nrich
blocklist-ipsets
nrich | blocklist-ipsets | |
---|---|---|
6 | 39 | |
- | 2,961 | |
- | 1.7% | |
- | 2.7 | |
- | 5 days ago | |
Shell | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nrich
-
Ask HN: Someone is proxy-mirroring my website, can I do anything?
1. Grab the list of IPs that you've already identified and feed them through shodan.io or nrich (https://gitlab.com/shodan-public/nrich): "nrich bad-ips.txt"
2. See if all of the offending IPs share a common open port/ service/ provider/ hostname/ etc. Your regular visitors probably connect from IPs that don't have any open ports exposed to the Internet (or just 7547).
3. If the IPs share a fingerprint then you could lazily enrich client IPs using https://internetdb.shodan.io and block them in near real-time. You could also do the IP enrichment before returning content but then you're adding some latency (<40ms) to every page load which isn't ideal.
-
nrich - Find Open ports, vulnerabilities quickly
Installation https://gitlab.com/shodan-public/nrich/-/releases
- nrich: a new tool to quickly find open ports and vulnerabilities via Shodan
- nrich - CLI to show open ports from a list of IPs (via Shodan)
- nrich - A tool written in Rust to quickly enrich a list of IPs with open ports and vulnerabilities
blocklist-ipsets
- [Opnsensefirewall] Bloquer des IP malveillants avec un pare-feu OPNSENSE
-
Firewall Rules for a recently probed newbie?
Look into FireHol and its use of IPsets: https://firehol.org/guides/ipset/ | http://iplists.firehol.org/ - you can easily do what you’re wanting with these two.
- IPlist of bots/malicious actors
- Ask HN: What are these strange random strings spamming my blog?
-
A good malware/threat filtering choice on OPNSense
Yes, unfortunately i think this also happened other times with Firehol L3 (you can see https://github.com/firehol/blocklist-ipsets/issues/188) but thanks for the lists advice.
-
Creating a cyber threat intelligence tool
It sounds like you want to jump into game development before learning how to write "Hello, world!". Try using any of the open source tools that already do this and sign up for some "free" threat intel tools and learn the lay of the land. https://www.misp-project.org/ https://github.com/OpenCTI-Platform/opencti https://iplists.firehol.org/ https://www.greynoise.io/
-
Did anyone notice an abnormal increase in banned clients? These are my daily fail2ban ban count
I believe you are running SSH over default port 22 - feel free to change that. You can also use iplists from FireHOL to block any connection from blacklisted (on way or another) IPs - https://iplists.firehol.org/
- External Dynamic lists
-
blocklist-ipsets VS Lists - a user suggested alternative
2 projects | 19 Jan 2023
-
Show HN: A Golang package and tool to detect Tor exit IP addresses
Tor exits are tracked here [1] and in a few other block-list repos. The data is built from Tor's exit node list [2]
[1] - https://github.com/firehol/blocklist-ipsets
[2] - https://check.torproject.org/exit-addresses
What are some alternatives?
firehol - A firewall for humans...
nginx-ultimate-bad-bot-blocker - Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
v4
javascript-obfuscator - A powerful obfuscator for JavaScript and Node.js
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
my-pihole-blocklists - Create custom pi-hole blocklists
ipsum - Daily feed of bad IPs (with blacklist hit scores)
block - Let's make an annoyance free, better open internet, altogether!
geoip-blocking-w-firewalld - Block unwanted countries IPv4 & IPv6 ranges with firewalld using ipdeny.com
opencti - Open Cyber Threat Intelligence Platform
StrictBlockPAllebone - Manually curated IP Blocklist. Recommended only to update your firewalls weekly with this list. Please read how to use before implementing.