CrowdSec

C

CrowdSec

CrowdSec: IDS/IPS/WAF Community

Join
Laz
Laz
View on Discord
8/18/2025

Error while parsing logs - schiz0phr3ne/sonarr-logs

I'm encountering an issue with a log parser bundled as part of a collection. https://app.crowdsec.net/hub/author/schiz0phr3ne/collections/sonarr Specifically with this parser...
Domme
Domme
View on Discord
8/17/2025

Can't connect to remote LAPI with agent

On my Nginx Proxy Manager VM I am running the crowdsec server. This works so far as I already have another service successfully using it. But I only provided the URL, machine name and API_KEY because the service handles everything itself and just required the lapi credentials. Now I have another service which I have to configure manually. I installed the crowdsec agent via docker. This is my config.yaml for my log processor (this is not running the LAPI server) ```yaml common:...
Panzhunter
Panzhunter
View on Discord
8/17/2025

Updating Decisions List

Hello I just setup crowdsec for the first time. Is it normal for the 
cscli decision list
cscli decision list
to be different from 
cscli decisions list --origin CAPI
cscli decisions list --origin CAPI
? I'm using the container maintained by Zoey. docker.io/zoeyvid/npmplus:latest...
Pypanda
Pypanda
View on Discord
8/16/2025

Traefik logs only showing internal docker IP address.

https://www.crowdsec.net/blog/securing-automated-app-deployment-crowdsec-and-coolify i followed this guide to set crowdsec setup but ive tried pretty much everything but the traefik logs only show the docker ip and in the cscli metrics i can see everything being whitelisted. this is snippet from the logs....
Nicollas
Nicollas
View on Discord
8/15/2025

Help with crowdsec plugin

I need help installing the crowdsec plugin on wordpress
jjg23
jjg23
View on Discord
8/15/2025

No alerts received within the last 24 hours

One of my engines which has been working well now shows this error in the console. cscli capi status looks like it's all good. The console (app.crowdsec.net) shows that it has recently authenticated, and the console has received status, but that signals haven't been retrieved for a couple days. Alerts aren't showing up in the console either. Any suggestions to troubleshoot?
freddy
freddy
View on Discord
8/14/2025

crowdsec nginx bouncer without IP

Hello CrowSec community, I'm new to CrowdSec. I am running an nginx reverse proxy serving a demo web app in a docker container. My dockerized nginx container is running with ports 80 and 443. I installed crowdsec and related remediation components (bouncers) baremetal. Seems that it is working, however, I noticed after running the command sudo cscli bouncers list See attached image....
No description
jjg23
jjg23
View on Discord
8/14/2025

Clean up old log parsers / machines

My security engine currently shows 30 log parsers in cscli and the console. The log parsers specifically are old LAPI pods. I understand there are options to automatically clean up old agent and bouncer connections though it apparently doesn't apply to LAPI. Is there a way to cause these to be cleaned up automatically? I know I can cscli machine prune but in a kubernetes environment it's expected that pods are ephemeral, so it seems like there should be a function to autodelete or autopru...
Alfredo Borges
Alfredo Borges
View on Discord
8/14/2025

help configuration bouncer traefik

apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: bouncer namespace: traefik...
Mrx
Mrx
View on Discord
8/13/2025

Haproxy-Spoa captcha always reload and not redirect to site

Dear Crowedsec Team I set up my haproxy to show the chaptcha.html file from your Github repo. But my turnstile widget always reloads and never sent the cookie back to the server for verification....
badmas
badmas
View on Discord
8/13/2025

Multiple Notifications of the same IP Ban

I'm currently using CrowdSec on my OPNsense firewall, and overall, it's been working very well. However, I've recently noticed multiple repeated ban notifications for the same IP range (89.248.160.0/21), which is known to be malicious. This has been occurring consistently over the past few days. To mitigate this, I increased the ban duration from 4 hours to 72 hours, hoping it would reduce the repeated activity. Unfortunately, that hasn’t made a difference—similar IPs keep appearing. I came across some information suggesting that CrowdSec bans don't necessarily block traffic entirely and that firewall-level blocking is needed to fully stop incoming connections. Since I'm using the CrowdSec plugin directly on OPNsense, I was expecting it to integrate with the firewall to block banned IPs....
No description
Pierrick
Pierrick
View on Discord
8/12/2025

Strungling with Bouncer Middleware in Traefik 3 on kubernetes.

Hy everyone, i wondering if someone allready have trouble to deploy bouncer middleware on traefik 3 ? - Security engine is registered - traefik3 is deployed on kubenetes. Everything look ok but when i activate crowdsec middleware on HTTProute. ...
No description
alendroit
alendroit
View on Discord
8/12/2025

data directive in scenario do not load local file in memory

Hello, I created a dummy scenario to import local data file (with a list of IPs) but it seems to not be loaded in memory. I use the imported file with the File() function in filters section of profiles.yaml: ```filters: - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetValue() in File("importtrustedip.txt")...
minzi90
minzi90
View on Discord
8/12/2025

Remediation components aren't visible

Hello! I've installed CrowdSec on a fresh Ubuntu 24.04 VPS and connected it to the web, but I don't see any active remediation components. When I run sudo cscli bouncer list, it shows the firewall bouncer as valid and the last API pull was recent. Both the crowdsec and crowdsec-firewall-bouncer services are active and running. However, despite numerous IPs being present in the iptables, I can't see the active remediation components. Could someone please help me understand why the remediation components aren't visible and how I can resolve this? ...
Nicollas
Nicollas
View on Discord
8/11/2025

need help with fortigate integration

I'm trying to integrate crowdsec blocklist with my fortigate but I can't
cowlug
cowlug
View on Discord
8/10/2025

The recipient server did not accept our requests to connect.mails from gmail blocked by crowdsec

The recipient server did not accept our requests to connect. I have no idea why mails from gmail are blocked. I am able to send to gmail without any problem, but the othe way doesn't work. How can I allow incoming mail from gmail smtp servers ?...
marko
marko
View on Discord
8/10/2025

2FA authorization

Hi CrowdSec team 👋 I lost access to my 2FA device and cannot log into my CrowdSec account.
I sent a support request to support@crowdsec.net on 02.08.25 but haven’t received any reply for over a week.
This completely blocks me from accessing my account....
ColouredCats
ColouredCats
View on Discord
8/10/2025

AppSec ignores X-Crowdsec-Appsec-Ip header from Caddy bouncer, uses connection source IP instead

Hi 👋 I'm trying to track down what's going on between Caddy and AppSec and could use a suggestion for where to look next. I've documented my issue and findings on hslatman/caddy-crowdsec-bouncer, and ruled it out a plugin issue - https://github.com/hslatman/caddy-crowdsec-bouncer/issues/91 Let me know if anyone has a suggestion for where to dig next....
joshward9182
joshward9182
View on Discord
8/9/2025

Collection Not Banning

I'm just getting into Crowdsec and installed on my Unraid server, with Traefik as my reverse proxy. I followed an Ibracorp tutorial for help. Multiple collections don't seem to be parsing the logs correctly. One example being LePresidente/overseerr-logs....
No description
XTROIL
XTROIL
View on Discord
8/9/2025

Same IP banned twice 2 hours apart?

I've seen the same IP getting banned twice 2 hours apart, not sure how it's possible? My default bans are for longer, so it shouldn't be possible, I do see the active decision for that IP, so I wonder if I'm missing something? Thanks....
No description
PreviousNext