13 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
I think this might be why I’m getting attacks from IPs already on the community blocklist
console_manangement is the ability to control decisions via a paid console account, this is disabled by default but if you have a paid account and wish to enable this function you have to run cscli console enable console_management to enable the flagAhhh, yea I’m not paying
Why would I constantly be getting attacks from this ip when it’s on the community blocklist then?
That’s what I was trying to look into when I saw the console management thing
Cause the community blocklist on non paying accounts is limited as per the documentation https://docs.crowdsec.net/docs/next/central_api/community_blocklist#community-blocklist
Community Blocklist | CrowdSec
The "Community Blocklist" is a curated list of IP addresses identified as malicious by CrowdSec. CrowdSec proactively block the IP addresses of this blocklist, preventing malevolent IPs from reaching your systems.
and also depending on your remediation you may not be "hard" blocking ips, so there a chance they can retrigger a scenario
I was looking at that page earlier. how can I see if I’m using the lite or non lite version? On the crowdsec site it lists “Crowdsec Community Blocklist”
I’m assuming that tells me?
How can I set it to hard block the ip?
You have to install the firewall remediation component, but if you use something like cloudflare then unfortunately you cannot hard block the ips
Ahh damn. I’m looking to setup a pfsense box eventually so ig that’ll have to wait
yeah pfsense can work, but again if you use cloudflare then its still the same you cannot hard block them
Do you mean Cloudflare tunnels or Cloudflare proxy? I currently use ngnix proxy manager as my reverse proxy that is then proxied through cf
Since cf is my dns
Either of them both have to have proxy enabled which in turn means you cannot hard block them as at layer 3/4 the firewall cannot see the realip
Damn