On 23/06/2022 10:24, Jeroen Massar via anti-abuse-wg wrote:
Use block lists like https://www.spamhaus.org/xbl/ to make your life a bit easier; but, do not outright block, use them ala Spamassassin as one of many inputs to rank if an IP is likely to be good or bad.
For Tor, there is https://check.torproject.org/api/bulk ; though in the end Tor is just noise; compromised hosts are a bigger issue. For Internet, there is a very harsh: https://www.spamhaus.org/drop/ (you might also accidentally possibly block good people using those ISPs)
Whatever list you use, be it those from Spamhaus or other providers, do verify what you block and maybe whitelist what you never want to block. Making a baseline of "normal clients" can also be useful: eg, no sense in processing packets from a IP in Antartica when you normally do not get traffic from there. Your Network, Your Policy... but also your pain when a user gets accidentally blocked...
If you raised the issue, what do others think of https://www.crowdsec.net/ Thanks, Hank