Block Access to Your Web Server with a Linux APF iptables Firewall Blocklist
The IP addresses and CIDR ranges in these blocklists are for use in Linux APF server firewalls, via included iptables.
Compiled by Wizcrafts Computer Services (see website links in footer)
Wizcrafts has been publishing .htaccess formatted IP blocklists (a.k.a. blacklists), for Apache-based websites, since 2005. They are used by many webmasters to deny access to spammers, scammers, scrapers, harvesters and server exploiters. Now, due to numerous requests, we are making the same IP blocklists available in a format suitable for use in many software and hardware firewalls, especially those running on Linux based operating systems. These are not advanced policy firewall rules, just straight, one-per-line IP addresses, or CIDRs, that are used in advanced policy firewalls (APF) as includes.
This page is not a tutorial in the use of these blocklists; there are plenty available on the 'Net (use the searchbox below). You can visit R-FX Networks for details about their APF project. The blocklists linked to below are for people who already know how to apply them to their servers, or firewalls. You must have Root access to the server to install these iptables blocklists.
Here are links to our iptables blocklists:
Chinese iptables blocklist |
Exploited servers iptables blocklist † |
Nigerian iptables blocklist |
Russian iptables blocklist |
South American (LACNIC) iptables blocklist
Last updated: Chinese + Exploited Servers Blocklist(s) on Sunday, 19-May-2013 09:20:06 MDT
The Exploited Servers iptables blocklist contains CIDRs belonging to dozens of popular web hosts and dedicated server companies. Your server may already be covered by this blocklist. Follow the instructions below to determine your website's ip address and corresponding CIDR, before you apply this APF blocklist. You do not want to block access to your own server, with a firewall rule.
There are a number of ways to determine the IP address of a web server. Any website that uses cPanel will usually display your website's ip address, in the left sidebar, when you log into your cPanel. If your web control panel doesn't show your ip address, use your PC to find it. If your computer is Windows based, or otherwise has the PING, TRACERT, or NSLOOKUP commands, either of those will show the IP address of the web server that hosts your website. Just open a Command Window and type in: ping example.com and press Enter, changing example.com to your website's domain name. Ping is a fast way to get a website's IP address, but it may fail to get it if the domain is a parked domain name. In that case you can use tracert example.com, substituting your domain name for example.com. The IP will appear at the start and finish of the trace. Nslookup, if you have it, is also a fast way to get a website's IP. In a Command window, type nslookup example.com (substitute your domain) and press Enter.
Make a note of your web server's IP, or highlight it in the command window and press Enter to copy it, then visit Domaintools.com and type, or paste that ip into the Whois Lookup search box and press enter. Look at the results to see if a CIDR range is shown that includes your server (A CIDR looks like this: 22.214.171.124/16). If a CIDR is shown in the Whois lookup, check the blocklist to see if yours is included in that list. If it is and you apply that iptables blocklist to the server's firewall, you and your hosting customers may be blocked from accessing your own server, so remove that CIDR before applying the blocklist, or create an Allow rule in your APF firewall, to permit your server's IP address through. Close this section and proceed
For webmasters lacking root access to their servers, we publish .htaccess format blocklists, for use on individual Apache-based websites. All you require is FTP or file manager upload access and the ability to see unhide and edit your .htaccess file, with
Mod_Access "mod_authz_host" overrides.
We can create custom blocklists for Linux/Apache based websites, based on your particular needs, at reasonable hourly rates. If you want to hire us to create a custom blocklist, or install a .htaccess blocklist on your server for you, contact us through our Webmaster Services contact form.
This blocklist is compiled and maintained by Wizcrafts Computer Services. Use it at your own risk.
No warranties are implied or stated and we are not liable for any problems that may arise from it's use.
We provide Webmaster and website security consulting services on a freelance paid basis.
This page was last updated on: Sunday, 19-May-2013 09:20:06 MDT
If you wish to contribute new IP addresses to this list, or hire us install a custom .htaccess file for you, please contact us via our Webmaster inquiries form.