Comments (2)
MatheuslFavaretto
commented on June 13, 2024
If you want to filter out IP addresses from known scanners, you can use a tool or a database that maintains a list of these IP addresses. One popular tool for this purpose is Fail2Ban, which is an open-source intrusion prevention software that can detect and block attempts to access your system from known malicious IP addresses.
Fail2Ban uses a set of rules, known as filters, to scan log files and block access from IP addresses that match these rules. You can configure Fail2Ban to use a filter that includes a list of known scanner IP addresses, which will help prevent these scanners from accessing your system.
Another option is to use a database of known scanner IP addresses to filter them out using your own custom code. There are several databases available that maintain lists of IP addresses associated with malicious activity, such as the OpenBL and Blocklist.de. You can use these databases to create your own filter that blocks IP addresses from known scanners.
In addition, you can use the Django middleware to filter IP addresses from known scanners. The middleware is a way to add functionality to the request/response processing pipeline in Django. You can write custom middleware that checks the IP address of each request and blocks access from known scanner IP addresses.
Here's an example of how you can use middleware to filter IP addresses from known scanners:
# Create a list of known scanner IP addresses
known_scanner_ips = ['1.2.3.4', '5.6.7.8', '9.10.11.12']
# Define custom middleware
class FilterScannerMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
# Get the IP address of the request
ip_address = request.META.get('REMOTE_ADDR')
# Check if the IP address is in the list of known scanner IPs
if ip_address in known_scanner_ips:
return HttpResponse('Access Denied')
# If the IP address is not in the list of known scanner IPs, allow the request to proceed
response = self.get_response(request)
return response
You can add this middleware to your Django settings file to enable it. The middleware will then check the IP address of each request and block access from any IP addresses in the list of known scanner IPs.
from greedybear.
mlodic
commented on June 13, 2024
hey, thanks for your interest. Anyway I think we should consider the context of this issue that seems to be misunderstood considering what you have written. This is a Threat Intel Platform and we are talking about the IP addresses stored by the DB, not the ones who connect to the application. We don't want to stop external IP addresses. We just want to categorize them correctly.
So what you have suggested, while it is super useful in other contexts, does not apply to this one.
from greedybear.
Related Issues (20)
- Dashboard Error! 500 Internal Server Error HOT 4
- v1.0.3
- Add CONTRIBUTING.md file HOT 2
- Add simple TokenAuthentication for Enrichment API
- RTD broken HOT 1
- [New Frontend] Dashboard with statistics
- [New Frontend] Login Form + Logout button HOT 1
- [New Frontend] Link to Django Admin if superuser HOT 1
- [New Frontend] API sessions/access HOT 1
- [New Frontend] Basic homepage HOT 1
- [New Frontend] Basic Test Suite
- possible bug in Frontend Code HOT 2
- Refactor feeds api by using Django Rest Framework Serializers HOT 1
- Add page with links to raw feeds
- Add Registration page
- Add chance to change/reset the password of the account
- Feeds dashboard does not show new honeypots
- Add the chance to select which honeypot we want to extract data from
- Allow to do customized feeds lookups
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from greedybear.