About

This is a project that is a different approach to security. While rkhunter, clamav, fail2ban are all very useful tools in securing a server it is very interesting to identify where all the nefarious activity is coming from and how it paints a picture of nefarious network traffic. It has three MySQL tables built off of data provided from Microsoft Azure, Digital Ocean and the Country IP Blocks provided by ipdeny.com out of Amsterdam Netherlands. There is an additional table that is referenced that gets built dynamically collecting data from https://whois.arin.net on the fly.

Daily Blacklist came about from managing WordPress sites and becoming aware of two items. The first being that you cannot be sure an end user will use a good password. The second item being that should someone get enough tries on a weak password they will eventually get it. So having the skills to create and dynamic firewall that can update on the fly I decided to start building a firewall built on failed login attempts using the source CIDR of the IP address. As after looking at logs I noticed quite often multiple IP Addresses were being used to fish for the same password.

All of the scripts and current software on this site are developed to work on Rocky Linux 9.x. Although all the bash files and scripts on this site should work on any RedHat (being Rocky Linux is RedHat based) flavor operating system there is no guarantee and you may need to adjust the scripts to work on any other Linux based OS. The backend engine is done in Python to create the files for building the ipset tables. There is also a version of this specifically for email built on log SMTP, IMAP and POP3 log files.

This is going to be an ongoing project until my curiosity is satisfied and I feel it is a completed project. I will be adding more and more references as well as tutorials as needed. For the most part the firewalls will be open source free so use at your own peril.