IT-Expert on Call

(613) 828-6611

Experience has no substitute
Inexperience carries significant cost and risk

Close Window

MOAB is Mother of all BLACKLISTS


For each MikroTik Router or each MikroTik CHR instance that qualifies for the service » MOAB Subscription Service will cost US $90 per year payable via PayPal. A 10 day MOAB FREE Trial Period is available for MOAB First Time Users who want to trial MOAB prior to purchasing a subscription. MOAB First Time Users must request the MOAB Free Trial Period with a Yes or No when providing your info as required below. At the end of the MOAB Free Trail Period - on the 10th day - if you wish to continue with MOAB you must make the Subscription Payment via PayPal otherwise your Trial Account will be deleted end of that day. For those First Time MOAB users the MOAB Trial Period begins on the day your MOAB account is accessed by your MikroTik Router's WAN IP Adress.

For MikroTik Router models that incorporate microSD memory card or USB memory stick or SSD drive for file storage - that file storage must have a minimum of 4GB of free memory available and must be named disk2.

Any MikroTik RouterBoard that does not provide the ability to add either a microSD memory card or USB memory stick or SSD disk for file storage will not qualify for the MOAB service. Because MikroTik NAND memory is soldered on the Routerboard its not replaceable -- MOAB writes 4,300 times over a period of 365 days which may be deleterious to the Routerboard's life span if the NAND memory becomes exhausted.

Tell us how much storage you have free on the NAND flash memory and if you using either a microSD memory card or USB memory stick or SSD drive. if you have a microSD memory card or USB memory stick or SSD Drive installed what is it's name [i.e. disk2] and how much free memory is available? Please note that if you want to use your existing microSD memory card or USB memory stick or SSD Drive for file storage you must name it disk2

Which port(s) is your WAN(s) connection tied too [i.e. ether1]? If you have more than one WAN connection and want all connections covered by MOAB what is the in-interface-list name you created for the WAN ports?

Example of what information we expect to receive from you:

  1. Your Name: Sam Stone
  2. MikroTik Router's model: RouterBOARD D52G-5HacD2HnD-TC
  3. Serial Number: 4EF8DA6679A5
  4. Full Privileged Admin Name: owner=riverdale
  5. File Storage used:
    1. NAND flash memory storage: 512MB/128MB free
    2. SSD storage: disk2 128MB/64MB free
    3. USB memory stick: disk2 8GB/5GB free
    4. microSD card: disk2 16GB/16GB free
  6. If single WAN port: ether1
    If Multi-WAN in-interface-list name: lbwanip
  7. Free Trial Period requested: Yes/No

Once we have your information, and within 24 hours, we will provide you, via e-mail, with your files. The account info we provide you will be tied to your WAN IP Address. To Kick Start the process we will also provide you with 1 rsc files and 1 control files specific to your router model that you will need to place in your file storage area: for CHR instances the file storage area is called moab which directory is created at the root level; for all others the file storage area is called disk2 after which you will also need to import those rsc files using a Terminal session.

If you would prefer to have us install MOAB for you on your MikroTik Router via remote control session let us know and we would be happy to do that for you at an additional cost of US $60.00 - Please note that if we do the MOAB install for you we insist on a specific Firewall "input" rule order thats depicted below.

We track [and log] each account to it's IP address - your embedded account details may only be used on authorized MikroTik Routers that you declare to us - any abuse of privilege of whatsoever nature will cancel your account without further notice.

For Your Information

MOAB has two tracks, one for memory constrained MikroTik Routers and the other for all other MikroTik models. Once we know which MikroTik Router model you have we will decide if your model qualifies and which track to put you on. Both tracks cover over 615 million IP addresses of known perpetrators.

For amply provisioned MikroTik Routers the maximum download size is 3 MB or less - 3 times daily and consists of 2 files [1 rsc file and 1 txt control file]; you can change the schedule to suit your situation.

For memory constrained MikroTik Router models that qualify - maximum download size is 0.5 MB or less - 3 times daily and consists of 2 files [1 rsc file and 1 txt control file]; you can change the schedule to suit your situation.

How does MOAB store 615+ million IP addresses you wonder? MOAB consists of ipset that store a large number of IP(v4) addresses -- For well provisioned MikroTik Router models MOAB normally contains between 20K and 50K ipset entries and in that mix reside 2,400+ CIDR notations - so you may wonder what do those CIDR notations represent? CIDR notation is a compact representation of an IP address and its associated routing prefix. A CIDR notation entry represents a large collection of IP addresses.
For Example:

This CIDR notation
contains 16,777,214 IP addresses

This CIDR notation
contains 65,534 IP addresses

This CIDR notation
contains 6,382 IP addresses

ipset is an extension to iptables that allows you to create firewall rules that match entire "sets" of addresses at once. Unlike normal iptables chains, which are stored and traversed linearly, IP sets are stored in indexed data structures, making lookups very efficient, even when dealing with large sets

If your USB drive is named disk1 you will need to rename it to disk2. Following is script to rename disk1:
/disk set 0 name=disk2

This script assumes that your file storage device # 0 is correct. To find the correct device # for the file storage device used in Terminal issue the following: /disk print

Once you complete the Kick Start Process, described above, and install the scripts you should be aware of the following script execution sequence controlled by the scheduler:

For memory constrained MikroTik Routers
- thediffevent is the first script to execute followed by
- mtiptik is the second script to execute
For amply provisioned MikroTik Routers
- thediffevent is the first script to execute followed by
- fileiptik is the second script to execute
For CHR or x86 MikroTik Routers
- thediffevent is the first script to execute followed by
- chrxiptik is the second script to execute

MOAB is updated 3 times each day @ 00:00:01 hours @ 08:00:00 hours @ 16:00:00 hours
using Ottawa ON Canada GMT -4 when Daylight Savings Time is in effect and
using Ottawa ON Canada GMT -5 when Eastern Standard Time is in effect.
You should adjust the scheduled TIME intervals on your MikroTik Router to coincide with MOAB's GMT attribute so that it reflects your geographic location - make sure that the ordering sequence of execution does not change and that there is at least a 5 minute interval between each script launching. The Greenwich Mean Time Converter can help you to determine the correct GMT time interval to use for your location.

Following is an example assuming your location is London England using GMT +1
The math here is going from Ottawa GMT-4 to London GMT+1 provides a difference of 5 hours and we suggest adding a 10 minute interval to that so that now adds up to +5:10
The scheduled scripts that we provide you are configured with the following defaults:
thediffevent Start-Time 00:02:00 THEN you would set your Start-Time to 05:12:00
mtiptik Start-Time 00:05:00 THEN you would set your Start-Time to 05:15:00

Our MOAB scripts do not create the ONE Firewall rule needed to effect the blacklist - You must do that as follows:

/ip firewall filter add action=drop chain=input comment="INPUT DROP MOAB Blacklist" in-interface=ether1 log-prefix="Drop Blacklist" src-address-list=blacklist

NOTE: for Multi-WAN make sure that your interface is reflective: for example if you have 2 or more interfaces assigned to multiple WAN's and you've added them to an interface list named LBwanIP then your Firewall rule will look like:

/ip firewall filter add action=drop chain=input comment="INPUT DROP MOAB Blacklist" in-interface-list=LBwanIP log-prefix="Drop Blacklist" src-address-list=blacklist

Placement and order of the Firewall rules is vitally important - improper placement will have undesirable consequences where services and sites you expect to work will no longer function.
The only Firewall Rules for MOAB is placed in IP Firewall Filter Rules INPUT chain as shown below.

  1. INPUT chain Established/Related ACCEPT
  2. INPUT chain invalid DROP
  3. INPUT chain MOAB blacklist DROP
  4. more rules .....


If you are a cloud hosting VoIP provider please see voipTIK bellow


MOAB subscription Service Payment US $90.00 per Year

« PayPal »  when you're ready to subscribe

Please note that MOAB Subscription Service Payment above and
MOAB Install Service Payment below
are two sperate independent service payments.

MOAB Remote Install Service Payment US $60.00

« PayPal »  when you prefer to have us install MOAB for you.

We use Google Chrome Remote Desktop extension for all remote installation services.

MOAB Remote install service is only available for
broadband capable users
minimum 100Mbps Down 10Mbps Up.

voipTIK - a VoIP Blacklist to protect your business and PBX's against VoIP Fraud and minimize the risks of attacks on your Telephony Server - VOIP Providers wishing to subscribe to MOAB and voipTIK as one subscription package or have voipTIK as a standalone package please
 » e-mail us «  for Trial and Payment information.

Disclaimer: You may cancel your subscription at any time, all sales are final we do not issue refunds

Close Window

IT-Expert on Call Professionals are ready willing and able to expertly deploy it for you

IT-Expert on Call does not maintain a staffed storefront office
All access to our resources is by appointment only made either by
Phone (613) 828-6611 or (613) 762-8018 or  » e-mail us « 

Based in Nepean, Ontario, Canada servicing the Regional Municipality of Ottawa-Carleton plus we offer remote services within Canada and the Continental U.S.A where broadband internet service is available.

Updated Thursday 26 March, 2020 9:31 AM
Webmaster: David Mozer