[phpBB Debug] PHP Notice: in file [ROOT]/includes/functions_content.php on line 77: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/functions_content.php on line 77: Undefined variable: Array
[phpBB Debug] PHP Notice: in file [ROOT]/includes/functions_content.php on line 77: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/functions_content.php on line 77: Undefined variable: Array
[phpBB Debug] PHP Notice: in file [ROOT]/includes/functions_content.php on line 77: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/functions_content.php on line 77: Undefined variable: Array
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4781: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3907)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4783: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3907)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4784: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3907)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4785: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3907)
forum.blocklist.de • View topic - Listen von blocklist.de per DNS abfragen/einbinden

  • Advertisement

Listen von blocklist.de per DNS abfragen/einbinden

Anleitungen zu Fail2Ban, blocklist.de und x-arf

Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 8. Oct 2010, 18:04

Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Falconbase » 12. Oct 2010, 20:38

Grüße Falconbase

User avatar
Falconbase
 
Posts: 97
Joined: 14. Sep 2010, 11:20
Location: Wallersdorf

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 5. Nov 2010, 02:43

Man kann nun auch die Blacklist nach den Diensten sortiert abfragen:

Apache (rfi, w00tw00t...) => apache.bl.blocklist.de + Liste von
alle IPs => bl.blocklist.de oder
alle IPs => all.bl.blocklist.de (mit unterschiedlichen Return-Codes)
allinone IPs => allinone.bl.blocklist.de (nur 127.0.0.2)
ftp => ftp.bl.blocklist.de
imap (pop3, sasl...) => imap.bl.blocklist.de
mail (5xx-Fehler, Relaying...) => mail.bl.blocklist.de
ssh => ssh.bl.blocklist.de
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 1. Jul 2011, 13:56

Wenn all.bl.blocklist.de oder bl.blocklist.de verwendet wird, werden unterschiedliche IP-Adressen zurückgegeben:
amavis = 127.0.0.2
apacheddos = 127.0.0.3
asterisk = 127.0.0.4
badbot = 127.0.0.5
ftp = 127.0.0.6
imap = 127.0.0.7
ircbot = 127.0.0.8
mail = 127.0.0.9
pop3 = 127.0.0.10
regbot = 127.0.0.11
rfi-attack = 127.0.0.12
sasl = 127.0.0.13
ssh = 127.0.0.14
w00tw00t = 127.0.0.15
portflood = 127.0.0.16
sql-injection = 127.0.0.17
webmin = 127.0.0.18
trigger-spam = 127.0.0.19
manuell = 127.0.0.20
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 5. Jul 2011, 16:53

Wer nur den Return-Code 127.0.0.2 benötigt, verwendet bitte:
allinone.bl.blocklist.de
:-)
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Jens » 23. Jul 2011, 12:36

Jens
 
Posts: 3
Joined: 19. Jul 2011, 22:53

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby cabal » 13. Mar 2012, 13:47

cabal
 
Posts: 17
Joined: 11. Mar 2012, 14:12

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 13. Mar 2012, 18:37

Aktuell haben wir drei Server, auf den die RBL-Listen laufen.
Diese drei stehen bei unterschiedlichen Providern bzw. in unterschiedlichen Netzen, daher ist die Wahrscheinlichkeit, das die Anfrage einmal ins leere laufen doch eher gering.
Eigentlich sollte dann die Rückgabe negativ sein, wenn die Blacklist nicht verfügbar ist und dadurch die Anfragen zulassen, das also bei nem Ausfall die IPs nicht gesperrt werden.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby cabal » 13. Mar 2012, 18:55

bin momentan echt beeindruckt, habe bei einem system jetzt auch mal die bot list also mit mehr als 3000 entrys im apache eingebunden und die load geht deutlich runter ..
okay beim ersten start verzögert es etwas aber wenns dann gecached wurde ist es gut.
cabal
 
Posts: 17
Joined: 11. Mar 2012, 14:12

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 13. Mar 2012, 19:16

Schick mir mal die URl per PM, dann schau ich mal wie lange die Query bei den RBL-Servern braucht, ob ich evtl. noch was optimieren kann.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby loader » 17. Jul 2012, 09:36

loader
 
Posts: 1
Joined: 13. Jul 2012, 06:51

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 17. Jul 2012, 10:14

Hi,

mit dem genannten Befehl, wird nur geprüft, ob die IP 178.63.159.40 gelistet ist.
Um die Listen komplett per Cronjob abzufragen, bzw. wieder in Fail2Ban zu importieren kann folgendes Skript/Anleitung genutzt werden:
viewtopic.php?f=11&t=107


Die Rückgabe IPs sind bei bl.blocklist.de je nach Service unterschiedlich. Wenn die abgefragte IP z.B. zuletzt für den Services SSH gelistet wurde, so ist die Rückgabe-IP 127.0.0.14. Wenn man die all.bl.blocklist.de nutzt, so ist bei einer Listung die Rückgabe-IP immer 127.0.0.2
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 12. Sep 2012, 05:58

User aus den USA können nun auch:
usa.bl.blocklist.de
nutzen. Der Server ist noch in der Text-Phase, aber antwortet auch nach Europa sehr schnell.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Deichgraf » 5. Apr 2013, 11:12

Deichgraf
 
Posts: 1
Joined: 5. Apr 2013, 10:55

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 7. Apr 2013, 15:19

Hi Deichi,

die Datei spamhaus.wl muss man selbst anlegen.
Hier gibt es eine manuelle Anleitung über die sourcen http://www.howtoforge.com/how-to-block- ... ebian-etch
Sollte unter Suse auch funktionieren.
Ansonsten kann ich deine öffentliche/Test-IP einmal temporär in blocklist eintragen (per PM), dann kannst du testen, ob du von deinem Server blockiert wirst :-)
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Akinos.de » 8. Jan 2017, 22:49

Hallo,

ist dieser Eintrag in etc/policyd-weight.conf noch aktuell und ausreichend ?

‚allinone.bl.blocklist.de', 5.5, 0, 'blocklist_DE',

Debian 8 x

:idea:
Akinos.de
 
Posts: 2
Joined: 8. Mar 2011, 02:46

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Martin » 9. Jan 2017, 13:53

Hi Akinos.de,

ja, sollte ausreichend sein.
Allerdings ist die Trefferquote bei "mail" nicht so hoch, da wir alles ausser Spam haben.
Dadurch sind nur harvester-IPs hauptsächlich gelistet, aber keine Spamer.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 397
Joined: 14. Sep 2010, 11:54

Re: Listen von blocklist.de per DNS abfragen/einbinden

Postby Akinos.de » 9. Jan 2017, 14:04

Hi Martin,

mir geht es nur z.B. um 185.140.108.149 oder 221.126.229.173 zu sehen auf http://www.ipvoid.com/ip-blacklist-check/
Da seit ihr ja gut zu sehen :) und das wollte ich mit rein nehmen weil ich die Tage eine IP hatte die bei Spamcop z.B. nicht gelistet war aber bei Euch schon drin war…

Gruß Akinos

Ps. IP hinzugefügt
Akinos.de
 
Posts: 2
Joined: 8. Mar 2011, 02:46


Return to Anleitungen

Who is online

Users browsing this forum: No registered users and 1 guest

  • Advertisement
cron
figurative