-
mimi89999
Establishing a secure connection from bashtel.ru to lebihan.pl failed. Certificate hash: 3d84f0a617e4665ee373554ace7456d7c1c986381e0e5272cf6db78105bdeaa4. Error with certificate 0: EE certificate key too weak, self signed certificate, certificate has expired.
-
rob
Is anyone interested in a public RBL for naughty servers?
-
rob
Something you can update a jail from to preemptively block bad actors
-
Martin
Like the Jabberspam blocklist?
-
jonas’
https://github.com/JabberSPAM/blacklist that one
-
Ge0rG
the ungoodlist.
-
Ellenor Malik
wheet.
-
rob
Like that yes, but more. For example all the servers running scripts to brute force ssh, or anything really
-
rob
Like the endless logs of fake users trying to log in to my mail server, all from one or two addresses depending on the day
-
rob
Just obvious bad IPs
-
Menel
There must be such lists somewhere I suppose. Like you describe, non xmpp specific.
-
Menel
Like all these lists: https://whatismyipaddress.com/blacklist-check
-
rob
Exactly but not just spam
-
rob
And if not, I might make one
-
Menel
They are also often for attacks
-
rob
It would be neat to have meta data available, so you could get a list a known ssh crawlers, or mail spammers etc
-
jonas’
http://www.sorbs.net/general/using.shtml
-
jonas’
that one also has categories for open proxies
-
rob
Oh nice
-
Харпер
rob: http://iplists.firehol.org/
-
rob
Харпер: Very cool, someone already did it 😊
-
moparisthebest
don't they change enough to not be useful ?
-
rob
Well it's part of firehol which updates your lists and related firewall rules regularly
-
rob
So I'd have to figure out how to use that
-
Харпер
They are standard ipset files
-
Харпер
You can use them straight or with firewalld
-
rob
I'll have to read up, I am only familiar with iptables a bit, and ip commands
-
Julian
They are not there yet, but crowdsec aims to provide some kind of community list of bad players. Like fail2ban with distributed intelligence. https://github.com/crowdsecurity/crowdsec
-
moparisthebest
you know what fail2ban *doesn't* fail to ban? yourself from your own servers
-
moparisthebest
if your stuff is set up right, ssh crawlers / mail spammers poking at it shouldn't bother you, just ignore it...
-
rob
> if your stuff is set up right, ssh crawlers / mail spammers poking at it shouldn't bother you, just ignore it... Ya it just bothers me, no ill effect. I just don't like it
-
moparisthebest
it doesn't warm your heart thinking about all the resources they are wasting on never getting into your servers ?
-
Харпер
Yep, I stopped bothering if it is inconvenient
-
Харпер
OpenWrt/pfSense both make it trivial to use those lists if your server if behind one of them. At that point you might as well
-
Харпер
Like does anyone here still use Snort? That is long dead imo