Add additional sources to IPFire blocklist feature

g70p · 8 March 2024 11:39

@peppetech sorry for the late reply. I was configuring SSL certificates for nginx and accordigly to the ipfire help manual for the add-on. The help manual suggest to ask Let’s encrypt certificate on Example 3:

Example 3: Managing ssl-certificates for all your sites by acme.sh and Let’s Encrypt.
Your nginx is working as a reverse proxy for a couple of websites with different domains behind. User who surf to your sites by ssl see the nginx delivered ssl-certificate . In most cases this is self-signed and would be marked by browsers as unsecured. You need for every of your hosted domains a secure ssl-certificate and nginx should deliver it. The solution is a little script acme.sh and Let’s Encrypt as CertAuthority!
www.ipfire.org - Nginx

at the time I couldn’t

curl https://get.acme.sh | sh

because doh was blocking. it, I didn’t try again once I ended up doing a selfsigned cert for personal use.

peppetech · 7 May 2024 20:56

If you have been using the list below and getting errors because it isempty, Mitchel stopped maintaining it recently,.

crazyfire · 8 June 2024 11:48

Yes I wonder why he did it… no post or explanation what so ever in his site…

I was using it and then I notice it stopped working. I checked his website it it’s just empty. The other ones are still there but written in json form that IPFire doesn’t support (unless I’m wrong).

peppetech · 17 June 2024 23:10

If I remember correctly he was saying something about being swamped at work and the other maintainer was supposed to take on the maintenance but looks like they both just abandoned the project.

peppetech · 17 June 2024 23:32

What’s bad is that another Gitlab lists rely on Mitchell’s blocklist and now are returning error.

When I started using the list above it was apparently using 3 different sources

A blocklist of phishing websites, curated from PhishTank, OpenPhish, phishunt.io. Blocklist is updated twice a day.

Now it is heavily relying on Mitchel’s list and is blank

# Title: Phishing IPs Blocklist
# Updated: 2024-06-17T12:02:05Z
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/malware-filter/phishing-filter
# License: https://gitlab.com/malware-filter/phishing-filter#license
# Sources: openphish.com, github.com/mitchellkrogza/Phishing.Database

bonnietwin · 18 June 2024 08:06

That malware-filter.gitlab.io site has several lists and quite a few are not getting updated very frequently.

There is one that says it is updated daily but the last update was a week ago and another of the lists has had its updating paused since May 2023.

pablo78 · 21 June 2024 15:02

I only noticed today that my own customizations in the /var/ipfire/ipblocklist/sources file have disappeared.
I thought that this would not be touched during the update.
Are there plans to add the list via the web interface at some point?

Greetings Paul

bonnietwin · 21 June 2024 15:28

Any time an update is made to the sources file then any customisations you have made will disappear and the sources file was modified for Core Update 186.

For information there is also planned for an update to the sources file for Core Update 187.

This can be done if someone is willing to do the coding and submit a patch or patches for the change to the development mailing list.
https://www.ipfire.org/docs/devel/submit-patches