I know there are a few topics on dynamically updating blacklists on here and one very good recent one by IntusDave by the looks of it, However I was thinking it would be useful to be able to lookup Abuse IPDB automatically using their provided API from either within mikrotik or via some fancy scripting on a linux box that could also use the Mikrotik API.
See Abuse IPDB API here:
https://www.abuseipdb.com/api.html
Ideally I would like to have a firewall rule that is for example catching suspicious traffic and adding the source to an address list. I would like to then check the IP to see if it is on Abuse IPDB and if it is take block etc.
It might be much easier just to insert a list of all Abuse IPDB top attackers etc but :
- I don’t think they have this info listed on their website in full without using the API, and
- It would be good to have different lists for the different categories on Abuse IPDB
I am useless at writing code so looking for help on this