[TOOL] IP BlackHole

Just a new project. Nothing big.


Is an IP blacklist that uses multiple sensors to identify network attacks (e.g. SSH brute force) and spam incidents. All reports are evaluated and in case of too many incidents the responsible IP holder is informed to solve the problem.

P.S.: If you have some idle servers or can sponsor us a server, please mail us at [email protected]

🚫 ALL IPs:


How to use?

To get a fresh and ready-to-deploy auto-ban list of “bad IPs” you can run:

sudo su
apt-get -qq install iptables ipset
ipset -q flush blackhole
ipset -q create blackhole hash:net
for ip in $(curl --compressed https://ip.blackhole.monster/blackhole-today 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add blackhole $ip; done
iptables -D INPUT -m set --match-set blackhole src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set blackhole src -j DROP

Version: 0.4-βeta :fire:
Added #6 new server - :netherlands: Netherlands

1 Like

Version: 0.5-βeta :fire:
Added #7 new server - :de: Germany

1 Like

Version: 0.6-βeta :fire:
Added #8 new server - :singapore: Singapore

1 Like

Version: 0.7-βeta :fire:
Added #9 new server - :australia: Australia

1 Like

Version: 0.8-βeta :fire:
Added #10 new server - :fr: France

1 Like

2023 April 16
Version: 0.15-βeta :fire:

  • Added #11 new server - :uk: Great Britain
  • Added #12 new server - :canada: Canada
  • Added #13 new server - :netherlands: Netherlands
  • Added #14 new server - :us: United States

2023 April 15
Version: 0.14-βeta :fire:

  • When searching now the output is sorted properly, newest attacks at the top

2023 April 15
Version: 0.13-βeta :fire:

  • When searching for IP you can now see which server is sponsored
  • Clicking to the sponsor favicon will take you to our page /sponsors

2023 April 15
Version: 0.12-βeta :fire:

  • Created new page for Sponsors
    → /sponsors
  • Got our first sponsor - IncogNet.io
    → Server #13 - :netherlands: Netherlands
    → Server #14 - :us: United States

2023 April 15
Version: 0.11-βeta :fire:

  • Page ASNs moved to IPs
    → /ips
  • Created new page for ASNs
    → /asns
    → Possible to filter the ASN by name to get all the IPs logged

2023 April 15
Version: 0.10-βeta :fire:

  • Created this changelog page :blush:
    → /changelog

2023 April 15
Version: 0.9-βeta :fire:

  • Upgraded the main server
    → 2 CPU cores to 4 CPU cores
    → 4 GB RAM to 8 GB RAM
    → HDD to SSD
  • Search for IP should also be little faster
1 Like

2023 April 16
Version: 0.16-βeta :fire:

  • Got our second sponsor - Albanian Hosting SH.P.K.
    → Server #15 - :albania: Albania

Thanks goes out to @AlbaHost :slight_smile:

1 Like

Can someone contribute to this?
I was bored and I added https://www.abuseipdb.com/ to a bunch of machines.

After I asked for the rate limited to be raised, because I consistently hit, but I was told to fuck off.
So I ditched it.


I just have a question. Will it conflict with CSF or any WAF? How does it recognise abusing IP? and if we can put it over Virtualization host to protect a whole set of VMs?

1 Like

hi :slight_smile:

what we provide is just 2 lists of IPs (All and today) and how you gonna use it is up to you (you can parse the IPs and reformat the list as you wish if you need to import it for example to some other software).

the first post is just a sample of ipset how to run it if you dont wanna spend more time.

we listening on various ports and let malicious IPs to login and play on our honeypots.

1 Like

2023 April 18
Version: 0.20-βeta :fire:

  • Removed /tcpdump old page
  • Created new TcpDump page
    → Logging the network to see what is going on.
    → tcpdump.blackhole.monster
  • Added #1 new server (tcpdump) - :luxembourg: Luxembourg
  • Added #2 new server (tcpdump) - :azerbaijan: Azerbaijan
  • Added #3 new server (tcpdump) - :ukraine: Ukraine
1 Like

2023 April 19
Version: 0.21-βeta :fire:

  • Added new IP blacklist (list contains only IP from attack not older than 15 days)
    → /blackhole-15days
  • Added new IP blacklist (list contains only IP from attack not older than 30 days)
    → /blackhole-30days
1 Like

2023 April 21
Version: 0.22-βeta :fire:

  • Added #16 new server - :moldova: Moldova
  • Added #17 new server - :armenia: Armenia
  • Added #18 new server - :poland: Poland
1 Like

ConfigServer Security and Firewall (CSF)

Edit CSF blocklist file:
nano /etc/csf/csf.blocklists

Navigate to the end of the file and append the following:
# IP.blackhole.monster blacklist

After you finish editing the file, save it and restart CSF and lfd using:
csf -ra

Check the log file to ensure that the blacklist was added correctly:
cat /var/log/lfd.log
1 Like

2023 April 23
Version: 0.23-βeta :fire:

  • Added #19 new server - :india: India
  • Added #20 new server - :south_africa: South Africa
1 Like

2023 April 25 Version: 0.25-βeta :fire:

  • Added #21 new server - :mexico: Mexico
  • Added #22 new server - :brazil: Brazil
  • Added #23 new server - :chile: Chile
  • Added #24 new server - :nigeria: Nigeria

2023 April 24 Version: 0.24-βeta :fire:

  • Created main page - blackhole.monster
1 Like