1. Home
  2. Blog
  3. Community First - new authentication, new data, and new functionality

Community First - new authentication, new data, and new functionality

Published on 18th November 2024, 17:00:00 UTC


abuse.ch has an unwavering commitment: to sustain and support its cyber security community. All internet users owe thanks to this force of threat hunters who consistently make a positive and lasting impact on Internet safety. To further empower this collective, with assistance from Spamhaus, developments are coming to all the abuse.ch platforms. Discover what and why in this blog post.

Overview of developments

The improvements coming have two core aims: firstly, to further improve threat hunting on abuse.ch platforms, and secondly, to improve platform stability, ensuring greater reliability for sharing and utilizing the data we offer for the good of the internet.

To improve hunting efficiency

For authenticated users, from February 2025, you will have access to additional features on our platforms, including:

  • New dataset: False positive list - to provide visibility on the delta of data changes. The lists will cover all platforms, accessible via GUI, API, and CSV export, to remove a need for manual delta reviews and provide more time for hunting.
  • URLhaus: Hunting functionality - to enable users to subscribe to notifications for when a URL payload changes, or a URL matches a certain pattern. This will improve the time between awareness of new malware URLs/payloads and taking action.
  • YARAify: File submission auto-deletion - enables you to tell YARAify to auto-delete a file after it’s submitted for scanning. This is a great privacy addition to the existing feature, allowing you to specify whether the sample you have submitted is shared publicly. Users will gain more autonomy and control over how files are handled.
  • New community communications: For top abuse.ch contributors, you will be invited to a closed Slack channel, to connect, discuss, and share CTI.
  • Update to MalwareBazaar and YARAify: To utilize hunting functionality on either of these platforms, authentication will be required - this update will take place in February, alongside the new functionality above.

To improve platform stability

In addition to having to be authenticated to upload contributions, users should now authenticate to download API-related data - this is applicable to all users, across all platforms. As we follow a "community first" approach, we want to be as transparent as possible. It’s important that we give you visibility of why we now need users to authenticate.

Improving platform stability via authentication

If you’re a frequent abuse.ch user, you might have noticed that our platforms are, too often, unresponsive. This can create frustration. And yes, it frustrates us too! This is almost entirely caused by a small percent of overall users, who, quite frankly, hammer our platforms and APIs like there’s no tomorrow.

While it’s rewarding to know the data is proving so valuable, this activity is disabling usage for community users. And it’s a double-hitter, as the sources of these queries are typically from those who share nothing back.

So, authentication will enable us to more effectively manage heavy usage and subsequently improve platform uptime for community needs.

What will happen if I don’t authenticate?

As an unauthenticated user, you will start to see API query rates being limited. This is with the intention of reducing platform outages immediately. You will also be restricted from accessing the new data and functionality.

If access to abuse.ch’s data is important to you, please authenticate now. While not mandatory, it will save a last minute rush when authentication is required and a risk of temporarily being unable to access this data. As we all know, timely data is of the essence.

I’m querying abuse.ch APIs, what do I need to do?

First of all: don’t panic. Here’s a detailed description of what you need to do in order to authenticate for continued use of our APIs:

  1. Sign up for an abuse.ch account. You can do this easily by using an existing account that you may already have on X, LinkedIn, Google or Github. Just log in with the authentication provider of your choice here: https://auth.abuse.ch/
  2. Once you are authenticated on abuse.ch, ensure that you connect at least one additional authentication provider. This will ensure that you have access to our platforms, even if one of the authentication providers you use shuts down (yes, it happened with Twitter!)
  3. Ensure that you hit the “Save profile” button. In the “Optional” section, you can now create an “Auth-Key”. This is your personal Auth-Key that you can use to query any abuse.ch APIs!
  4. You can now use your Auth-Key to authenticate any request you are doing towards our API by referencing your Auth-Key in the HTTP header of any request: Auth-Key: YOUR-AUTH-KEY-HER

If you already have a profile, you only need to follow steps 3 and 4. There’s nothing further to change around your authentication set up.

Sample scripts on how to interact with our APIs are available on our GitHub page:

All for one, and one for Community

abuse.ch has independently supported a community of threat hunters and security experts, now 15,000 strong, for almost twenty years. These updates will help us to secure our active and abundant community impact for another twenty! After all, sharing is caring - we have strength in unity.

Blog Archive