Hello Crowdsec team!
I have managed to installed CrowdSec on my Cloud VPS, It took me bit to understand all of Crowdsec components and how they interact with each other. I made diagram to showcasing my setup.
Crowdsec and firewall-bouncer-iptables service are running and the logs shows no errors.
I have noticed many crawlers/web-scanner with ntopng blacklisted flow and those IPs shows up in CrowdSec Threat Intelligence but they are not block by crowdsec ban decisions.
$ sudo cscli decisions list No active decisions
In the example above the IP 188.8.131.52 shows up in CrowdSec Threat Intelligence But not on Crowsec ban decisions nor in the iptables ipset list crowdsec-blacklists
I have connected my setup to the CrowdSec Cloud dashboard, added third-party blocklists, It has been running for about a month and it has made only 3 ban decisions.
I have also noticed that crowdsec’s nginix-proxy-manager collection don’t parse the npm logs, even though I followed the collection hub setup instructions.
I would like understand what to expect from my setup and how to improve it.
How can I block bots/web-scanner checking for vulnerabilities on my VPS?
How can I block brute-force and other web attack scenarios on NextCloud?
I see this as an opportunity to configure my crowdsec engine to detect malicious traffic and contribute to the crowdsec community blocklist.
Thank you for your advice.