06.13
Currently we have 3 RBLDNS-Server which have the Attacker-IPs listen from the last 48 Hours after the last Attack in some Categories:
http://www.blocklist.de/en/rbldns.html
| Name / URL | Description / Content |
| apache.bl.blocklist.de | Apache, RFI, w00tw00t, SQL-Injection, Forum-Spam + http://honeystats.info/ |
| bruteforcelogin.bl.blocklist.de | All IPs, which attacks Joomla, WordPress and other Web-Logins with Brute-Force |
| bl.blocklist.de | All IP-Addresses (all Services) |
| all.bl.blocklist.de | All IP-Addresses (all Services) |
| ftp.bl.blocklist.de | FTP -> only IP’s there runs FTP Brute-Force-Attacks. |
| imap.bl.blocklist.de | imap, pop3, sasl, webmail-Logins…. |
| mail.bl.blocklist.de | mail/postfix, 5xx-Errors (Blacklist-Entrys), Relaying… |
| ssh.bl.blocklist.de | IPs there runs SSH-Attacks. |
| sip.bl.blocklist.de | IPs, who has try Sip/Asterisk Brute-Force-Login-Attacken. |
On the usa-Server we have active the rbldns-Stats. The rbldns generate the Count of Queries, Count of Matches and the Bytes which have received and send.
The RBL-Server gets each 10 Minutes a summery of:
19 M Queries
1 M matches
The value varies on the Weekend and Attack-Runs.
Also the RBL-Servers returns in the TXT-Record the Service-Name like „ssh“ and the Unixtimestamp of last reported Attack:
Infected System (Service: apacheddos, Last-Attack: 1370990468), see http://www.blocklist.de/en/view.html?ip=$ip
In time to time, there was over 20.000 IPs in the complete List listen.