Differences

This shows you the differences between two versions of the page.

--- linux:ubuntu:blocklist [2019/02/12 10:46] – created lunetikk
+++ linux:ubuntu:blocklist [2019/02/12 12:00] (current) – lunetikk
@@ Line 3: / Line 3: @@
 ===== What is Blocklist? =====
-[[https://www.blocklist.de|Blocklist.de]]
+[[https://www.blocklist.de/en/index.html|Blocklist.de]]
+===== Configure your host to send blocked IPs to Blocklist =====
+==== Website ====
+Register on the website and create a new server.
+{{:linux:ubuntu:pasted:20190212-111400.png}}
+==== Server ====
+Edit your jail.local ([[linux:ubuntu:fail2ban|Fail2Ban]]) to send the IPs and logs via mail to Blocklist
+<code bash>
+[ssh]
+enabled  = true
+port     = ssh
+filter   = sshd
+action   = iptables[name=SSH, port=ssh, protocol=tcp]
+           sendmail-whois-lines[name=SSH, dest="[email protected],<[email protected]>", sender=fail2ban@<yourhostname.com>, sendername="Fail2Ban", logpath=/var/log/auth.log]
+logpath  = /var/log/auth.log
+maxretry = 3
+</code>
+==== Troubleshooting ====
+=== There are no logs included in the mail ===
+You might see something like the following in your mails
+<code>Lines containing IP:10.1.1.1 in /dev/null</code>
+Make sure that the correct logpath is included inside the "sendmail-whois-lines[]" brackets.
+=== There are attacks but no reports ===
+You dont see a report if the provider already received an abusemail in the last 24h, you can check all the reports for a specific IP by clicking on the "man-with-hat"-icon
+{{:linux:ubuntu:pasted:20190212-114941.png}}
+You also need to send a specific amount of logfileentries in order to prove the abusive behaviour

Lunetikk's IT Wiki

User Tools

Site Tools

Differences

Page Tools