Some download FAIL alerts

Cabledude

I'm a new pfBlocker user. It had been running for a month or so with no issues, but for the last couple of days I get download fail notifications in the widget.

As I don't see any posts here, I assume it's not a widely spread issue so maybe it can be solved for my install.

Any clues where to start?

Thanks,
Pete

DaddyGo

@cabledude said in Some download FAIL alerts:

Any clues where to start?

Hi,

This can occur with more than one list, list dependent, not PfBlocker_NG... issue
Yes, you have to do this (and monitor the outputs, f.e.: 200OK, etc.)

RELOAD / ALL + RUN

Cabledude

@daddygo Okay, thank you I didn't know this was the appropriate action. I ran the reload all job. Most lists went okay.
MDS, MDS-immortal, Talos.

This is what didn't:

DNSBL: BBC_DC2 -- 403 Forbidden.. Download FAIL

and:

IPv4: BBC_C2_v4 -- 403 Forbidden... Download FAIL
The Following List has been REMOVED -- BBC_C2_v4

So these lists are not able to update.

Pete

DaddyGo

@cabledude said in Some download FAIL alerts:

DNSBL: BBC_DC2 -- 403 Forbidden.. Download FAIL
and:
IPv4: BBC_C2_v4 -- 403 Forbidden... Download FAIL
The Following List has been REMOVED -- BBC_C2_v4

These are Bambenek Consulting lists

Yes this is normal (403), a few months ago John B., - put these lists under control, still free, but you need to register.

Here is the help, if you want to use these lists (read my post or use DGA feed req, form):
https://forum.netgate.com/topic/157404/bbc_c2-added-www-netgate-com-docs-netgate-com

https://docs.google.com/forms/d/1rcLFEfSmo09lPQM8YT4VU3ixTwZ-1lK_0G5R3wk5oJY/viewform?edit_requested=true

BBcan177

@daddygo @Cabledude

https://www.reddit.com/r/pfBlockerNG/comments/i139ob/fyi_bambenek_feeds_gone_commercial/

DaddyGo

@bbcan177

Hi,

Maybe, but there is a possibility for free use, please read John's letter.
To this day, we use the lists.....

I created your free account for my data feeds.

username: daxyzy@xyz.com

pass: PR3-----------------------------------XVb3Ne

Uses http basic auth.

DGA feeds are:

Full list of DGA domains

• https://faf.bambenekconsulting.com/feeds/dga-feed-high.gz (dga-feed.gz includes low and medium confidence data also)

Resolution data for DGA domains that are resolving and not whitelisted (note dga subdirectory):

• https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist-high.txt

(c2-masterlist.txt for low and medium confidence data also).

• https://faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist-high.txt (for the IP list).

If you are using pfSense or another script to download this, you need to include the username and
password in the URL. The @ in the email for your username needs to be replaced by %40. For instance.
if your email is myemail@gmail.com the URL you would use for the IP lists is:

https://myemail%40gmail.com:YOURPASSWORD@faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist.txt

Let me know if I can help in any way,
John Bambenek
President, Bambenek Consulting, LTD.

BBcan177

@daddygo
Yes that is what I said in that reddit post. Send them an email and register for a free account, then edit the API_KEY in the URL to add the USER:PASS

DaddyGo

@bbcan177 said in Some download FAIL alerts:

Yes that is what I said in that reddit post.

Yup, I understood. I said that too above. (free for private use)
Yes, it works with a minor bug, the download sometimes doesn't start, but if I know well they are working on it.