Ich habe mal meinen crowdsec stack geupdated.

Der traefik-crowdsec-bouncer wurde durch as native crowdSec traefik plugin.

Das bringt einige vorteile mit sich, die du hier nachlesen kannst.

https://2tap2.be/crowdsec-plugin-appsec

#homelab #traefik #crowdsec #waf #security #selfhost

@Doppellhelix #Crowdsec hat bei mir übrigens einen Wireguard-Tunnel als Angriff interpretiert und gesperrt. War doof. Deshalb habe ich Crowdsec erst mal wieder ausgeschaltet.

Wahnsinn.
Ein kleiner privater Honeserver mit ner Nextcloud drauf.
Über 11k Angriffe in einer Woche.
Ich empfinde das als viel, wenn man bedenkt das ja nicht viele die URL dazu kennen.

Und das sind nur die erkannten Angriffe.

#Nextcloud
#Homeserver
#crowdsec

Is the CrowdSec Free Community version actually useful? :thaenkin:

#crowdSec

Nach ganzen 8 erfolgreichen Jahren die Nextcloud mit einzelnen Dockercontainern zu betreiben, erfolgt nun ein Upgrade mit einer neuen größeren Festplatte und einem #Nextcloud All-in-One Setup + #Traefik + #CrowdSec Container.

Tối ưu bảo mật Homelab: Có cần CrowdSec khi đã dùng Pangolin & SSO?

Nhiều người dùng Homelab thắc mắc về việc thêm CrowdSec vào hệ thống đã có:
1. Pangolin VPS: Ẩn IP thật, tránh tấn công trực tiếp.
2. SSO + 2FA (Authentik): Chỉ người dùng tin cậy mới truy cập được ứng dụng.
3. Geoblocking: Chặn truy cập từ các quốc gia không mong muốn.

CrowdSec giúp chặn các IP xấu đã biết (community list) và chống DDoS, nhưng dễ gây "gậy ông đập lưng ông" (tự ban mình).

#SelfHosted #Security #CrowdSec #Pang

If you use CrowdSec with Pangolin, make sure you update the healthcheck for your crowdsec container to avoid getting banned. Apparently, the default healthcheck Pangolin recommended was hammering their API.

The healthcheck should look like this (using lapi & updated intervals):

healthcheck:
      test:
        - CMD
        - cscli
        - lapi
        - status
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 30s

https://github.com/crowdsecurity/crowdsec/issues/4160#issuecomment-3671572506

#selfhosted #crowdsec #pangolin

#OpnSense #CrowdSec #Networking

I recently setup CrowdSec on my OpnSense server. I've never used it before. This is just on my home internet interface. It is typical/expected to see over 130k 'attacks' over 7 days? Or does that hint at me doing something wrong? Seems excessive, but then, maybe this is totally normal.

I need to do some more reading about the 'Unknown Behavior'. Maybe I have something mis-configured there.

Over 5,100 unique #Tencent IPs triggered the ban within roughly 2-3 hours of this scenario going live. These guys don't mess around...

#MastoAdmin #CrowdSec

Update on the Tencent crawler situation:

Identified the fingerprint (Chrome/126 on Windows NT 6.1, always from AS132203/132591/45090) and deployed a #CrowdSec scenario to auto-ban them for 90 days.

Already blocked 100+ IPs within the first hour. They rotate constantly, but the fingerprint stays the same.

The attached chart shows traffic from the last 24 hours. All yellow spikes are recurring Tencent crawls.

#Tencent #MastoAdmin

Reverse Proxy Traefik : intégration de CrowdSec pour bloquer les attaques https://www.it-connect.fr/reverse-proxy-traefik-integration-de-crowdsec-pour-bloquer-les-attaques/ #Cybersécurité #ServeurWeb #CrowdSec

The #Crowdsec Helm Chart version 0.21.0 comes with a surprise: Installing packages on container startup!

https://github.com/crowdsecurity/helm-charts/pull/314/files#diff-a10b4191af8f0efd50e3cce7e95054abe7b5416f2a7ac82ef6b28b699821d1a7R43

If you are looking for "how to not do containers", this is a textbook example!

Checked the CrowdSec stats today.
Turns out the Lighthouse has been quietly keeping the seas calm —
thousands of bad requests turned to mist before they ever reached the shore.
Always nice when the defences do exactly what they should.

#crowdsec #selfhosting #infosec #MastodonAdmin #FediverseOps

Hew fellow selfhosters. Is there any problem if i would use crowdsec and ufw-blocklist together on my Debian Trixie Webserver?
Does anyone of you use that combination?

#crowdsec #ufw #selfhosting @homelab @homelab_de

Just found out that the "http-crawl-non_statics" scenario from Crowdsec was accidentally banning PeerTube servers so I removed it. Sorry if your server ended up blocked.

#PeerTube #Crowdsec #sysadmin

CrowdSec Manager (beta) đã ra mắt! Đây là giao diện web hiện đại (Go/React) giúp quản lý hệ thống bảo mật CrowdSec, tích hợp đặc biệt với Pangolin/Traefik. Các tính năng nổi bật: theo dõi sức khỏe hệ thống, quản lý IP, sao lưu tự động... Lưu ý: đây là bản beta, hãy thử nghiệm trong môi trường phi sản xuất!
#CrowdSec #BảoMật #WebUI #Pangolin #Traefik #Beta #TựHost #SelfHosted #Security

https://www.reddit.com/r/selfhosted/comments/1p1bisp/crowdsec_manager_web_ui_for_managing_crowdsec/

@tac @david Avec ou sans #Headscale, #Tailscale permet ne granularité dans les permissions. Par exemple, il sera possible d’autoriser le SSH qu’à certaines personnes.

Pour ce qui est protéger les resources privées, j’ai mis deux reverse proxy et des VLANs séparés pour mes services publics et privés. J’ai aussi mis #crowdsec et des règles de firewall.

Certes, très overkill pour mon homelab personnel 😊

https://www.crowdsec.net

Would love to be able to perform #CrowdSec #captcha with #Altcha, but I don't have the time to modify the CrowdSec HAproxy SPOE code, or create a PHP challenge provider and verifier. So, Anubis it is.
Bonus: CrowdSec could ban you while being redirected to Anubis, during user-agent parsing.

Finally making progress on my #KeyHelp, #HAproxy, VPN, reverse proxy, #Anubis, #CrowdSec web host.

Until now I've only used CrowdSec, with rather aggressive User-Agent rules (blocking all the dark visitors).
Finally managed to get HAproxy to subrequest auth against Anubis working.
Last thing remaining: automated SSL certs.

#crowdsec ey… da arbeite ich mal ne Stunde in der Nextcloud, schon wird meine IP geblockt. Aber 50 fehlgeschlagene Wordpress Login Versuche von der gleichen IP aus Litauen sind in Ordnung… 🤦‍♂️