Oh, you nasty boys... :-)
This is my public reaction on the constant and annoying attacks my servers are suffering since the begining of (its) time.
The reports are generated regularly, come back and check if you want a reliable source for your firewall's black list.
Be advised that every single IP listed here are permanently blacklisted forever (yes, I'm a rancourous bitch! =P) without a second thought. If you think this is a mistake, it's you problem. =D
However, since IPs can and will change owners over time, you can try to jailbreak it by emailing me using admin at lisias dot net. It's possible I can free it, but it's possible I will just ignore you if my logs says me the IP is constantly attacking me.
If your IP is on the top 100 attackers, be assured I'll use your email to file a dennouce.
The concept of "attack" is very broad - basically, every "weird" request is considered a possible threat, and the repeated occurrences of that threats (be that occurrence by URL or by source IP) promotes it to "effective attack".
Currently, only NGINX logs are being parsed (as I'm not using Apache anymore on this server).
The PAM (SSHD) monitoring is currently deactivated, as this service's port is walled by AWS Security-Group and it's pointless to watch it now.
The source code for this solution will be available in a near future - it is far from being the most efficient possible, but it's effective and works for small systems.