Any chance you could share the IP databases you use for Block regions and Block lists, and the process to check against said database and the process to get something recategorized?
The geolocation is from db-ip, which is a highly accurate and frequently updated source so I don’t expect there will be many issues there. Likely only when IP space moves, which tends to be updated quickly by the IP space owner in all the major geolocation databases, often before it’s in use in the new location. Any geolocation updates can be reported upstream to db-ip.com, or reported to us and we’ll report to them.
The bad actors list is where we consolidate and de-duplicate multiple quality, actively maintained block lists of clearly malicious actors. One of the reasons we’re doing it the way we are is so we can modify those databases if/as needed, and can remove lists which become unmaintained or poorly maintained, and add new ones if other trustworthy sources of data become available. If we notice one of those having true false positives too often, we’ll remove the list. If there are one-off true false positives we could remove them. But all the lists we’re using automatically drop off IPs that are no longer attacking things and aren’t part of an extremely bad neighborhood on the internet (abuse-friendly datacenters, known cyber-crime operations, etc.). Like Spamhaus DROP list is one of them, for example, which is only prefixes used by the absolute worst of spammers, malware, botnet command and control, etc. If you notice any false positives there, please let us know.
The other lists come straight from their sources (though we host a copy of them, which is what Route10 pulls from, so we can modify if needed). Like if something is listed in the FireHOL lists, the source it comes from has to be updated (they’re also consolidating multiple list sources).
You can check and see whether an IP is listed in any of your currently loaded block lists by running the following on Route10.
/etc/init.d/banip query x.x.x.x
It’s also possible to exempt IPs/networks via uci commands to banip, and we’ll add a UI field for that if demand materializes.