Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False positives #8

Open
solracsf opened this issue Jan 2, 2025 · 1 comment
Open

False positives #8

solracsf opened this issue Jan 2, 2025 · 1 comment

Comments

@solracsf
Copy link

solracsf commented Jan 2, 2025

40.77.167.25
40.77.167.28

And many others are listed, by they are 0% confidence (they're whitelisted) at AbuseIPDB.

@borestad
Copy link
Owner

borestad commented Jan 13, 2025

Late reply, sorry!

Hmm.. the issue with https://www.abuseipdb.com/check/40.77.167.25 is that the logic in my honeypot triggered it as a malicious attempt.
Those ip's belongs to msnbot with is extremely aggressive. This can be seen as also being reported 1408 times.

For certain aggressive patterns, I disregard the 100% accuracy and check for number of reports > 50 instead, but that logic should reflect if the ip is actually whitelisted or not.

I already filter out certain bots (uptimerobot / github ips / bing / googlebot / cloudflare etc), but I guess I can add to this logic to filter out msnbot as well.

image

Will update the aggregation code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants