How can I enable AbuseIPDB support?

AbuseIPDB is the gold standard for abuse reporting and is used by some of the largest hosting companies worldwide.

To enable AbuseIPDB support within the extension:

  1. Sign up for a free API key here. The free API key is good for up to 1000 checks per day.
  2. Generate an API key here.
  3. Enter your API key at Settings -> Network Tools Settings -> Reputation Settings -> AbuseIPDB API key.
  4. Check the "Block Reporting" checkbox to have the login failure daemon report failed trigger blocks back to AbuseIPDB automatically (Juggernaut Firewall extension only).
  5. Press the update button to save your settings.

Check an IP Address

To check an IP address click on an IP address then select "Information" then the "Reputation" tab.

Reputation check

Report an IP Address

To report an IP address select "Report" from the operation select list. Then select the abuse categories you want it.

Report

Block Reporting

If "Block Reporting" is enabled the login failure daemon will report failed triggers back to AbuseIPDB automatically. (Juggernaut Firewall extension only)

Block reporting

AbuseIPDB Blocklist

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> IP Block Lists
  2. Click the edit icon next to the AbuseIPDB block list that you want to enable.
  3. Replace YOUR_API_KEY with your API key in the source URL. Check the enabled checkbox. Then press the submit button to save the entry then press the restart button to restart the firewall and login failure daemon.
// Default Source URL
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=YOUR_API_KEY

// Replace YOUR_API_KEY with the API key that you generate
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f

AbuseIPDB

You can see the view the login failure daemon download the block list under Logs -> LDF log

2022-01-19 01:28:53 PM	5105	IPSET: switching set new_6_ABUSEIPDB to bl_6_ABUSEIPDB
2022-01-19 01:28:53 PM	5105	IPSET: loading set new_6_ABUSEIPDB with 99 entries
2022-01-19 01:28:52 PM	5105	IPSET: switching set new_ABUSEIPDB to bl_ABUSEIPDB
2022-01-19 01:28:52 PM	5105	IPSET: loading set new_ABUSEIPDB with 46914 entries

Block list entries are stored in the /var/lib/csf/ directory. Note: CSF will optimize downloaded blocklists so if another blocklist already has the same IP address then it will not be included. To view the number of entries for a blocklist on the command line:

# wc -l /var/lib/csf/csf.block.ABUSEIPDB 
74140 /var/lib/csf/csf.block.ABUSEIPDB

AbuseIPDB Free vs Paid Plans

The free plan is limited to a maximum of 10,000 IP addresses. Paid users can include more IP addresses by raising the limit option and lowering the confidenceMinimum option in the source URL. You should first raise the Juggernaut Firewall -> Settings -> General Settings -> Ipset maxelem option larger than your limit (e.g. 100,000 - so that you don't get ipset errors loading a large blocklist of that size).

// Paid source URL example with limit set to 100,000 IP addresses and a confidenceMinimum set to 75 
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=100000&confidenceMinimum=75&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f

AbuseIPDB has a nice graph with how many IP addresses will be included at different confidence minimums here.

Blacklist Confidence Distribution

  • AbuseIPDB, reputation, blocklists
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How can I view what SpamAssassin rules were matched by a message?

Go to Warden -> Settings -> Filter Settings and change the Log template option from short...

How do I fix the error: Mysql Server has gone away?

When looking at the mail log of the server you see this log entry from Amavis: Aug 3 01:00:20...

What changes does Warden make to the postfix configuration files to enable Amavis?

Important Warden will configure postfix differently depending if you selected to install the...

How hard is it to uninstall if I do not require Warden Anti-spam and Virus Protection any more?

Uninstalling Warden is as easy as going to Extensions -> My Extensions -> Warden Anti-spam...

How can I raise the open file limit for the login failure daemon?

The login failure daemon can crash if you are monitoring a lot of domains in Plesk and are...