Add additional sources to IPFire blocklist feature

Welcome back @Timf :slight_smile:
Many thanks for your detailed explanation, I will follow it and post some lists below for discussion before submitting it.

Interesting that Abuse.ch went or is going commercial very soon. so it makes sense to have option.
@jon There used to be plenty of open and well maintained lists, but they either went commercial or abandoned. But here are some I recently found and used in addition to the ones already in the addon:

1- This list contains Common DoH servers and I think it is useful in cases when clients are circumventing IPFire’s DNS server.
It doesn’t mention a Licence. In terms of update checks I think Github is pretty forgiving for update checks if done in a “random” pattern or intervals.

https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt

2- 3CoreSec Blacklist - they share threats from their honeypot projects
https://blacklist.3coresec.net/lists/all.txt

3coresec lists are under GNU Affero General Public License
https://www.gnu.org/licenses/agpl-3.0.en.html
3coresec doesn’t mention update check terms.

The "ALL list "above is combined from these specific lists

3- Hosts involved in SSH brute-force
https://blacklist.3coresec.net/lists/ssh.txt

4-Hosts involved in mass scanning and/or exploitation attempts
https://blacklist.3coresec.net/lists/misc.txt

5-Hosts involved in HTTP brute-force and/or enumeration
https://blacklist.3coresec.net/lists/http.txt

6 Likes