Alienvault and EDROP Blocklists are gone

Alienvault blocklist is confirmed dead since 2022

Suddenly, I have been seeing too many strange messages about EDROP

 ipblocklist:  <ERROR> Could not update SPAMHAUS_EDROP blocklist - Unexpected error! 
 ipblocklist:  <INFO> Skipping SPAMHAUS_EDROP blocklist - It has not been modified!

And I can confirm by looking at the SPAMHAUS_EDROP.conf flle that there were no updates since 2024 April 09

This announcement also confirms my suspicion

From April 10th, 2024, Spamhaus eDROP (Extended Don’t Route Or Peer) data will be consolidated into the DROP lists, meaning eDROP will no longer be published separately. 

Another confirmation , newest EDROP file

; This list has been merged into
; Spamhaus EDROP List 2024/04/18 - (c) 2024 The Spamhaus Project
; Last-Modified: Thu, 18 Apr 2024 13:00:14 GMT
; Expires: Fri, 19 Apr 2024 13:00:14 GMT

I am currently working on a patch to remove alienvault for cu186.

I will also add the removal of edrop to the patch.



Perhaps you could consider adding these:

  1. **SSLBL Botnet C2 IP Blacklist (IPs only) **

  1. 3CoreSec Blacklist - ALL -
The "All" list could be fine tuned with these lists, in case anyone is interested
2a. - 3Coresec Hosts involved in **SSH brute-force**
[ ](

2b. -Hosts involved in **mass scanning** and/or exploitation attempts
[ ](

2c. -Hosts involved in **HTTP brute-force** and/or enumeration
[ ](

@bonnietwin May I ask, when your patch is released, does it then show up in the pakfire list? Or how does one apply such a patch, please?

The patch set (it consists of three separate patches) has been merged into the IPFire git repository next branch. This means that the patch will be part of Core Update 186 when it is released.;a=shortlog;h=refs/heads/next

You don’t have to do anything, it will be applied as part of the upgrade from CU185 to CU186.

@bonnietwin Ah I see, thank you so much,sir!

If you have enabled the “Hostile” filtering in the firewall options you also not need additional enable “SPAMHAUS DROP” ip list because the IPFire location database also include the data from Spamhaus drop.