May 22, 2020

xtables-addons: How to fix 'Can't open DBIP database' Error

When you are using the 3.8-* version of xtables-addons to harden your server with a geofense, chances are super high that things don't work anymore… The latest problem occurs after you have downloaded the geo-ip-tables from Maxmind and try to convert the tables for the geofense with xt_geoip_build. You get this error: Can't open DBIP database. The simple reason for this is that the developers of xtables-addons decided to get rid of Maxmind (maybe because they did that thing with the user accounts a couple of months ago? Read more

January 2, 2020

xt_geoip_dl vs. Maxmind Accounts

Since some time I use a geofence on my servers to ban all incoming requests that do not originate from DE. The company (Maxmind) that distributes up to date mappings from IP ranges to country codes (“geoip tables”) recently changed how they distribute these files. Now, you must have an account and license key to download the geoip tables. Note: everything is still free! The need for login credentials breaks the update mechanism for geoip tables which typically uses xt_geoip_dl. Read more

March 16, 2019

xtables-addons-common on Ubuntu 18.04

Last year in June I set up geofence on my home server to ban all access not coming from DE. In January I noticed that things did not work anymore. A bit of research revealed, that the company that provides the needed GeoIP tables decided to stop shipping them in format A and only offered the tables in format B. So neither the script that downloads the tables (xt_geoip_dl) nor the script that converts the tables (xt_geoip_build) into the binary format that xt_geoip can digest to block connections attempts worked anymore. Read more

July 24, 2018

Hardening a Server with a Geofence

I recently noticed some odd HTTP requests on my web server, which I exclusively use for private purposes like hosting Nextcloud, GOGS, or Wallabag. I did a bit of research where these requests come from – just fire something like for elem in $(awk '{print $1 | "sort | uniq"}' /var/log/nginx/access.log); do curl ipinfo.io/$elem; done – and found out that they all originate from Russia, China or India. That sounds a bit suspicious to me. Read more

© holger 2015 - 2020 |