GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » Free to use IP Blocker (Blocks IP Addresses that are listed by Abuse Ip Db)
Free to use IP Blocker [message #152160] Fri, 08 July 2022 14:32 Go to next message
tverweij is currently offline  tverweij
Messages: 32
Registered: March 2010
Location: Curacao
I created an IP Blocker for Kerio Control that checks the connection log for IP addresses, which are checked against the AbuseIpDb.
The addresses that have 100% confidence of abuse are then blocked.

It is free to use see https://github.com/tverweij/KerioIpBlocker/releases
Re: Free to use IP Blocker [message #152180 is a reply to message #152160] Wed, 13 July 2022 12:14 Go to previous messageGo to next message
hakimi is currently offline  hakimi
Messages: 2
Registered: May 2013
Good job. Thanks
Re: Free to use IP Blocker [message #152236 is a reply to message #152180] Mon, 18 July 2022 08:48 Go to previous messageGo to next message
tverweij is currently offline  tverweij
Messages: 32
Registered: March 2010
Location: Curacao
You are welcome Smile

Some background info:

My infrastructure was under attack some time ago, probes for vulnerabilities from multiple IP addresses. As soon as I blocked one, it continued from another IP. Kerio IPS did not block those, but when I looked up any of those addresses, all of them had a confident score of 100% on AbuseIpDB. That's when I got the idea to implement a blocker based on this blacklist. Instead of trying to keep up by manual blocking the addresses they are now blocked within 20 seconds.

What I saw is that the amount of attacks really goes down after I started to use the blocker myself; after a few days, the amount of IP addresses that even try to connect is dropping - I assume they see that they are blocked almost immediately, give up and move on to the next system that has less security.

I still hope that Kerio will implement an official integration with AbuseIpDB as part of IPS.

[Updated on: Mon, 18 July 2022 08:57]

Report message to a moderator

Re: Free to use IP Blocker [message #152283 is a reply to message #152236] Sat, 23 July 2022 13:35 Go to previous messageGo to next message
tverweij is currently offline  tverweij
Messages: 32
Registered: March 2010
Location: Curacao
As all my setups (and internet connections) are IPv4 only, I don't have any information on how Ipv6 addresses are logged in Kerio.

To make the blocker also working for IPv6, I need an example of a connection log and a filter log entry with an IPv6 address.
The only reason for this request is for me to see hoe this is logged, so I can adjust the IP Address parser to find the IPv6 addresses too.

Can anyone provide me with these?
Re: Free to use IP Blocker [message #152284 is a reply to message #152283] Sat, 23 July 2022 20:16 Go to previous messageGo to next message
PPG is currently offline  PPG
Messages: 164
Registered: February 2010
Great initiative! Thank you.

I just downloaded your IP Blocker, but how do i use this?
I see an exe and several DLL's.

Any info, readme or other instructions available?
Thanks again.

[Updated on: Sat, 23 July 2022 20:17]

Report message to a moderator

Re: Free to use IP Blocker [message #152286 is a reply to message #152284] Sun, 24 July 2022 07:44 Go to previous messageGo to next message
tverweij is currently offline  tverweij
Messages: 32
Registered: March 2010
Location: Curacao
Thanks for downloading Smile

See the description in the Readme.md on github for how to use ( https://github.com/tverweij/KerioIpBlocker/blob/main/README. md)

First configure the firewall as explained in the Readme.md on Github; create the IP address group and the three traffic rules.
And add connection logging to the Allow rules you want to monitor.

Next, create an account with an API key on AbuseIPDb.

Then take a windows machine behind the firewall (must have the firewall as gateway), place the exe and dlls in one folder and schedule the exe with the commandline parameters as described in the readme.md on github.

After that everything will be done fully automatic.


[Updated on: Mon, 25 July 2022 07:42]

Report message to a moderator

Re: Free to use IP Blocker [message #152331 is a reply to message #152286] Sat, 30 July 2022 11:48 Go to previous messageGo to next message
tverweij is currently offline  tverweij
Messages: 32
Registered: March 2010
Location: Curacao
Version 1.5 is released; in this version, addresses that are blocked but keep trying to connect won't be freed anymore.
Re: Free to use IP Blocker [message #152339 is a reply to message #152160] Mon, 01 August 2022 11:56 Go to previous messageGo to next message
apkbeasts is currently offline  apkbeasts
Messages: 1
Registered: August 2022
Location: United states
nice post
Re: Free to use IP Blocker [message #152403 is a reply to message #152160] Mon, 08 August 2022 13:22 Go to previous messageGo to next message
upscalevalley is currently offline  upscalevalley
Messages: 4
Registered: August 2022
It helped me. I have been facing an issue while operating my website. You have helped me alot. Thank you so much.

[Updated on: Mon, 08 August 2022 18:17] by Moderator

Report message to a moderator

Re: Free to use IP Blocker [message #152450 is a reply to message #152403] Fri, 12 August 2022 10:42 Go to previous message
tverweij is currently offline  tverweij
Messages: 32
Registered: March 2010
Location: Curacao
You are welcome Smile
Glad it helped you - please use the reporting function too; only together we can make the internet a better and safer place.
Previous Topic: IP Whitelisting on VPN User
Next Topic: How to enable CMD traffic ?
Goto Forum:
  


Current Time: Thu Aug 18 19:26:08 CEST 2022

Total time taken to generate the page: 0.02868 seconds