Can I use Malware Filter Lists in pfBlockerNG that contain only IP address
-
These files contain IP address of sites that spread malware. The format of the files contains IP address and does not have the 127.0.0.1 ip in front of them. Is there a way for pfBlockerNG to use lists with this type of format?
https://gitlab.com/swe_toast/malware-filter/raw/master/malware-filter.list
http://cinsscore.com/list/ci-badguys.txt
http://malc0de.com/bl/IP_Blacklist.txt
http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt
http://www.abuseat.org/iotcc.txt
http://www.malwaredomainlist.com/hostslist/ip.txt
https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
https://lists.blocklist.de/lists/bots.txt
https://lists.blocklist.de/lists/ssh.txt
https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/TC_PS_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
https://zeustracker.abuse.ch/blocklist.php?download=badips -
IPv4/6 lists can be added to the IPv4/6 tabs respectively. Domain based lists can be added to the DNSBL feeds tab. All the lists above are usable in the pkg.
-
IPv4/6 lists can be added to the IPv4/6 tabs respectively. Domain based lists can be added to the DNSBL feeds tab. All the lists above are usable in the pkg.
Thank you @BBcan177. Doing as you suggest is the solution. I ran the update to confirm. Thanks for the help and for developing the great package pfBlockerNG!
-
Instead of that pile of ransomeware lists, have you considered the combined one?
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
https://ransomwaretracker.abuse.ch/blocklist/ has the details
It contains TC_PS_IPBL, LY_C2_IPBL, TL_C2_IPBL, TL_PS_IPBL, CB_PS_IPBL
-
Thanks for the suggestion. I am always looking for better ways! :)
-
I get a error on https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt in IPv4 anyone any suggestions?
[ RW_IPBL ] Downloading update . cURL Error: 35
OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ransomwaretracker.abuse.ch:443 Retry in 5 seconds…
. cURL Error: 35Cheers Qinn
-
I get a error on cURL Error: 35 OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ransomwaretracker.abuse.ch:443 Retry in 5 seconds…
Can you change the format type to AUTO and try again
![2017-06-14 11_46_22.png](/public/imported_attachments/1/2017-06-14 11_46_22.png)
![2017-06-14 11_46_22.png_thumb](/public/imported_attachments/1/2017-06-14 11_46_22.png_thumb) -
Thanks for your reply, but it was on "Auto" when the error was created, so no hopes there I am afraid.
Cheers Qinn
-
That URL seems to be ok?
curl -sI https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
HTTP/1.1 200 OK
Date: Thu, 15 Jun 2017 03:17:16 GMT
Server: Apache/2
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Last-Modified: Thu, 15 Jun 2017 03:15:02 GMT
ETag: "2907a-551f7131791fa"
Accept-Ranges: bytes
Content-Length: 168058
Cache-Control: max-age=300
Expires: Thu, 15 Jun 2017 03:22:16 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: sameorigin
Content-Type: text/plainWhen you use "Auto" it will use TLS to connect to the Feed… Do you have a proxy that might be causing issues?
-
I get a error on https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt in IPv4 anyone any suggestions?
[ RW_IPBL ] Downloading update . cURL Error: 35
OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ransomwaretracker.abuse.ch:443 Retry in 5 seconds…
. cURL Error: 35Cheers Qinn
I got around to updating my list and the URL worked for me. I used Auto, On, https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt and rwipbl for the field values. Did you try going to the url in the browser?
-
Suddenly it works :o even with RW_IPBL?
Thanks for all reply's