Pazartesi, Kasım 4, 2024

ConfigServer Firewall İçin Blocklist Yapılandırma

firewall temsili görsel, iptables firewall, ufw firewall

Ön tanımlı olarak ConfigServer üzerine engelleme listesi ekleyebilirsiniz, kötü amaçlar için kullanılan IP adreslerini sisteminizden bu şekilde uzaklaştırabilirsiniz.

Detaylı listeyi aşağıya bırakıyorum, bu listeyi ConfigServer üzerinde IPSET modülü ile kullanınız. Aksi durumda tablolarda fazlaca IP adresi göreceğiniz için kafanız bir ufak karışabilir. Bunun dışında firewall performansı olumsuz yönde birazda olsa etkilenebilir.

Aşağıdaki blocklist kullanabilmek için csf.conf içerisinde aşağıdaki değişikliği yapmanızdır. Bundan sonrasında listeleri direk kullanabilirsiniz.

  1. LF_IPSET=1
  2. LF_IPSET_HASHSIZE=4096
  3. LF_IPSET_MAXELEM=16777216

Api key gerektiren yerler olduğunu unutmayınız, ücretsiz olarak api key alarak bu listelere erişebilirsiniz.

# Spamhaus Don't Route Or Peer List (DROP)
# Details: http://www.spamhaus.org/drop/
SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.txt

# Spamhaus Extended DROP List (EDROP)
# Details: http://www.spamhaus.org/drop/
SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.txt

# DShield.org Recommended Block List
# Details: https://dshield.org
DSHIELD|86400|0|https://www.dshield.org/block.txt

# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
TOR|86400|0|https://www.dan.me.uk/torlist/

# BOGON list
# Details: http://www.team-cymru.org/Services/Bogons/
BOGON|86400|0|https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt

# Project Honey Pot Directory of Dictionary Attacker IPs
# Details: http://www.projecthoneypot.org
HONEYPOT|86400|0|https://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1

# C.I. Army Malicious IP List
# Details: http://www.ciarmy.com
CIARMY|86400|0|http://www.ciarmy.com/list/ci-badguys.txt

# BruteForceBlocker IP List
# Details: http://danger.rulez.sk/index.php/bruteforceblocker/
BFB|86400|0|http://danger.rulez.sk/projects/bruteforceblocker/blist.php

# MaxMind GeoIP Anonymous Proxies
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://www.maxmind.com/en/anonymous_proxies
MAXMIND|86400|0|https://www.maxmind.com/en/anonymous_proxies

# Stop Forum Spam
STOPFORUMSPAM|86400|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_365d.ipset

# GreenSnow Hack List
GREENSNOW|86400|0|https://blocklist.greensnow.co/greensnow.txt

# AbuseIPDB blacklist
ABUSEIPDB|86400|10000|https://api.abuseipdb.com/api/v2/blacklist?key=API_KEY_HERE&plaintext

# RJM Blocklist Consolidated Bad IP List (Free)
RJMBBADIPS|86400|0|https://www.rjmblocklist.com/free/badips.txt

# Blocklistde
BDE|3600|0|https://api.blocklist.de/getlast.php?time=3600
BDEALL|86400|0|http://lists.blocklist.de/lists/all.txt
BDESSH|86400|0|https://lists.blocklist.de/lists/ssh.txt
BDEMAIL|86400|0|https://lists.blocklist.de/lists/mail.txt
BDEAPACHE|86400|0|https://lists.blocklist.de/lists/apache.txt
BDEIMAP|86400|0|https://lists.blocklist.de/lists/imap.txt
BDEFTP|86400|0|https://lists.blocklist.de/lists/ftp.txt
BDESIP|86400|0|https://lists.blocklist.de/lists/sip.txt
BDEBOTS|86400|0|https://lists.blocklist.de/lists/bots.txt
BDESTRONGIPS|86400|0|https://lists.blocklist.de/lists/strongips.txt
BDEBRUTEFORCE|86400|0|https://lists.blocklist.de/lists/bruteforcelogin.txt

# Alienvault Reputation Malicious IP Block
ALIENVAULT_REPUTATION|86400|0|https://reputation.alienvault.com/reputation.generic

# darklist.de - blacklisted raw IPs
DARKLIST_DE|86400|0|http://www.darklist.de/raw.php

# Emerging Threats fwip rules.
ET_BLOCK|86400|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_block.netset
ET_COMPROMISED|86400|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_compromised.ipset

# abuse.ch Feodo Tracker Botnet C2 IP Blocklist (recommended)
FEODO|86400|0|https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt

# LIVE BLACKLIST IPv4/IPv6 ADDRESSES DATABASE
MYIP|86400|0|https://myip.ms/files/blacklist/csf/latest_blacklist.txt

# HTTP spam sources identified by http://sblam.com.
SBLAM|86400|0|https://sblam.com/blacklist.txt

# A distributed VoIP blacklist that is aimed to protects against VoIP Fraud 
VOIPBL|86400|0|http://www.voipbl.org/update/

# Amazon EC2 Based Scanners
AMZEC2|86400|0|https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/amazon_ec2_us

# BinaryEdge
BNRED|86400|0|https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/binary_edge

# Stretchoid
STRETCHOID|86400|0|https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/stretchoid

# Shodan
SHODAN|86400|0|https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/shodan

# Other EduBased
EDU_OTHER|86400|0|https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/other

# Proxies
FH_PROXIES|86400|0|https://iplists.firehol.org/files/firehol_proxies.netset

# Pedeophiles
PEDO|86400|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_pedophiles.netset