ConfigServer Community Forum

Hello,

I have had some issues with a security research company binaryedge.io. From time to time they scan some of the web site on our servers without throttling activity or connections and my server loads spike, sometime well over 36 load for a an 8 core server.

I spoke to Linode abuse, since mane of the IP's were theirs. Linode say they are a 'Security Research' Company, so they are not abusing anything. I do not understand this since they are creating high loads on public servers intentionally with their activity. Linode is not help here.

I spoke to binaryedge about the issue and they gave me two option, one give them all of the IP addresses to all of my servers and customer web sites or use their API https://api.binaryedge.io/v1/minions to block their IP addresses.

Giving them all of my IP addresses is not a good option since I have to submit NEW IP's to them when added to servers or ploy additional servers.

How can I create a dynamic lock list based on the this IP https://api.binaryedge.io/v1/minions list?

Are there any overrides short of using the deny rules? I'd like this work like the SPAMDROP list checked daily for new/changed IP's

Thanks,
Mike

Anyone?

Anyone?

I'll do the coding. I just need to be pointed in the right direction.

It would have been great of anyone would given a hint, maybe a moderator or someone.

It turns out you can make a block list by creating txt file with a simple list of IP's or slash ranges one per line.

The harder part is only writing the script to fetch the IP's from the source to compile them.

then drop in your own listing in /etc/csf/csf.blocklists like this at the end:

# Custom block List
# Details: block list created by me
MYBLOCKLIST|86400|0|https://blocklist.example.co/mylist.txt

Save and restart LFD.

I have been forced to become a fisherman instead of being fee for the day. Thank you.

Hope this helps others.