Page 1 of 1

CSF Firewall-Module LFD: Unable to retrieve blocklist MAXMIND

Posted: October 30th, 2024, 4:59 am
by admin
Hello Everyone,

Recently My sever got many errors within my ConfigServer Filrewall module:

Code: Select all

Oct 30 04:21:37 srv8 lfd[974616]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Oct 30 04:26:37 srv8 lfd[975527]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Oct 30 04:31:38 srv8 lfd[976765]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Tried to DiG more closer the problems and found it...
Looks Like maxmind.com and abuseipdb.com were changed their network and using frame Content Delivery Network from CloudFlare Inc. which are : 104.17.27.25 and 24.4.237.19
While JavaScript Object Notation (JSON - a standard text-based format for representing structured data based on JavaScript object syntax) is working fine, I have to change Perl module with HTTP::Tiny and Perl module LWP::UserAgent too in /path/to/abuseipdb_report.pl script which is also needs the LWP::Protocol::https perl module to Integrating AbuseIPDB with CSF - Automatically Report and Block Bad IPs that attempted intrusions server sources.

I've added IP4:104.17.27.25 and 24.4.237.19 to csf - Quick allow Actions and the problems solved:

Code: Select all

Nov 10 04:19:34 srv8 lfd[1091202]: Retrieved and blocking blocklist MAXMIND IP address ranges
Nov 10 04:19:35 srv8 lfd[1091202]: IPSET: loading set new_MAXMIND with 334 entries
Nov 10 04:19:35 srv8 lfd[1091202]: IPSET: switching set new_MAXMIND to bl_MAXMIND
Nov 10 04:19:35 srv8 lfd[1091202]: IPSET: loading set new_6_MAXMIND with 2 entries
Nov 10 04:19:35 srv8 lfd[1091202]: IPSET: switching set new_6_MAXMIND to bl_6_MAXMIND
Nov 10 12:34:21 srv8 lfd[1268350]: CC: Processing MaxMind Country/ASN database
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [CN]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [HK]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [KR]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [TW]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [BR]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [AR]
Nov 10 12:34:26 srv8 lfd[1268350]: CC: Extracting zone from MaxMind Country/ASN database for [IN]
I've also added : The Autonomous System Numbers (ASN) to Blocking Country code within csf.conf to CC_DENY and CC_DENY_PORTS with the same country code blocked.
As far as MaxMind GeoIP purpose is to block all of Anonymous Proxies...
This will reduce the minFraud service (fraud detection) for a transactional risk analysis service.

CSF can use these option below. These otpion can be set to use:

1. Perl module HTTP::Tiny
2. Perl module LWP::UserAgent
3. CURL/WGET (set location at the bottom of csf.conf if installed)

HTTP::Tiny is much faster than LWP::UserAgent and is included in the csf distribution.

LWP::UserAgent may have to be installed manually, but it can better support https:// URL's which also needs the LWP::Protocol::https perl module

CURL/WGET uses the system binaries if installed but does not always provide good feedback when it fails. The script will first look for CURL, if that does not exist at the configured location it will then look for WGET

Additionally, 1 or 2 are used and if the retrieval fails, then if either CURL or WGET are available, an additional attempt will be using CURL/WGET. This is useful if the perl distribution has outdated modules that do not support modern SSL/TLS implementations.

CSF recommend to setting this set... to "2" or "3" as upgrades to csf will be performed over SSL as well as other URLs used when retrieving external data.
To install the LWP perl modules required:
On rpm based systems: (RedHat and CloudLinux)

Code: Select all

yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch
Looks like everything working fine with my server so far...