From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH 1/4] sources: remove the 3CORESEC ipblocklist entries from the sources file
Date: Thu, 24 Apr 2025 16:20:38 +0200 [thread overview]
Message-ID: <20250424142041.3443255-1-adolf.belka@ipfire.org> (raw)
- The three 3CORESEC ipblocklists were removed and the web server urls completely
removed on 3 Feb 2025. There was no explanation or announcement.
- There was some suggestion from their twitter account that they might be ressurrected
which is why the removal was delayed. However there has been no further notification
or indication of any change.
- From their website they focus on a turnkey platform provision and the provision of
actionable threat information being provided on a subscription basis. So I believe
they have decided to stop the free IPBlocklist provision but were not willing to
make a clear announcement on that fact.
- This patch removes the three lists from the sources file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/ipblocklist/sources | 18 ------------------
1 file changed, 18 deletions(-)
diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources
index 0e26792d6..b0b405357 100644
--- a/config/ipblocklist/sources
+++ b/config/ipblocklist/sources
@@ -111,24 +111,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis
'parser' => 'ip-or-net-list',
'rate' => '30m',
'category' => 'attacker' },
- '3CORESEC_SSH' => { 'name' => '3CORESec SSH Activity Blocklist',
- 'url' => 'https://blacklist.3coresec.net/lists/ssh.txt',
- 'info' => 'https://blacklist.3coresec.net',
- 'parser' => 'ip-or-net-list',
- 'rate' => '1d',
- 'category' => 'attacker' },
- '3CORESEC_SCAN' => { 'name' => '3CORESec Scan and IDS Blocklist',
- 'url' => 'https://blacklist.3coresec.net/lists/misc.txt',
- 'info' => 'https://blacklist.3coresec.net',
- 'parser' => 'ip-or-net-list',
- 'rate' => '1d',
- 'category' => 'reputation' },
- '3CORESEC_WEB' => { 'name' => '3CORESec Web Server Activity Blocklist',
- 'url' => 'https://blacklist.3coresec.net/lists/http.txt',
- 'info' => 'https://blacklist.3coresec.net',
- 'parser' => 'ip-or-net-list',
- 'rate' => '1d',
- 'category' => 'attacker' },
'THREATVIEW_IO_IP' => { 'name' => 'Threatview.io Malicious IP Blocklist for known Bad IP addresses',
'url' => 'https://threatview.io/Downloads/IP-High-Confidence-Feed.txt',
'info' => 'https://threatview.io/#services',
--
2.49.0
next reply other threads:[~2025-04-24 14:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-24 14:20 Adolf Belka [this message]
2025-04-24 14:20 ` [PATCH 2/4] backup.pl: Remove any 3coresec ipblocklists from old backups being restored Adolf Belka
2025-04-24 14:20 ` [PATCH 3/4] update.sh: Core195 - remove any 3coresec ipblocklists during Core Update Adolf Belka
2025-04-24 14:20 ` [PATCH 4/4] core195: Ship backup.pl and sources files Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250424142041.3443255-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox