Is an IP address blacklist good practice to prevent website attacks?

I would say not to bother blacklisting IP's too much:

There are too many False Positives, since there are many situations of shared IP's - proxies, workplace, ISP's using roving DHCP, etc.
It is too easy to get around it. A real bad guy will just get a different IP, if she really wants to attack you.

I would suggest a "gray-list" of IP addresses, i.e. if you recognize bad traffic you "keep an eye" on those addresses.

An IP blacklist can help, but don't rely on it as your sole means of security.

You'll also want to be very careful about banning IP blocks or search engine bots. You may want to also maintain a whitelist of IPs that are false positives for your suspicious influences.

As long as suspicious influences aren't too strict. You don't want to block a good user.

Is an IP address blacklist good practice to prevent website attacks?

Tags:

Network

Web Application

Appsec

Attack Prevention

Related

Recent Posts