Hi could we get a Plesk Collection just like what the Cpanel collection is getting (https://hub.crowdsec.net/author/crowdsecurity/collections/cpanel): Would be nice to have: - Plesk log parser (List of where all the logs are for Plesk Linux [https://support.plesk.com/hc/en-us/articles/213403509-Plesk-for-Linux-services-logs-and-configuration-files](https://support.plesk.com/hc/en-us/articles/213403509-Plesk-for-Linux-services-logs-and-configuration-files)) - Plesk scenario to detect bruteforce I don't know if I should ask here or on the CrowdSec github hub.
Last active 7 months ago
Hi there, I'm not sure if this is an appropriate place for this question... I'm wondering if CrowdSec is compatible with LiteSpeed (both Open and Enterprise) servers? If so, does anything need to be done for it or will it just work if my OS's package is installed? Also, would an integration of some sort with the CyberPanel control panel (open-source control panel for LiteSpeed servers) be desirable?
Last active 8 months ago
32 Bit systems and old OS: Please add a check! It would make sense, that the installer checks, if the Windows System runs on 64 Bits and if the OS is eg. Windows 2016 or better. Wixtool how to: https://wixtoolset.org/documentation/manual/v3/howtos/redistributables_and_install_checks/block_install_on_os.html Values for Windows versions: https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-management/versionnt-value-for-windows-10-server
Last active 8 months ago
Not sure if it would be possible, but if there was a way to allow an integration for AbuseIPDB.com. Abuse IPDB has a free API to check incoming IP addresses with their database. If CrowdSec found a way to make it an optional feature to make it so if traffic matches the criteria of a malicious IP according to their database that it sends it through to the firewall bouncer maybe on a separate firewall rule that's labeled *crowdsec-abuseipdb-banlist-xxxxx* or something. It would really broaden the scope, and reach of the firewall bouncer, and allow it to be used to an even greater potential. One of the great things about the Abuse IPDB API is users can set their own threshold for what they consider a threat so as to not ban non-malicious ips - even going so far as to only block an IP with 100% confidence of malicious activity + most recent report of malicious activity is within the last x number of days, and I think you can even set a time limit with their api too IIRC. I know it would probably be a lot of work to find a way to make it so these two great tools could be used together, but I honestly think it would be worth it. I know they have integrations with Suricata (which is honestly way over my head), CSF, UFW, ArGoSoft, Splunk, and Fail2Ban. However, my server runs on Windows so most of those options wouldn't work for me.
Last active 9 months ago