Could not update FEODO_RECOMMENDED

Log throws this error message since April 17th, 08:23. Update to core 193 proceeded sucessfully April 9th.

ipblocklist: Could not update FEODO_RECOMMENDED blocklist - Unexpected error!

:thinking: Maybe the following website has the answer

Regards

2 Likes

https://community.ipfire.org/t/error-with-ip-address-blocklists/14026

Regards

1 Like

This other thread is about a different set of IP lists. That thread is about the 3coresec lists that have disappeared completely. Those ones are being removed from IPFire in CU195.

The issue from this thread is the Feodo Tracker list. This is still running but due to the effectiveness of the take-downs for the botnets involved, the number of them occurring is much smaller than it used to be so there can be periods where the list is empty. This list is staying in IPFire.

A bug has been raised

https://bugzilla.ipfire.org/show_bug.cgi?id=13804

to look at how to deal with lists that are still in existence but periodically are empty.

4 Likes

My bad. Sorry… :roll_eyes:

1 Like

No problems. I have done it myself. Easy to do.

Even though the FEODO_RECOMMENDED list is currently empty, it’s worth keeping it enabled in IPFire.

When abuse.ch identifies a new botnet, it adds the botnet’s IP addresses to the list. IPFire checks this list for updates every 5 minutes, ensuring your IPFire system blocks the botnet promptly. This rapid response is highly effective.

Thanks,
A G

1 Like

It will stay available in the lists.

The problem that triggered the bug is that if you try and enable it when the list is empty then it will fail due to the empty condition resulting in the unexpected error message. So you can only enable it if the list has an IP within it at the time you are trying to enable it.

If you have it enabled when there was an IP(s) in the list then when it goes empty and an update is carried out the unexpected error message goes into the log but the old list with IP(s) is left in place, but those IP’s are no longer botnets so then you have false positives.

2 Likes