I was on Community Blocklist Lite and it was exactly what I wanted (no customization)
Later on, I tried turning on some parsers, only one of which worked properly, and now I’m apparently on the “Standard” community blocklist, but on most of my engines it’s now “customized” to the point of uselessness, because I’m only getting decisions related to that one parser.
The content of the blocklist is unique to each Security Engine, as it mirrors the behaviours they report. For example, suppose you’re running the Security Engine on a web server with WordPress. In that case, you will receive IPs performing generic attacks against web servers and IPs engaging in wordpress-specific attacks.
this is worthless to me, I need to go back to “Lite”
-
Is there a way to force a reversion to “Lite” other than shutting off all parsers so that nothing is reported, and then waiting?
-
If I do shut off all parsers, how long will it take for me to go back to “Lite”?
Free users that are not actively contributing to the network or that have been flagged as cheating/abusing the system will receive the Community Blocklist (Lite).
- Is there a way to manually set this flag or request that it be set on my account?
As an example… I have an engine that uses that uses crowdsec-cloudflare-bouncer to take IPs from the community blocklist and push them to my Cloudflare account (Cloudflare only allows an update once every 72 hours but whatever, I can live with it), and the bouncer is configured to only include HTTP-related scenarios, but the “customized” community blocklist this engine receives is 100% SSH… so, useless.