Hi,
I activated the SHODAN-Blocklist - and now I see in the logs “Skipping SHODAN blocklist - Too frequent update attempts!”.
Where can I change the intervall in the GUI?
Ralph
As far as I am aware the same approach was put in for the IP Blocklists as is running for the suricata rulesets which is to check if there is an update and only download if there is a newer version. There is no place to change the frequency as it is not a fixed frequency update attempt, or shouldn’t be.
Just checked in the IP Blocklists wiki page and the above is the case.
As you are getting the Too frequent update attempts message I would think that looks like a bug and you should raise a bug report on it.
https://wiki.ipfire.org/devel/bugzilla
Your IPFire People email address and password credentials will let you login to the IPFire bugzilla.
2 Likes
I saw the same thing.
Each Blocklist (like SHODAN-Blocklist) has a config for how often to update: rate.
It looks like the code is posting an INFO type message and not an error. This seems like a message that could be deleted (or only used in very verbose mode).
Adding something in bugzilla would help!
1 Like
I have had a look at the update-ipblocklists script code and this is occurring because the check is carried out fairly frequently for if an update has been carried out. Each blocklist has a defined Rate entry. For most this varies between 5 mins and 4 hours but for BOGON and SHODAN it is 1 day and the standard frequency check is more frequently than once a day and so when each check is made then the code will flag up that the current check is occurring quicker than 1 day after the last check and so the log captures that it has been done more frequently that those blocklist sites allow.
This therefore not an error message but a message saying that this particular check is too frequent for that specific blocklist rate setting and so it will be dropped from that particular update check event. Once a check occurs that is more than 1 day after the last check for BOGON and SHODAN then they will be checked again.
This occurs because of the huge variation in allowed check frequencies between the different blocklists ranging from 5 minutes to 1 day and the check code has to deal with this whole range.
Therefore I conclude that this is not a bug but what is expected from the code as it is currently structured.
As long as SHODAN and BOGON have their update status checked once a day then everythin is working as it should be.
1 Like
Thank you for the explanation - It was all clear to me - in the fcrontab there is only one entry for all block lists - and that’s exactly what I wanted to mention. It think it might be more correct to be able to maintain the intervals in the GUI so that you can adapt it to the respective blocklist. Additionaly you would reduce the “false” log-entrys for something you should define as fine as you need for your one.