Thanks for the update Dave.I'm in a holding pattern while my lawyer researches the EU "GDPR" laws.
It's looking like I will not be able to use 3rd party honeypots, as the GDPR requires companies to allow users to delete any data collected from there.
That means that anyone with a honeypot running on their router will be able to delete any IP's in the database that their router may have submitted.
While this may not sound like a big deal, it's ENTIRELY possible for a user to fake an update and delete the whole database.
Hey Dave,I'm in a holding pattern while my lawyer researches the EU "GDPR" laws.
It's looking like I will not be able to use 3rd party honeypots, as the GDPR requires companies to allow users to delete any data collected from there.
That means that anyone with a honeypot running on their router will be able to delete any IP's in the database that their router may have submitted.
While this may not sound like a big deal, it's ENTIRELY possible for a user to fake an update and delete the whole database.
This fucking GDPRIt's looking like I will not be able to use 3rd party honeypots, as the GDPR requires companies to allow users to delete any data collected from there.
Are you running IP > Cloud ? Would be the "easiest" thing to check at this point as it is a prerequisite.For IntusDave:
Do you have any problem or do you update? I run your script but the script didn't download nothing.
I thank you for your help!
Yes, IP -> Cloud is running. DDNS Enabled and updated.Are you running IP > Cloud ? Would be the "easiest" thing to check at this point as it is a prerequisite.For IntusDave:
Do you have any problem or do you update? I run your script but the script didn't download nothing.
I thank you for your help!
squidblacklist.org is not included, as it is a pay service. The IP's they have on the free lists are pretty much duplicates of my list 2.@Dave
Do you have IP blacklists from squidblacklist.org in priority 1 or 2?
Thanks!The server is hosted on the google cloud platform. It appears that Google has oversold the zone that my servers are in, and my servers have been taking offline to allow others to run. I'll be moving the server to a different zone ASAP.
How much memory use on routers with these Blacklist Filters?What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
What do you think about this service?: viewtopic.php?t=137632It's hard to give accurate numbers, but it looks like the List 1 uses about 768k, List 2 uses 3M, and List 3 uses 54M to load and 50M once the load is done. The other two load too fast on my RB110AHx4 to see the memory load update.
Any estimate regarding the end-of-service date as it is? I have to convince my boss of the benefits of being a paying member of the community and I do not want to be caught offguard.What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
I think it's a ripoff of my project by someone that hasn't been a part of the community as long as I have. I think I am far more transparent in the development process.What do you think about this service?: viewtopic.php?t=137632It's hard to give accurate numbers, but it looks like the List 1 uses about 768k, List 2 uses 3M, and List 3 uses 54M to load and 50M once the load is done. The other two load too fast on my RB110AHx4 to see the memory load update.
OK, now I'll be clear here Thanks.
squidblacklist.org is not included, as it is a pay service. The IP's they have on the free lists are pretty much duplicates of my list 2.
The goal is NO end-of-service date. This started out as a project out of a personal need, I shared it with the community because I thought others could use it too. Last year, the original service hit just over 17,000 active devices. I realized that several LARGE businesses were using the service and SELLING IT to their customers. At that point I felt that it was "fair" for me to be paying several hundred per month for servers and honeypots out of pocket, while others were making money off it it.Any estimate regarding the end-of-service date as it is? I have to convince my boss of the benefits of being a paying member of the community and I do not want to be caught offguard.What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
Keep the fantastic work!
I compared mine with that one - All of the IP's in that are also in mine. The key difference is the delivery method. My .rsc is much smaller and processed faster.OK, now I'll be clear here Thanks.
squidblacklist.org is not included, as it is a pay service. The IP's they have on the free lists are pretty much duplicates of my list 2.
Will test how much RAM a RB2011 needed. Only with priority 2
or priority 1 + drop.malicious.rsc
PS:
SBL Malicious IP Blacklist from: https://www.squidblacklist.org is free of charge.
Would be nice to be able to select priority 1, although you have paid for priority 2.The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
As for yearly payments - At this time, I am going to keep it monthly. I don't want to accept a payment for a year of service before I know the service will be able to sustain itself.
When I asked about the end-of-service as it is I was referring when the current scripts will be deactivated and only working via Patreon.The goal is NO end-of-service date. This started out as a project out of a personal need, I shared it with the community because I thought others could use it too. Last year, the original service hit just over 17,000 active devices. I realized that several LARGE businesses were using the service and SELLING IT to their customers. At that point I felt that it was "fair" for me to be paying several hundred per month for servers and honeypots out of pocket, while others were making money off it it.Any estimate regarding the end-of-service date as it is? I have to convince my boss of the benefits of being a paying member of the community and I do not want to be caught offguard.
Keep the fantastic work!
After January first the current your script will not work?My goal is January first.
Payment is automated via the Patreon page. Each Tier includes the Tier below it. I've updated the tires on the page to better explain what you get.Would be nice to be able to select priority 1, although you have paid for priority 2.The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
As for yearly payments - At this time, I am going to keep it monthly. I don't want to accept a payment for a year of service before I know the service will be able to sustain itself.
Uh, monthly. I hope the monthly payment can be automated.
https://www.patreon.com/IntrusTechnologiesHow to make a payment from Poland?
I'm already signed up! Thanks again for the great service Dave.What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
I'm using the priority 2 list on an RB2011. Memory is fine. I currently have free 74MB of 128MB with ~30k blacklist entries. The RB2011 is more CPU starved when it's updating the list or if you view the address list.
OK, now I'll be clear here Thanks.
Will test how much RAM a RB2011 needed. Only with priority 2
or priority 1 + drop.malicious.rsc
Perfect thank you.Payment is automated via the Patreon page. Each Tier includes the Tier below it. I've updated the tires on the page to better explain what you get.
I've deleted most of the drop.malicious.rsc address-list entrys (~30k blocklist.de) and switched to priority 2 (also about ~30k). I have 7 MB more Ram free. (Free Memory now 55MB)I'm using the priority 2 list on an RB2011. Memory is fine. I currently have free 74MB of 128MB with ~30k blacklist entries. The RB2011 is more CPU starved when it's updating the list or if you view the address list.
Sounds like an emotional response based on little fact. You would be better served by recognizing and supporting a like minded fellow provider who decided to share his work for his customers/clients with the community at large. The development cycle taken matches up with what I would have done, first being exposed to Josh Haven and the various sources, such as the Firehol lists, magically available whether you were on this less and less green earth or not. On his own he matured his script skills to be able to create the database and program with the flexibility and 'scalability' of his clients in mind (hex to larger units) which is critical to many of us with lesser units (not companies with fat wallets). Its stable, it works and its phukking affordable. He obviously has put much time and effort into the program, considering the servers required and the fail over and many other detailed minutia it takes to run a credible service. As to transparency, what are you referring too? He opened up his development to anybody that was interested for testing purpose. He clearly outlines his sources which do not contain 'secret' honeypots.I think it's a ripoff of my project by someone that hasn't been a part of the community as long as I have. I think I am far more transparent in the development process.What do you think about this service?: viewtopic.php?t=137632It's hard to give accurate numbers, but it looks like the List 1 uses about 768k, List 2 uses 3M, and List 3 uses 54M to load and 50M once the load is done. The other two load too fast on my RB110AHx4 to see the memory load update.
My Also,The service works well, the first payment has been sent.
:local destPath "disk1/filterImport.rsc";
:local priority "2";
:local sn [:pick [/ip cloud get dns-name] 0 [:find [/ip cloud get dns-name] "."]];
/tool fetch mode=https url="https://bl.mikrotikfilters.com/fetch.php?priority=$priority" http-method=post http-data="$sn" dst-path="$destPath" output=file; /import file-name=$destPath; /file remove $destPath;
Script is 4 post higher.Can someone sum up the latest script/instructions on how to install the new service?
That script is running fine. I am just wondering about the frequency of the scheduler and maybe other things that were installed with the old installer.Script is 4 post higher.
That script is running fine. I am just wondering about the frequency of the scheduler and maybe other things that were installed with the old installer.
/ip cloud set ddns-enabled=yes update-time=no
/system script add dont-require-permissions=no name=blacklistScript owner=admin policy=read,write,policy,test source=\
\n"# Intrus Technologies blacklist installer/updater\
\n# \A92017 David Joyce, Intrus Technologies\
\n\
\n:local destPath \"filterImport.rsc\";\
\n:local priority \"2\";\
\n\
\n#If you do not want to delete the script directly after importing, remove the comment and paste one in the last line\
\n#:do { /file remove \$destPath } on-error={};\
\n\
\n:local sn [:pick [/ip cloud get dns-name] 0 [:find [/ip cloud get dns-name] \".\"]];\
\n/tool fetch mode=https url=\"https://bl.mikrotikfilters.com/fetch.php\?priority=\$priority\" http-method=post http-data=\"\$sn\" dst-path=\"\$destPath\" output=file;\
\n/import file-name=\$destPath;\
\n/file remove \$destPath;\
\n"
/system scheduler add interval=12h name=blacklistScriptUpdate on-event="/system script run blacklistScript" policy=read,write,policy,test start-date=jan/01/1970 start-time=06:00:00
/system scheduler add name=blacklistScriptUpdateOnBoot on-event=":delay 30;system script run blacklistScript" policy=read,write,policy,test start-time=startup
/ip firewall raw add action=drop chain=prerouting comment="Drop WAN connections from 'intrusBL' blacklisted hosts <- Src. Address List: intrusBL" in-interface-list=WAN src-address-list=intrusBL
Yes, somewhere up above, there is a Patreon link, as well as PayPal links.It can be paid by Patreon?
Thank you. No worries, I’ve survived everything else life has tossed my way. Even an earthquake that brought my apartment down on me.Humans can be truly awfull but using you undergoing your treatment to steal from you then there are no words to describe my feelings about that.
I am sorry to read that you are ill and that the outcome is uncertain. I wish all the strength to overcome this horrible time in your life.
I'm still working on the IPv6 version of the list. My home ISP has finally managed to provide a stable v6 connection, so I'll be able to start testing.
I'm curious how much bandwidth your service consumes... there is another poster complaining about $500/mon bandwidth cost for his service, but frankly I cannot understand how this can happen.I regret to inform you all that I have shut down the servers.
With over 35,000 routers hitting the server every few hours, and only 10 supporters (totally $50/month), the expenses are not even remotely being covered. I'm putting out almost $500/month now just in bandwidth costs.
any way to use RAW? or just regular firewall rule?Code: Select all/ip firewall raw add action=drop chain=prerouting comment="DROP intrusBL" src-address-list=intrusBL add action=drop chain=prerouting comment="DROP intrusBL" dst-address-list=intrusBL
Address-list, src-address-list and dst-address-list are three different parameters. You're talking about one and look at the description of another.the problem is, with RB, that ip firewall raw action=drop doent work with src-address-list=intrusBL
according to documentation:
address-list (string; Default: ) Name of the address list to be used. Applicable if action is add-dst-to-address-list or add-src-to-address-list
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Raw
any way to use RAW? or just regular firewall rule?Code: Select all/ip firewall raw add action=drop chain=prerouting comment="DROP intrusBL" src-address-list=intrusBL add action=drop chain=prerouting comment="DROP intrusBL" dst-address-list=intrusBL
me too.I thought that more people would be willing to help, but sadly not.