RBL's for CSF

Hi all,

What good RBL's for blocking " bad stuff" are there ... specifically to input into CSF (or exim)

Thanks

Chip

Comments

  • Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • @chip said:
    What good RBL's for blocking " bad stuff" are there ... specifically to input into CSF (or exim)

    The two are quite different, so you might need to be more exact about the "bad stuff" you are trying to block. For mail, as mentioned mxrbl is a good one. Additionally, abusix has a list with a free tier for low-volume. I use both.

    For bots, you could look at https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker. It isn't exactly for CSF but transforming it is straightforward. I use it with HAProxy and do the conversion like this:

    grep -i "^allow from [0-9]" bot_apache.txt | sed -e "s/.* //" > haproxy/ipallow.lst
    grep "^BrowserMatchNoCase .* good_bot$" bot_apache.txt | sed -e "s/^.* \"//" | sed -e "s/. good_bot//" > haproxy/goodbot.lst
    grep "^BrowserMatchNoCase .* bad_bot$" bot_apache.txt | grep -v "Indy\\\ Library" | sed -e "s/^.* \"//" | sed -e "s/. bad_bot//" > haproxy/badbot.lst
    grep "^SetEnvIfNoCase Referer.* spam_ref" bot_apache.txt | sed -e "s/^.* \~\*//" | sed -e "s/ spam_ref//" | sed -e 's:\\\([\.-]\):\1:g' > haproxy/spamref.lst
    

    I would say it is fairly conservative though. I build my own more severe list which has around 600 additional IP ranges.

    Thanked by (2)chip someTom
  • @tetech said:

    @chip said:
    What good RBL's for blocking " bad stuff" are there ... specifically to input into CSF (or exim)

    The two are quite different, so you might need to be more exact about the "bad stuff" you are trying to block. For mail, as mentioned mxrbl is a good one. Additionally, abusix has a list with a free tier for low-volume. I use both.

    For bots, you could look at https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker. It isn't exactly for CSF but transforming it is straightforward. I use it with HAProxy and do the conversion like this:

    grep -i "^allow from [0-9]" bot_apache.txt | sed -e "s/.* //" > haproxy/ipallow.lst
    grep "^BrowserMatchNoCase .* good_bot$" bot_apache.txt | sed -e "s/^.* \"//" | sed -e "s/. good_bot//" > haproxy/goodbot.lst
    grep "^BrowserMatchNoCase .* bad_bot$" bot_apache.txt | grep -v "Indy\\\ Library" | sed -e "s/^.* \"//" | sed -e "s/. bad_bot//" > haproxy/badbot.lst
    grep "^SetEnvIfNoCase Referer.* spam_ref" bot_apache.txt | sed -e "s/^.* \~\*//" | sed -e "s/ spam_ref//" | sed -e 's:\\\([\.-]\):\1:g' > haproxy/spamref.lst
    

    I would say it is fairly conservative though. I build my own more severe list which has around 600 additional IP ranges.

    Thanks for this

Sign In or Register to comment.