fail2ban-useful-scripts icon indicating copy to clipboard operation
fail2ban-useful-scripts copied to clipboard

Published 20 hours ago verified publisher icon mitchellkrogza

Use HTTPS to get download from badips.com

Open oej opened this issue 3 years ago • 10 comments

https://www.badips.com/blog/ssl-enabled-on-badips-com

Badips.com now has https enabled so your script can verify download properly.

oej avatar Oct 06 '20 14:10 oej

Is this site even working now?

tradenet avatar Nov 01 '20 15:11 tradenet

Seems to have died since I checked.

oej avatar Nov 02 '20 06:11 oej

Seems to have died since I checked.

I've been using https://www.abuseipdb.com/ of late.

AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.

tradenet avatar Nov 02 '20 15:11 tradenet

Seems to have died since I checked.

I've been using https://www.abuseipdb.com/ of late.

**AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time**AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.

How do you get AbuseIPDB to work with this script?

SomePersonSomeWhereInTheWorld avatar Nov 10 '20 14:11 SomePersonSomeWhereInTheWorld

I've been using this script instead. https://github.com/AmplitudeDesignInc/abuseipdb-php-nginx-blacklist-create Works well.

GitHub
Uses PHP to generate an AbuseIpDB blacklist file for use in your Nginx configuration. - AmplitudeDesignInc/abuseipdb-php-nginx-blacklist-create

tradenet avatar Nov 10 '20 16:11 tradenet

I have a suggestion to update the script to use https://www.abuseipdb.com/. Just replace everything up to the 2nd wget with the following. You can view any errors in /tmp/badips.txt

# Assign values to the variables
key="ABC123_REPLACE_WITH_YOUR_KEY"
_input="/tmp/badips.txt"

# Send the output of the curl command to the $_input file.
curl -G https://api.abuseipdb.com/api/v2/blacklist \
-d confidenceMinimum=90 \
-d plaintext \
-H "Key: ${key}" \
-H "Accept: application/json" > ${_input}

# Check to see if the curl command failed.
if [[ ${?} -ne 0 ]]
then
  echo "Unable to download ip list."
  exit 1
fi

# If the $_input file contains the text "error", then we do NOT have a list of ip addresses.
grep -i error ${_input} >/dev/null

if [[ ${?} -eq 0 ]]
then
  echo "Error downloading ip list."
  exit 1
fi
AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.

SomePersonSomeWhereInTheWorld avatar Nov 10 '20 18:11 SomePersonSomeWhereInTheWorld

I have a suggestion to update the script to use https://www.abuseipdb.com/. Just replace everything up to the 2nd wget with the following. You can view any errors in /tmp/badips.txt

# Assign values to the variables
key="ABC123_REPLACE_WITH_YOUR_KEY"
_input="/tmp/badips.txt"

# Send the output of the curl command to the $_input file.
curl -G https://api.abuseipdb.com/api/v2/blacklist \
-d confidenceMinimum=90 \
-d plaintext \
-H "Key: ${key}" \
-H "Accept: application/json" > ${_input}

# Check to see if the curl command failed.
if [[ ${?} -ne 0 ]]
then
  echo "Unable to download ip list."
  exit 1
fi

# If the $_input file contains the text "error", then we do NOT have a list of ip addresses.
grep -i error ${_input} >/dev/null

if [[ ${?} -eq 0 ]]
then
  echo "Error downloading ip list."
  exit 1
fi

**AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time**AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.

Perfect. Thanks for the suggestion. Just a note, I think abuseipdb.com allows to download a list 5 times day only with a free account.

AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.

tradenet avatar Nov 10 '20 18:11 tradenet

I think abuseipdb.com allows to download a list 5 times day only with a free account.

Correct, otherwise you will get:

{"errors":[{"detail":"Daily rate limit of 5 requests exceeded for this endpoint. See headers for additional details.","status":429}]}

SomePersonSomeWhereInTheWorld avatar Nov 10 '20 18:11 SomePersonSomeWhereInTheWorld

It’s working with the above changes but something is breaking after a subsequent run. I get this error:

expr: syntax error: missing argument after ‘-’
tail: invalid number of lines: ‘/etc/hosts.deny’

And what I see is the last line of /etc/hosts.deny ends with:

ALL: 51.75.142.24# ##### END badips.com Block List #####

That comment from the first hashtag should be on a line by itself. When the comment is appended to the end of the last IP address that’s when the above error happens. So something in the update script is causing this after it runs correctly.

SomePersonSomeWhereInTheWorld avatar Nov 23 '20 15:11 SomePersonSomeWhereInTheWorld

expr: syntax error: missing argument after ‘-’ tail: invalid number of lines: ‘/etc/hosts.deny’

I haven't tried it yet. But if I recall make sure you add a newline after the last non-empty line.

tradenet avatar Nov 23 '20 15:11 tradenet