IBlocklist.com is either dead or a scam? (2024)

pfBlockerNG

8

14

21.0k

Loading More Posts

  • Oldest to Newest
  • Newest to Oldest
  • Most Votes

Reply

  • Reply as topic

Log in to reply

This topic has been deleted. Only users with topic management privileges can see it.

  • A

    AsgardianFW

    last edited by


    I recently decided to pay the $10/yr to iBlocklist.com because I thought it would be worth the money to have access to some of the subscriber only lists. I entered my credit card info and it was processed immediately. However, once I started downloading and analyzing the lists, I discovered they are horribly out of date (even though the timestamp in the compressed files is always current). To verify my suspicion, I actually also signed up for the Squidblacklist.org subscription to compare their actual list with the one provided by iBlocklist.com. To my surprise, I found the lists to differ substantially and the iBlocklist.com list appears to be frozen at some time in the distant past (even though the timestamps continue to update). I found this same phenomenon with many other lists they provide (when compared to the original source). I have tried contacting them multiple times and I have not received any response (and it's been about a week since my last support request with them).

    Does anyone know the story with them? Are they just dead (except for immediately accepting money) or is it really just a scam? Upon Googling them I did find a small number of references of people's credit cards getting "reused" after signing up with them.

    1 ReplyLast reply ReplyQuote0

    • R

      RonpfS

      last edited by


      What would you expect from a site like iblocklist.com that doesn't have forum or blog or news?
      They barely provide Email support :o

      2.4.5-RELEASE-p1 (amd64)
      Intel Core2 Quad CPU Q8400 @ 2.66GHz8GB
      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

      1 ReplyLast reply ReplyQuote0

      • A

        AsgardianFW

        last edited by


        Honestly, my expectation is that when you charge money that you start to provide some level of basic services congruent with the price charged. If everything they provided right now was free, then I'd have no complaints. In fact, I wouldn't have gone with them at all except that squidblacklist.org did call them out specifically (buried deep in the website) as being a "partner" if you just wanted IP addresses of a subset of their lists (…which was my exact need). For $10/yr, my expectation was that they actually provide a list that was no more than 1 week old and NOT truncated. Most of their squidblacklist lists are actually excessively old AND truncated. Also, I don't like how they update the dates on their lists to current values without actually updating the lists. That really looks suspicious in my opinion.

        1 ReplyLast reply ReplyQuote0


        • I was actually going to sign up yesterday since i setup pfBlocker but I decided to hold back on it. A few members shared a few lists they use over on the pfblocker thread so i'm using those for now and so far no complaints.

          1 ReplyLast reply ReplyQuote0

          • R

            RonpfS

            last edited by


            We are still able to fetch iblocklist.com urls in pfsense. It is possible to get the URL from the https://www.iblocklist.com/lists.php site as long as you don' t download any one of them, then they are hidden.
            If you are using PeerBlock 1.2, then you will get the warning about subscribing and the URL might be hidden.

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 ReplyLast reply ReplyQuote0

            • A

              AsgardianFW

              last edited by


              All of the iblocklist.com URLs work for me…they just aren't being updated. Most of the lists can be obtained directly from the original source...which is what I'm doing now and recommend for pfBlocker users. Obviously, the Bluetack lists are old since they went dead a long time ago. The iblocklist.com branded lists are actually quite pathetic and not worth any money. The squidblacklist.org lists would be worth $10/yr but they haven't updated in the 3 weeks since I gave iblocklist.com free money. It actually looks like the squidblacklist lists are several months old, likely more (but I don't have sufficient information to properly date it). In fact, the squidblacklist list from iblocklist.com has tons of legitimate IP's in it while the list directly from squidblacklist.org has long since cleared those IPs out.

              On a different note, I'm quite pleased with squidblacklist.org. I originally got the 1 month subscription just to verify my concerns about iblocklist.com. Unfortunately, they are a tad pricey for home use, but their lists certainly seem comprehensive. I'm seriously contemplating getting a longer subscription with them. (As a side note just in case this isn't obvious, squidblacklist.org provides a list of domains names and not IP's directly. I wrote a utility to convert squidblacklist.org's domains lists into IP lists for use in pfBlocker....as I'm not using pfBlocker's DNSBL feature just yet...just IP blocking).

              1 ReplyLast reply ReplyQuote0

              • S

                simby

                last edited by


                AsgardianFW, can you please share your free list? :)

                1 ReplyLast reply ReplyQuote0

                • A

                  AsgardianFW

                  last edited by


                  The free lists I'm currently using are below. You can check out the individual URL's to see what they target. Please let me know if anyone has any other lists.

                  https://rules.emergingthreats.net/blockrules/compromised-ips.txthttps://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txthttps://www.spamhaus.org/drop/drop.txthttp://feeds.dshield.org/block.txthttps://zeustracker.abuse.ch/blocklist.php?download=ipblocklisthttps://www.spamhaus.org/drop/edrop.txthttp://cinsscore.com/list/ci-badguys.txthttps://palevotracker.abuse.ch/blocklists.php?download=ipblocklisthttps://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txthttps://feodotracker.abuse.ch/blocklist/?download=ipblocklisthttps://sslbl.abuse.ch/blacklist/sslipblacklist.csvhttps://sslbl.abuse.ch/blacklist/dyre_sslipblacklist.csvhttp://danger.rulez.sk/projects/bruteforceblocker/blist.phphttp://www.openbl.org/lists/base.txthttps://labs.snort.org/feeds/ip-filter.blfhttp://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txthttps://reputation.alienvault.com/reputation.generichttps://lists.blocklist.de/lists/all.txt

                  By far, the Squidblacklist.org Malicious list is the largest and most aggressive. Below are my IP counts from pfBlocker after aggregation. Note that Squidblacklist reduces the effective size of the other free lists because it is so massive. I don't have a log output from when I wasn't using the Squidblacklist malicious list.

                   121994 total 72571 /var/db/pfblockerng/deny/SquidBL_Malicious.txt 14867 /var/db/pfblockerng/deny/Alienvault.txt 12290 /var/db/pfblockerng/deny/Blocklist_de.txt 11240 /var/db/pfblockerng/deny/Ransomeware_Block.txt 4595 /var/db/pfblockerng/deny/OpenBL.txt 3172 /var/db/pfblockerng/deny/Snort_BL.txt 784 /var/db/pfblockerng/deny/Spamhaus_Drop.txt 780 /var/db/pfblockerng/deny/BruteForceBlocker.txt 665 /var/db/pfblockerng/deny/Feodo_Block.txt 557 /var/db/pfblockerng/deny/CI_Army_List.txt 149 /var/db/pfblockerng/deny/BBC_BL.txt 123 /var/db/pfblockerng/deny/Zeus_Block.txt 60 /var/db/pfblockerng/deny/ET_Compromised.txt 57 /var/db/pfblockerng/deny/Spamhaus_EDrop.txt 54 /var/db/pfblockerng/deny/SSL_IP_Block.txt 20 /var/db/pfblockerng/deny/DShield_Block.txt 6 /var/db/pfblockerng/deny/Dyre_SSL_IP_Block.txt 4 /var/db/pfblockerng/deny/Paelvo_Block.txt

                  Also note that since I'm using Snort and Emerging Threats lists in pfBlocker, I do not include those rules in Snort and Suricata for efficiency.

                  1 ReplyLast reply ReplyQuote0

                  • B

                    BBcan177Moderator

                    last edited by


                    I have seen a lot of issues with IBlock. There are a lot of other feeds available. I posted a script to import approx 50 different feeds in the pfBlockerNG thread. Its a little dated and a few have since changed.

                    IBlock also uses mirrors for their feeds. So the issue that you post here, could just be that one mirror is having issues and not updating its files appropriately… Not to say that its not being updated, but just an observation.

                    IBlock at times tends to list RFC1918 addresses, 127.0.0.1 and someone recently noticed that the Level3 list contained 88.119.179[.]160/1 . So when packet fence sees a /1, it changes that to 0.0.0.0 which ultimately wrecked the network :)

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177 #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 ReplyLast reply ReplyQuote0

                    • A

                      AsgardianFW

                      last edited by


                      They may have mirror trouble but Bluetack comprises a bulk of their lists and they have been dead for literally years now so there is no way that the Bluetack lists can be updated. I would definitely not use any of the Bluetack lists because of this reason.

                      I used your old lists for inspiration. I weeded out the dead ones and looked at the others to learn what their intended purpose was and then weeded out the ones that didn't seem effective for me. Also, one of the downsides of the forum format is finding an updated/current list of blocklists through literally hundreds/thousands of posts. pfBlocker is so powerful, it almost needs its own website for updated instructions, tutorials, and resources (as if BBcan177 didn't have enough to do already). :)

                      On a side note, I noticed that even squidblacklist.org's lists have domains that literally resolve to 0.0.0.0.

                      1 ReplyLast reply ReplyQuote0

                      • B

                        bsmith

                        last edited by


                        I think these guys do a good job of merging a lot of the block lists: http://iplists.firehol.org

                        1 ReplyLast reply ReplyQuote0

                        • R

                          RonpfS

                          last edited by


                          Firehol updates only once a day at midnight.

                          When possible, use a list from the source and avoid the middleman.
                          Most iblocklist (shadowed from other sites) shadowed on firehol.org are "older".

                          Iblocklist was mostly to provide bluetack anti-p2p list for peerguardian and peerblock. I didn't see any anti-p2p list on firehol.

                          2.4.5-RELEASE-p1 (amd64)
                          Intel Core2 Quad CPU Q8400 @ 2.66GHz8GB
                          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                          1 ReplyLast reply ReplyQuote0

                          • K

                            ktsaou

                            last edited by


                            Hi all,

                            I maintain iplists.firehol.org.

                            As said, you should always use IP lists directly from their sources. This is why I have provided the means to do so. The program that downloads the ip lists and maintains the site http://iplists.firehol.org is open source. Check the wiki at the site. Just a cron job and you are done. This is not FireHOL specific. It should work on any unix with BASH.

                            The IP Lists on the site are updated every 9 minutes.

                            The iBlocklist anti-p2p list is this: http://iplists.firehol.org/?ipset=iblocklist_level1
                            The name Bluetack has been removed from it, since we got several complaints (check the closed issues on github).

                            As you can see on the site, the maintainer updates this list on the average every 15 days.

                            Thanks!

                            EDIT: fixed a typo.

                            1 ReplyLast reply ReplyQuote0

                            • J

                              jawz101

                              last edited by


                              @ktsaou:

                              Hi all,

                              I maintain iplists.firehol.org.

                              As you can see on the site, the maintainer updates this list on the average every 15 days.

                              Thanks!

                              EDIT: fixed a typo.

                              So, ktsaou. Whaddya think of this whole pfBlocker/grepCIDR/reputation blocker thing going on here?

                              edit: brevity

                              1 ReplyLast reply ReplyQuote0

                              • First post

                                Last post

                              IBlocklist.com is either dead or a scam? (2024)

                              References

                              Top Articles
                              Latest Posts
                              Article information

                              Author: Prof. An Powlowski

                              Last Updated:

                              Views: 6389

                              Rating: 4.3 / 5 (44 voted)

                              Reviews: 83% of readers found this page helpful

                              Author information

                              Name: Prof. An Powlowski

                              Birthday: 1992-09-29

                              Address: Apt. 994 8891 Orval Hill, Brittnyburgh, AZ 41023-0398

                              Phone: +26417467956738

                              Job: District Marketing Strategist

                              Hobby: Embroidery, Bodybuilding, Motor sports, Amateur radio, Wood carving, Whittling, Air sports

                              Introduction: My name is Prof. An Powlowski, I am a charming, helpful, attractive, good, graceful, thoughtful, vast person who loves writing and wants to share my knowledge and understanding with you.