search

mitchellkrogza / fail2ban-useful-scripts

A collection of useful scripts for automation of & easing maintenance of Fail2Ban
48 stars 20 forks source link

Use HTTPS to get download from badips.com #3

Open oej opened 4 years ago

oej commented 4 years ago

https://www.badips.com/blog/ssl-enabled-on-badips-com

Badips.com now has https enabled so your script can verify download properly.

tradenet commented 4 years ago

Is this site even working now?

oej commented 4 years ago

Seems to have died since I checked.

tradenet commented 4 years ago

Seems to have died since I checked.

I've been using https://www.abuseipdb.com/ of late.

AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time
AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.
SomePersonSomeWhereInTheWorld commented 4 years ago

Seems to have died since I checked.

I've been using https://www.abuseipdb.com/ of late.

AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a timeAbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.

How do you get AbuseIPDB to work with this script?

tradenet commented 4 years ago

I've been using this script instead. https://github.com/AmplitudeDesignInc/abuseipdb-php-nginx-blacklist-create Works well.

GitHub
AmplitudeDesignInc/abuseipdb-php-nginx-blacklist-create
Uses PHP to generate an AbuseIpDB blacklist file for use in your Nginx configuration. - AmplitudeDesignInc/abuseipdb-php-nginx-blacklist-create
SomePersonSomeWhereInTheWorld commented 4 years ago

I have a suggestion to update the script to use https://www.abuseipdb.com/. Just replace everything up to the 2nd wget with the following. You can view any errors in /tmp/badips.txt

# Assign values to the variables
key="ABC123_REPLACE_WITH_YOUR_KEY"
_input="/tmp/badips.txt"

# Send the output of the curl command to the $_input file.
curl -G https://api.abuseipdb.com/api/v2/blacklist \
-d confidenceMinimum=90 \
-d plaintext \
-H "Key: ${key}" \
-H "Accept: application/json" > ${_input}

# Check to see if the curl command failed.
if [[ ${?} -ne 0 ]]
then
  echo "Unable to download ip list."
  exit 1
fi

# If the $_input file contains the text "error", then we do NOT have a list of ip addresses.
grep -i error ${_input} >/dev/null

if [[ ${?} -eq 0 ]]
then
  echo "Error downloading ip list."
  exit 1
fi
AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time
AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.
tradenet commented 4 years ago

I have a suggestion to update the script to use https://www.abuseipdb.com/. Just replace everything up to the 2nd wget with the following. You can view any errors in /tmp/badips.txt

# Assign values to the variables
key="ABC123_REPLACE_WITH_YOUR_KEY"
_input="/tmp/badips.txt"

# Send the output of the curl command to the $_input file.
curl -G https://api.abuseipdb.com/api/v2/blacklist \
-d confidenceMinimum=90 \
-d plaintext \
-H "Key: ${key}" \
-H "Accept: application/json" > ${_input}

# Check to see if the curl command failed.
if [[ ${?} -ne 0 ]]
then
  echo "Unable to download ip list."
  exit 1
fi

# If the $_input file contains the text "error", then we do NOT have a list of ip addresses.
grep -i error ${_input} >/dev/null

if [[ ${?} -eq 0 ]]
then
  echo "Error downloading ip list."
  exit 1
fi

AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a timeAbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.

Perfect. Thanks for the suggestion. Just a note, I think abuseipdb.com allows to download a list 5 times day only with a free account.

AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time
AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.
SomePersonSomeWhereInTheWorld commented 4 years ago

I think abuseipdb.com allows to download a list 5 times day only with a free account.

Correct, otherwise you will get:

{"errors":[{"detail":"Daily rate limit of 5 requests exceeded for this endpoint. See headers for additional details.","status":429}]}

SomePersonSomeWhereInTheWorld commented 3 years ago

It’s working with the above changes but something is breaking after a subsequent run. I get this error:

expr: syntax error: missing argument after ‘-’
tail: invalid number of lines: ‘/etc/hosts.deny’

And what I see is the last line of /etc/hosts.denyends with:

ALL: 51.75.142.24# ##### END badips.com Block List #####

That comment from the first hashtag should be on a line by itself. When the comment is appended to the end of the last IP address that’s when the above error happens. So something in the update script is causing this after it runs correctly.

tradenet commented 3 years ago

expr: syntax error: missing argument after ‘-’ tail: invalid number of lines: ‘/etc/hosts.deny’

I haven't tried it yet. But if I recall make sure you add a newline after the last non-empty line.