CSF Firewall-Module LFD: Unable to retrieve blocklist MAXMIND (Updated: May 3, 2025 04:51:03 PST)

Your new/first Tips, tricks and tutorial forum.
Forum rules
Post Reply
User avatar
admin
Site Admin
Posts: 32
Joined: March 7th, 2022, 1:09 am

CSF Firewall-Module LFD: Unable to retrieve blocklist MAXMIND (Updated: May 3, 2025 04:51:03 PST)

Post by admin »

Hello Everyone,

Recently My sever got many errors within my ConfigServer Filrewall module:

Code: Select all

Oct 30 04:21:37 srv8 lfd[974616]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Oct 30 04:26:37 srv8 lfd[975527]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Oct 30 04:31:38 srv8 lfd[976765]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Tried to DiG more closer the problems and found it...
Looks Like maxmind.com and abuseipdb.com were changed their network and using frame Content Delivery Network from CloudFlare Inc. which are : 104.17.27.25 and 24.4.237.19
While JavaScript Object Notation (JSON - a standard text-based format for representing structured data based on JavaScript object syntax) is working fine, I have to change Perl module with HTTP::Tiny and Perl module LWP::UserAgent too in /path/to/abuseipdb_report.pl script which is also needs the LWP::Protocol::https perl module to Integrating AbuseIPDB with CSF - Automatically Report and Blocking Bad IPs that attempted intrusions server sources.

I've added IP4:104.17.27.25 and 24.4.237.19 to csf - Quick allow Actions and the problems solved:

Code: Select all

Nov 10 04:19:34 srv8 lfd[1091202]: Retrieved and blocking blocklist MAXMIND IP address ranges
Nov 10 04:19:35 srv8 lfd[1091202]: IPSET: loading set new_MAXMIND with 334 entries
Nov 10 04:19:35 srv8 lfd[1091202]: IPSET: switching set new_MAXMIND to bl_MAXMIND
Nov 10 04:19:35 srv8 lfd[1091202]: IPSET: loading set new_6_MAXMIND with 2 entries
Nov 10 04:19:35 srv8 lfd[1091202]: IPSET: switching set new_6_MAXMIND to bl_6_MAXMIND
Nov 10 12:34:21 srv8 lfd[1268350]: CC: Processing MaxMind Country/ASN database
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [CN]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [HK]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [KR]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [TW]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [BR]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [AR]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [IN]
I've also added : The Autonomous System Numbers (ASN) to Blocking Country code within csf.conf to CC_DENY and CC_DENY_PORTS with the same country code blocked.
As far as MaxMind GeoIP purpose is to block all of Anonymous Proxies...
This will reduce the minFraud service (fraud detection) for a transactional risk analysis service.

Code: Select all

May  3 04:51:03 srv8 lfd[1990155]: CC: Extracting zone from MaxMind Country/ASN database for [AS20473]
May  3 04:51:03 srv8 lfd[1990155]: CC: Repopulating ipset cc_ar with IP addresses from [AR]
May  3 04:51:05 srv8 lfd[1990155]: IPSET: loading set new_ar with 3370 entries
May  3 04:51:05 srv8 lfd[1990155]: IPSET: switching set new_ar to cc_ar
May  3 04:51:05 srv8 lfd[1990155]: CC: Repopulating ipset cc_br with IP addresses from [BR]
May  3 04:51:10 srv8 lfd[1990155]: IPSET: loading set new_br with 10460 entries
May  3 04:51:11 srv8 lfd[1990155]: IPSET: switching set new_br to cc_br
May  3 04:51:11 srv8 lfd[1990155]: CC: Repopulating ipset cc_cn with IP addresses from [CN]
May  3 04:51:15 srv8 lfd[1990155]: IPSET: loading set new_cn with 7889 entries
May  3 04:51:15 srv8 lfd[1990155]: IPSET: switching set new_cn to cc_cn
May  3 04:51:15 srv8 lfd[1990155]: CC: Repopulating ipset cc_hk with IP addresses from [HK]
May  3 04:51:20 srv8 lfd[1990155]: IPSET: loading set new_hk with 9730 entries
May  3 04:51:20 srv8 lfd[1990155]: IPSET: switching set new_hk to cc_hk
May  3 04:51:20 srv8 lfd[1990155]: CC: Repopulating ipset cc_in with IP addresses from [IN]
May  3 04:51:27 srv8 lfd[1990155]: IPSET: loading set new_in with 11989 entries
May  3 04:51:27 srv8 lfd[1990155]: IPSET: switching set new_in to cc_in
May  3 04:51:27 srv8 lfd[1990155]: CC: Repopulating ipset cc_jp with IP addresses from [JP]
May  3 04:51:33 srv8 lfd[1990155]: IPSET: loading set new_jp with 11022 entries
May  3 04:51:33 srv8 lfd[1990155]: IPSET: switching set new_jp to cc_jp
May  3 04:51:33 srv8 lfd[1990155]: CC: Repopulating ipset cc_kr with IP addresses from [KR]
May  3 04:51:35 srv8 lfd[1990155]: IPSET: loading set new_kr with 3723 entries
May  3 04:51:35 srv8 lfd[1990155]: IPSET: switching set new_kr to cc_kr
May  3 04:51:35 srv8 lfd[1990155]: CC: Repopulating ipset cc_lt with IP addresses from [LT]
May  3 04:51:36 srv8 lfd[1990155]: IPSET: loading set new_lt with 1460 entries
May  3 04:51:36 srv8 lfd[1990155]: IPSET: switching set new_lt to cc_lt
May  3 04:51:36 srv8 lfd[1990155]: CC: Repopulating ipset cc_pk with IP addresses from [PK]
May  3 04:51:36 srv8 lfd[1990155]: IPSET: loading set new_pk with 1178 entries
May  3 04:51:37 srv8 lfd[1990155]: IPSET: switching set new_pk to cc_pk
May  3 04:51:37 srv8 lfd[1990155]: CC: Repopulating ipset cc_tw with IP addresses from [TW]
May  3 04:51:38 srv8 lfd[1990155]: IPSET: loading set new_tw with 2337 entries
May  3 04:51:38 srv8 lfd[1990155]: IPSET: switching set new_tw to cc_tw
May  3 04:51:38 srv8 lfd[1990155]: CC: Repopulating ipset cc_vn with IP addresses from [VN]
May  3 04:51:39 srv8 lfd[1990155]: IPSET: loading set new_vn with 2026 entries
May  3 04:51:39 srv8 lfd[1990155]: IPSET: switching set new_vn to cc_vn
May  3 04:51:39 srv8 lfd[1990155]: CC: Repopulating ipset cc_ro with IP addresses from [RO]
May  3 04:51:41 srv8 lfd[1990155]: IPSET: loading set new_ro with 3619 entries
May  3 04:51:41 srv8 lfd[1990155]: IPSET: switching set new_ro to cc_ro
May  3 04:51:41 srv8 lfd[1990155]: CC: Repopulating ipset cc_ru with IP addresses from [RU]
May  3 04:51:48 srv8 lfd[1990155]: IPSET: loading set new_ru with 12815 entries
May  3 04:51:48 srv8 lfd[1990155]: IPSET: switching set new_ru to cc_ru
May  3 04:51:48 srv8 lfd[1990155]: CC: Repopulating ipset cc_as14061 with IP addresses from [AS14061]
May  3 04:51:48 srv8 lfd[1990155]: IPSET: loading set new_as14061 with 146 entries
May  3 04:51:48 srv8 lfd[1990155]: IPSET: switching set new_as14061 to cc_as14061
May  3 04:51:48 srv8 lfd[1990155]: CC: Repopulating ipset cc_as20473 with IP addresses from [AS20473]
May  3 04:51:49 srv8 lfd[1990155]: IPSET: loading set new_as20473 with 524 entries
May  3 04:51:49 srv8 lfd[1990155]: IPSET: switching set new_as20473 to cc_as20473
May  3 04:51:49 srv8 lfd[1990155]: CC: Repopulating ipset cc_as28753 with IP addresses from [AS28753]
May  3 04:51:49 srv8 lfd[1990155]: IPSET: loading set new_as28753 with 107 entries
May  3 04:51:49 srv8 lfd[1990155]: IPSET: switching set new_as28753 to cc_as28753
May  3 04:51:49 srv8 lfd[1990155]: CC: Repopulating ipset cc_as47890 with IP addresses from [AS47890]
May  3 04:51:49 srv8 lfd[1990155]: IPSET: loading set new_as47890 with 24 entries
May  3 04:51:49 srv8 lfd[1990155]: IPSET: switching set new_as47890 to cc_as47890
May  3 04:51:49 srv8 lfd[1990155]: CC: Repopulating ipset cc_as214940 with IP addresses from [AS214940]
May  3 04:51:49 srv8 lfd[1990155]: IPSET: loading set new_as214940 with 2 entries
May  3 04:51:49 srv8 lfd[1990155]: IPSET: switching set new_as214940 to cc_as214940
May  3 04:51:49 srv8 lfd[1990155]: CC: Repopulating ipset cc_as215476 with IP addresses from [AS215476]
May  3 04:51:49 srv8 lfd[1990155]: IPSET: loading set new_as215476 with 1 entries
May  3 04:51:49 srv8 lfd[1990155]: IPSET: switching set new_as215476 to cc_as215476
May  3 04:51:49 srv8 lfd[1990155]: CC: Repopulating ipset cc_as215930 with IP addresses from [AS215930]
May  3 04:51:49 srv8 lfd[1990155]: IPSET: loading set new_as215930 with 3 entries
May  3 04:51:49 srv8 lfd[1990155]: IPSET: switching set new_as215930 to cc_as215930
Warning!!!!: If you're using CloudLinux OS, please check that ASN database IP's you've added to CC_DENY not belong to CloudLinux OS Repo IP's mirror list or you'll get problem to update and connect your CloudLinux OS Server. (For Example: I've to remove the ASN [AS14061] Because got connection problem with CloudLinux OS Server Repo's IP Mirror List)
Just test the connection within your CloudLinux OS Server with CLI Like These:

Code: Select all

[root@srv8 ~]# ping -c 5 repo.cloudlinux.com
PING repo.cloudlinux.com (206.189.189.188) 56(84) bytes of data.
64 bytes from repo.cloudlinux.us-ny.cl-mirror.net (206.189.189.188): icmp_seq=1 ttl=47 time=78.8 ms
64 bytes from repo.cloudlinux.us-ny.cl-mirror.net (206.189.189.188): icmp_seq=2 ttl=47 time=77.10 ms
64 bytes from repo.cloudlinux.us-ny.cl-mirror.net (206.189.189.188): icmp_seq=3 ttl=47 time=77.10 ms
64 bytes from repo.cloudlinux.us-ny.cl-mirror.net (206.189.189.188): icmp_seq=4 ttl=47 time=77.7 ms
64 bytes from repo.cloudlinux.us-ny.cl-mirror.net (206.189.189.188): icmp_seq=5 ttl=47 time=77.7 ms

--- repo.cloudlinux.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 77.687/78.033/78.776/0.528 ms
[root@srv8 ~]#

Code: Select all

[root@srv8 ~]# cldiag --doctor
Downloading cldoctor script from https://repo.cloudlinux.com/cloudlinux/cldoctor/cldoctor.sh
Generating report...
Uploading...
Key: 384602530.0f5fe066-(HIDE)-(HIDE)-b815-f1c9f73e2743
Please, provide above mentioned key to CloudLinux Support Team
[root@srv8 ~]#

Code: Select all

[root@srv8 ~]# yum update --allowerasing --skip-broken
This system is receiving updates from CloudLinux Network server.
Last metadata expiration check: 22:57:42 ago on Sat 03 May 2025 01:42:16 AM PDT.
Dependencies resolved.
Nothing to do.
Complete!
[root@srv8 ~]#
CSF can use these option below. These otpion can be set to use:

1. Perl module HTTP::Tiny
2. Perl module LWP::UserAgent
3. CURL/WGET (set location at the bottom of csf.conf if installed)

HTTP::Tiny is much faster than LWP::UserAgent and is included in the csf distribution.

LWP::UserAgent may have to be installed manually, but it can better support https:// URL's which also needs the LWP::Protocol::https perl module

CURL/WGET uses the system binaries if installed but does not always provide good feedback when it fails. The script will first look for CURL, if that does not exist at the configured location it will then look for WGET

Additionally, 1 or 2 are used and if the retrieval fails, then if either CURL or WGET are available, an additional attempt will be using CURL/WGET. This is useful if the perl distribution has outdated modules that do not support modern SSL/TLS implementations.

CSF recommend to setting this set... to "2" or "3" as upgrades to csf will be performed over SSL as well as other URLs used when retrieving external data.
To install the LWP perl modules required:
On rpm based systems: (RedHat and CloudLinux)

Code: Select all

yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch
Looks like everything working fine with my server so far...
Top
Post Reply

Return to “Tips, tricks & tutorial forum”