Juggernaut Firewall supports CSF/LFD periodically downloading lists of IP addresses and CIDRs from published block lists. Full documentation can be found here:
https://docs.danami.com/juggernaut/user-guide/ip-block-lists
- Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> IP Block Lists
- Click the edit icon next to the block list that you want to enable. Check the enable checkbox and press the submit button to enable the blocklist. We recommend enabling the blocklists ABUSEIPDB, BDEALL, DSHIELD, INTERSERVER_ALL, SPAMDROP, STOPFORUMSPAM, TOR.
You can see the view the login failure daemon download the block list under Logs -> LDF log
2022-01-19 01:28:53 PM 5105 IPSET: switching set new_6_ABUSEIPDB to bl_6_ABUSEIPDB
2022-01-19 01:28:53 PM 5105 IPSET: loading set new_6_ABUSEIPDB with 99 entries
2022-01-19 01:28:52 PM 5105 IPSET: switching set new_ABUSEIPDB to bl_ABUSEIPDB
2022-01-19 01:28:52 PM 5105 IPSET: loading set new_ABUSEIPDB with 74140 entriesBlock list entries are stored in the /var/lib/csf/ directory. Note: CSF will optimize downloaded blocklists so if another blocklist already has the same IP address then it will not be included. To view the number of entries for a blocklist on the command line:
# wc -l /var/lib/csf/csf.block.ABUSEIPDB
74140 /var/lib/csf/csf.block.ABUSEIPDBAbuseIPDB Blocklist
- Sign up for a free API key here.
- Generate an API key here.
- Enter your API key at Settings -> Network Tools Settings -> Reputation Settings -> AbuseIPDB API key.
- Check the "Block Reporting" checkbox to have the login failure daemon report failed trigger blocks back to AbuseIPDB automatically.
- Go to Settings -> IP Blocklists -> Click to edit the ABUSEIPDB blocklist. The AbuseIPDB blocklist requires that replace YOUR_API_KEY with it in the source URL. Check the enable button to enable the blocklist. Then press the restart button on the grid to restart the login failure daemon.
// Default Source URL
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=YOUR_API_KEY
// Replace YOUR_API_KEY with the API key that you generate
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1fAbuseIPDB Free vs Paid Plans
The free plan is limited to a maximum of 10,000 IP addresses. Paid users can include more IP addresses by raising the limit option and lowering the confidenceMinimum option in the source URL. You should first raise the Juggernaut Firewall -> Settings -> General Settings -> Ipset maxelem option larger than your limit (e.g. 100,000 - so that you don't get ipset errors loading a large blocklist of that size).
// Paid source URL example with limit set to 100,000 IP addresses and a confidenceMinimum set to 75
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=100000&confidenceMinimum=75&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1fAbuseIPDB has a nice graph with how many IP addresses will be included at different confidence minimums here.
