DroneBL
IP blacklist focused on compromised hosts — drones, open proxies, brute-force attackers — rather than spam senders.
- DNS zone
dnsbl.dronebl.org- Published by
- DroneBL.org
- Established
- 2008
- Scope
- IP
What it detects
Hosts displaying signs of automated abuse: IRC drones, DDoS participants, web exploitation, SOCKS / HTTP proxy operators, brute-force login attackers, open DNS resolvers.
Listing categories
127.0.0.3 (IRC drone), 127.0.0.5 (DDoS drone), 127.0.0.6 (web exploitation), 127.0.0.8 (SOCKS proxy), 127.0.0.9 (HTTP proxy), 127.0.0.10 (compromised router), 127.0.0.11 (spam drone), 127.0.0.13 (brute force attacker), 127.0.0.14 (open resolver), 127.0.0.16 (DDoS participant). The category determines the appropriate remediation.
How to check a listing yourself
Reverse the IP octets and query `<reversed-ip>.dnsbl.dronebl.org`. A 127.0.0.x response indicates a listing.
How to get delisted
Confirm the host has been remediated — patched, reimaged, or pulled from rotation. Submit a delist request through DroneBL's web form with evidence of remediation. Re-listings happen quickly if the abuse continues, so verify your fix before submitting.
Other blacklists DomainCare monitors
- SURBL — Domain reputation list focused on URLs found in unsolicited mail. SURBL is one of the most widely deployed domain blocklists at receivers.
- URIBL — Real-time domain blacklist focused on URIs that appear in spam. Common at receivers using SpamAssassin and similar filters.
- SpamCop SCBL — SpamCop Blocking List — IP blacklist driven by reports submitted by mail recipients.
- Blocklist.de — Community-driven IP blacklist aggregating fail2ban-style attack reports from operators worldwide.