odongarma
23 November 2023 14:20
1
I’m getting errors for the TOR_EXIT Block List.
ipblocklist: Could not update TOR_EXIT blocklist - Download error!
The following errors were detected:
The Blocklist URL in sources “https://www.dan.me.uk/torlist/?exit ” is good.
download rate in sources is “1d”, but in log i see this:
|15:07:57|ipblocklist:| Could not update TOR_EXIT blocklist - Download error!|
Does this mean the rate of once per day is not working at all?
BTW i’m on core 174 (still)
Any ideas?
For test purpose i’ve changed the fcrontab from “@ 15” to “@ 20h” for update-ipblocklists
Greetz
You must have some other error causing a corruption or other problem with the data downloaded.
I turned the TOR_EXIT block list on on my system yesterday (running Core Update 181) and checked the logs today.
The TOR_EXIT list has a download rate of 1h (not 1d)
Here are the logs filtered for TOR_EXIT
Nov 23 15:56:06 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 16:11:06 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 16:26:07 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 16:41:07 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 23 16:56:06 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 17:11:06 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 17:26:07 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 17:41:07 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 23 17:56:07 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 18:11:06 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 18:26:07 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 18:41:07 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 23 18:56:06 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 19:11:06 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 19:26:07 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 19:41:06 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 23 19:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 20:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 20:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 20:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 23 20:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 21:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 21:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 21:43:50 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 23 21:58:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 22:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 22:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 22:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 23 22:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 23:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 23:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 23 23:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 23 23:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 00:13:49 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 00:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 00:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 00:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 01:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 01:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 01:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 01:58:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 02:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 02:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 02:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 02:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 03:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 03:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 03:43:50 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 03:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 04:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 04:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 04:43:50 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 04:58:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 05:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 05:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 05:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 05:58:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 06:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 06:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 06:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 06:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 07:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 07:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 07:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 07:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 08:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 08:28:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 08:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 08:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 09:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 09:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 09:43:50 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 09:58:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 10:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 10:28:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 10:43:50 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 10:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 11:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 11:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 11:43:50 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 11:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 12:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 12:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 12:43:51 ipfire ipblocklist: <INFO> Successfully updated TOR_EXIT blocklist.
Nov 24 12:58:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 13:13:50 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
Nov 24 13:28:51 ipfire ipblocklist: <INFO> Skipping TOR_EXIT blocklist - Too frequent update attempts!
It successfully updates every hour and in between it skips doing an update as the check is more frequent than every hour.
I will have a look and see what triggers the Download error! message in the cgi code.
That error message occurs when the download has been attempted 5 times and each time the response code from the download attempt is not “is_success”, ie the download fails.
Do you have a ruleset selected in the IPS that is blocking access to the TOR_EXIT list.
It seems to me that something is blocking you from accessing that TOR_EXIT url which equates to 192.146.137.20
Maybe that IP is being blocked from one of the other block lists.
These are the block lists that I have selected on my system.
In my IPS I have the following rulesets defined.
You will see that there are some duplicates between the two for me. I am still trying to decide which to have in the IPS and which in the IPBlocklist.
odongarma
27 November 2023 06:24
4
IPS is disabled on my system at all.
I just think my IP address is blocked at all at the tor download site due to the 15 minutes tries to download?
As i said, i tuned the fcron entry to be executed every 20h, this is yesterdays result:
Uhrzeit
Abschnitt
23:52:37
ipblocklist:
Could not update TOR_EXIT blocklist - Download error!
23:51:46
ipblocklist:
Skipping SPAMHAUS_EDROP blocklist - It has not been modified!
23:51:46
ipblocklist:
Skipping SPAMHAUS_DROP blocklist - It has not been modified!
23:51:46
ipblocklist:
Skipping SHODAN blocklist - Too frequent update attempts!
23:51:46
ipblocklist:
Skipping FEODO_RECOMMENDED blocklist - Too frequent update attempts!
23:51:46
ipblocklist:
Skipping EMERGING_FWRULE blocklist - It has not been modified!
23:51:46
ipblocklist:
Skipping EMERGING_COMPROMISED blocklist - It has not been modified!
23:51:45
ipblocklist:
Skipping DSHIELD blocklist - Too frequent update attempts!
23:51:45
ipblocklist:
Skipping CIARMY blocklist - Too frequent update attempts!
23:51:45
ipblocklist:
Skipping BOGON_FULL blocklist - Too frequent update attempts!
23:51:45
ipblocklist:
Skipping BLOCKLIST_DE blocklist - Too frequent update attempts!
23:51:45
ipblocklist:
Skipping ALIENVAULT blocklist - It has not been modified!
23:51:45
ipblocklist:
Successfully updated 3CORESEC_All blocklist.
03:52:41
ipblocklist:
Could not update TOR_EXIT blocklist - Download error!
03:51:51
ipblocklist:
Successfully updated SPAMHAUS_EDROP blocklist.
03:51:50
ipblocklist:
Successfully updated SPAMHAUS_DROP blocklist.
03:51:50
ipblocklist:
Successfully updated SHODAN blocklist.
03:51:50
ipblocklist:
Successfully updated FEODO_RECOMMENDED blocklist.
03:51:49
ipblocklist:
Skipping EMERGING_FWRULE blocklist - It has not been modified!
03:51:49
ipblocklist:
Skipping EMERGING_COMPROMISED blocklist - It has not been modified!
03:51:48
ipblocklist:
Successfully updated DSHIELD blocklist.
03:51:48
ipblocklist:
Successfully updated CIARMY blocklist.
03:51:46
ipblocklist:
Successfully updated BOGON_FULL blocklist.
03:51:46
ipblocklist:
Successfully updated BLOCKLIST_DE blocklist.
03:51:45
ipblocklist:
Skipping ALIENVAULT blocklist - It has not been modified!
03:51:44
ipblocklist:
Skipping 3CORESEC_All blocklist - Too frequent update attempts!
Greetz
That can’t be the case for two reasons.
The IPFire IPBlocklist perl code is run every 15 minutes but it knows the last time an update was done for each blocklist and will skip trying to download if the Rate time period has not passed. Hence for the TOR_EXIT the update script is run every 15 minutes but the script will not actually try and do a download until an hour has passed since the last download.
The time period actually used by the TOR list is that you must not try more frequently than every 15 minutes.
You can see that the perl code is skipping for some of the 15 minute checks as your logs show for some of the lists that they are skipping due to being more frequent than the Rate value.
23:51:46 ipblocklist: Skipping SHODAN blocklist - Too frequent update attempts!
Then there are other lists that are being skipped due to the blocklist not having been modified since the last update.
|23:51:46|ipblocklist:|Skipping EMERGING_FWRULE blocklist - It has not been modified!
I tried downloading the TOR_EXIT list via curl from my IPFire command line and when I tried it a second time I got the following message from the TOR_EXIT website
Umm… You can only fetch the data every 30 minutes - sorry. It’s pointless any faster as I only update every 30 minutes anyway.
So according to this message the rate limit is 30 minutes and not the 15 minutes that they mention in the web site. However both of these are lower than the frequency that IPFire will actually use to try to download.
Maybe try running the curl command from your IPFire command line and see what response you get.curl https://www.dan.me.uk/torlist/?exit
If you are blocked from the TOR_EXIT list then it won’t be because of the IPFire code trying to download too frequently, not unless the blocklist perl code has been manually altered on your system.
odongarma
27 November 2023 08:46
6
I tried to curl:
curl: (6) Could not resolve host: www.dan.me.uk
looks like my ISP’s DNS Server can not resolve the host.
I added google public DNS server.
Now i can curl the list.
Greetz
Glad you found the cause of the problem and were able to resolve it.
Don’t forget to put the fcron value back to 15 minutes.
odongarma
27 November 2023 09:42
8
Thank you for your support.
i already switched the crontab back.
What i currently thinking about is: with the ISP DNS enabled only, why can’t ipfire download the list while my client is able to do…
Greetz
