Search

Thursday, April 13, 2017

How to install Linux LXiMedia DLNA transcoding media server on CentOS 7

I am documenting my experience in installing and configuring DLNA UPnP LXiMedia Server on a PC running CentOS 7 currently running kernel 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017. I was able to make available music and video from an external Samba share connected to this Linux box running LXiMedia Server to multiple devices in our home, including iPhone, iPad, Android phone, Roku streaming player, Windows PC, Macbook Pro, iMac, etc.

INSTALLING LXi Media Server

1) Install required packages. Run as root (or use sudo).

To install C, C++ and development tools:

# yum -y groups mark install "Development Tools"
# yum -y groups mark convert  "Development Tools"
# yum -y group install "Development Tools"

To install the additional packages needed by LXiMedia:

# wget http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
# yum localinstall -y nux-dextop-release-0-1.el7.nux.noarch.rpm
# rpm -import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
# yum -y install debhelper dpkg-dev bash doxygen gcc make binutils-dev cmake3 uuid-devel vlc vlc-devel

2) Download and extract the latest LXiMedia source tarball. It should be under a directory "Source" under the latest version here.

For example, download the LXiMedia 0.5.0 source (or from the direct link).

3) Change to the extracted source files directory and build using cmake3 and make.

# cd lximediaserver-0.5.0
# cmake3 -DCMAKE_BUILD_TYPE=Release
# make

A successful build completes with the message "[100%] Built target lximediaserver".

3) Launch the lximediaserver
# ./lximediaserver

This will return to the prompt with lximediaserver running as a daemon (check with "ps -aef | grep lximediaserver")


CONFIGURING LXi Media Server

Configure lximediaserver using the web interface presented by default on port 4280. For example, if the CentOS server is 10.100.0.10, launch a web browser on any machine on the same subnet and visit the URL http://10.100.0.10:4280.

Supratim Sanyal's Blog: LXi Media Server initial screen
LXi Media Server initial screen

The initial setup screen looks like this. Click on the barely visible "Skip setup assistant" link at the bottom to get to the main setup screen. If you do not see the "Skip setup assistant" link at the bottom, kill and restart the lximediaserver process and refresh your web browser.



Supratim Sanyal's Blog: LXi Media Server Settings Screen
LXi Media Server Settings Screen


You will now be presented with the main LXi Media Server Settings screen.

Add all the directories that contain your music, video and picture media one by one to the Folders box, clicking Append to add new subdirectories to the full path name of each and Save when done. This is an unusual way to specify the full pathnames for the media folders, but it works.


Supratim Sanyal's Blog: Adding media folders to LXi Media Server
Adding media folders to LXi Media Server 

You can also adjust the encoding settings depending on how powerful your CPU is and your home network bandwidth.

Share your experience and tips for LXi Media server in comments below.

Wednesday, April 5, 2017

Google Home now supports Wink Hub

My smart home has been operating on voice commands to turn lights on and off and lock doors for a while now with our Z-Wave devices connected to Wink Hub 2 which is linked to Amazon Alexa assistant on a Amazon Echo and three Amazon Echo Dot units across the house. I was however a bit disappointed till now with our Google Home Assistant missing support for the Wink Hub.

I just happened to check Google Home's smart home capabilities just now and am excited to see a new option in the Google Home app to link our Wink Hub 2!

Google Home takes a room-based approach to classify the Wink Hub devices, which actually makes more sense than Alexa's group-based approach for those rooms that have multiple smart lights. For example, our family room has two smart lights which I labeled FRL1 and FRL2 and then created a group called "Family Room Lights" to be able to say "Alexa turn the family room lights on". On the Google Home, I just assigned FRL1 and FRL2 to the Family Room and that's that. Love it!

Thanks Wink and Google - the Google Home is evolving quietly but very fast!

Here is an iPad screenshot of Google Home's smart home setup with Wink.

Supratim Sanyal's Blog - Google Home Smart Home Control with Wink Hub 2
Google Home Smart Home Control with Wink Hub 2
If you are interested in making your own home "smart", here are a few Amazon.com links (they include my affiliate code) to some of the devices I am currently using:




Tuesday, April 4, 2017

pfSense pfBlockerNG: The Ultimate List of IP and DNSBL Blocklists for Home Internet Security Firewall and Gateway

Supratim Sanyal's Blog: pfSense Dashboard
pfSense Dashboard

The amazing pfSense Community Edition forms the first of my three-layer home internet security firewall and gateway. I have a dual-WAN setup with subscriptions to both Verizon FiOS and Comcast Xfinity, with the LAN side feeding into a Sophos UTM 9 which is further protected by ClearOS.

I run pfSense in a virtual machine. However, there are excellent dedicated firewall routers with pfSense preinstalled available that you can simply plug in between your WAN and LAN, like this one (includes my Amazon affiliate link):



I am a huge fan of blocklists and over the years settled down to a functional set of IP and DNSBL blocklists used with the wonderful pfBlockerNG package on my installation of pfSense Community open-source router firewall.

I have completely disabled IPv6; all of the following blocklists are for IPv4, and for DNSBL, domain names.

IP BLOCKLISTS


For the IP blocklists, the top-level blocklist groups are Level-1, Level-2, Level-3, Level-4 and SANYALnet.

Supratim Sanyal's Blog: pfBlockerNG on pfSense - top level IP (IPv4) blocklist groups
pfBlockerNG on pfSense - top level IP (IPv4) blocklist groups



Level-1 IP Blocklist

Level-1 Blocklist sources
pfBlockerNG Level-1 IP Blocklist sources
Incoming as well as outgoing connections from / to blocklisted IPs are blocked for these highest risk IP addresses. Of particular concern in modern times are the command-and-control (CNC) botnets particularly infecting digital security and surveillance systems, cameras, routers, televisions, DVD players and all sorts of devices making up the Internet of Things (IoT). The Level-1 IP BL is updated every hour, and the group members are:

  • https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
  • https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt (removed, no longer works)
  • https://rules.emergingthreats.net/blockrules/compromised-ips.txt
  • https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
  • http://www.abuseat.org/iotcc.txt
  • https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cybercrime.ipset


Level-2 IP Blocklist

Supratim Sanyal's Blog: pfSense pfBlockerNG Level-2 IP Blocklist sources
pfBlockerNG Level-2 IP Blocklist sources
In addition to IoT C&C botnets, the other primary threat today is from Ransomware. I only have Firehol Level 2,  Ransomware Tracker IP blacklists from abuse.ch including CryptoWall, Locky, TeslaCrypt, TorrentLocker C&C and Payment, and Zeus tracker and ci badguys IP deny blocklists at my level 2, which is also configured to block all outgoing as well as incoming connections. Level 2 IP blocklists are updated every 2 hours.

  • https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
  • http://cinsscore.com/list/ci-badguys.txt
  • https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt
  • https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt
  • https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt (removed, no longer works)
  • https://ransomwaretracker.abuse.ch/downloads/TC_PS_IPBL.txt
  • https://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt
  • https://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt
  • https://zeustracker.abuse.ch/blocklist.php?download=badips


Level-3 IP Blocklist

Supratim Sanyal's Blog: pfSense pfBlockerNG Level-3 IP BL Blocklist sources
pfBlockerNG Level-3 IP Blocklist sources

IP addresses in my level 3 blocklist are denied on the incoming side only, i.e. I allow connections initiated from inside my home LAN out to these IPs to go through. The level 3 IP blacklist addresses are updated every 4 hours. The sources are:

  • https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
  • http://danger.rulez.sk/projects/bruteforceblocker/blist.php
  • http://www.openbl.org/lists/base_7days.txt
  • https://lists.blocklist.de/lists/all.txt
  • http://malc0de.com/bl/IP_Blacklist.txt
  • https://feodotracker.abuse.ch/blocklist/?download=ipblocklist




Level-4 IP Blocklist

Supratim Sanyal's Blog: pfSense pfBlockerNG Level-3 IP Blocklist sources
pfBlockerNG Level-4 IP Blocklist sources


There are only a couple of blacklist sources for my level 4, including Firehol Level 4, and Malware Domain List IP addresses the equivalent domains of which are also included in my list of DNSBL lists separately. Level 4 is configured to block inbound connections only and updated every 8 hours.
  • https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset
  • http://www.malwaredomainlist.com/hostslist/ip.txt



SANYALnet IP Blocklist

Supratim Sanyal's Blog: pfSense pfBlockerNG SANYALnet IP Blocklist sources
pfBlockerNG SANYALnet IP Blocklist sources

The SANYALnet group is a collection of blocklists I maintain myself based on the brute force attacks and intrusion attempts logged by my own servers. This group is updated every hour to minimize on-going attacks. Please note: these are my own servers hosted on a super-cheap VPS service and up-times are not the best :)
  • http://sanyalnet-cloud-vps.freeddns.org/blocklist.txt [status]
  • http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt [status]
  • http://sanyalnet-cloud-vps2.freeddns.org/blocklist.txt [status]
  • http://microvax3100-80.duckdns.org/blocklist.txt (experimental) [status]

pfBlockerNG DNSBL Feeds

Supratim Sanyal's Blog: pfBlockerNG DNSBL Feeds DNS Groups
pfBlockerNG DNSBL Feeds DNS Groups
In addition to IP blocklists, I also extensively use pfBlockerNG's domain name blocklisting feature with publicly available domain blocklists.

The DNSBL configuration redirects domain name lookups for blocked domains to my own  "httpd410server" DNS sinkhole.

I have grouped the DNSBL feeds into three groups.


Zero-day Threat Domain Blocklist Group

Supratim Sanyal's Blog: pfBlockerNG DNSBL Zero-Day Threat Domain Blocklist
pfBlockerNG DNSBL Zero-Day Threat Domain Blocklist
I use the OpenPhish blocklist to block out emerging zero-day phishing and spear-phishing domains. Following advice from the pfSense forum, I use the "FLEX" as the State to retrieve feeds over https in cases where the usual "ON" state fails to retrieve them citing a peculiar curl error "SSL certificate problem: unable to get local issuer certificate" on pfSense. The feeds in this group are updated every hour.

  • https://openphish.com/feed.txt



General Domain Blocklist Group

pfBlockerNG DNSBL General Domain Blocklist Group

This group contains a collection of malware, ransomware, adware, spyware, tracker and generally undesirable domain blocklists updated once every day. This includes advertising services, thus making my pfSense firewall an effective ad blocker for all devices on my entire home network.

I turned the Eladkarako and Immortal Long Lived Malware Domains blocklists off because they were too generic and were blocking too many websites used by folks in my home. If you wish, you can turn them on for a more secure DNSBL at the cost of filtering out some websites that are otherwise useful.

  • https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
  • http://www.malware-domains.com/files/justdomains.zip
  • https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
  • https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
  • https://isc.sans.edu/feeds/suspiciousdomains_High.txt
  • https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
  • http://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
  • http://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
  • http://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
  • http://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
  • Use with care: http://raw.githubusercontent.com/eladkarako/hosts.eladkarako.com/master/_raw__hosts.txt
  • Use with care: http://mirror1.malwaredomains.com/files/immortal_domains.txt



Hosts File Format Blocklists

Supratim Sanyal's Blog: pfBlockerNG DNSBL General hosts File Format Blocklist Group
pfBlockerNG DNSBL General hosts File Format Blocklist Group
This group contains another long list of advertising domains, malware, ransomware, adware, spyware, tracker and generally undesirable domain blocklists updated daily. I like to keep blocklists formatted like the /etc/hosts file in a separate group.

  • https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
  • http://avant.it-mate.co.uk/dl/Tools/hpHosts/HOSTS.zip
  • https://adaway.org/hosts.txt
  • https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=&mimetype=plaintext
  • http://someonewhocares.org/hosts/hosts
  • http://sysctl.org/cameleon/hosts
  • http://winhelp2002.mvps.org/hosts.txt
  • http://www.malekal.com/HOSTS_filtre/HOSTS.txt
  • http://www.malwaredomainlist.com/hostslist/hosts.txt
  • https://zeustracker.abuse.ch/blocklist.php?download=hostfile
  • http://www.hostsfile.org/Downloads/hosts.txt
  • http://www.securemecca.com/Downloads/hosts.txt
  • http://hosts-file.net/exp.txt
  • http://hosts-file.net/ad_servers.txt
  • http://hosts-file.net/emd.txt
  • http://hosts-file.net/hjk.txt
  • http://hosts-file.net/fsa.txt
  • http://hosts-file.net/grm.txt
  • http://hosts-file.net/psh.txt
  • http://hosts-file.net/mmt.txt
  • http://hosts-file.net/hfs.txt
  • http://hosts-file.net/pha.txt
  • http://hosts-file.net/wrz.txt
  • http://raw.githubusercontent.com/michaeltrimm/hosts-blocking/master/_hosts.txt


pfBlockerNG DNSBL Custom Domain Whitelist

Supratim Sanyal's Blog: pfSense pfBlockerNG DNSBL Custom Domain Whitelist
pfSense pfBlockerNG DNSBL Custom Domain Whitelist


Sometimes a domain blocklist included in pfSense pfBlockerNG DNSBL configuration will block URLs that you find useful and want to visit. Instead of digging through the logs to figure out which list is blocking your desired domain and disabling the entire list, you can simply add the domains that should not be blocked in the nifty Custom Domain Whitelist feature included as part of the DNSBL configuration.

Consolidated IP and DNSBL Blocklists

I make consolidated IP address and Domain Name blocklists available for free public use from my VPS at the following links; feel free to use them.

pfSense pfBlockerNG in Action

With the pfBlockerNG setup for IP and DNS Blocklists described above, I do see domains and IPs blocked all the time - here is a typical example of pfBlockerNG's "Alert" screen that shows the last 25 IP addresses and domains blocked at the time of writing:

Supratim Sanyal's Blog: pfSense pfBlockerNG Active Blocked IP Addresses and Domains
pfSense pfBlockerNG Active Blocked IP Addresses and Domains


A pfBlockerNG force reload log looks like this:


UPDATE PROCESS START [ 05/04/17 23:26:31 ]
===[ DNSBL Process ]================================================
[ EasyList_wo_Elements ] Reload [ 05/04/17 23:26:32 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
7964 7577 0 0 0 7577
----------------------------------------------------------------------
IP count=35
[ EasyPrivacy ] Reload [ 05/04/17 23:26:36 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
2852 2830 25 0 0 2805
----------------------------------------------------------------------
IP count=15
[ Openphish ] Reload [ 05/04/17 23:26:39 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
4834 2593 0 0 0 2593
----------------------------------------------------------------------
IP count=12
[ AbuseCH_Ransomware_DOMBL ] Reload [ 05/04/17 23:26:42 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
1715 1715 0 0 0 1715
----------------------------------------------------------------------
[ Malware_Domains ] Reload [ 05/04/17 23:26:44 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
20327 20327 421 0 0 19906
----------------------------------------------------------------------
[ Sans_Edu_Low_Senstvty ] Reload [ 05/04/17 23:26:51 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
2489 2489 1714 0 0 775
----------------------------------------------------------------------
[ Sans_Edu_Med_Senstvty ] Reload [ 05/04/17 23:26:52 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
2252 2252 2252 0 0 0
----------------------------------------------------------------------
[ Sans_Edu_High_Senstvty ] Reload [ 05/04/17 23:26:54 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
173 173 173 0 0 0
----------------------------------------------------------------------
[ Spam_404 ] Reload [ 05/04/17 23:26:55 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
6285 6282 28 0 0 6254
----------------------------------------------------------------------
[ Disconnet ] Reload [ 05/04/17 23:26:59 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
5347 5347 3049 0 0 2298
----------------------------------------------------------------------
[ Disconnect_Ad_Filter_List ] Reload [ 05/04/17 23:27:02 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
2703 2703 2702 0 0 1
----------------------------------------------------------------------
[ Disconnect_Trackers ] Reload [ 05/04/17 23:27:04 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
34 34 34 0 0 0
----------------------------------------------------------------------
[ NoTrack ] Reload [ 05/04/17 23:27:06 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
12394 12388 837 0 0 11551
----------------------------------------------------------------------
[ Hosts_file_dot_net_ad_servers ] Reload [ 05/04/17 23:27:12 ] . completed ..
Whitelist: docs.google.com|
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
636815 636815 10939 1 0 625875
----------------------------------------------------------------------
IP count=2
[ Adaway_org ] Reload [ 05/04/17 23:30:51 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
409 409 286 0 0 123
----------------------------------------------------------------------
[ YoYo_Org ] Reload [ 05/04/17 23:30:55 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
2344 2344 2318 0 0 26
----------------------------------------------------------------------
[ Someone_Who_Cares ] Reload [ 05/04/17 23:31:01 ] . completed ..
Whitelist: localhost.localdomain|
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
12702 12700 3498 1 0 9201
----------------------------------------------------------------------
IP count=1
[ Cameleon ] Reload [ 05/04/17 23:31:09 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
21271 21271 8283 0 0 12988
----------------------------------------------------------------------
[ Winhelp2002 ] Reload [ 05/04/17 23:31:20 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
13203 13203 12352 0 0 851
----------------------------------------------------------------------
[ Malekal ] Reload [ 05/04/17 23:31:29 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
676 675 139 0 0 536
----------------------------------------------------------------------
[ MalwareDomainList ] Reload [ 05/04/17 23:31:34 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
1158 1158 573 0 0 585
----------------------------------------------------------------------
[ ZeusTracker_DNSBL ] Reload [ 05/04/17 23:31:38 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
403 403 399 0 0 4
----------------------------------------------------------------------
[ Samedi_SecureMecca_1 ] Reload [ 05/04/17 23:31:42 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
22984 22984 15914 0 0 7070
----------------------------------------------------------------------
[ Samedi_SecureMecca_2 ] Reload [ 05/04/17 23:31:54 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
22897 22897 22831 0 0 66
----------------------------------------------------------------------
[ hpHosts_EXP_only ] Reload [ 05/04/17 23:32:06 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
17288 17286 12316 0 0 4970
----------------------------------------------------------------------
[ hpHosts_Ad_and_Tracking ] Reload [ 05/04/17 23:32:16 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
48011 48008 48005 0 0 3
----------------------------------------------------------------------
[ hpHosts_EMD_Malware_Distribution ] Reload [ 05/04/17 23:32:36 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
152143 152109 149183 0 0 2926
----------------------------------------------------------------------
IP count=1
[ hpHosts_HJK_Hijacking ] Reload [ 05/04/17 23:33:26 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
74 74 74 0 0 0
----------------------------------------------------------------------
[ hpHosts_FSA_Fraud ] Reload [ 05/04/17 23:33:30 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
215824 215381 208910 0 0 6471
----------------------------------------------------------------------
[ hpHosts_GRM_Astroturfing ] Reload [ 05/04/17 23:34:38 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
720 720 718 0 0 2
----------------------------------------------------------------------
[ hpHosts_PSH_Phishing ] Reload [ 05/04/17 23:34:43 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
179849 179839 176732 0 0 3107
----------------------------------------------------------------------
IP count=1
[ hpHosts_MMT_Misleading_Marketing_Tactics ] Reload [ 05/04/17 23:35:53 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
5524 5524 5522 0 0 2
----------------------------------------------------------------------
[ hpHosts_HFS_hpHosts_Forum_Spammers ] Reload [ 05/04/17 23:36:00 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
567 567 565 0 0 2
----------------------------------------------------------------------
[ hpHosts_PHA_Pharmacies ] Reload [ 05/04/17 23:36:05 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
28803 28802 28740 0 0 62
----------------------------------------------------------------------
[ hpHosts_WRZ_Warez ] Reload [ 05/04/17 23:36:20 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
3235 3235 3233 0 0 2
----------------------------------------------------------------------
[ Michael_Trimm_Malware_List ] Reload [ 05/04/17 23:36:25 ] . completed ..
----------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
27438 27152 26125 0 0 1027
----------------------------------------------------------------------
[ DNSBL_IP ] Updating aliastable [ 05/04/17 23:36:58 ]...
no changes.
Total IP count = 67
------------------------------------------
Assembling database... completed
Validating database... Skipped [ 05/04/17 23:37:22 ]
Reloading Unbound.... completed
DNSBL update [ 731374 | PASSED ]... completed [ 05/04/17 23:37:43 ]
------------------------------------------
===[ Continent Process ]============================================
===[ IPv4 Process ]=================================================
[ Firehol_Level_1 ] Reload [ 05/04/17 23:37:44 ] . completed ..
[ AbuseCH_Ransomware ] Reload [ 05/04/17 23:37:49 ] . completed ..
[ ET_Compromised_IPs ] Reload [ 05/04/17 23:37:52 ] . completed ..
[ ET_Block_IPs ] Reload . completed ..
[ Abuseat_iotcc ] Reload [ 05/04/17 23:37:53 ] . completed ..
[ Firehol_Level_2 ] Reload . completed ..
[ cinsscore_CI_Badguys ] Reload [ 05/04/17 23:38:03 ] . completed ..
[ ransomwaretracker_CryptoWall_Pmnt ] Reload [ 05/04/17 23:38:07 ] . completed ..
Empty file, Adding '1.1.1.1' to avoid download failure.
[ ransomwaretracker_Locky_Pmnt ] Reload . completed ..
[ ransomwaretracker_Ransomware_Pmnt ] Reload . completed ..
[ ransomwaretracker_TeslaCrypt_Pmnt ] Reload [ 05/04/17 23:38:09 ] . completed ..
[ ransomwaretracker_TorrentLocker_CNC ] Reload [ 05/04/17 23:38:12 ] . completed ..
[ ransomwaretracker_TorrentLocker_Pmnt ] Reload . completed ..
[ zeustracker_abuse_ch ] Reload . completed ..
[ Firehol_Level_3 ] Reload . completed ..
[ Danger_Rulez_BruteForce ] Reload [ 05/04/17 23:38:21 ] . completed ..
[ OpenBL_7_Day ] Reload [ 05/04/17 23:38:22 ] . completed ..
Empty file, Adding '1.1.1.1' to avoid download failure.
[ Blocklist_DE_48_Hours ] Reload . completed ..
[ malc0de_bl ] Reload [ 05/04/17 23:38:33 ] . completed ..
[ feodotracker_abuse_ch ] Reload . completed ..
[ Firehol_Level_4 ] Reload . completed ..
[ MalwareDomainList_IP_BL ] Reload [ 05/04/17 23:38:58 ] . completed ..
[ sanyalnet_cloud_vps_bruteforce_ip_bl ] Reload . completed ..
[ sanyalnet_cloud_vps_botnet_ip_bl ] Reload [ 05/04/17 23:39:00 ] . completed ..
[ sanyalnet_cloud_vps2_bruteforce_ip_bl ] Reload [ 05/04/17 23:39:01 ] . completed ..
[ wbri_duckdns_org_brute_force_ip_bl ] Reload . completed ..
[ yiradio_brute_force_ip_bl ] Reload . completed ..
[ glewlwyd_duckdns_org_brute_force_ip_bl ] Reload . completed ..
===[ Suppression Stats ]===================================
List Pre Suppress Master
-----------------------------------------------------------
pfB_DNSBLIP 67 67 0
Firehol_Level_1 17676 17676 0
AbuseCH_Ransomware 11771 11771 0
ET_Compromised_IPs 1714 1714 0
ET_Block_IPs 1799 1799 0
Abuseat_iotcc 76 76 0
Firehol_Level_2 37416 37416 0
cinsscore_CI_Badguys 19291 19291 0
ransomwaretracker_CryptoWall_Pmnt 1 1 0
ransomwaretracker_Locky_Pmnt 7 7 0
ransomwaretracker_Ransomware_Pmnt 11771 11771 0
ransomwaretracker_TeslaCrypt_Pmnt 10998 10998 0
ransomwaretracker_TorrentLocker_CNC 49 49 0
ransomwaretracker_TorrentLocker_Pmnt 218 218 0
zeustracker_abuse_ch 119 119 0
Firehol_Level_3 40386 40386 0
Danger_Rulez_BruteForce 1695 1695 0
OpenBL_7_Day 1 1 0
Blocklist_DE_48_Hours 45116 45116 0
malc0de_bl 41 41 0
feodotracker_abuse_ch 819 819 0
Firehol_Level_4 105726 105726 0
MalwareDomainList_IP_BL 1031 1031 0
sanyalnet_cloud_vps_bruteforce_ip_bl 5623 5623 0
sanyalnet_cloud_vps_botnet_ip_bl 1655 1651 0
sanyalnet_cloud_vps2_bruteforce_ip_bl 56 56 0
wbri_duckdns_org_brute_force_ip_bl 31 31 0
yiradio_brute_force_ip_bl 207 207 0
glewlwyd_duckdns_org_brute_force_ip_bl 150 150 0
===[ Aliastables / Rules ]==========================================
No changes to Firewall rules, skipping Filter Reload
Updating: pfB_Level1
no changes.
Updating: pfB_Level2
no changes.
Updating: pfB_Level3
no changes.
Updating: pfB_Level4
no changes.
Updating: pfB_SANYALnet
no changes.
Archiving Aliastable folder
Archiving selected pfBlockerNG files.
===[ FINAL Processing ]=====================================
[ Original IP count ] [ 315563 ]
===[ Deny List IP Counts ]===========================
315439 total
105726 /var/db/pfblockerng/deny/Firehol_Level_4.txt
45116 /var/db/pfblockerng/deny/Blocklist_DE_48_Hours.txt
40386 /var/db/pfblockerng/deny/Firehol_Level_3.txt
37416 /var/db/pfblockerng/deny/Firehol_Level_2.txt
19291 /var/db/pfblockerng/deny/cinsscore_CI_Badguys.txt
17676 /var/db/pfblockerng/deny/Firehol_Level_1.txt
11771 /var/db/pfblockerng/deny/ransomwaretracker_Ransomware_Pmnt.txt
11771 /var/db/pfblockerng/deny/AbuseCH_Ransomware.txt
10998 /var/db/pfblockerng/deny/ransomwaretracker_TeslaCrypt_Pmnt.txt
5623 /var/db/pfblockerng/deny/sanyalnet_cloud_vps_bruteforce_ip_bl.txt
1799 /var/db/pfblockerng/deny/ET_Block_IPs.txt
1714 /var/db/pfblockerng/deny/ET_Compromised_IPs.txt
1695 /var/db/pfblockerng/deny/Danger_Rulez_BruteForce.txt
1651 /var/db/pfblockerng/deny/sanyalnet_cloud_vps_botnet_ip_bl.txt
1031 /var/db/pfblockerng/deny/MalwareDomainList_IP_BL.txt
819 /var/db/pfblockerng/deny/feodotracker_abuse_ch.txt
218 /var/db/pfblockerng/deny/ransomwaretracker_TorrentLocker_Pmnt.txt
207 /var/db/pfblockerng/deny/yiradio_brute_force_ip_bl.txt
150 /var/db/pfblockerng/deny/glewlwyd_duckdns_org_brute_force_ip_bl.txt
119 /var/db/pfblockerng/deny/zeustracker_abuse_ch.txt
76 /var/db/pfblockerng/deny/Abuseat_iotcc.txt
56 /var/db/pfblockerng/deny/sanyalnet_cloud_vps2_bruteforce_ip_bl.txt
49 /var/db/pfblockerng/deny/ransomwaretracker_TorrentLocker_CNC.txt
41 /var/db/pfblockerng/deny/malc0de_bl.txt
31 /var/db/pfblockerng/deny/wbri_duckdns_org_brute_force_ip_bl.txt
7 /var/db/pfblockerng/deny/ransomwaretracker_Locky_Pmnt.txt
1 /var/db/pfblockerng/deny/ransomwaretracker_CryptoWall_Pmnt.txt
1 /var/db/pfblockerng/deny/OpenBL_7_Day.txt
====================[ Empty Lists w/1.1.1.1 ]==================
OpenBL_7_Day
ransomwaretracker_CryptoWall_Pmnt
===[ DNSBL Domain/IP Counts ] ===================================
731441 total
625875 /var/db/pfblockerng/dnsbl/Hosts_file_dot_net_ad_servers.txt
19906 /var/db/pfblockerng/dnsbl/Malware_Domains.txt
12988 /var/db/pfblockerng/dnsbl/Cameleon.txt
11551 /var/db/pfblockerng/dnsbl/NoTrack.txt
9201 /var/db/pfblockerng/dnsbl/Someone_Who_Cares.txt
7577 /var/db/pfblockerng/dnsbl/EasyList_wo_Elements.txt
7070 /var/db/pfblockerng/dnsbl/Samedi_SecureMecca_1.txt
6471 /var/db/pfblockerng/dnsbl/hpHosts_FSA_Fraud.txt
6254 /var/db/pfblockerng/dnsbl/Spam_404.txt
4970 /var/db/pfblockerng/dnsbl/hpHosts_EXP_only.txt
3107 /var/db/pfblockerng/dnsbl/hpHosts_PSH_Phishing.txt
2926 /var/db/pfblockerng/dnsbl/hpHosts_EMD_Malware_Distribution.txt
2805 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
2593 /var/db/pfblockerng/dnsbl/Openphish.txt
2298 /var/db/pfblockerng/dnsbl/Disconnet.txt
1715 /var/db/pfblockerng/dnsbl/AbuseCH_Ransomware_DOMBL.txt
1027 /var/db/pfblockerng/dnsbl/Michael_Trimm_Malware_List.txt
851 /var/db/pfblockerng/dnsbl/Winhelp2002.txt
775 /var/db/pfblockerng/dnsbl/Sans_Edu_Low_Senstvty.txt
585 /var/db/pfblockerng/dnsbl/MalwareDomainList.txt
536 /var/db/pfblockerng/dnsbl/Malekal.txt
123 /var/db/pfblockerng/dnsbl/Adaway_org.txt
66 /var/db/pfblockerng/dnsbl/Samedi_SecureMecca_2.txt
62 /var/db/pfblockerng/dnsbl/hpHosts_PHA_Pharmacies.txt
35 /var/db/pfblockerng/dnsbl/EasyList_wo_Elements.ip
26 /var/db/pfblockerng/dnsbl/YoYo_Org.txt
15 /var/db/pfblockerng/dnsbl/EasyPrivacy.ip
12 /var/db/pfblockerng/dnsbl/Openphish.ip
4 /var/db/pfblockerng/dnsbl/ZeusTracker_DNSBL.txt
3 /var/db/pfblockerng/dnsbl/hpHosts_Ad_and_Tracking.txt
2 /var/db/pfblockerng/dnsbl/hpHosts_WRZ_Warez.txt
2 /var/db/pfblockerng/dnsbl/hpHosts_MMT_Misleading_Marketing_Tactics.txt
2 /var/db/pfblockerng/dnsbl/hpHosts_HFS_hpHosts_Forum_Spammers.txt
2 /var/db/pfblockerng/dnsbl/hpHosts_GRM_Astroturfing.txt
2 /var/db/pfblockerng/dnsbl/Hosts_file_dot_net_ad_servers.ip
1 /var/db/pfblockerng/dnsbl/hpHosts_PSH_Phishing.ip
1 /var/db/pfblockerng/dnsbl/hpHosts_EMD_Malware_Distribution.ip
1 /var/db/pfblockerng/dnsbl/Someone_Who_Cares.ip
1 /var/db/pfblockerng/dnsbl/Disconnect_Ad_Filter_List.txt
0 /var/db/pfblockerng/dnsbl/hpHosts_HJK_Hijacking.txt
0 /var/db/pfblockerng/dnsbl/Sans_Edu_Med_Senstvty.txt
0 /var/db/pfblockerng/dnsbl/Sans_Edu_High_Senstvty.txt
0 /var/db/pfblockerng/dnsbl/Disconnect_Trackers.txt
====================[ Last Updated List Summary ]==============
May 1 10:07 OpenBL_7_Day
May 1 16:23 MalwareDomainList_IP_BL
May 4 04:30 ET_Block_IPs
May 4 04:31 ET_Compromised_IPs
May 4 13:17 malc0de_bl
May 4 22:17 cinsscore_CI_Badguys
May 4 22:27 sanyalnet_cloud_vps_botnet_ip_bl
May 4 22:32 zeustracker_abuse_ch
May 4 23:05 Blocklist_DE_48_Hours
May 4 23:07 yiradio_brute_force_ip_bl
May 4 23:07 wbri_duckdns_org_brute_force_ip_bl
May 4 23:07 sanyalnet_cloud_vps_bruteforce_ip_bl
May 4 23:07 glewlwyd_duckdns_org_brute_force_ip_bl
May 4 23:07 sanyalnet_cloud_vps2_bruteforce_ip_bl
May 4 23:08 Abuseat_iotcc
May 4 23:15 ransomwaretracker_TorrentLocker_Pmnt
May 4 23:15 ransomwaretracker_TorrentLocker_CNC
May 4 23:15 ransomwaretracker_Locky_Pmnt
May 4 23:15 ransomwaretracker_CryptoWall_Pmnt
May 4 23:15 ransomwaretracker_TeslaCrypt_Pmnt
May 4 23:15 ransomwaretracker_Ransomware_Pmnt
May 4 23:15 AbuseCH_Ransomware
May 4 23:16 Firehol_Level_1
May 4 23:16 Firehol_Level_2
May 4 23:16 Danger_Rulez_BruteForce
May 4 23:16 Firehol_Level_3
May 4 23:17 feodotracker_abuse_ch
May 4 23:17 Firehol_Level_4
IPv4 alias tables IP count
-----------------------------
315506
IPv6 alias tables IP count
-----------------------------
0
Alias table IP Counts
-----------------------------
315506 total
106757 /var/db/aliastables/pfB_Level4.txt
88058 /var/db/aliastables/pfB_Level3.txt
79870 /var/db/aliastables/pfB_Level2.txt
33036 /var/db/aliastables/pfB_Level1.txt
7718 /var/db/aliastables/pfB_SANYALnet.txt
67 /var/db/aliastables/pfB_DNSBLIP.txt
pfSense Table Stats
-------------------
table-entries hard limit 2000000
Table Usage Count 290288
UPDATE PROCESS ENDED [ 05/04/17 23:40:09 ]


Hope you find this useful and please share the IP and domain blocklists you have found and use in comments below.




Recommended Products from Amazon