I wanted to block #IP addresses based on some informations. So i started a small #Go #project to capture #packets. This quickly turned into more. I guess this becomes some kind of #XDR?
Clients capture packets, send these to the server, which stores them in a #database. This data is visualized on the dashboard. I'll also add controls to block ip's based on #regex, country and #abuseipdb score. This will be a fun project!
God damn i never liked notifications until now.
#fail2ban #security #ip #ban #automation #sysadmin #linux #abuseipdb
I finally finished my #Fail2Ban setup and am quite happy with the result. I've got #discord and #email notifications, global IP banning (on all servers) and automatic reporting to #abuseipdb based on multiple factors. This is awesome.
I'm so happy that i took the time to set up #Authelia as it's a breeze to #protect a single #endpoint and cover 70-80% of all services.
#homelab #selfhosting #linux #security #sso #oidc #OpenIDConnect
I came across the #Fail2Ban #docker image from #linuxserverio and thought to myself that it's finally time to set up Fail2Ban. I admit i never used it before and it was a bit difficult to add it to my #playbook as all of my #servers have different services and therefore different #logfile paths, but that's nothing #jinja #templating can't fix.
Now that i've got #Discord notifications for banned #IPs, it's time to work on actual #IPblocking. I also want to use the #IPComplaint and #AbuseIPDB actions as i really like the idea of reporting abuse (even though i have no idea how effective that may be).
I may also want to replace the discord #webhook with #email notifications later as that's mostly the reason i've set up a #mailserver ( #stalwart ) in the first place.
I mean, most of my services are only accessible from #tailscale or my #homenetwork, but since #Ansible makes it so much easier to apply higher standards, i just can't resist. My #homelab is changing every day and i think setting up additional #security, even though i don't need it yet, is never a bad idea.
#networking #badactors #firewall #automation #linux #selfhosting #homeserver
Immer schön, wenn man sich einen neuen Rootserver ordert und die zugehörige IP-Adresse gleich als auffällig in der AbuseIPDB zu finden ist. 🤦🏼♂️
I used to spend a lot of time managing my IP blacklist for my servers, then starting late last year I discovered #AbuseIPDB and decided to integrate them into my security setup.
I wrote a stub to report attackers automatically back to the DB, but I also compare my server logs against the API (free for my small amount of activity) and block well-known baddies.
This is so much less of a drain on your time, I highly recommend it.
Ich finde es toll, dass das #Fail2Ban mittlerweile zuverlässig die IP's #AbuseIPDB meldet. Täglich um die 1000 Einträge laut API.
https://www.abuseipdb.com/user/90603
Irgendwie wäre es noch toll wenn man das an alle möglichen Dienste z.B. #Mastodon anbinden könnte, so dass Account's die von gemeldeten IP's erstellt werden, manuell geprüft werden müssen.
Mir scheint, als würde gerade ein massiver #SSH #Brutefotce Angriff auf #Hetzner IP Adressen zu laufen...
Hab gestern mein 3000er #Ratelimit bei #abuseipdb gerissen...
In den Statistiken der letzten 28 Tage sehe ich einen stetigen Anstieg...
#Fail2Ban hat gut zu tun.
Hat das sonst noch jemand bemerkt?
Ich habe #Fail2Ban ja so eingerichtet das es die Blocks an #AbuseIPDB sendet, krass wie viel da einfach nur bei rum kommt.
Please test this AbuseIPDB report plugin for WordPress and let me know if it works properly or not
https://github.com/georgengelmann/abuseipdb-report
#WordPress #wordpressplugin #abuseipdb #netsec #infosec #cybersecurity #website #websites
Habe heute einige meiner #fail2ban sshd Jails meiner Server mal an die #abuseipdb api hingestellt und die IP reporten lassen.
In jetzt vielleicht 12 Stunden wurden über 1100 IPv4 Adressen reportet.
Micht direkt als Webmaster freischalten zu lassen war ne gute Idee, sonst hätt ich das API Limit schon gerissen...
Wird sicher noch mehr, wenn mal alle Server eingerichtet sind...
I'm currently working on adding #AbuseIPDB support to Theseus2000. If you're being denied access to parts of a website, or seeing more #CAPTCHA challenges than usual, you'll be able to check your IP against the AbuseIPDB database to see if it's been flagged. #T2000
Are your servers getting pounded with SSH bruteforce requests? Looking for a way to block the repeat offenders whilst also reporting them to help the wider community?
Automate blocks and reporting with #fail2ban and #abuseipdb
https://bret.dk/automating-abuseipdb-reporting-with-fail2ban/
Free Online Tools for Looking up Potentially Malicious Websites.
Examine the #URL in real-time to identify threats.
#AbuseIPDB: Provides reputation data about the IP address or hostname.
#Auth0 Signals: Checks IP address reputation; supports API.
#BrightCloud URL/IP Lookup: Presents historical reputation data about the website.
#CheckPhish: Checks whether the URL is a fraudulent site.
#Desenmascara.me: Flags websites suspected of selling counterfeit products.
