No announcement yet.

Herd immunity / adding to greylist

  • Filter
  • Time
  • Show
Clear All
new posts

  • Herd immunity / adding to greylist

    Another forum thread included this response from Cloudlinux:

    "As of the current version, we do not let users adding graylist entries manually (only removing is possible)."

    Two questions:

    Where do you get the IPs in the greylist? Herd immunity implies there is a master source of abuse IPs. I use a couple of the lists in csf.blocklists and do not want to duplicate.

    Is there a place I can submit abuse IPs (something like where they will get picked up by the Imunify360 greylist?

  • #2
    We collect information about attackers on Imunify360 correlation server. Sophisticated machine learning techniques are used to add entries to the global graylist - parts of this list are sent to Imunify360 agents on customers servers to stop attackers before theyve started their activity with them. Populating global graylist is an automatic process - we actually designed it to work without human intervention.


    • #3
      OK, thanks for that.

      Might be nice to have a place to submit IPs since the correlation server (honeypot?) wont see every miscreant IP. This can also be automated, e.g., X number of reports gets an IP added to the greylist.


      • #4
        This information is actually collected form customers servers (not only from honeypots). So that, decisions are made based on number of incidents caused by the IP address, number of servers which were attacked, country of origin etc.


        • #5