Can’t block specific IP address with iptables, ubuntu 16.04

I’m trying to troubleshoot Fail2ban recognizing our http-get-dos trigger, but not actually banning the offending host. I can see it adding entries to iptables rules, but they don’t have any affect.

So I tried to manually ban a host, and I cant get that to work either.

I’m trying to drop all traffic from a specific host. I inserted a DROP rule, and appended a DROP rule, so they bookend everything. I’ve X’ed out the ip address of the host I’m trying to ban. This host can still connect to my web server, and get web pages.

I must be missing something stupid.
Here’s the iptables -nvL output:

sudo iptables -nvL
Chain INPUT (policy ACCEPT 6226 packets, 31M bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       XX.XX.XX.XX         0.0.0.0/0
85222 7764K fail2ban-xmlrpc  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
85222 7764K fail2ban-HTTP  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
85222 7764K fail2ban-HTTP  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
 137K   16M fail2ban-BadBots  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
   82  7136 fail2ban-sasl  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 25,465,587,143,220,993,110,995
   82  7136 fail2ban-postfix  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 25,465,587
 137K   16M fail2ban-apache-overflows  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
 137K   16M fail2ban-apache-noscript  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
16620 1181K fail2ban-ssh-ddos  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
16621 1181K fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
    0     0 DROP       all  --  *      *       XX.XX.XX.XX         0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 6649 packets, 5149K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain fail2ban-BadBots (1 references)
 pkts bytes target     prot opt in     out     source               destination
 137K   16M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-HTTP (2 references)
 pkts bytes target     prot opt in     out     source               destination
 170K   16M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-apache-noscript (1 references)
 pkts bytes target     prot opt in     out     source               destination
 137K   16M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-apache-overflows (1 references)
 pkts bytes target     prot opt in     out     source               destination
 137K   16M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-postfix (1 references)
 pkts bytes target     prot opt in     out     source               destination
   82  7136 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-sasl (1 references)
 pkts bytes target     prot opt in     out     source               destination
   82  7136 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-ssh (1 references)
 pkts bytes target     prot opt in     out     source               destination
16621 1181K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-ssh-ddos (1 references)
 pkts bytes target     prot opt in     out     source               destination
16620 1181K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-xmlrpc (1 references)
 pkts bytes target     prot opt in     out     source               destination

and here’s the iptables -S output:

sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-BadBots
-N fail2ban-HTTP
-N fail2ban-apache-noscript
-N fail2ban-apache-overflows
-N fail2ban-postfix
-N fail2ban-sasl
-N fail2ban-ssh
-N fail2ban-ssh-ddos
-N fail2ban-xmlrpc
-A INPUT -s XX.XX.XX.XX/32 -j DROP
-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-xmlrpc
-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-HTTP
-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-HTTP
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-BadBots
-A INPUT -p tcp -m multiport --dports 25,465,587,143,220,993,110,995 -j fail2ban-sasl
-A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-apache-overflows
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-apache-noscript
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh-ddos
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -s XX.XX.XX.XX/32 -j DROP
-A fail2ban-BadBots -j RETURN
-A fail2ban-HTTP -j RETURN
-A fail2ban-HTTP -j RETURN
-A fail2ban-apache-noscript -j RETURN
-A fail2ban-apache-overflows -j RETURN
-A fail2ban-postfix -j RETURN
-A fail2ban-sasl -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh-ddos -j RETURN
-A fail2ban-xmlrpc -j RETURN

address – How does a game like Satoshi Dice avoid de-anonymizing users?

When considering games like satoshi dice or many other more typical online casino games, how do they handle awarding prizes? It seems like they pay back to the original input that sourced capital to them yet I have heard that addresses should never be reused for receiving payments.

My Question then is two fold:

  1. Do gambling services that pay back to inputs that have paid them create a de-anonymization risk for the network?

  2. If there are multiple inputs how do these gambling services decide WHICH of those inputs to pay back to? Is there a “Safer way”/”Preferred way” to select such an input?

Unknown Address Format Parsing Bitcoin Addresses from Blockchair Data

I’ve obtained a list of all current Bitcoin addresses with balances from Blockchair, which is downloadable from their data repository located here. I have downloaded the Bitcoin / Addresses TSV database dump.

The list consists of:

  • ~23m P2PKH (1xxx) addresses
  • ~5.8m P2SH (3xxx) addresses
  • ~1.3m Bech32 (bc1xxx) addresses

However, there are also ~400k addresses that have prefixes that I don’t recognise, including:

  • d-xxx (example: m-942943e227462513f33c4f32ec6f1e56)
  • m-xxx (example: d-b697921d996831d1a26ca8d8e92571c1)
  • s-xxx (example: s-2ad548f2459c0ed6123400e5d61a479e)

Are these valid Bitcoin addresses?

If they are, how do I view information about them?

If they are not, any idea why they appear in the dump of current Bitcoin addresses from Blockchair?

What are the minimum and maximum length of a Mainnet Bitcoin address?

The wiki says that

A Bitcoin address is an identifier of 26-35 alphanumeric characters.

Is this information up-to-date? Even the Bech32 address bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq given as an example on the same page has 42 characters.

Some other Bitcoin mainnet address examples:

Before you say that this is duplicate, I know that What are the minimum and maximum lengths of a Mainnet Bitcoin address? asks the same question. However, I do not have enough reputation to add a comment there.

authentication – What is the suggested best practice for changing a users email address?

I recently jumped onto the hypetrain for an unnamed e-mail service and am currently on my way to update all my accounts on various websites to get most of my (future) data off googlemail.

During this adventure I came across a couple user-flows of changing your e-mail address which I would like to share (amounts like “many” or “a few” a purely subjective, I did not count):

1. No questions asked

E-mail address is just changed without any confirmation-mails, second password check or spellchecking (two input fields). The e-mail adress is the main login method to this account with some sensitive data. Any person with malicous intend will not be stopped from taking over my account if they change the email adress and after that my password.

2. Confirmation of new email

What I feel like the method used by most platforms: You will receive a confirmation email to the new address you provide. This will assure you typed in the e-mail correctly, will not stop anyone from changing the main login method though.

3. Confirmation through old address

Very few platforms send an email to the old address to check if I am the actual owner of this account. If I click the link in the mail or enter a number they send me, the adress is changed.

4. Confirmation through old and of new address

Just once I had to confirm with my old address that I am the owner of the account and got another email to the new address to check if it does indeed exist.

Looking back at it, it feels like the usual UX vs security conflict. While method 1 provides the most comfortable flow, I see the most issues with it as already pointed out.
Having to confirm the old address and the new one is kind of a hassle but from the methods pointed out the best way to keep the account of your users in their own hands.

Are there other common methods I am not aware of and what is generally considered best practice?

segregated witness – Retrieve address when create a channel lightning network

I have two nodes in regtest.
the first one is:

$ l1-cli getinfo
{
   "id": "02c3f99e70c8da59e428dd119d36c0a1317e5cd85218a760355b5f9b4f822f6109",
   "alias": "ALICE",
   "color": "ddff06",
   "num_peers": 0,
   "num_pending_channels": 0,
   "num_active_channels": 0,
   "num_inactive_channels": 0,
   "address": [],
   "binding": [
      {
         "type": "ipv4",
         "address": "127.0.0.1",
         "port": 6060
      }
   ],
   "version": "v0.8.2-269-g6014644",
   "blockheight": 1,
   "network": "regtest",
   "msatoshi_fees_collected": 0,
   "fees_collected_msat": "0msat",
   "lightning-dir": "/tmp/l1-regtest/regtest"
}
$ l1-cli  dev-listaddrs
{
   "addresses": [
      {
         "keyidx": 0,
         "pubkey": "032173996ba61da17cf20a15bbd72bc6f1e6dcace0ffa55e0a8c4de6cb1fde0cd4",
         "p2sh": "2N5tGiR5EkCv8gMYAs9myqQ7R6Wkgkcc1L5",
         "p2sh_redeemscript": "0014a0064ff5b87368717f4d7f8f7d84f8aa41de10e9",
         "bech32": "bcrt1q5qryladcwd58zl6d078hmp8c4fqauy8fj4vsrv",
         "bech32_redeemscript": "a0064ff5b87368717f4d7f8f7d84f8aa41de10e9"
      }
   ]
}

the second is:

$ l2-cli getinfo
{
   "id": "0214106517c1a81bf2dd8a3f37f6438e264ee17e270ed5c08110f584863f9bfa99",
   "alias": "BOB",
   "color": "021410",
   "num_peers": 0,
   "num_pending_channels": 0,
   "num_active_channels": 0,
   "num_inactive_channels": 0,
   "address": [],
   "binding": [
      {
         "type": "ipv4",
         "address": "127.0.0.1",
         "port": 9090
      }
   ],
   "version": "v0.8.2-269-g6014644",
   "blockheight": 1,
   "network": "regtest",
   "msatoshi_fees_collected": 0,
   "fees_collected_msat": "0msat",
   "lightning-dir": "/tmp/l2-regtest/regtest"
}
$ l2-cli  dev-listaddrs
{
   "addresses": [
      {
         "keyidx": 0,
         "pubkey": "03ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe62628",
         "p2sh": "2MsoPq7yYttm63u8yzRGgnYs44TTEe7z6ZS",
         "p2sh_redeemscript": "001463550e0be42780fef27416d022943739cfd06423",
         "bech32": "bcrt1qvd2suzlyy7q0aun5zmgz99ph888aqeprvsg6sw",
         "bech32_redeemscript": "63550e0be42780fef27416d022943739cfd06423"
      }
   ]
}

Alice has 50 bitcoins in bcrt1q5qryladcwd58zl6d078hmp8c4fqauy8fj4vsrv
Alice connects to BOB

$ l1-cli connect 0214106517c1a81bf2dd8a3f37f6438e264ee17e270ed5c08110f584863f9bfa99 127.0.0.1:9090
{
   "id": "0214106517c1a81bf2dd8a3f37f6438e264ee17e270ed5c08110f584863f9bfa99",
   "features": "02aaa2"
}

Alice creates a channel with 0.05 bitcoin = 50000000000msat

l1-cli fundchannel 0214106517c1a81bf2dd8a3f37f6438e264ee17e270ed5c08110f584863f9bfa99 5000000000msat                                │
{                                                                                                                                     │
   "tx": "02000000000101e5fd718b998672b2b38747f010676fc1300b8cb063649e8a922637941bbce6060000000000feffffff02404b4c0000000000220020b7e3│
dec987315eaf340075d2a06fb92961f7e6578285d7c2e418da449c17fd9d26a6b9290100000016001406d177ca4906c71db5d4240e31468ad6d93f3989024730440220│
4b35306bb23701b24102b3933289cd1e7a0b67c875d965c337cd7357946f1b9e022031f98d8f318d2b72d8f3621c2005378a78a103a6169536b940e31f51e05c8d2f01│
21032173996ba61da17cf20a15bbd72bc6f1e6dcace0ffa55e0a8c4de6cb1fde0cd400000000",                                                        │
   "txid": "dbb8a5f98d465c6cf438b8166a438a09c8118f2b62960ef99403be00e1ced8a6",                                                        │
   "channel_id": "a6d8cee100be0394f90e96622b8f11c8098a436a16b838f46c5c468df9a5b8db"                                                   │
} 

Now I check the funding transaction

bitcoin-cli getrawtransaction dbb8a5f98d465c6cf438b8166a438a09c8118f2b62960ef99403be00e1ced8a6 2

"vout": [
    {
      "value": 0.05000000,
      "n": 0,
      "scriptPubKey": {
        "asm": "0 b7e3dec987315eaf340075d2a06fb92961f7e6578285d7c2e418da449c17fd9d",
        "hex": "0020b7e3dec987315eaf340075d2a06fb92961f7e6578285d7c2e418da449c17fd9d",
        "reqSigs": 1,
        "type": "witness_v0_scripthash",
        "addresses": [
          "bcrt1qkl3aajv8x9027dqqwhf2qmae99sl0ejhs2za0shyrrdyf8qhlkwsgphj96"
        ]
      }
    },
    {
      "value": 49.94999846,
      "n": 1,
      "scriptPubKey": {
        "asm": "0 06d177ca4906c71db5d4240e31468ad6d93f3989",
        "hex": "001406d177ca4906c71db5d4240e31468ad6d93f3989",
        "reqSigs": 1,
        "type": "witness_v0_keyhash",
        "addresses": [
          "bcrt1qqmgh0jjfqmr3mdw5ys8rz3526mvn7wvf5pklnl"
        ]
      }
    }
  ],

That address bcrt1qkl3aajv8x9027dqqwhf2qmae99sl0ejhs2za0shyrrdyf8qhlkwsgphj96 is Segwit multisig.
Now If I check addr in l1 I can see

$ l1-cli  dev-listaddrs
{
   "addresses": [
      {
         "keyidx": 0,
         "pubkey": "032173996ba61da17cf20a15bbd72bc6f1e6dcace0ffa55e0a8c4de6cb1fde0cd4",
         "p2sh": "2N5tGiR5EkCv8gMYAs9myqQ7R6Wkgkcc1L5",
         "p2sh_redeemscript": "0014a0064ff5b87368717f4d7f8f7d84f8aa41de10e9",
         "bech32": "bcrt1q5qryladcwd58zl6d078hmp8c4fqauy8fj4vsrv",
         "bech32_redeemscript": "a0064ff5b87368717f4d7f8f7d84f8aa41de10e9"
      },
      {
         "keyidx": 1,
         "pubkey": "03841e0be7af4049e44818cfab5248128806e22103b6177a0915e18fdb683875c8",
         "p2sh": "2N6aAJa7kbCVFx8cNMjRskR2beACY6AaPBA",
         "p2sh_redeemscript": "00146e289f089c56abb767fecd3e189489eb619ffa74",
         "bech32": "bcrt1qdc5f7zyu264mwel7e5lp39yfadsel7n5hnp04r",
         "bech32_redeemscript": "6e289f089c56abb767fecd3e189489eb619ffa74"
      },
      {
         "keyidx": 2,
         "pubkey": "020f91c2b34bc3a8cf3b56279fb7cae5a24ed3fb571cdfca2c35064e1d17d57b18",
         "p2sh": "2N5WmmNYJCr8eK2nJvf8N8QwV9zj9Lxree2",
         "p2sh_redeemscript": "0014751389f7ad7f0426e8fed655c0e40de0c06c3781",
         "bech32": "bcrt1qw5fcnaad0uzzd6876e2upeqdurqxcdup20v8lj",
         "bech32_redeemscript": "751389f7ad7f0426e8fed655c0e40de0c06c3781"
      },
      {
         "keyidx": 3,
         "pubkey": "03c2ecd5456ebf61168ef9536da277772c308798a5635f83e9ed60233bdf620958",
         "p2sh": "2N1rzfyGXpbPPjr7FhZsvaaaFiifvrxiEyd",
         "p2sh_redeemscript": "001478624d2bcd45fe2adf8c479a171634209adac754",
         "bech32": "bcrt1q0p3y627dghlz4huvg7dpw935yzdd4365xje7v5",
         "bech32_redeemscript": "78624d2bcd45fe2adf8c479a171634209adac754"
      },
      {
         "keyidx": 4,
         "pubkey": "033a1f02a7c19cba180defc087fdc0b48636a3d61adc4eb9d5ca1e8e6f21b12284",
         "p2sh": "2MvZeMyFSN4UWtYnTEBcTdtCjBi8kNVKKum",
         "p2sh_redeemscript": "001406d177ca4906c71db5d4240e31468ad6d93f3989",
         "bech32": "bcrt1qqmgh0jjfqmr3mdw5ys8rz3526mvn7wvf5pklnl",
         "bech32_redeemscript": "06d177ca4906c71db5d4240e31468ad6d93f3989"
      },
      {
         "keyidx": 5,
         "pubkey": "03c0032537904220bd32be2f8431597f4a49b23300face9212a49b469470b99ec3",
         "p2sh": "2NCARQgcBZzmYK6CfvTW1XMGXv2pddZnrxh",
         "p2sh_redeemscript": "0014a22f05c2da4a52fbef434d67b1fda4c228990145",
         "bech32": "bcrt1q5ghstsk6fff0hm6rf4nmrldycg5fjq29xt5gpx",
         "bech32_redeemscript": "a22f05c2da4a52fbef434d67b1fda4c228990145"
      }
   ]
}

and in l2 I can see

$ l2-cli  dev-listaddrs
{
   "addresses": [
      {
         "keyidx": 0,
         "pubkey": "03ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe62628",
         "p2sh": "2MsoPq7yYttm63u8yzRGgnYs44TTEe7z6ZS",
         "p2sh_redeemscript": "001463550e0be42780fef27416d022943739cfd06423",
         "bech32": "bcrt1qvd2suzlyy7q0aun5zmgz99ph888aqeprvsg6sw",
         "bech32_redeemscript": "63550e0be42780fef27416d022943739cfd06423"
      },
      {
         "keyidx": 1,
         "pubkey": "02e28aaf512284c08336782769b9af1eb816970f99b6fadb2faa5c0d65ddc24d7e",
         "p2sh": "2MvpYKgQ7hY4q86WSn5FQALFjezAtxuyvBM",
         "p2sh_redeemscript": "00143c67dd58505ad35c30dc19db622659dfc543566e",
         "bech32": "bcrt1q83na6kzsttf4cvxur8dkyfjemlz5x4nwxq9kpz",
         "bech32_redeemscript": "3c67dd58505ad35c30dc19db622659dfc543566e"
      }
   ]
}

Why I have several address in l1?
How Can I get bcrt1qkl3aajv8x9027dqqwhf2qmae99sl0ejhs2za0shyrrdyf8qhlkwsgphj96?

I tried with public keys of l1 and public key of l2, but without lucky

$  bitcoin-cli createmultisig 2 '["032173996ba61da17cf20a15bbd72bc6f1e6dcace0ffa55e0a8c4de6cb1fde0cd4","03ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe62628"]' "bech32"
 bitcoin-cli createmultisig 2 '["03841e0be7af4049e44818cfab5248128806e22103b6177a0915e18fdb683875c8","03ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe62628"]' "bech32"
 bitcoin-cli createmultisig 2 '["020f91c2b34bc3a8cf3b56279fb7cae5a24ed3fb571cdfca2c35064e1d17d57b18","03ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe62628"]' "bech32"
 bitcoin-cli createmultisig 2 '["03c2ecd5456ebf61168ef9536da277772c308798a5635f83e9ed60233bdf620958","03ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe62628"]' "bech32"
 bitcoin-cli createmultisig 2 '["033a1f02a7c19cba180defc087fdc0b48636a3d61adc4eb9d5ca1e8e6f21b12284","03ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe62628"]' "bech32"
 bitcoin-cli createmultisig 2 '["03c0032537904220bd32be2f8431597f4a49b23300face9212a49b469470b99ec3","03ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe62628"]' "bech32"
{
  "address": "bcrt1qdynj6dv4zq03ldfregnl3wwppt4gu0wm8xhn7gma48mg3s8vxswsau88sc",
  "redeemScript": "5221032173996ba61da17cf20a15bbd72bc6f1e6dcace0ffa55e0a8c4de6cb1fde0cd42103ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe6262852ae"
}
{
  "address": "bcrt1q5kvw3x3gafcg83w6klfrdtdta6dmptc35fyxty58kzr7wzd3n83q46t7x6",
  "redeemScript": "522103841e0be7af4049e44818cfab5248128806e22103b6177a0915e18fdb683875c82103ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe6262852ae"
}
{
  "address": "bcrt1q5fg097ujz8cl0hum4xt9x6mygzqhlvgkggkwqdlv7rvj8n0npk6qnzslpz",
  "redeemScript": "5221020f91c2b34bc3a8cf3b56279fb7cae5a24ed3fb571cdfca2c35064e1d17d57b182103ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe6262852ae"
}
{
  "address": "bcrt1qhzj0jgl56uatnxdzhwczrf08ku9a6c7x7fjldsnrkam75evlzywsn4ww6w",
  "redeemScript": "522103c2ecd5456ebf61168ef9536da277772c308798a5635f83e9ed60233bdf6209582103ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe6262852ae"
}
{
  "address": "bcrt1qsjm7zc0rhpzjmrldht7rxhp0y5ldu7c53da0fyr2jq3l9u03lz3q47r3r7",
  "redeemScript": "5221033a1f02a7c19cba180defc087fdc0b48636a3d61adc4eb9d5ca1e8e6f21b122842103ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe6262852ae"
}
{
  "address": "bcrt1qgsp7ltzlq9qcqmqr2eqd5h8zm87ch9zfdfj256nzsuk4ys2nc4asr0sqxk",
  "redeemScript": "522103c0032537904220bd32be2f8431597f4a49b23300face9212a49b469470b99ec32103ac7ca112d8459dd119e83be0242f7f9f8e3c0b44286cb262d84aa3d99fe6262852ae"
}

When importing a wallet from private key or seed phrase, how do you guess the correct address format?

How do I determine the derivation path for the seed when importing it?

I don’t think you can determine the derivation path from the seed phrase, you have to ask the user to choose one from a list or input it if not listed. You can build in a list of derivation paths for popular wallets, the user then has to know the name, and maybe version number, of the wallet that produced the seed they are importing.

or do i just do a wallet address lookup based on the supported derivation paths and keep searching for about 20 address if it has any transactions on the blockchain ?

That would work in many cases. It assumes you have access to a full copy of the blockchain indexed by all addresses with non-zero balance. It needn’t be local but a non-local source might make your seed-importation take a long time.