What is the difference between blocks, local blocklists, Global Blocklist, Shared blocks and Shared blocklists?
A central feature in Syspeace’s detection is to detect login attempts and, following a set of rules, produce blocks. An example of a rule is: if there are five failed login attempts within 2 hours, block for 2 days. When five failed login attempts come from one IP address within 2 hours, that IP address will be blocked for 2 hours. This is called a block or a rule block.
Separate from this, the user can also enter IP addresses or IP ranges manually into one or more local blocklists and Syspeace will maintain blocks for them too for as long as their entries still exist.
When a block is produced for an IP address that is not a local IP address, it is reported to a Syspeace backend server. Every now and then, this server tallies and ranks the most frequent recent attackers into a Global Blocklist. The top entries from this list is then distributed to all servers running Syspeace, for them to block ahead of time.
Shared blocks is the ability for Syspeace to share blocks that happen on one server to other servers running Syspeace within the same Syspeace account.
Shared blocklists is the ability for the user to create a blocklist, like a local blocklist, that is distributed to all servers running Syspeace within the same Syspeace account. Multiple lists can be created and they can be opted into or out of depending on settings.
For more information about all these features, see the Syspeace manual. Shared blocks and Shared blocklists are only available in Syspeace v4.