I had to manually lower the serial number to get the blacklist back, it thought it had the latest blacklist but it was actually empty. (under Scripts in the Environment tab)Very sorry about that guys. I had to upgrade some server hardware, so I migrated the VM's to a different server. The new server didn't import the DNS vm. The old server if back online now and the VM's returned to their home. All should be good now.
Then, what I'm doing wrong? Can smb help me out. Thank you.The script works very well! Thanks IntrusDave, you are a Wizard Master!
Jacka,Then, what I'm doing wrong? Can smb help me out. Thank you.
Any help IntrusDave?Script works fine at my end. However the address list entries (IntrusBL) disappear in a couple of hours. I have been noticing this behavior since i installed this script and have tried upgrading my routeros version as well but to no avail. My current config is routeros 6.39.3 on CCR1072-1G-8S+.
I'm use the default, path is not change.Make sure you blDataPath does not start with a /
i.e. it should read "disk1/blTemp.rsc" NOT "/disk1/blTemp.rsc"
bw is cheap i can get a server for 8 bucks a month with 12TB of bw. i feel its more than cost as to why you're stopping it.It's been a nice run. Almost 3 years, and over 2200 active users. But I am shutting down the this service. With the new US tax laws and this new US "sex trafficking law" (which isn't really about sex trafficking) I simply can't afford to keep the service running. Bandwidth and rack space is just too expensive now, and I'm making $0.
Thank you all for the support.
If you think $8/month is the cost of a real server, a real firewall, real rack space, real bandwidth, real maintenance, real electricity... Then you are either delusional or have never owned/operated a true network. My servers are not shared VPS servers at some bulk hosting company. My firewalls are not software firewalls. For the last 17 years I have maintained a 48U rack, with 10gbps redundant fiber, a diesel generator with enough fuel for 7 days, a double-conversion UPS with 8 hours of backup time. The rack holds 13 servers, the smallest is an 8 core xeon with 8TB storage and 64GB ram. The largest being dual 12 core xeon, 384GB ram and 64TB. I have 3 CCR1016's and 2 CCR1072's.bw is cheap i can get a server for 8 bucks a month with 12TB of bw. i feel its more than cost as to why you're stopping it.
Need any help?
Never said my company was dedicated to the blacklist. It's BS like this that helped me decide to shut it down.I would be fine with keeping the service alive. Having a 48u rack for such a piss easy and small script is a bit outrageous. I think you're the delusional one. I"m sure you used that rack for way more than this script.
I'm simply saying you can keep the script stuff online for way cheaper if you wanna still help the community.
You did, otherwise why would we care if you had to pay for a 48u rack? Why even mention that? That has nothing to do with this script.Never said my company was dedicated to the blacklist. It's BS like this that helped me decide to shut it down.I would be fine with keeping the service alive. Having a 48u rack for such a piss easy and small script is a bit outrageous. I think you're the delusional one. I"m sure you used that rack for way more than this script.
I'm simply saying you can keep the script stuff online for way cheaper if you wanna still help the community.
Thank you, Dave, for a valiant effort.It's been a nice run. Almost 3 years, and over 2200 active users. But I am shutting down the this service.
# File path for squid blacklist. Change to use attached storage if available (e.g. "disk1/bl/drop.malicious.rsc")
:local sblPath "flash/bl/drop.malicious.rsc"
:log warning "Downloading squidblacklist malicious BL to $sblPath"
/tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/drop.malicious.rsc dst-path=$sblPath ;
:log warning "Importing squidblacklist malicious BL from $sblPath"
/import $sblPath ;
/ip firewall raw
add action=drop chain=prerouting comment="Attack from sbl dshield" log=yes log-prefix="BL dshield" src-address-list="sbl dshield"
add action=drop chain=prerouting comment="Attack from sbl blocklist.de" log=yes log-prefix="BL blocklist.de" src-address-list="sbl blocklist.de"
add action=drop chain=prerouting comment="Attack from sbl spamhaus" src-address-list="sbl spamhaus"
Unfortunately no. The server side (contrary to what a few hear think) isn't just a "script" it's a network of over 300 honeypots and some very advanced AI code to analyze threats. That system is proprietary and is still in use for the paying clients that I have left. Even if it wasn't in use, it's not just a simple script that I can post. Nor do I want to give away thousands of hours of code.Thank you Dave.
Could you be so kind and shere your valuable technology? Could you publish all scripts?
what should i use for storage ? I have 72 core and there is no any attached storage. should i add for this job ? now its using flash. is make any problem for using flash for this job ?Thank you, Dave, for a valiant effort.It's been a nice run. Almost 3 years, and over 2200 active users. But I am shutting down the this service.
For everyone who was using Dave's Blacklist, let me recommend the Malicious IP blacklist from SquidBlackList.org, available for download from https://www.squidblacklist.org/download ... licous.rsc . I've been using it for a while and have not run into any problems because of it.
You can download and import it with a simple script:The downloaded blacklist does not actually block anything, it just creates 3 address lists you can do what you want with (1 for each of the 3 sources they use to compose the final list). I have:Code: Select all# File path for squid blacklist. Change to use attached storage if available (e.g. "disk1/bl/drop.malicious.rsc") :local sblPath "flash/bl/drop.malicious.rsc" :log warning "Downloading squidblacklist malicious BL to $sblPath" /tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/drop.malicious.rsc dst-path=$sblPath ; :log warning "Importing squidblacklist malicious BL from $sblPath" /import $sblPath ;
Code: Select all/ip firewall raw add action=drop chain=prerouting comment="Attack from sbl dshield" log=yes log-prefix="BL dshield" src-address-list="sbl dshield" add action=drop chain=prerouting comment="Attack from sbl blocklist.de" log=yes log-prefix="BL blocklist.de" src-address-list="sbl blocklist.de" add action=drop chain=prerouting comment="Attack from sbl spamhaus" src-address-list="sbl spamhaus"
I highly doubt MikroTik are going to take on a project like this. Maybe it could be something we do as a community?How about MikroTik company will pick up this effort, and provide the service to all the MikroTik owners ?
That would be great (and I will be even totaly willing to pay extra, like a per-year subscription or such),
and
most importantly,
this will provide a specific chain of trust - on getting the correct IP black-list from the manufacturer, that could be actually trusted.
The active black-list is a must-have for anyone running any network.
Also, there are many free, respectable services, that do publish blacklists coming from honeypots.
Example: https://project.turris.cz/en/greylist
So there should be not so much issue on getting the inputs for the official service.
I do definitelly vote for this. Anyone else ?
But it is imported as static entries because of missing timeout parameter in the script, so they are written to NAND on every change. They should change it in the scriptIt is temporary locations to download ... it does not matter where it is ... after importing lists script could be removed form flash, disk etc.
You cannot just because everyone is doing like this? Google Play Music, Battlenet Shop - they all have different prices for Russia, for example.you can't ask for a lower price for parts of the world
You just need to do what makes you happy. It's fine not to know what to do with your life as long as you enjoy not knowing what to do.Not really an update, just information.
I'm still trying to figure out what to do with my life. At 43, I started not liking what I was doing for work. I've tried a few different things, including running a large non-profit for a while. Now I'm closing in on 45 and I still don't know. Fact is, I'm best at tech stuff and car stuff.
Anyway. I've shutdown all of my hardware servers and pulled them from the datacenter. It was just costing too much.
I'm currently experimenting with Google Cloud Compute platform to see if it will be a viable home for a new blacklist service. I hope to have new servers completed this week, and hope to start building a new Blacklist from scratch maybe next week. I still haven't found any decent subscription management systems. Anyone have suggestions on something Open Source?
You need "grown-up gap year"...
I'm still trying to figure out what to do with my life. At 43, I started not liking what I was doing for work. I've tried a few different things, including running a large non-profit for a while. Now I'm closing in on 45 and I still don't know.
To the first point, you gotta do what you love. Often the things we're good at aren't what we love though...so that's a tricky one.[...]
I'm still trying to figure out what to do with my life. At 43, I started not liking what I was doing for work. I've tried a few different things, including running a large non-profit for a while. Now I'm closing in on 45 and I still don't know. Fact is, I'm best at tech stuff and car stuff.
[...]
I'm currently experimenting with Google Cloud Compute platform to see if it will be a viable home for a new blacklist service. I hope to have new servers completed this week, and hope to start building a new Blacklist from scratch maybe next week. I still haven't found any decent subscription management systems. Anyone have suggestions on something Open Source?