baumi's blog

baumi's personal blog … Linux, OS X, Windows, Random things, …

26 07 2025

Mitigating DDoS attack: botnet imitating microsoft bingads, githubhelp.com, trustpilot clicks – Banned IP list

admin | News

On July 25, 2025 a Distributed-Denial-of-Service (DDoS) attack was launched against interssl.com, performed by a botnet. Current counter shows a total of 512030 different IPs accessing our server. The attackers simulated millions of fake campaign clicks from bingads and trustpilot company profile.

In case you are affected, here is the IP list to block the botnet using e.g. iptables

ALL IPs
Download ddosban_ips_all.txt (IPs only)
Download ddosban_ips_all_stats.txt (sorted, with statistics)

TOP 3000 IPs (based on access frequency)
Download ddosban_ips_top3000.txt (IPs only)
Download ddosban_ips_top3000_stats.txt (sorted, with statistics)

Last updated: 26.07.2025 21:15 CET

Block IPs using iptables / ipset
This simple script executes in about ~3 minutes:

#/bin/bash
IP_FILE="ddosban_ips_all.txt"

# Show total number of IPs
wc -l "$IP_FILE"

# Create "ddos1" list
ipset create ddos1 nethash
iptables -A INPUT   -m set --match-set ddos1 src   -j LOG
iptables -A INPUT   -m set --match-set ddos1 src   -j DROP
ipset flush ddos1

# Block IPs
count=0
while read -r ip; do
    ipset -q -A ddos1 $ip
done < "$IP_FILE"

Block IPs using "ipset restore" (performance optimized)
This script executes in about ~20 seconds:

#!/bin/bash
IP_FILE="ddosban_ips_all.txt"

# Show total number of IPs
wc -l "$IP_FILE"

# Create ipset "ddos3"
ipset create ddos3 hash:ip,port family inet hashsize 131072 maxelem 1048576
iptables -A INPUT   -m set --match-set ddos3 src   -j LOG
iptables -A INPUT   -m set --match-set ddos3 src   -j DROP
ipset flush ddos3

# Create iptables rule to drop all packets
iptables -C INPUT -m set --match-set ddos3 src -j LOG 2>/dev/null || \
    iptables -A INPUT -m set --match-set ddos3 src -j LOG
iptables -C INPUT -m set --match-set ddos3 src -j DROP 2>/dev/null || \
    iptables -A INPUT -m set --match-set ddos3 src -j DROP

# Create tempfile for "ipset restore"
TMP_FILE=$(mktemp)

echo "flush ddos3" > "$TMP_FILE"

while read -r ip; do
    [[ -n "$ip" ]] && echo "add ddos3 $ip,443" >> "$TMP_FILE"
done < "$IP_FILE"

# Execute ipset restore
ipset restore < "$TMP_FILE"
rm "$TMP_FILE"

Comments are currently closed.