Hestiacp abuseipdb

Community Support Firewall
1

Hi,

I added these rules via SSH:

v-add-firewall-ipset abuseipdb "https://raw.githubusercontent.com/borestad/blocklist-abuseipdb/main/abuseipdb-s100-14d.ipv4" v4 yes yes

v-add-firewall-rule DROP ipset:abuseipdb 0 TCP "abuseipdb"

But even though they are added, and I see them in the Hestia panel as DROP abuseipdb, I continue to see, through my internal statistics, that the IPs, even though they should be blocked by that file, continue to visit my site.

What can I do to make everything work correctly? Uninstall everything and reinstall it?

I tried to uninstall, but I can’t seem to do it. Even though I delete the rule from the Hestia panel, I still see it in SSH.

Thanks,

2

Hi,

Show the output of these commands:

ipset list abuseipdb | head -n8
iptables -S
4 
Name: abuseipdb
Type: hash:net
Revision: 7
Header: family inet hashsize 32768 maxelem 1048576 bucketsize 12 initval 0x72417                                                                                                                                                             79b
Size in memory: 2699808
References: 1
Number of entries: 96034
Members:

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-N fail2ban-WEB
-N hestia
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-WEB
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAI                                                                                                                                                             L
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 51.75.77.46/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m set --match-set abuseipdb src -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-WEB -j RETURN
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --lo                                                                                                                                                             g-prefix "\[UFW BLOCK\] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-                                                                                                                                                             prefix "\[UFW BLOCK\] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-input -j ufw-user-input
-A ufw-before-input -j ufw-user-input
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-before-output -j ufw-user-output
-A ufw-before-output -j ufw-user-output
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix                                                                                                                                                              "\[UFW ALLOW\] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limi                                                                                                                                                             t-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix                                                                                                                                                              "\[UFW BLOCK\] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
5

The ipset is created correctly.

Regarding the iptables rules. You should disable ufw firewall. It’s not a good idea having two different tools (ufw and Hestia) modifying the iptables rules.

The iptables rule to drop connections from abuseipdb IPs is there so it should work.

Could you please show me a log of an offending IP that should be blocked by abuseipdb?

1 Like
6

So, are you suggesting I disable UFW? And how can I show you the log? Sorry. It’s a Codenyon script called Project Security, and integrated into it, it has visitor statistics for each web page. It calls two includes with PHP to the script itself, and by doing so, I see the same IPs that should be blocked by that file.

7

Yes.

I know nothing about that tool.

Is your site using Cloudflare or other CDN as proxy?

8

Just web statistics showing that the IPs that should be blocked are still getting through. No tools like proxies are involved. Could the double firewall be the problem? I disabled the firewall with sudo ufw disable, but on reboot, I get this error with sudo ufw status:

ERROR: problem running ip6tables

This problem only occurs on reboot. If I do sudo ufw disable and then sudo ufw status, it shows as disabled. But when I reboot and just try ufw status, I get ERROR: problem running ip6tables.

9

Get the latest IP you see there and run these commands:

grep -rF 'HereTheIP' /var/log/apache2/
ipset test abuseipdb 'HereTheIP'

Disable the service too:

systemctl disable ufw
systemctl stop ufw
10 
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:16 +0100\] β€œGET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.0” 200                                                                                                                                                              4197 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:17 +0100\] β€œGET /link.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:17 +0100\] β€œGET /chosen.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:18 +0100\] β€œGET /mail.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:18 +0100\] β€œGET /lock360.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:19 +0100\] β€œGET /function.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:19 +0100\] β€œGET /classwithtostring.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:20 +0100\] β€œGET /1.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:21 +0100\] β€œGET /autoload_classmap.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:21 +0100\] β€œGET /post.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:22 +0100\] β€œGET /wp-conflg.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:22 +0100\] β€œGET /manager.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:23 +0100\] β€œGET /alfa.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:23 +0100\] β€œGET /goods.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:24 +0100\] β€œGET /wp-trackback.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:25 +0100\] β€œGET /about.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:25 +0100\] β€œGET /themes.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:26 +0100\] β€œGET /wp-login.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:26 +0100\] β€œGET /simple.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:27 +0100\] β€œGET /class.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:27 +0100\] β€œGET /as.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:28 +0100\] β€œGET /file.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:28 +0100\] β€œGET /bless.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:29 +0100\] β€œGET /alfanew.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:29 +0100\] β€œGET /404.php?fm=true HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:30 +0100\] β€œGET /ini.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:30 +0100\] β€œGET /fm.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:31 +0100\] β€œGET /atomlib.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:32 +0100\] β€œGET /inputs.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:32 +0100\] β€œGET /moon.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:33 +0100\] β€œGET /lv.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:34 +0100\] β€œGET /cong.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:34 +0100\] β€œGET /link.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:35 +0100\] β€œGET /buy.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:36 +0100\] β€œGET /zfile.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:36 +0100\] β€œGET /css.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:37 +0100\] β€œGET /radio.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:38 +0100\] β€œGET /wp.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:38 +0100\] β€œGET /abcd.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:39 +0100\] β€œGET /nc4.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:39 +0100\] β€œGET /wso.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:40 +0100\] β€œGET /rss.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:41 +0100\] β€œGET /ant.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:41 +0100\] β€œGET /ioxi-o.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:42 +0100\] β€œGET /wpc.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:43 +0100\] β€œGET /js.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:43 +0100\] β€œGET /ar.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:44 +0100\] β€œGET /xmrlpc.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:44 +0100\] β€œGET /c.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:45 +0100\] β€œGET /byp.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:45 +0100\] β€œGET /fm1.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:46 +0100\] β€œGET /doc.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:47 +0100\] β€œGET /Angelv2.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:47 +0100\] β€œGET /acp.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:48 +0100\] β€œGET /gdn.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:48 +0100\] β€œGET /asas.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:49 +0100\] β€œGET /123.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:49 +0100\] β€œGET /v1.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:50 +0100\] β€œGET /v2.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:50 +0100\] β€œGET /rk2.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:51 +0100\] β€œGET /222.php?p= HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:51 +0100\] β€œGET /wp-22.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:52 +0100\] β€œGET /lc.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:53 +0100\] β€œGET /mini.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:53 +0100\] β€œGET /lv.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:54 +0100\] β€œGET /alfanew.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:54 +0100\] β€œGET /m.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:55 +0100\] β€œGET /db.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:55 +0100\] β€œGET /aks.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:56 +0100\] β€œGET /f.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:56 +0100\] β€œGET /wp-files.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:57 +0100\] β€œGET /cloud.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:58 +0100\] β€œGET /asa.php HTTP/1.0” 200 620 β€œ-” β€œ-”
/var/log/apache2/domains/up.logs.it.log:74.176.185.3 - - \[01/Nov/2025:11:2                                                                                                                                                             9:58 +0100\] β€œGET /gecko-litespeed.php HTTP/1.0” 200 620 β€œ-” β€œ-”

ipset test abuseipdb β€˜74.176.185.3’
74.176.185.3 is NOT in set abuseipdb.
11

That IP is not included in abuseipdb so it won’t be blocked.

12

If I try to open the file https://raw.githubusercontent.com/borestad/blocklist-abuseipdb/main/abuseipdb-s100-14d.ipv4

I find that IP there though. Why do I find the IP on that file?

Should I reinstall everything? If so, how can I delete the rule with SSH? Thanks.

13

It’s there because they have added the IP less than an hour ago, in next blocklist update you should have that ip blocked.

❯ git --no-pager log -S "74.176.185.3"
commit bf9058c8a5d78d70e3dde592a576e203af53e924 (HEAD -> main, origin/main, origin/HEAD)
Author: github-actions <[email protected]>
Date:   Sat Nov 1 21:35:51 2025 +0000

    `️️⚑️ SYNC ⚑️` `2025/11/01 21:35`

So it has been updated at 21:35 UTC, a few minutes ago.

4 Likes