Blocklist Data

Question

Blocklist Data

ltawfall opened this issue 10 years ago · 7 comments

Where/How do you add data to the block list that is mentioned?

"SCOT Integrates into your blocklist to automatically tell you which domains are blocked without you having to look it up. If we had an IP Address, we’d see a small flag next to it indicating the country in which the IP Address is registered."

Answer 1 · 2015-04-29T23:07:01.000Z

Lisa!??!!?!?!?!?

Answer 2 · 2015-04-29T23:09:22.000Z

According to http://scot.readthedocs.org/en/latest/intel.html Under the
answer to "Ok, but what about that internet explorer icon [image: ie] on
kavkazcentr.info?"

It says there's blocklist, but I haven't found any interface to add
blocklist data.

Yes. Lisa.

On Wed, Apr 29, 2015 at 4:07 PM, sandywater notifications@github.com
wrote:

Lisa!??!!?!?!?!?

—
Reply to this email directly or view it on GitHub
#16 (comment).

Answer 3 · 2015-04-30T22:34:43.000Z

As of right now, there is no user interface to add blocklist data. You
however can programatically add it, would that work for you?

On Wed, Apr 29, 2015 at 4:09 PM, ltawfall notifications@github.com wrote:

According to http://scot.readthedocs.org/en/latest/intel.html Under the
answer to "Ok, but what about that internet explorer icon [image: ie] on
kavkazcentr.info?"

It says there's blocklist, but I haven't found any interface to add
blocklist data.

On Wed, Apr 29, 2015 at 4:07 PM, sandywater notifications@github.com
wrote:

Lisa!??!!?!?!?!?

—
Reply to this email directly or view it on GitHub
#16 (comment).

—
Reply to this email directly or view it on GitHub
#16 (comment).

Answer 4 · 2015-04-30T23:14:18.000Z

We need to help Lisa figure it out, she is considering going with FIR instead!!! 😩

Answer 5 · 2015-05-04T20:39:15.000Z

Programmatic is fine actually preferred.

Answer 6 · 2015-09-18T19:15:10.000Z

Can some details on how to do this programmatically be posted to the docs?

Answer 7 · 2015-09-18T20:06:37.000Z

OK. We are working on providing a way of doing this in the next point release. The documentation was written based on some internal code that we use, so I apologize about the confusion.

One of the problems is that there are many different "blocklist" solutions out there, many of them internally developed. Without knowing what potential users of SCOT are using it is difficult to say here's how you do it.

What I can say is, here is an approach that can work, but will require you to roll your own:

Assuming you blocked ip's and domains are stored in some kind of database, you will have to set up a job to periodically query for new or changed entries. Then iterate on that list calling $tasker->redis->update_block($domain, $type); where $domain is the ipaddr or domain and $type is the block status. ("blocked", "blackholed", "whitelist", "warn")
Then when flair is displayed, appropriate icons will be appended to the entity span.