User Tools

Site Tools


linux:ubuntu:blocklist

Blocklist

What is Blocklist?

Configure your host to send blocked IPs to Blocklist

Website

Register on the website and create a new server.

Server

Edit your jail.local (Fail2Ban) to send the IPs and logs via mail to Blocklist

[ssh]
 
enabled  = true
port     = ssh
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois-lines[name=SSH, dest="fail2ban@blocklist.de,<info@yourhostname.com>", sender=fail2ban@<yourhostname.com>, sendername="Fail2Ban", logpath=/var/log/auth.log]
logpath  = /var/log/auth.log
maxretry = 3

Troubleshooting

There are no logs included in the mail

You might see something like the following in your mails

Lines containing IP:10.1.1.1 in /dev/null

Make sure that the correct logpath is included inside the “sendmail-whois-lines[]” brackets.

There are attacks but no reports

You dont see a report if the provider already received an abusemail in the last 24h, you can check all the reports for a specific IP by clicking on the “man-with-hat”-icon

You also need to send a specific amount of logfileentries in order to prove the abusive behaviour

linux/ubuntu/blocklist.txt · Last modified: 2019/02/12 12:00 by lunetikk