Skip to content

Instantly share code, notes, and snippets.

Last active June 1, 2023 01:57
Show Gist options
  • Save jgamblin/2928d45730543fc7ef10cf56e5a980b0 to your computer and use it in GitHub Desktop.
Save jgamblin/2928d45730543fc7ef10cf56e5a980b0 to your computer and use it in GitHub Desktop.
Blocks Shodan IPs From Scanning Your Servers.
import os
shodan = ["", "", "","", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""]
for ip in shodan:
os.system("iptables -A INPUT -s {} -j DROP".format(ip))
Copy link

Ekultek commented Feb 20, 2018

This doesn't work. Just so everyone knows.

Copy link

gianpaj commented Mar 29, 2018

os.system("ufw deny from {}".format(ip))

for debian/ubuntu

Copy link

magiknono commented Sep 10, 2018

For ufw on debian/ubuntu:
If you want block an ip for all services, you must do it before all actual rules :

os.system("ufw insert 1 deny from {}".format(ip))

Copy link

cknost commented Dec 25, 2019

ipv6 support would be a good feature.

Copy link

yumusb commented Nov 12, 2020

And , you can add's ip range.,,, and
I want to collect all the IP segments of automated scanning machines. I wonder if you are interested?

Copy link

jfqd commented Nov 14, 2020 is missing in the list:

Copy link

Another shodan ip to add:
IP: Hostname:

Copy link

Update 28 June 2021 👍


Copy link

won't be bad idea adding them to cloudflare firewall rules

Copy link

can you add zoomeye ips as well

Copy link

Cencys are courteous and provide instructions to opt out, with a list of IP's to block.

Copy link

webzcom commented May 25, 2022

I'll have to check my research notes if I have them but I had found a SHODAN server in the range. It was all cloud hosting so I blocked them all but there is a SHODAN server in there somewhre.

Copy link

jfqd commented May 25, 2022

shodoan uses hostnames, you can check by a ptr scan of the subnet and there is one host in it:

Copy link

63kk0 commented Jul 22, 2022

Just an FYI, the list of servers represented here is incomplete.

Here is the list I had compiled (yes, some are PTR-only records, and that is not listed here) based on this:

IP Domain

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment