Open ChiefGyk3D opened 8 years ago
JoshData
commented
8 years ago Hi.
This idea is worth considering, but it would need to be re-written in a form that is much cleaner. Also some Googling reveals that the ipset tool would probably be better for this than managing the address list through iptables directly.
yodax
commented
8 years ago I do like the idea of using the list. Contributing back automatically might be difficult because of the account needed. If we do like contributing back we could discuss with the team maintaining that list.
ChiefGyk3D
commented
8 years ago I actually just contributed fixes to their language set and they do have an API. We could probably discuss some way of automating new accounts
ChiefGyk3D
commented
8 years ago I am not familiar with their API, but I just incorporated the list locally
ChiefGyk3D
commented
8 years ago See commits in #870 for changes to system.sh and the added sync-fail2ban file
While Fail2Ban is nice, I found having added blocklist.de of malicious IP addresses further helped decrease intrusion attempts. So I believe it should be integrated by default with a MiaB installation.
First become root sudo -i
Then download the script to cron.daily and make it executable curl -s https://gist.githubusercontent.com/klepsydra/ecf975984b32b1c8291a/raw > /etc/cron.daily/sync-fail2ban
chmod a+x /etc/cron.daily/sync-fail2ban
Optional but Recommended, Initial run manually: time /etc/cron.daily/sync-fail2ban
Tomorrow, check your /tmp/iptables.fail2ban.log file to see who’s been blocked. The lists you get are stored locally for now at /etc/fail2ban/blacklist.*
We should also add automatic abuse reporting via Fail2Ban to blocklist.de so we may help the community be better protected, and contribute to protection all across the web. www.blocklist.de