklist) is about detecting, logging and reporting various types of internet abuse. Currently our hosts monitor ports 21 (FTP), 22 (SSH), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications. For every logged attack an email is sent out to the contacts listed in the whois record and/or the reverse IP SOA information of the attacking hosts IP address, just a few seconds after the attack or scan started. It is our hope that the responsible administrators use the provided information to quickly secure and clean the misused and probably compromised hosts. Additionally the IP gets published on a public blacklist, which is updated every few minutes and contains IP addresses of hosts which attacked any of our currently 20 hosts (all running OpenBSD or some Linux distribution). The hosts are located all around the world and setup to report and log those attempts to a central database, very similar to all the spam blacklists out there. The newest entries are always added to the top of the lists. An attack is logged as retry if the same IP is logged again at least 48 hours later from the same host or from any other host that reports those attacks. To prevent a too high retry count all hosts that report are within different IP ranges from different providers. Most of our abuse reports come from hosts that were donated to the project from individuals or companies. Without this generous help the project wouldn't be possible! If you like what we are doing and use our service please think about if there is anything you (or your company) can do to help to improve our service even more. You received a mail that your IP is listed here? Delist yourself!

Latest News (taken from Twitter) Wed May 15 14:00:42 2013 UTC: Thank you SysadminSpot (http://t.co/1a5u7f3h01) for donating a virtual server and also for the blog post about us (http://t.co/6BJ8DWg1mX). Wed Apr 10 16:45:41 2013 UTC: Big thanks go to Midas Green Tech (http://t.co/JxYOJ0X7Wh) for supporting us with a virtual server. Sat Apr 06 19:21:24 2013 UTC: All hosts are currently getting updated to have the SMTP ports 25 and 587 monitored for attacks as well. More news ...

Contact: support{AT}openbl{D0T}org OpenBL.org is supported by: Dedicated Servers by ServerPronto Team Cymru Community Services SysadminSpot.com Network Presence Simplec Services BSDVM - BSD Virtual Machines CheapVPS.co.uk - Cheap UK OpenVZ, Xen & KVM VPS Dedicated and Virtual servers by Coolhousing CIX - Cork Internet eXchange Devaus Hetzner JustHost.in.ua - Just quality hosting in Ukraine Midas Green Tech - Colocation and Cloud Services Nick Abal Hosting VPShosting.com.hk - Freedom of Dedicated. Fraction of Cost! Webangel - To push the leading edge of IT, achieving the impossible Website Hosting provided by 34SP.com your.org - Your Source for Internet and E-Business Solutions

The OpenBL.org project (formerly known as the SSH blacklist) is about detecting, logging and reporting various types of internet abuse. Currently our hosts monitor ports 21 (FTP), 22 (SSH), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications. For every logged attack an email is sent out to the contacts listed in the whois record and/or the reverse IP SOA information of the attacking hosts IP address, just a few seconds after the attack or scan started. It is our hope that the responsible administrators use the provided information to quickly secure and clean the misused and probably compromised hosts.

Additionally the IP gets published on a public blacklist, which is updated every few minutes and contains IP addresses of hosts which attacked any of our currently 20 hosts (all running OpenBSD or some Linux distribution). The hosts are located all around the world and setup to report and log those attempts to a central database, very similar to all the spam blacklists out there.

The newest entries are always added to the top of the lists. An attack is logged as retry if the same IP is logged again at least 48 hours later from the same host or from any other host that reports those attacks. To prevent a too high retry count all hosts that report are within different IP ranges from different providers.

Most of our abuse reports come from hosts that were donated to the project from individuals or companies. Without this generous help the project wouldn't be possible! If you like what we are doing and use our service please think about if there is anything you (or your company) can do to help to improve our service even more.