{"id":21898328,"url":"https://github.com/aetherinox/blocklists","last_synced_at":"2026-02-17T19:37:02.395Z","repository":{"id":260081335,"uuid":"879054548","full_name":"Aetherinox/blocklists","owner":"Aetherinox","description":"Firewall / Host blocklists / ipsets which include blocks against privacy invaders, brute-force / port scanners, geographical continent \u0026 country databases. Support for BT Transmission. Updated multiple times a day.","archived":false,"fork":false,"pushed_at":"2025-10-16T12:41:52.000Z","size":218645,"stargazers_count":33,"open_issues_count":2,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-10-17T02:23:17.573Z","etag":null,"topics":["abuses","blocklists","geo-blocking","geographical","geolite","geolite2","geolite2-country","geolite2-country-database","geolite2-database","hosts","hostsfile","ipset","ipset-data","ipset-dns","ipset-lists","ipset-rules","ipsets","malware","opnsense","transmission"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Aetherinox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://buymeacoffee.com/aetherinox"],"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null}},"created_at":"2024-10-26T20:56:00.000Z","updated_at":"2025-10-16T12:41:59.000Z","dependencies_parsed_at":"2025-09-25T15:23:34.975Z","dependency_job_id":"bfcd9999-ab42-4fae-ba6c-79142c7fe5ec","html_url":"https://github.com/Aetherinox/blocklists","commit_stats":null,"previous_names":["aetherinox/blocklists"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Aetherinox/blocklists","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fblocklists","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fblocklists/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fblocklists/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fblocklists/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Aetherinox","download_url":"https://codeload.github.com/Aetherinox/blocklists/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fblocklists/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29555651,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T18:16:07.221Z","status":"ssl_error","status_checked_at":"2026-02-17T18:16:04.782Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abuses","blocklists","geo-blocking","geographical","geolite","geolite2","geolite2-country","geolite2-country-database","geolite2-database","hosts","hostsfile","ipset","ipset-data","ipset-dns","ipset-lists","ipset-rules","ipsets","malware","opnsense","transmission"],"created_at":"2024-11-28T14:25:56.866Z","updated_at":"2026-02-17T19:36:57.385Z","avatar_url":"https://github.com/Aetherinox.png","language":null,"funding_links":["https://buymeacoffee.com/aetherinox"],"categories":[],"sub_categories":[],"readme":"\n\u003cdiv align=\"center\"\u003e\n\nšŸ•™ `Last Sync: 10/06/2025 12:15 UTC`\n\n\u003c/div\u003e\n\n---\n\n\u003cbr /\u003e\n\n- [About](#about)\n - [ā˜… Severity Rating ā˜…](#-severity-rating-)\n- [Main Lists](#main-lists)\n- [Privacy Lists](#privacy-lists)\n- [Spam Lists](#spam-lists)\n- [Geographical (Continents \\\u0026 Countries)](#geographical-continents--countries)\n- [Transmission (BitTorrent Client)](#transmission-bittorrent-client)\n- [Install](#install)\n - [ConfigServer Firewall Users](#configserver-firewall-users)\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n# About\nThis repository contains a collection of dynamically updated blocklists which can be utilized to filter out traffic from communicating with your server.\n\n\u003cbr /\u003e\n\nThese blocklists can be used with:\n- ConfigServer Firewall\n- FireHOL\n- Crowdsec\n- Transmission (BitTorrent Client)\n- OPNsense\n- Many others\n\n\u003cbr /\u003e\n\nBlocklist and statistics are updated daily, and some are updated multiple times a day depending on the category of blocklist. Others may only update once per day depending on how often they refresh.\n\n\u003cbr /\u003e\n\n## ā˜… Severity Rating ā˜…\nThe **Severity Rating** is a column shown below for each blocklist. This score is calculated depending on how many \"abusive\" IP addresses exist within that ipset file.\n\n\u003cbr /\u003e\n\nAs an example, the **Cloudflare CDN** has a score of `ā˜…ā˜…ā˜…āšāš 3 or higher`, due to the fact that many people are reporting that servers hosted by Cloudflare seem to be involved in a lot of abusive activity such as port scanning and SSH bruteforce attacks. The more reports that the Ips in the Cloudflare file have, the higher the severity rating will rise. This score is based on the mean (average) report history of all IPs in the list.\n\n\u003cbr /\u003e\n\nThis rating is calculated once a day.\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n# Main Lists\nThese are the primary lists that most people will be interested in. They contain a large list of IP addresses which have been reported recently for abusive behavior. These statistics are gathered from numerous websites such as [AbuseIPDB](https://abuseipdb.com/) and [IPThreat](https://ipthreat.net/). IPs on this list have a 100% confidence level, which means you should get no false-positives from any of the IPs in these lists. IP addresses in these lists have been flagged for engaging in the following:\n\n- SSH Bruteforcing\n- Port Scanning\n- DDoS Attacks\n- IoT Targeting\n- Phishing\n\n\u003cbr /\u003e\n\nFor the majority of people, using the blocklists `master.ipset` and `highrisk.ipset` will be all you need. It is a massive collection, all with a 100% confidence level, which means you should get none or minimal false positives. \n\n\u003cbr /\u003e\n\n| Set Name | Description | Severity | View |\n| --- | --- | --- | --- |\n| `master.ipset` | \u003csub\u003eAbusive IP addresses which have been reported for port scanning and SSH brute-forcing. HIGHLY recommended. \u003cbr\u003e Includes [AbuseIPDB](https://www.abuseipdb.com/), [IPThreat](https://ipthreat.net/), [CinsScore](https://cinsscore.com), [GreensNow](https://blocklist.greensnow.co/greensnow.txt)\u003c/sub\u003e | ā˜…ā˜…ā˜…ā˜…ā˜… | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/master.ipset) |\n| `highrisk.ipset` | \u003csub\u003eIPs with highest risk to your network and have a possibility that the activity which comes from them are going to be fraudulent.\u003c/sub\u003e | ā˜…ā˜…ā˜…ā˜…ā˜… | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/highrisk.ipset) |\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n# Privacy Lists\nThese blocklists give you more control over what 3rd party services can access your server, and allows you to remove bad actors or services hosting such services.\n\n\u003cbr /\u003e\n\n| Set | Description | Severity | View |\n| --- | --- | --- | --- |\n| `privacy_general.ipset` | \u003csub\u003eServers which scan ports for data collection and research purposes. List includes [Censys](https://censys.io), [Shodan](https://www.shodan.io/), [Project25499](https://blogproject25499.wordpress.com/), [InternetArchive](https://archive.org/), [Cyber Resilience](https://cyberresilience.io), [Internet Measurement](https://internet-measurement.com), [probe.onyphe.net](https://onyphe.net), [Security Trails](https://securitytrails.com) \u003c/sub\u003e | ā˜…ā˜…ā˜…ā˜…āš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_general.ipset) |\n| `privacy_ahrefs.ipset` | \u003csub\u003eAhrefs SEO and services\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/privacy/privacy_ahrefs.ipset) |\n| `privacy_amazon_aws.ipset` | \u003csub\u003eAmazon AWS\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_amazon_aws.ipset) |\n| `privacy_amazon_ec2.ipset` | \u003csub\u003eAmazon EC2\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_amazon_ec2.ipset) |\n| `privacy_applebot.ipset` | \u003csub\u003eApple Bots\u003c/sub\u003e | ā˜…ā˜…ā˜…āšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_applebot.ipset) |\n| `privacy_bing.ipset` | \u003csub\u003eMicrosoft Bind and Bing Crawlers / Bots\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_bing.ipset) |\n| `privacy_bunnycdn.ipset` | \u003csub\u003eBunny CDN\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_bunnycdn.ipset) |\n| `privacy_cloudflarecdn.ipset` | \u003csub\u003eCloudflare CDN\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_cloudflarecdn.ipset) |\n| `privacy_cloudfront.ipset` | \u003csub\u003eCloudfront DNS\u003c/sub\u003e | ā˜…āšāšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_cloudfront.ipset) |\n| `privacy_duckduckgo.ipset` | \u003csub\u003eDuckDuckGo Web Crawlers / Bots\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_duckduckgo.ipset) |\n| `privacy_facebook.ipset` | \u003csub\u003eFacebook Bots \u0026 Trackers\u003c/sub\u003e | ā˜…ā˜…ā˜…āšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_facebook.ipset) |\n| `privacy_fastly.ipset` | \u003csub\u003eFastly CDN\u003c/sub\u003e | ā˜…āšāšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_fastly.ipset) |\n| `privacy_google.ipset` | \u003csub\u003eGoogle Crawlers\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_google.ipset) |\n| `privacy_pingdom.ipset` | \u003csub\u003ePingdom Monitoring Service\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_pingdom.ipset) |\n| `privacy_rssapi.ipset` | \u003csub\u003eRSS API Reader\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_rssapi.ipset) |\n| `privacy_stripe_api.ipset` | \u003csub\u003eStripe Payment Gateway API\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_stripe_api.ipset) |\n| `privacy_stripe_armada_gator.ipset` | \u003csub\u003eStripe Armada Gator\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_stripe_armada_gator.ipset) |\n| `privacy_stripe_webhooks.ipset` | \u003csub\u003eStripe Webhook Service\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_stripe_webhooks.ipset) |\n| `privacy_telegram.ipset` | \u003csub\u003eTelegram Trackers and Crawlers\u003c/sub\u003e | ā˜…ā˜…ā˜…āšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_telegram.ipset) |\n| `privacy_uptimerobot.ipset` | \u003csub\u003eUptime Robot Monitoring Service\u003c/sub\u003e | ā˜…āšāšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_uptimerobot.ipset) |\n| `privacy_webpagetest.ipset` | \u003csub\u003eWebpage Test Services\u003c/sub\u003e | ā˜…ā˜…āšāšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/privacy/privacy_webpagetest.ipset) |\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n# Spam Lists\nThese blocklists allow you to remove the possibility of spam sources accessing your server.\n\n\u003cbr /\u003e\n\n| Set | Description | Severity | View |\n| --- | --- | --- | --- |\n| `spam_forums.ipset` | \u003csub\u003eList of known forum / blog spammers and bots\u003c/sub\u003e | ā˜…ā˜…ā˜…āšāš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/spam/spam_forums.ipset) |\n| `spam_spamhaus.ipset` | \u003csub\u003eBad actor IP addresses registered with Spamhaus\u003c/sub\u003e | ā˜…ā˜…ā˜…ā˜…āš | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/spam/spam_spamhaus.ipset) |\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n# Geographical (Continents \u0026 Countries)\nThese blocklists allow you to determine what geographical locations can access your server. These can be used as either a whitelist or a blacklist. Includes both **continents** and **countries**.\n\n\u003cbr /\u003e\n\n| Set | Description | Severity | View |\n| --- | --- | --- | --- |\n| `GeoLite2 Database` | \u003csub\u003eLists IPs by continent and country from GeoLite2 database. Contains both IPv4 and IPv6 subnets\u003c/sub\u003e | ā˜…ā˜…ā˜…ā˜…ā˜… | [view](https://dev.maxmind.com/geoip/geolite2-free-geolocation-data/) |\n| `Ip2Location Database` | \u003csub\u003eComing soon\u003c/sub\u003e | ā˜…ā˜…ā˜…ā˜…ā˜… | [view](https://lite.ip2location.com/database-download) |\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n# Transmission (BitTorrent Client)\nThis section includes blocklists which you can import into the [bittorrent client Transmission](https://transmissionbt.com/).\n\n\u003cbr /\u003e\n\n- In this repo, copy the direct URL to the Transmission blocklist, provided below:\n - https://github.com/Aetherinox/blocklists/raw/main/blocklists/transmission/blocklist.gz\n- Open your Transmission application; depending on the version you run, do ONE of the follow two choices:\n - Paste the link to Transmission \u003e Settings \u003e Peers \u003e Blocklist\n - Paste the link to Transmission \u003e Edit \u003e Preferences \u003e Privacy \u003e Enable Blocklist\n\n\u003cbr /\u003e\n\n| Set | Description | Severity | View | Website |\n| --- | --- | --- | --- | --- |\n| `bt-transmission` | \u003csub\u003eA large blocklist for the BitTorrent client [Transmission](https://transmissionbt.com/)\u003c/sub\u003e | ā˜…ā˜…ā˜…ā˜…ā˜… | [view](https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/transmission/blocklist.ipset) | [view](https://transmissionbt.com/) |\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n# Install\n\nThis section explains how to use these blocklists within particular software titles.\n\n\u003cbr /\u003e\n\n## ConfigServer Firewall Users\n\nThis repository contains a set of ipsets which are automatically updated every `6 hours`. You may add these sets to your ConfigServer Firewall `/etc/csf/csf.blocklists` with the following new line:\n\n```\nCSF_MASTER|86400|0|https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/master.ipset\nCSF_HIGHRISK|86400|0|https://raw.githubusercontent.com/Aetherinox/blocklists/main/blocklists/highrisk.ipset\n```\n\n\u003cbr /\u003e\n\nThe format for the above lines are `NAME|INTERVAL|MAX_IPS|URL`:\n\n- **NAME**: List name with all uppercase alphabetic characters with no spaces and a maximum of 25 characters - this will be used as the iptables chain name\n- **INTERVAL**: Refresh interval to download the list, must be a minimum of 3600 seconds (an hour).\n - `86400` (one day / 24 hours) should be more than enough\n- **MAX_IPS**: This is the maximum number of IP addresses to use from the list, a value of 0 means all IPs. \n - If you add an ipset with 50,000 IPs, and you set this value to 20,000; then you will only block the first 20,000.\n- **URL**: The URL to download the ipset from\n\n\u003cbr /\u003e\n\n\u003e [!NOTE]\n\u003e If you have not modified the settings of ConfigServer Firewall; the `MAX_IPS` value is limited by the setting `LF_IPSET_MAXELEM` which has a maximum value of `65536` IPs; even if you set the value in your lists above to 0, or anything above 65536.\n\u003e\n\u003e To allow for higher numbers of blocked IPs in an ipset; you must edit your CSF config file located in `/etc/csf/csf.conf` and set the setting `LF_IPSET_MAXELEM` to something higher than `65536`:\n\u003e ```ini\n\u003e # old value\n\u003e # LF_IPSET_MAXELEM = \"65536\"\n\u003e LF_IPSET_MAXELEM = \"4000000\"\n\u003e ```\n\u003e\n\u003e This setting can also be modified through the ConfigServer Firewall Admin WebUI if you have it installed.\n\n\u003cbr /\u003e\n\nOnce you have added the line(s) above; you will need to give ConfigServer Firewall and LFD a restart.\n\n```shell\nsudo csf -ra\n```\n\n\u003cbr /\u003e\n\nYou can confirm that the ipset is installed by running the command:\n\n```shell\nsudo ipset --list -n\n```\n\n\u003cbr /\u003e\n\nThe above command will list all existing ipsets running on your firewall. As you can see in the list below; we have `bl_CSF_HIGHRISK`, `bl_6_CSF_HIGHRISK`, `bl_CSF_MASTER`, and `bl_6_CSF_MASTER`. Which are the lists we loaded above.\n\n```console\nchain_DENY\nchain_6_DENY\nchain_ALLOW\nchain_6_ALLOW\nbl_CSF_HIGHRISK\nbl_6_CSF_HIGHRISK\nbl_CSF_MASTER\nbl_6_CSF_MASTER\n```\n\n\u003cbr /\u003e\n\nTo view all of the IPs in a specified ipset / list, run:\n\n```shell\n$ sudo ipset --list bl_CSF_HIGHRISK\n\nName: bl_CSF_HIGHRISK\nType: hash:net\nRevision: 7\nHeader: family inet hashsize 1024 maxelem 4000000 bucketsize 12 initval 0x5f263e28\nSize in memory: 24024\nReferences: 1\nNumber of entries: 630\nMembers:\nXX.XX.XX.XXX\nXX.XX.XX.XXX\n[ ... ]\n```\n\n\u003cbr /\u003e\n\nIf you modified the ConfigServer Firewall setting `LF_IPSET_MAXELEM` _(explained in the note above)_, you will see the new max limit value listed next to `maxelem`.\n\n```shell\nHeader: family inet hashsize 1024 maxelem 4000000 \n```\n\n\u003cbr /\u003e\n\n\u003e [!NOTE]\n\u003e If you decide to use the blocklist `master.ipset`, you must ensure you increase the value of the setting `LF_IPSET_MAXELEM` in the file `/etc/csf/csf.conf` to at least `400000`.\n\u003e \n\u003e On average, the `master.ipset` list normally contains `392,000` blocked IP addresses.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faetherinox%2Fblocklists","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faetherinox%2Fblocklists","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faetherinox%2Fblocklists/lists"}