Achieve security excellence without breaking the budget!

Download guide

Explore CrowdSec Blocklists with the New Blocklist Catalog

Today, we’re excited to unveil our brand new blocklists catalog page. This is a big leap forward in providing you with a centralized hub to explore and compare our available blocklists, helping you select the most relevant blocklist for your security needs.

Let’s step into the world of blocklists and explore our new Blocklists Catalog

Understanding Blocklists

Being proactive and staying one step ahead of potential cyber threats is a crucial part of a robust cybersecurity strategy, and a tool to help you achieve that comes in the form of blocklists. These lists consist of known malicious IP addresses previously identified as being associated with a malicious activity that security teams can integrate into your existing security infrastructure to enhance your protection.

The proactive nature of blocklists is key. Rather than reacting to threats as they emerge, blocklists allow organizations to block malicious IPs preemptively, allowing them to stay one step ahead and create a robust defense barrier against a constantly evolving threat landscape. 

Introducing the CrowdSec Blocklists Catalog

The new Blocklists Catalog provides you with an intuitive interface showing all available blocklists, including their types and pricing, along with a range of updated statistics to help you make an informed decision about which blocklists align with your security requirements. 

Our new blocklist repository allows you to obtain more detailed insights about specific lists, speeding up the process of selecting blocklists that align with your security objectives. These insights include:

__wf_reserved_inherit

Total number of subscribers and IP addresses Gauge the popularity and scale of each blocklist, aiding in the selection of widely recognized lists.

Granular data on IP addresses within the blocklists — Get more details about the total number of IP addresses in each blocklist, coupled with real-time information on the last update and recent changes, facilitating better decision-making based on the freshness of the data.

Insights into IP behaviors — Discern the top behaviors exhibited by listed IP addresses, allowing a better understanding of potential threats and enabling targeted defense strategies.

Top classifications of IP addresses — Gain insights into the primary classifications of IP addresses within a blocklist, helping you align your security measures with specific threat types. 

Geographical distribution of IP addresses — Get valuable context for assessing regional threats, helping you tailor security strategies to specific geographic considerations.

Block Mass Exploitation Attempts

 

Get immediate protection against active malicious IPs with CrowdSec’s actionable and real-time Blocklists.

 Learn more

Metrics and insights

Whether generated by us, our customers, or other blocklist providers, we enrich the blocklists with data from the CrowdSec Network. This allows us to provide a good overview of the quality and relevance of the IPs contained in the blocklist. 

The first set of metrics is based on the evolution of the blocklist itself. Owners of IP addresses change daily, hijacked machines get cleaned up, and new machines get taken over. An IP address attacking servers six months ago might today belong to a potential customer of your business. Therefore, it is important that blocklists are updated frequently. To help in the evaluation we provide metrics around how many IPs are added and removed within a given timeframe. Our data shows that blocklists that change frequently provide more relevant blocks, while blocklists with slow updates run in danger of blocking legitimate requests.

In addition to the metrics about the change of the blocklist, we also provide information on the IPs contained in a blocklist at a given moment. We provide metrics such as how many IPs currently in the blocklist were seen by our network in the last month and how many of them were judged dangerous enough to be added to the CrowdSec Intelligence Blocklist. This enrichment further allows you to judge how relevant the IPs in a blocklist are. As we get threat data from real users who are protecting their servers with the CrowdSec Security Engine we can be certain that if the number of IPs seen by our network is low, chances are the blocklist does not contain very relevant IPs. 

Enriching our data also allows us to provide additional information that could be relevant to threat analysts. In particular, we give a view of the countries and Autonomous Systems (AS) the attackers come from and provide some sample IPs that were judged as most aggressive by our data. 

How we curate the CrowdSec Blocklists

The blocklists provided by CrowdSec are divided into two general groups: the CrowdSec Blocklists and third-party lists that we aggregate from other providers with permissive licenses.

CrowdSec Blocklists are built using purpose-built filtering of our threat intelligence database (CrowdSec CTI). Some, such as the WordPress Blocklist, are built by analyzing IPs reported for specific WordPress scenarios and building a mini-consensus on these IPs. This provides a more targeted blocklist than our general purpose lists. Other blocklists utilize sophisticated machine learning algorithms to find patterns and clusters, such as the ones used to generate our VPN/Proxy Blocklist.

Third-party blocklists are sourced from providers all over the internet. We load the lists into our database and compare them to the CrowdSec CTI. In particular, we use our false positive detection system to clean the IPs from possible false positives, which appear quite often in public blocklists.

The CrowdSec Data

 

Explore CrowdSec’s fail-proof approach to tactical intelligence and learn how CrowdSec guarantees unmatched data curation.

 Learn more

Community involvement and feedback

The strength of our blocklist ecosystem lies in collaboration. By using our Security Engine and leveraging the CrowdSec Blocklists, you become an integral part of a collective effort to enhance online safety. And your experience matters! 

Don’t hesitate to share your insights and observations regarding our blocklists, and let us know how they have performed for you and where improvements can be made. You can chat with our team on our Discord server

You may also like

am i under attack
Product Updates

Am I Under Attack: Cut Through the Noise to Detect Sophisticated and Targeted Attacks with CrowdSec’s New feature

Am I Under Attack leverages advanced AI algorithms to detect anomalies in your logs indicating more sophisticated or targeted attacks.

new and advanced ip lookup search
Product Updates

Introducing the New and Advanced IP Lookup Search

In a previous article, we introduced the CTI Report, this time, we are taking it a step further and introducing new and advanced search options for our IP lookup.  You now have access to multiple search options to accurately and effectively explore the CrowdSec CTI.   Let’s take a look. IP lookup search These new search […]

Discover CrowdSec’s Free Third-Party Blocklists
Product Updates

Discover CrowdSec’s Free Third-Party Blocklists

In case you missed it, we recently announced the new Blocklists Catalog in the CrowdSec Console. In the catalog, you can find several blocklists centralized in one place, including third-party blocklists that are free to all users.  All users on the CrowdSec Console can subscribe their Security Engines to third-party blocklists to secure their systems […]