teufel100😈<p>Nachdem das jetzt funktioniert, hat wer Interesse an dem <a href="https://social.guckt.info/tags/ossec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSSEC</span></a> Active-Response-Script, welches IPs auf eine Firewall-Blockliste schreibt und die dann auch an <a href="https://social.guckt.info/tags/abuseipdb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbuseIPDB</span></a> meldet? Ich müsste es zwar noch zu modifizieren, dass da keine Keys drin sind, aber ich könnte das schon veröffentlichen.</p>
mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog
Verwaltet von:
Serverstatistik:
1,4 Tsd.aktive Profile
mastodontech.de: Über · Status · Profilverzeichnis · Datenschutzerklärung
Mastodon: Über · App herunterladen · Tastenkombinationen · Quellcode anzeigen · v4.4.4
#abuseipdb
0 Beiträge · 0 Beteiligte · 0 Beiträge heute
teufel100😈<p>Cappuccino!</p><p><a href="https://social.guckt.info/tags/wiegehtesdir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wiegehtesdir</span></a></p><p>Ich freue mich gerade, dass mein <a href="https://social.guckt.info/tags/ossec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSSEC</span></a> Active Response Script soweit funktioniert und jetzt die IPs, die geblockt werden, auch an <a href="https://social.guckt.info/tags/abuseipdb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbuseIPDB</span></a> sendet.</p><p>In zwei Wochen darf ich einem Kunden auf seinen Windows10 Laptop Linux installieren, allerdings nur, wenn es wirklich kein Update auf Windows11 gibt. Als ich das letzte Mal geschaut hatte, war sein Laptop noch nicht supportet, vielleicht ist er es ja jetzt, ansonsten ist es dann ein Linux System ;).</p>
teufel100😈<p>So, mein <a href="https://social.guckt.info/tags/ossec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSSEC</span></a> Script sendet jetzt auch an <a href="https://social.guckt.info/tags/abuseipdb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbuseIPDB</span></a> ---> <a href="https://www.abuseipdb.com/user/234373" rel="nofollow noopener" target="_blank">https://www.abuseipdb.com/user/234373</a></p>
teufel100😈<p>So, mal sehen, ob das so funktioniert, wie ich es mir vorstelle mit der Meldung bei <a href="https://social.guckt.info/tags/abuseipdb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbuseIPDB</span></a> über Ossec. Brauche jetzt nur ne Ossec-Meldung ;)</p>
☮ ♥ ♬ 🧑💻<p>> This IP address has been reported a total of 89 times from 60 distinct <br>> sources. 129.159.93.171 was first reported on February 7th 2022, and the <br>> most recent report was 9 hours ago</p><p>Cool, email spam dressed up as threats to life 🤣<br><a href="https://ioc.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spam</span></a> / <a href="https://ioc.exchange/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Email</span></a> <a href="https://ioc.exchange/tags/EmailAbuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EmailAbuse</span></a> / <a href="https://ioc.exchange/tags/abuseipdb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abuseipdb</span></a> <<a href="https://www.abuseipdb.com/check/129.159.93.171" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">abuseipdb.com/check/129.159.93</span><span class="invisible">.171</span></a>></p>
aaron ~# :blinkingcursor:<p>I came across the <a href="https://infosec.exchange/tags/Fail2Ban" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fail2Ban</span></a> <a href="https://infosec.exchange/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> image from <a href="https://infosec.exchange/tags/linuxserverio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxserverio</span></a> and thought to myself that it's finally time to set up Fail2Ban. I admit i never used it before and it was a bit difficult to add it to my <a href="https://infosec.exchange/tags/playbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>playbook</span></a> as all of my <a href="https://infosec.exchange/tags/servers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>servers</span></a> have different services and therefore different <a href="https://infosec.exchange/tags/logfile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logfile</span></a> paths, but that's nothing <a href="https://infosec.exchange/tags/jinja" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jinja</span></a> <a href="https://infosec.exchange/tags/templating" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>templating</span></a> can't fix.</p><p>Now that i've got <a href="https://infosec.exchange/tags/Discord" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Discord</span></a> notifications for banned <a href="https://infosec.exchange/tags/IPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPs</span></a>, it's time to work on actual <a href="https://infosec.exchange/tags/IPblocking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPblocking</span></a>. I also want to use the <a href="https://infosec.exchange/tags/IPComplaint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPComplaint</span></a> and <a href="https://infosec.exchange/tags/AbuseIPDB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbuseIPDB</span></a> actions as i really like the idea of reporting abuse (even though i have no idea how effective that may be). </p><p>I may also want to replace the discord <a href="https://infosec.exchange/tags/webhook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webhook</span></a> with <a href="https://infosec.exchange/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>email</span></a> notifications later as that's mostly the reason i've set up a <a href="https://infosec.exchange/tags/mailserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mailserver</span></a> ( <a href="https://infosec.exchange/tags/stalwart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stalwart</span></a> ) in the first place. </p><p>I mean, most of my services are only accessible from <a href="https://infosec.exchange/tags/tailscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tailscale</span></a> or my <a href="https://infosec.exchange/tags/homenetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homenetwork</span></a>, but since <a href="https://infosec.exchange/tags/Ansible" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ansible</span></a> makes it so much easier to apply higher standards, i just can't resist. My <a href="https://infosec.exchange/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a> is changing every day and i think setting up additional <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>, even though i don't need it yet, is never a bad idea. </p><p><a href="https://infosec.exchange/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://infosec.exchange/tags/badactors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>badactors</span></a> <a href="https://infosec.exchange/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> <a href="https://infosec.exchange/tags/automation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>automation</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosting</span></a> <a href="https://infosec.exchange/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homeserver</span></a></p>
Tealk<p>Ich finde es toll, dass das <a href="https://rollenspiel.social/tags/Fail2Ban" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fail2Ban</span></a> mittlerweile zuverlässig die IP's <a href="https://rollenspiel.social/tags/AbuseIPDB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbuseIPDB</span></a> meldet. Täglich um die 1000 Einträge laut API.</p><p><a href="https://www.abuseipdb.com/user/90603" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">abuseipdb.com/user/90603</span><span class="invisible"></span></a></p><p>Irgendwie wäre es noch toll wenn man das an alle möglichen Dienste z.B. <a href="https://rollenspiel.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastodon</span></a> anbinden könnte, so dass Account's die von gemeldeten IP's erstellt werden, manuell geprüft werden müssen.</p>
Schenkl | 🏳️🌈🦄<p>Mir scheint, als würde gerade ein massiver <a href="https://chaos.social/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a> <a href="https://chaos.social/tags/Brutefotce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brutefotce</span></a> Angriff auf <a href="https://chaos.social/tags/Hetzner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hetzner</span></a> IP Adressen zu laufen...</p><p>Hab gestern mein 3000er <a href="https://chaos.social/tags/Ratelimit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ratelimit</span></a> bei <a href="https://chaos.social/tags/abuseipdb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abuseipdb</span></a> gerissen...</p><p>In den Statistiken der letzten 28 Tage sehe ich einen stetigen Anstieg...</p><p><a href="https://chaos.social/tags/Fail2Ban" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fail2Ban</span></a> hat gut zu tun.</p><p>Hat das sonst noch jemand bemerkt?</p>
Rollenspiel Monster<p>Ich habe <a href="https://rollenspiel.social/tags/Fail2Ban" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fail2Ban</span></a> ja so eingerichtet das es die Blocks an <a href="https://rollenspiel.social/tags/AbuseIPDB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbuseIPDB</span></a> sendet, krass wie viel da einfach nur bei rum kommt.</p>
Schenkl | 🏳️🌈🦄<p>Habe heute einige meiner <a href="https://chaos.social/tags/fail2ban" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fail2ban</span></a> sshd Jails meiner Server mal an die <a href="https://chaos.social/tags/abuseipdb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abuseipdb</span></a> api hingestellt und die IP reporten lassen.</p><p>In jetzt vielleicht 12 Stunden wurden über 1100 IPv4 Adressen reportet.</p><p>Micht direkt als Webmaster freischalten zu lassen war ne gute Idee, sonst hätt ich das API Limit schon gerissen...</p><p>Wird sicher noch mehr, wenn mal alle Server eingerichtet sind...</p>
AngesagtLive-Feeds
Mastodon ist der beste Zugang, um auf dem Laufenden zu bleiben.
Du kannst jedem im Fediverse folgen und alles in chronologischer Reihenfolge sehen. Keine Algorithmen, Werbung oder Clickbaits vorhanden.
Konto erstellenAnmeldenZum Hochladen hereinziehen