I have actual a problem with a IP from my Webhoster.
Crowdsec banned the IP, but I don’t know why?
But my problem is a other problem.
I have created a whitelist “/etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml” and added the following
name: crowdsecurity/whitelists
description: "Whitelist for me"
whitelist:
reason: "Whitelist for working"
ip:
- "IP" # Webhosting
After this I restarted crowdsec and check, if the mywhitelists.yaml will be parsed.
I checked it with “cscli parsers list” and the list will be parsed:
It was myself on the mail support, its not that we don’t want to delete it. It more we are still seeing malicious signals, so we have to weigh up releasing the IP for the context it is a hosting company but also noting that their is still active attacking users of our network.