Re: [Fail2ban-users] badips.com down for a while, alternatives?

Wed, 11 Nov 2020 08:04:01 -0800 

Hi everybody,

Login shield looks pretty :)

There's also https://github.com/desbma/referer-spam-domains-blacklist
2565 domains blacklisted at this moment. 583 were added since 27/05/2019.

What about it ?


Le 11/11/2020 à 14:13, Mike a écrit :

At 09:00 PM 11/10/2020, Kenneth Porter wrote:
--On Tuesday, November 10, 2020 9:48 AM -0500 Robert Kudyba <rkud...@fordham.edu> wrote: 


Here's another useful resource: https://iptoasn.com/


Any idea how to download the list and update /etc/hosts on a regular
basis?
I don't, but haven't messed with it much. I haven't tried the API. When stuff like that doesn't work, I take Obi-wan's advice: Use the source, Luke! :D There's a link at the bottom of the page to the web service source code on GitHub.
Instead of /etc/hosts, I'd load the values into an ipset, probaby using firewalld's commands to make them persistent and to reference them in a "direct" iptables rule. 

This is exactly what login-shield does.

https://github.com/dpsystems/login-shield
It's a curated blacklist of large IP blocks representing the areas where the lion's share of attacks and system probes are coming from (China, Russia, Brasil, etc.) that uses ipset, as well as IP space of known proxies and other dubious sources.  It works amazingly well.   Here's a report on the last 10 days of activity on my server: 

  _                 _             _____ _     _      _     _
 | |               (_)           / ____| |   (_)    | |   | |
 | |     ___   __ _ _ _ __ _____| (___ | |__  _  ___| | __| |
 | |    / _ \ / _` | | ^_ \______\___ \|  _ \| |/ _ \ |/ _` |
 | |___| (_) | (_| | | | | |     ____) | | | | |  __/ | (_| |
 |______\___/ \__, |_|_| |_|    |_____/|_| |_|_|\___|_|\__,_|
               __/ |
              |___/
============= Login-Shield Statistics based on current log files =========== 
 Using: /var/log/messages and /var/log/secure

Start: Nov  1 05:00:41
End  : Nov 11 07:09:15
============================================================================ 
Total system attacks: 3733
Blocked attempts    : 3724
Attacks got through : 9 (login failures)
---------------------------------
% Of Attacks Blocked: 99.7589%



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to