DShield has a project called the 404Project. The goal of the project is to track attackers looking to compromise web pages.

To do this, they've started selling a Raspberry Pi Honeypot to hook into your network. The alternative, is to embed one of a selection of code snippets into your website's 404 error page. These honey pots track hits on the 404 page. Hackers generate these hits when scanning for vulnerable utilities common to various web hosts. When the 404Project detects these scans, it records the attacker's IP and uploads it to DShield.

Then, DShield disseminates their catalog of suspicious IPs to the security community, including ThreatSTOP.


Turning on the DShield 404Project target in your ThreatSTOP account adds the data to your firewall. This increases the efficacy of your firewall against website hacking attempts.

One of the long standing goals for ThreatSTOP has been to create not just a network security tool for blocking and tracking malicious users. It has also been to create a symbiotic community within the security industry, through sharing data about attack sources, and receiving the same in return. By doing this, the Internet becomes stronger through herd immunity. The excitement for this addition to ThreatSTOP, and the security community's toolkit is high!

To enable DShield’s 404Project data in your firewall turn on the 404 project by Dshield - IPs in the ThreatSTOP portal.

If you don’t have a ThreatSTOP account, Sign up. If you do have a ThreatSTOP account, instructions to add targets to DNS or IP Defense policies are available on the ThreatSTOP Documentation Hub. Or, contact our Support team.