Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Dec 17 2021 07:41
    @buixor banned @cronlabspl
blotus
@blotus
you can send me the IP in private if you want, I can check the status if you want to be sure :)
XlllllllX
@XlllllllX
thanks for this, because it was for testing, but in "real"…
Lamera
@Lamera
I discovered a strange behavior in our custom-bouncer logfile. every 10s it tries to add the same ips over and over again.
we write the remediation ips to a text file. the ips are already blocked through this file. but the custom bouncer triggers an add over and over again for these ips.
Martin Schaible
@martin.schaible_gitlab

Today all my servers are displaying no agents, no scenarios and no bouncers in the Console. It looks liek, that i'm not alone with this.

Any idea to fix this?

Thibault "bui" Koechlin
@buixor
Hello @martin.schaible_gitlab ! Thanks, we are looking into it !
Martin Schaible
@martin.schaible_gitlab
Would you liek to have a screenshot?
Thibault "bui" Koechlin
@buixor
@martin.schaible_gitlab if you can share me privately the email used and the machines ID impacted, it would be nice :)
Martin Schaible
@martin.schaible_gitlab
@buixor Hold on for a min :-)
Thibault "bui" Koechlin
@buixor
I PM'ed you ;)
Klaus Agnoletti
@klausagnoletti_twitter
The link I pasted earlier for our new Discord has expired. If you want to join, please use this instead: https://discord.gg/wGN7ShmEE8
CrowdSec
@Crowd_Security_twitter
You asked this in Discord also, right?
1 reply
Just to make sure we don’t answer your question both places.
plikmuny
@plikmuny
hi
i need help in installing cs-firewall-bouncer on Openwrt Rpi4
Arthur
@arthurlutz:matrix.org
[m]
Congrats for the kubernetes demo ! (bravo pour la démo kubernetes )
he2ss
@he2ss
Thanks !
CactiChameleon9
@cacti_chameleon10:kde.org
[m]
Can I selfhost the Console?
CactiChameleon9
@cacti_chameleon10:kde.org
[m]
Any chance that the discord can be bridged to matrix? I doubt I am the only person who isn't happy to use a propitiatory platform
Klaus Agnoletti
@klausagnoletti_twitter
Hey. No, you can't selfhost the console. It's proprietary and no plans to change that..
CactiChameleon9
@cacti_chameleon10:kde.org
[m]
Thats a shame
Klaus Agnoletti
@klausagnoletti_twitter
In terms of Discord we don't have any plans to bridge it with matrix. Is it even possible? And no, you're not the only one who doesn't want to use a proprietary platform for chatting. So far I've heard from one more. So for the time being - unless many more gitter users approach us - I don't think it's worth the effort. But that may change, who knows..
CactiChameleon9
@cacti_chameleon10:kde.org
[m]
A discord matrix bridge is possible, and isn't too hard to setup (depending on what bridge you use) - but understandable if its a not priority
Klaus Agnoletti
@klausagnoletti_twitter
Thanks. I'll take a look at it
Klaus Agnoletti
@klausagnoletti_twitter
The OPNsense port of CrowdSec is finally ready now in a public beta release from https://github.com/crowdsecurity/opnsense-plugin-crowdsec. Get it while it's hot! If you run into problems please ask in #-bsd on our Discord! Let me know if you need the invite link!
Arthur
@arthurlutz:matrix.org
[m]
cscli alerts list | grep community
| 1733 | crowdsec/community-blocklist | update : +4714/-0 IPs             |         |                                | ban:4714  | 2022-01-27 09:27:54 +0100      |
| 1729 | crowdsec/community-blocklist | update : +4681/-0 IPs             |         |                                | ban:29    | 2022-01-27 07:27:54 +0100      |
| 1724 | crowdsec/community-blocklist | update : +4641/-0 IPs             |         |                                | ban:14    | 2022-01-27 05:27:54 +0100      |
does this indicate the number of IPs banned from the community (not attacking "yet" my server) ?
if so what happened today for the number of banned ips to go from a two figure number to a four figure number ?
CrowdSec
@Crowd_Security_twitter
yes :slightly_smiling_face:
Arthur
@arthurlutz:matrix.org
[m]
and the 4714 ip bans from this morning ?
Ricardo
@rmdes
do I need to run a prometheus server to be able to listen to the mydomain:6060/metrics endpoint ?
I have added the graphana dashboard for crowdsec
but i'm getting connection refused when, on the graphana side, I configure the prometheus source data
Ricardo
@rmdes
my graphana instance is not on the server where crowdsec is running just to be precise
blotus
@blotus
yes, you need a prometheus server to scrape the metrics
then add your prometheus server as a datasource in grafana, and the dashboards should work
rick
@rick:rmendes.net
[m]
Alright I see, doc wasn't clear or i misread probably
Thanks
rick
@rick:rmendes.net
[m]
so just to be sure, I should be able to curl mydomain:6060/metrics from the cli and get data right ?
and if I can't, make sure ports are open
right now I can only get curl data using localhost:6060/metrics
if I curl buzzworkers.com:6060/metrics I'm getting connection refused and for my prometheus server, it obviously say my targets are down
tandy
@tandy1000:matrix.org
[m]
i just upgraded crowdsec with apt and im gettting this?
oh the issue was crowdsec wasnt running
mainevent07
@mainevent07
Hello!
Can you help me, how may I get community-blocklist manually? For example, via curl and credentials in online_api_credentials.yaml
Philipp
@Philipp37303217_twitter
Hello people. I just started testing crowdsec. I installed Crowdsec 1.3.0 (no bouncer yet) and used wizard.sh -c to get everything i need (i guess?) i got the packages for e.g. apache. crowdsec is active and running. Now i used nessu for an web app scan on the servers apache. But i dont get any results in the /var/log/crowdsec.log ( following https://crowdsec.net/blog/tutorial-crowdsec-v1-1/ ). Any ressources on what i might do wrong or should do?
he2ss
@he2ss

Hi @Philipp37303217_twitter,

wizard.sh -c will not detect all the services, only the common ones. So depend what services do you need to monitor.
From which network the attacks are performed ? If it's from private network, may be you are not detecting attacks because of default whitelist that is installed.

You can confirm this showing the parsers sudo cscli parsers list

Fouine
@fouine:matrix.underworld.fr
[m]
Hello, is it possible to set http_proxy in crowdsec config?