Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Api for blacklists/spams/crappy ips?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Api for blacklists/spams/crappy ips?

Im building a project (reselling paperless to friends and friends' friends)

I already got everything set up, except few additional things
i have been using nginx setting auth_request /auth; # This will hit the Flask auth route for authentication alongside https://ipinfo.io/ to very some things about the IP, for example, most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

Nginx Proxy Manager isnt that great but does the job for routing.

here is my question, does any ip or tool exist that can well, let me knwo if the ip is crap and i can stright block them? Free tiers only...

Do you have any other ideas to filter requests?

Paperless got great authentication, so i trust it fully, i just like to obfuscate and drop clearly crappy requests when i can

«1

Comments

  • take a look at crowdsec, it does exactly what you want.

    https://crowdsec.net

  • emghemgh Member, Megathread Squad

    most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

    Sounds crazy annoying

    Thanked by 1sillycat
  • tentortentor Member, Host Rep

    @emgh said:

    most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

    Sounds crazy annoying

    I think he meant this is pretty much private service not for wide public

    Thanked by 1emgh
  • emghemgh Member, Megathread Squad

    @tentor said:

    @emgh said:

    most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

    Sounds crazy annoying

    I think he meant this is pretty much private service not for wide public

    Yeah so as soon as anyone’s IPs is not geo’d to germany there’s issues

    Over engineering & annoying

    Thanked by 1sillycat
  • tentortentor Member, Host Rep

    @emgh said: Over engineering & annoying

    Agreed but if he is sure no one of his friends will travel abroad it should be okay

    Thanked by 1emgh
  • @DeadlyChemist said: Do you have any other ideas to filter requests?

    You can use Cloudflare WAF rules to allow access for specific countries.

  • @wadhah said:
    take a look at crowdsec, it does exactly what you want.

    https://crowdsec.net

    $3,900/month :D

  • layer7layer7 Member, Host Rep, LIR
    edited December 2024

    @DeadlyChemist said:
    Im building a project (reselling paperless to friends and friends' friends)

    I already got everything set up, except few additional things
    i have been using nginx setting auth_request /auth; # This will hit the Flask auth route for authentication alongside https://ipinfo.io/ to very some things about the IP, for example, most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

    Nginx Proxy Manager isnt that great but does the job for routing.

    here is my question, does any ip or tool exist that can well, let me knwo if the ip is crap and i can stright block them? Free tiers only...

    Do you have any other ideas to filter requests?

    Paperless got great authentication, so i trust it fully, i just like to obfuscate and drop clearly crappy requests when i can

    Hi,

    if your friendly provider does not do it for you then it sounds like you are searching for projects like:

    https://github.com/friendly-bits/geoip-shell

    Thanked by 1dsbnoob
  • @Levi said:

    @wadhah said:
    take a look at crowdsec, it does exactly what you want.

    https://crowdsec.net

    $3,900/month :D

    :D that's for big companies with all the fancy shmansy ai stuff.

    But the main product is basically a crowd sourced fail2ban alternative, free and open source

    https://github.com/crowdsecurity/crowdsec

  • @tentor said:

    @emgh said:

    most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

    Sounds crazy annoying

    I think he meant this is pretty much private service not for wide public

    Yupp
    Most of my friends and friends friends are from germany, however i can set per instance ip limits...

    Thanked by 1emgh
  • @tentor said:

    @emgh said: Over engineering & annoying

    Agreed but if he is sure no one of his friends will travel abroad it should be okay

    All of ISPs here display correctly
    Telekom, 02, vodafone etc

    As for VPN/VPS? They dont know whats that...

  • @loay said:

    @DeadlyChemist said: Do you have any other ideas to filter requests?

    You can use Cloudflare WAF rules to allow access for specific countries.

    Hm, i guess no benefit for me over my current system with ipinfo?
    I cant use cf access because it blocks the apps...

  • rdns lookup and grep for ISP.

  • @davide said:
    rdns lookup and grep for ISP.

    I can already get IPS from ipinfo, just that, iwould need lists and stuff... not what i wamt

  • tentortentor Member, Host Rep

    @davide said:
    rdns lookup and grep for ISP.

    Not reliable due to numerous issues, including that not all ISPs set them and not all have them Forward-confirmed

  • davidedavide Member
    edited December 2024

    @DeadlyChemist said:

    @davide said:
    rdns lookup and grep for ISP.

    I can already get IPS from ipinfo, just that, iwould need lists and stuff... not what i wamt

    I don't know about germany but this type of whitelist would have like 10 entries for italy.

    Edit: I mean for the landline ISPs. Mobile ISP brands are more international.

  • @DeadlyChemist said:

    @loay said:

    @DeadlyChemist said: Do you have any other ideas to filter requests?

    You can use Cloudflare WAF rules to allow access for specific countries.

    Hm, i guess no benefit for me over my current system with ipinfo?
    I cant use cf access because it blocks the apps...

    You can keep current setup and use Cloudflare. Just enable CF Bot Fight Mode, add rate limiting rules and monitor and protect the APIs with API Shield. They are free.

  • There are DNSBLs you can use, e.g. dronebl.org

  • @emgh said:

    most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

    Sounds crazy annoying

    how to block all non-german-ips. i want to do this too.

  • @wadhah said:
    take a look at crowdsec, it does exactly what you want.

    https://crowdsec.net

    cant find what i need or
    unsure how i would use it, my api gets the IP address and returns 200 or 403...

    @layer7 said:

    @DeadlyChemist said:
    Im building a project (reselling paperless to friends and friends' friends)

    I already got everything set up, except few additional things
    i have been using nginx setting auth_request /auth; # This will hit the Flask auth route for authentication alongside https://ipinfo.io/ to very some things about the IP, for example, most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

    Nginx Proxy Manager isnt that great but does the job for routing.

    here is my question, does any ip or tool exist that can well, let me knwo if the ip is crap and i can stright block them? Free tiers only...

    Do you have any other ideas to filter requests?

    Paperless got great authentication, so i trust it fully, i just like to obfuscate and drop clearly crappy requests when i can

    Hi,

    if your friendly provider does not do it for you then it sounds like you are searching for projects like:

    https://github.com/friendly-bits/geoip-shell

    i need it more customzed, ipinfo lets me know the country...
    this would be pain to set up

    need something more customizable, i dont have people only from germany, just most are from germany...

  • @wadhah said:

    @Levi said:

    @wadhah said:
    take a look at crowdsec, it does exactly what you want.

    https://crowdsec.net

    $3,900/month :D

    :D that's for big companies with all the fancy shmansy ai stuff.

    But the main product is basically a crowd sourced fail2ban alternative, free and open source

    https://github.com/crowdsecurity/crowdsec

    unsure how to use it, i just want to enter IP and get info about it...

  • @hyperblast said:

    @emgh said:

    most of my friends will never ever use my service from outside of germany, so blocking all non-german ip's is my (additional) seciurity.

    Sounds crazy annoying

    how to block all non-german-ips. i want to do this too.

    i used this:
    does the job for me...

        ip_info = get_ip_info(ip)
        print(f"IP Info: {ip_info}")
        country = ip_info.get("country")
    
        # Only allow access for users from Germany (DE)
        if country and country.lower() != "de":
            return jsonify({"error": "Access denied"}), 403  # Return a JSON response with status code 403
    

    again, im not relying 100% on country, this is just to get rid of most requests...

    Thanked by 1hyperblast
  • @cmeerw said:
    There are DNSBLs you can use, e.g. dronebl.org

    found out how to do it (i think, havent tried) but yeah, is there something bigger maybe?
    would like more info... i should google more i think

  • I'm not sure for free but fail2ban works great! After a while of running it, check your logs for patterns that the bots/skids/etc. try and add the filter to include it. Like with ssh, you will find entries for didn't receive authentication, not being able to negotiate, and so on that's good to include as filters. Similar for httpd requests, you'll find a lot of standard WP urls... I also configured it to increase the ban time with every match.

    You can also just parse the IPs and force a perma-ban on them or that range if you really want to do it. Like, you lookup the ip and see it's assigned to china/russia/some other country. No one from there should be hitting it so ban that IP or that range) and that IP range is assigned to those countries.

  • @PuDLeZ said:
    I'm not sure for free but fail2ban works great! After a while of running it, check your logs for patterns that the bots/skids/etc. try and add the filter to include it. Like with ssh, you will find entries for didn't receive authentication, not being able to negotiate, and so on that's good to include as filters. Similar for httpd requests, you'll find a lot of standard WP urls... I also configured it to increase the ban time with every match.

    You can also just parse the IPs and force a perma-ban on them or that range if you really want to do it. Like, you lookup the ip and see it's assigned to china/russia/some other country. No one from there should be hitting it so ban that IP or that range) and that IP range is assigned to those countries.

    id rather have something where i enter an IP and i get info back :/

  • @DeadlyChemist said:

    @PuDLeZ said:
    I'm not sure for free but fail2ban works great! After a while of running it, check your logs for patterns that the bots/skids/etc. try and add the filter to include it. Like with ssh, you will find entries for didn't receive authentication, not being able to negotiate, and so on that's good to include as filters. Similar for httpd requests, you'll find a lot of standard WP urls... I also configured it to increase the ban time with every match.

    You can also just parse the IPs and force a perma-ban on them or that range if you really want to do it. Like, you lookup the ip and see it's assigned to china/russia/some other country. No one from there should be hitting it so ban that IP or that range) and that IP range is assigned to those countries.

    id rather have something where i enter an IP and i get info back :/

    Would something like 'whois 1.1.1.1' work for you? I remember when I looked into blacklists, they were either increadibly small or very limited api usage for free. That's when I decided I will just go the filter/match bad behavior and increase the ban time for that IP. At least when it's something I want available for the public. If it's something that I don't need for the public, I will use dns lookups and a whitelist to allow certain IPs.

    Hopefully someone else knows of an open source/crowd sourced option to accomplish what you want!

  • @DeadlyChemist said:

    @cmeerw said:
    There are DNSBLs you can use, e.g. dronebl.org

    found out how to do it (i think, havent tried) but yeah, is there something bigger maybe?
    would like more info... i should google more i think

    I'd start at https://multirbl.valli.org/lookup/ and feed it a few known nasty IP addresses to see where they are listed, and then read up on those DNSBLs.

  • You can evaluate the Security Plan of IP2Location.io. You need to sign up for the Free Plan first and upgrade to Security Plan for free trial.

    It detects IP address for Spam, Botnet and Scanner in past activities. You can use the fraud score to apply a risk threshold.

  • edited December 2024

    Cloudflare WAF in like 3 clicks:

    If country does not equal germany, then block. A free account comes with 5 free custom firewall rules.

    Thanked by 1khalequzzaman
  • @mikec said:
    You can evaluate the Security Plan of IP2Location.io. You need to sign up for the Free Plan first and upgrade to Security Plan for free trial.

    It detects IP address for Spam, Botnet and Scanner in past activities. You can use the fraud score to apply a risk threshold.

    free trial is uselss because after a time i need to pay

    @CyberneticTitan said:
    Cloudflare WAF in like 3 clicks:

    If country does not equal germany, then block. A free account comes with 5 free custom firewall rules.

    i can already do that, but how do i remove crappy ip's aside that...

    also will set up to block china and russia, that should remove few countries as well...
    guess gotta extend my script a little

Sign In or Register to comment.