The IP ban list generated from threat detection on the WageNet.
Find a file
wagesj45 ae87e3a74f
Some checks failed
Generate banlist history graph / build (push) Failing after 12s
Update banned IP list — 2025-10-15 16:05:06 CDT
2025-10-15 16:05:06 -05:00
.forgejo/workflows ci(forgejo): avoid detached HEAD and push to triggering branch via HEAD:refs/heads/ 2025-08-26 22:44:34 -05:00
.github/workflows ci(forgejo): generate banlist history graph\n\n- Add scripts/banlist_metrics.py to compute counts from git history and render chart\n- Add Forgejo workflow using demisto/matplotlib image + warm-workspace checkout\n- Keep GitHub workflow for portability; remove old .gitea workflow\n- Update README with embedded SVG and CSV link 2025-08-26 22:36:26 -05:00
assets chore: update banlist history graph [skip ci] 2025-10-14 03:17:41 +00:00
metrics chore: update banlist history graph [skip ci] 2025-10-14 03:17:41 +00:00
scripts viz: format x-axis ticks with full date (YYYY-MM-DD) 2025-08-26 23:16:34 -05:00
banned.txt Update banned IP list — 2025-10-15 16:05:06 CDT 2025-10-15 16:05:06 -05:00
LICENSE Initial commit 2025-08-16 23:32:53 -05:00
README.md ci(forgejo): generate banlist history graph\n\n- Add scripts/banlist_metrics.py to compute counts from git history and render chart\n- Add Forgejo workflow using demisto/matplotlib image + warm-workspace checkout\n- Keep GitHub workflow for portability; remove old .gitea workflow\n- Update README with embedded SVG and CSV link 2025-08-26 22:36:26 -05:00
update.sh fix(update.sh): pull before copy, clean state, retry push 2025-08-27 20:41:41 -05:00

WageNet IP Ban List

A small repository that publishes the current WageNet IP blocklist. The list is generated from WageNet threat detection and exported as a flat text file for easy consumption by firewalls, web servers, and other tooling.

Whats in this repo

  • banned.txt: newlineseparated IPv4 addresses to block. Comment lines start with # and may include a timestamp and count.
  • update.sh: helper script that copies a source list into the repo, commits, and pushes updates.
  • LICENSE: license for this repository (GPL3.0).

Ban List History

  • History chart: assets/banlist_history.svg
  • CSV data: metrics/banlist_counts.csv

Ban list size over time

File format

  • Plain text, UTF8.
  • Lines beginning with # are comments/metadata.
  • Each noncomment line contains a single IPv4 address.

Example:

# WageNet IP Blocklist - Last Updated 2025-08-17 00:00:01
# 130 IPs.
172.0.0.1
10.10.2.38
...

How updates happen

The blocklist is periodically generated by WageNet and published by committing a fresh banned.txt. The included update.sh script can be used to automate this from the system that produces the list.

Script defaults (override with flags):

  • -s: source file path (default: /var/www/html/banned.txt)
  • -d: git repository directory (default: /git/repository)
  • -f: destination filename inside the repo (default: banned.txt)

Example usage:

./update.sh -s /var/www/html/banned.txt -d /git/repository -f banned.txt

To automate, add a cron entry on the generating host (example runs hourly):

0 * * * * /path/to/update.sh -s /var/www/html/banned.txt -d /git/repository -f banned.txt >/tmp/wagenet-update.log 2>&1

Using the blocklist

  • Ingest the file directly in your tooling (e.g., fail2ban, WAF, or custom scripts).
  • Convert to firewall rules (iptables/nftables) with a simple wrapper that reads each line and applies a drop rule.
  • For web servers (nginx/apache), generate deny directives from the list.

You can use the link to the raw text file in this repository to directly reference it.

https://git.jordanwages.com/wagesj45/wagenet-ip-ban-list/raw/branch/main/banned.txt

Note: Always validate the list for your environment and merge with any allowlists you maintain.

CIgenerated graph

This repository includes a workflow that scans git history to count the number of noncomment lines in banned.txt at each change and generates:

  • A CSV at metrics/banlist_counts.csv
  • A chart at assets/banlist_history.svg (embedded above)

The workflow runs on pushes to main that modify banned.txt and nightly on a schedule. Commits from the workflow are marked with [skip ci] to avoid loops.

Appealing

If you feel your IP is in this list by mistake, please file an issue to appeal.

Contributing

banned.txt is generated content. Please open issues or PRs for improvements to update.sh, documentation, or format clarifications rather than manual edits to the list.

License

Distributed under the GPL3.0 license. See LICENSE for details.