Naughty List

Here at monoculus we run several IDS (intrusion detection systems) to detect malicius intents on our machines, we also employ several honeypots to detect IPs that could pose a threat to our network, so here comes the naughty list. Each time a bot (or a malicous user) will try to bruteforce, scan, exploit this or other systems part of the monoculus network it will get flagged and added to our database.

The naughtyList™️ script is open source and inspired by the deprecated fail2sql with support for remote reports to one central server and can also act as a honeypot logger library that can be included in any PHP file.

API

Get jails

GET https://monocul.us/naughtyapi.php?jails

Get IPs for all jails

GET https://monocul.us/naughtyapi.php?limit=50

Get IPs for specific jail

GET https://monocul.us/naughtyapi.php?limit=50&jailname=sshd

Unauthorized users are limited to see the top 50 offender by jail.

FAQ

Help! My IP is listed here, I didn’t do anything nasty!

We will remove any IP in the list if you contact us and you have proof that the IP is clean again from any malicius software/user. Please send us a mail.

Can I view/search the full data?

Yes; we have an API for that, however it’s not 100% public, for full access please send us a mail. Public users can only see/query the first fifty worst offenders for each service name and check if a specified ip is listed.

Do you reset the data?

There are no plans for data auto purging, only manual requests. We might add a 3 months cleanup for offenders with less than 5 triggers (total) across each service.