Control Web Panel
Security => CSF Firewall => Topic started by: cloud on May 27, 2024, 08:40:59 PM
-
Hi, in my lfd log iam getting an error log line "Unable to retrieve blocklist MAXMIND - Unable to download: Not Found" because of above iam my server is getting lot of PORT scan from compute.amazonaws.com US location. can some one help me to resolve this issue.
Another thing is my server is getting lot of PORT SCAN from compute.amazonaws.com US Location but my firewall is blocking it but I have already added country code US but it was not working now. So please some one please help me
-
Did you see that MaxMind recently updated the format of their license keys?
https://support.maxmind.com/hc/en-us/articles/4407116112539-Using-License-Keys
(https://support.maxmind.com/hc/en-us/articles/4407116112539-Using-License-Keys)Are you within your usage per their TOS?
Amazon datacenters may not be strictly geolocated in the US, at least from the perspective of the CSF/LFD country code blocking -- due to high availability web cache or load balancers...
-
I heard about their changes, but i don't know what we need to set in csf or CWP, As I can see my server is unreachable some time if I restart the server it will work again. So please let me what i need to do bcz of above iam looking to switch all my websites to some where, as there was no much security in this CWP panel.
Did you see that MaxMind recently updated the format of their license keys?
https://support.maxmind.com/hc/en-us/articles/4407116112539-Using-License-Keys
(https://support.maxmind.com/hc/en-us/articles/4407116112539-Using-License-Keys)Are you within your usage per their TOS?
Amazon datacenters may not be strictly geolocated in the US, at least from the perspective of the CSF/LFD country code blocking -- due to high availability web cache or load balancers...
-
Here's a MaxMind/CSF primer:
https://bobcares.com/blog/use-maxminds-geoip-lite-to-block-a-whole-country-via-csf/ (https://bobcares.com/blog/use-maxminds-geoip-lite-to-block-a-whole-country-via-csf/)
-
Hi there,
I have the same issue on the CSF.log
I'm using a brand new MaxMind account with a licence key configured in CSF.
Is that somehow related to the default blocklists that exist under the file CSF.blocklists ?
Do we need to update the MaxMind Blocklist URLs there?
MaxMind suggests going through this process:
https://dev.maxmind.com/geoip/updating-databases/
Is that necessary if using CSF?
All feedback is welcome.
-
It looks like Maxmind made their blocklist paid now.
When you goto the URL in the list nothing comes up.
But there are plenty of other good blocklists in the config file, as well as you can add others like AbuseIPDB, etc.
-
Thank you very much.
Yes I noticed that the links are empty.
So even the license key makes no difference now?
Should I just comment out the MaxMind Blocklist and remove the key from CSF?
Could you share some links to the other Blocklists you mentioned?
-
CSF will still query Maxmind for GeoLocation.
AbuseIPDB is:
https://www.abuseipdb.com/csf (https://www.abuseipdb.com/csf)
-
AbuseIPDB is:
https://www.abuseipdb.com/csf (https://www.abuseipdb.com/csf)
Thanks!
I added the GitHub lists, didn't know there is a direct API.
Will check this out too.