Block Access to Your Web Server, from Exploited Servers, with this Linux APF iptables Firewall Blocklist

FYI: When I read my raw access logs, I see that almost all of the attempts to hack websites are done by seeking already compromised files, or PHP files with known or recently discovered vulnerabilities. PHP files that are used in Wordpress and its plugins are the most targeted files I see in my logs. If you discover that your ip address is included in this blocklist, it might mean that your web space, or the server it's hosted on has been hacked. Or, one of your neighbors using the same hosting company may have been hacked. In either case, I encourage you to check your website to see if any files have been altered without your knowledge to perform redirects to hostile destinations, or to load phishing pages. I often see hackers modifying a website's .htaccess file to force hostile redirects.

The IP addresses and CIDR ranges in these blocklists are for use in Linux APF server firewalls, via included iptables.

Compiled by Wizcrafts Computer Services

Wizcrafts has been publishing .htaccess formatted IP blocklists (a.k.a. blacklists), for Apache-based websites, since 2005. They are used by many webmasters to deny access to spammers, scammers, scrapers, harvesters and server exploiters. Now, due to numerous requests, we are making the same IP blocklists available in a format suitable for use in many software and hardware firewalls, especially those running on Linux based operating systems. These are not advanced policy firewall rules, just straight, one-per-line IP addresses, or CIDRs, that are used in advanced policy firewalls (APF) as includes.

This page is not a tutorial in the use of iptables blocklists; there are plenty available on the 'Net (use the Google searchbox further down the page). The iptables blocklists below are for people who already know how to apply them to their servers, or firewalls. You must have Root access to the server to install these iptables blocklists. If you don't have root access, use our .htaccess blocklists instead.

The following is our exploited servers iptables firewall blocklist. It is currently a work in progress. Use it at your own peril! This will block all access to your server from any IP addresses within the CIDRs listed in the file. Download the zipfile, extract the enclosed text file, then copy, paste and save the blocklist as a plain ascii text file, usually named deny_hosts.rules, then upload it to your Linux server, typically to: "/etc/apf/deny_hosts.rules" Every IP or CIDR listed in the file, one per line, is denied access by default. See How to install APF (Advanced Policy Firewall), for installation details.

This page was last updated on: Sunday, 02-Mar-2025 12:14:47 CST

There are links to our other iptables firewall blocklists here

To use iptables blocklists you must have a dedicated server, or root access to the server. Check out Hostgator's dedicated server plans

Search for other blocklists here:

For webmasters lacking root access to their servers, like shared hosting accounts, we publish .htaccess format blocklists for use on individual Apache-based websites. All you require is FTP or file manager upload access and the ability to unhide and edit your .htaccess file, with "Mod_Access" or "Mod_Authz" Overrides allowed. Learn about our .htaccess blocklists here.

This blocklist is compiled by Wizcrafts Computer Services. © 2025. Use it at your own risk!
No warranties are implied or stated and we are not liable for any problems that may arise from it's use.
Wizcrafts does not provide any blocking services, nor do we track who is using our blocklists.
The IP addresses in these blocklists are subject to change as we learn about them.
Contact us here if you wish to discuss this blocklist.