π Aktuelle Decisions
+---------+----------+-------------------+----------------------------+--------+---------+----------------------------+--------+------------+----------+ | ID | Source | Scope:Value | Reason | Action | Country | AS | Events | expiration | Alert ID | +---------+----------+-------------------+----------------------------+--------+---------+----------------------------+--------+------------+----------+ | 1072247 | crowdsec | Ip:78.153.140.224 | crowdsecurity/http-probing | ban | GB | 202306 Hostglobal.plus Ltd | 11 | 3h18m55s | 144 | | 1072244 | crowdsec | Ip:78.153.140.179 | crowdsecurity/http-probing | ban | GB | 202306 Hostglobal.plus Ltd | 11 | 1h57m25s | 141 | +---------+----------+-------------------+----------------------------+--------+---------+----------------------------+--------+------------+----------+ 3 duplicated entries skipped
π¨ Alerts Γbersicht
+-----+--------------------+--------------------------------------------+---------+------------------------------------+-----------+----------------------+ | ID | value | reason | country | as | decisions | created_at | +-----+--------------------+--------------------------------------------+---------+------------------------------------+-----------+----------------------+ | 144 | Ip:78.153.140.224 | crowdsecurity/http-probing | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-15T21:18:53Z | | 143 | Ip:78.153.140.224 | crowdsecurity/http-admin-interface-probing | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-15T21:18:54Z | | 142 | Ip:78.153.140.224 | crowdsecurity/http-sensitive-files | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-15T21:18:53Z | | 141 | Ip:78.153.140.179 | crowdsecurity/http-probing | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-15T19:57:22Z | | 140 | Ip:78.153.140.179 | crowdsecurity/http-sensitive-files | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-15T19:57:22Z | | 133 | Ip:78.153.140.177 | crowdsecurity/http-probing | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-15T08:52:12Z | | 132 | Ip:78.153.140.177 | crowdsecurity/http-sensitive-files | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-15T08:52:12Z | | 128 | Ip:91.199.82.162 | Test Block | | | ban:1 | 2025-12-14T19:29:30Z | | 126 | Ip:135.237.125.160 | crowdsecurity/http-cve-probing | US | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-14T16:24:16Z | | 116 | Ip:146.190.103.103 | crowdsecurity/jira_cve-2021-26086 | SG | 14061 DIGITALOCEAN-ASN | ban:1 | 2025-12-13T22:35:56Z | | 115 | Ip:134.122.28.88 | crowdsecurity/jira_cve-2021-26086 | US | 14061 DIGITALOCEAN-ASN | ban:1 | 2025-12-13T22:35:55Z | | 114 | Ip:146.190.103.103 | crowdsecurity/http-probing | SG | 14061 DIGITALOCEAN-ASN | ban:1 | 2025-12-13T22:35:26Z | | 113 | Ip:134.122.28.88 | crowdsecurity/http-probing | US | 14061 DIGITALOCEAN-ASN | ban:1 | 2025-12-13T22:35:24Z | | 112 | Ip:147.182.149.75 | crowdsecurity/jira_cve-2021-26086 | CA | 14061 DIGITALOCEAN-ASN | ban:1 | 2025-12-13T22:35:01Z | | 111 | Ip:164.90.208.56 | crowdsecurity/jira_cve-2021-26086 | DE | 14061 DIGITALOCEAN-ASN | ban:1 | 2025-12-13T22:35:00Z | | 110 | Ip:147.182.149.75 | crowdsecurity/http-probing | CA | 14061 DIGITALOCEAN-ASN | ban:1 | 2025-12-13T22:34:30Z | | 109 | Ip:164.90.208.56 | crowdsecurity/http-probing | DE | 14061 DIGITALOCEAN-ASN | ban:1 | 2025-12-13T22:34:31Z | | 107 | Ip:40.124.173.16 | crowdsecurity/http-cve-probing | US | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-13T21:49:06Z | | 106 | Ip:4.197.221.212 | crowdsecurity/http-backdoors-attempts | AU | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-13T21:01:22Z | | 105 | Ip:4.197.221.212 | crowdsecurity/http-wordpress-scan | AU | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-13T21:00:40Z | | 104 | Ip:4.197.221.212 | crowdsecurity/http-admin-interface-probing | AU | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-13T21:00:46Z | | 103 | Ip:4.197.221.212 | crowdsecurity/http-probing | AU | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-13T21:00:40Z | | 99 | Ip:78.153.140.203 | crowdsecurity/http-sensitive-files | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-13T15:34:59Z | | 98 | Ip:195.178.110.156 | crowdsecurity/http-probing | BG | 48090 Techoff Srv Limited | ban:1 | 2025-12-13T14:20:25Z | | 97 | Ip:195.178.110.156 | crowdsecurity/http-admin-interface-probing | BG | 48090 Techoff Srv Limited | ban:1 | 2025-12-13T14:20:26Z | | 96 | Ip:195.178.110.156 | crowdsecurity/http-sensitive-files | BG | 48090 Techoff Srv Limited | ban:1 | 2025-12-13T14:20:25Z | | 94 | Ip:172.212.200.195 | crowdsecurity/CVE-2022-41082 | US | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-13T14:14:01Z | | 91 | Ip:45.148.10.63 | crowdsecurity/http-probing | NL | 48090 Techoff Srv Limited | ban:1 | 2025-12-13T08:21:51Z | | 90 | Ip:45.148.10.63 | crowdsecurity/http-admin-interface-probing | NL | 48090 Techoff Srv Limited | ban:1 | 2025-12-13T08:21:52Z | | 89 | Ip:45.148.10.63 | crowdsecurity/http-sensitive-files | NL | 48090 Techoff Srv Limited | ban:1 | 2025-12-13T08:21:51Z | | 86 | Ip:20.29.49.93 | crowdsecurity/http-cve-probing | US | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-13T04:58:11Z | | 79 | Ip:79.124.40.174 | crowdsecurity/http-cve-probing | BG | 50360 Tamatiya EOOD | ban:1 | 2025-12-12T17:11:34Z | | 78 | Ip:45.156.129.176 | crowdsecurity/CVE-2019-18935 | PT | 211680 Sistemas Informaticos, S.A. | ban:1 | 2025-12-12T17:10:12Z | | 76 | Ip:79.124.40.174 | crowdsecurity/CVE-2017-9841 | BG | 50360 Tamatiya EOOD | ban:1 | 2025-12-12T15:40:00Z | | 75 | Ip:40.76.125.17 | crowdsecurity/http-cve-probing | US | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-12T15:36:59Z | | 74 | Ip:79.124.40.174 | crowdsecurity/CVE-2017-9841 | BG | 50360 Tamatiya EOOD | ban:1 | 2025-12-12T15:25:00Z | | 70 | Ip:82.210.227.36 | LePresidente/http-generic-403-bf | DE | 48951 Telekom Deutschland GmbH | ban:1 | 2025-12-12T09:48:10Z | | 69 | Ip:82.210.227.36 | LePresidente/http-generic-403-bf | DE | 48951 Telekom Deutschland GmbH | ban:1 | 2025-12-12T09:47:08Z | | 68 | Ip:82.210.227.36 | LePresidente/http-generic-403-bf | DE | 48951 Telekom Deutschland GmbH | ban:1 | 2025-12-12T09:46:03Z | | 67 | Ip:82.210.227.36 | LePresidente/http-generic-403-bf | DE | 48951 Telekom Deutschland GmbH | ban:1 | 2025-12-12T09:45:00Z | | 66 | Ip:82.210.227.36 | LePresidente/http-generic-403-bf | DE | 48951 Telekom Deutschland GmbH | ban:1 | 2025-12-12T09:43:58Z | | 65 | Ip:82.210.227.36 | crowdsecurity/http-sensitive-files | DE | 48951 Telekom Deutschland GmbH | ban:1 | 2025-12-12T09:43:53Z | | 61 | Ip:135.119.16.163 | crowdsecurity/CVE-2022-41082 | US | 8075 MICROSOFT-CORP-MSN-AS-BLOCK | ban:1 | 2025-12-12T02:20:11Z | | 58 | Ip:1.2.3.5 | Test Ban | | | ban:1 | 2025-12-11T22:36:40Z | | 56 | Ip:1.2.3.4 | Test Ban | | | ban:1 | 2025-12-11T22:13:22Z | | 43 | Ip:198.98.53.110 | crowdsecurity/thinkphp-cve-2018-20062 | US | 53667 PONYNET | ban:1 | 2025-12-10T21:13:13Z | | 42 | Ip:198.98.53.110 | crowdsecurity/CVE-2017-9841 | US | 53667 PONYNET | ban:1 | 2025-12-10T21:12:55Z | | 41 | Ip:198.98.53.110 | crowdsecurity/http-probing | US | 53667 PONYNET | ban:1 | 2025-12-10T21:11:06Z | | 40 | Ip:198.98.53.110 | crowdsecurity/CVE-2017-9841 | US | 53667 PONYNET | ban:1 | 2025-12-10T21:11:30Z | | 38 | Ip:78.153.140.177 | crowdsecurity/http-sensitive-files | GB | 202306 Hostglobal.plus Ltd | ban:1 | 2025-12-10T20:02:45Z | +-----+--------------------+--------------------------------------------+---------+------------------------------------+-----------+----------------------+
π System Metriken
+----------------------------------------------------------------------------------------------------------------------------+ | Acquisition Metrics | +----------------------------------+------------+--------------+----------------+------------------------+-------------------+ | Source | Lines read | Lines parsed | Lines unparsed | Lines poured to bucket | Lines whitelisted | +----------------------------------+------------+--------------+----------------+------------------------+-------------------+ | file:/var/log/traefik/access.log | 1.25k | 1.25k | - | 995 | - | +----------------------------------+------------+--------------+----------------+------------------------+-------------------+ +----------------------------------------------------+ | Local API Alerts | +--------------------------------------------+-------+ | Reason | Count | +--------------------------------------------+-------+ | Test Ban | 2 | | Test Block | 1 | | crowdsecurity/CVE-2017-9841 | 4 | | crowdsecurity/CVE-2019-18935 | 1 | | crowdsecurity/http-backdoors-attempts | 1 | | crowdsecurity/http-probing | 13 | | crowdsecurity/http-wordpress-scan | 1 | | crowdsecurity/jira_cve-2021-26086 | 4 | | LePresidente/http-generic-403-bf | 5 | | crowdsecurity/CVE-2022-41082 | 2 | | crowdsecurity/http-admin-interface-probing | 4 | | crowdsecurity/http-cve-probing | 5 | | crowdsecurity/http-sensitive-files | 8 | | crowdsecurity/thinkphp-cve-2018-20062 | 1 | +--------------------------------------------+-------+ +------------------------------------------------------------------------+ | Local API Decisions | +--------------------------------------------+----------+--------+-------+ | Reason | Origin | Action | Count | +--------------------------------------------+----------+--------+-------+ | http:dos | CAPI | ban | 60 | | http:exploit | CAPI | ban | 1771 | | ssh:bruteforce | CAPI | ban | 2675 | | crowdsecurity/http-admin-interface-probing | crowdsec | ban | 1 | | crowdsecurity/http-probing | crowdsec | ban | 2 | | generic:scan | CAPI | ban | 183 | | http:bruteforce | CAPI | ban | 709 | | http:crawl | CAPI | ban | 41 | | http:scan | CAPI | ban | 15166 | | ssh:exploit | CAPI | ban | 475 | | crowdsecurity/http-sensitive-files | crowdsec | ban | 2 | +--------------------------------------------+----------+--------+-------+ +------------------------------------+ | Local API Metrics | +--------------------+--------+------+ | Route | Method | Hits | +--------------------+--------+------+ | /v1/alerts | GET | 34 | | /v1/alerts | POST | 5 | | /v1/decisions | GET | 1023 | | /v1/heartbeat | GET | 849 | | /v1/usage-metrics | POST | 29 | | /v1/watchers/login | POST | 49 | +--------------------+--------+------+ +-------------------------------------------------+ | Local API Bouncers Metrics | +-----------------+---------------+--------+------+ | Bouncer | Route | Method | Hits | +-----------------+---------------+--------+------+ | bouncer-traefik | /v1/decisions | GET | 1023 | +-----------------+---------------+--------+------+ +-----------------------------------------------------+ | Local API Bouncers Decisions | +-----------------+---------------+-------------------+ | Bouncer | Empty answers | Non-empty answers | +-----------------+---------------+-------------------+ | bouncer-traefik | 1019 | 4 | +-----------------+---------------+-------------------+ +-------------------------------------------+ | Local API Machines Metrics | +-----------+---------------+--------+------+ | Machine | Route | Method | Hits | +-----------+---------------+--------+------+ | localhost | /v1/alerts | GET | 34 | | localhost | /v1/alerts | POST | 5 | | localhost | /v1/heartbeat | GET | 849 | +-----------+---------------+--------+------+ +----------------------------------------------------------------+ | Parser Metrics | +------------------------------------+-------+--------+----------+ | Parsers | Hits | Parsed | Unparsed | +------------------------------------+-------+--------+----------+ | child-crowdsecurity/http-logs | 3.75k | 2.55k | 1.20k | | child-crowdsecurity/traefik-logs | 1.25k | 1.25k | - | | crowdsecurity/cdn-whitelist | 7 | 7 | - | | crowdsecurity/dateparse-enrich | 1.25k | 1.25k | - | | crowdsecurity/geoip-enrich | 1.25k | 1.25k | - | | crowdsecurity/http-logs | 1.25k | 1.25k | - | | crowdsecurity/nextcloud-whitelist | 1.25k | 1.25k | - | | crowdsecurity/non-syslog | 1.25k | 1.25k | - | | crowdsecurity/public-dns-allowlist | 1.25k | 1.25k | - | | crowdsecurity/rdns | 7 | 7 | - | | crowdsecurity/seo-bots-whitelist | 7 | 7 | - | | crowdsecurity/traefik-logs | 1.25k | 1.25k | - | | crowdsecurity/whitelists | 1.25k | 1.25k | - | +------------------------------------+-------+--------+----------+ +----------------------------------------------------------------------------------------------------------+ | Scenario Metrics | +--------------------------------------------+---------------+-----------+--------------+--------+---------+ | Scenario | Current Count | Overflows | Instantiated | Poured | Expired | +--------------------------------------------+---------------+-----------+--------------+--------+---------+ | crowdsecurity/http-admin-interface-probing | - | 1 | 7 | 11 | 6 | | crowdsecurity/http-crawl-non_statics | - | - | 539 | 712 | 539 | | crowdsecurity/http-probing | 1 | 6 | 101 | 206 | 94 | | crowdsecurity/http-sensitive-files | - | 11 | 18 | 66 | 7 | +--------------------------------------------+---------------+-----------+--------------+--------+---------+ +----------------------------------------------------------------------------------------------+ | Whitelist Metrics | +------------------------------------+------------------------------------+------+-------------+ | Whitelist | Reason | Hits | Whitelisted | +------------------------------------+------------------------------------+------+-------------+ | crowdsecurity/cdn-whitelist | CDN provider | 7 | - | | crowdsecurity/nextcloud-whitelist | Nextcloud Whitelist | 1249 | - | | crowdsecurity/public-dns-allowlist | public DNS server | 1249 | - | | crowdsecurity/seo-bots-whitelist | good bots (search engine crawlers) | 7 | - | | crowdsecurity/whitelists | private ipv4/ipv6 ip/ranges | 1249 | - | +------------------------------------+------------------------------------+------+-------------+
π§ Fix Permissions Log (letzte 30 Zeilen)
Skipping: filebrowser_config (excluded) Step 2: Restarting Nginx containers... ---------------------------------------- Restarting: nginx_1870 β Successfully restarted: nginx_1870 Restarting: nginx_1871 β Successfully restarted: nginx_1871 Restarting: nginx_1872 β Successfully restarted: nginx_1872 Restarting: nginx_1873 β Successfully restarted: nginx_1873 ========================================== === Permission Fix Complete === ========================================== Current permissions: drwxr-xr-x 19 debian debian 4096 13. Dez 22:39 1870 drwxr-xr-x 3 debian debian 4096 15. Dez 21:45 1871 drwxr-xr-x 2 debian debian 4096 13. Dez 15:24 1872 drwxr-xr-x 2 debian debian 4096 15. Dez 22:00 1873 drwxr-xr-x 2 debian debian 4096 8. Dez 20:45 filebrowser_config Container status: NAMES STATUS PORTS nginx_1871 Up 1 second 0.0.0.0:1871-PERMISSIONS_LOG_PLACEHOLDERgt;80/tcp, [::]:1871-PERMISSIONS_LOG_PLACEHOLDERgt;80/tcp nginx_1870 Up 2 seconds 0.0.0.0:1870-PERMISSIONS_LOG_PLACEHOLDERgt;80/tcp, [::]:1870-PERMISSIONS_LOG_PLACEHOLDERgt;80/tcp nginx_1873 Up Less than a second 0.0.0.0:1873-PERMISSIONS_LOG_PLACEHOLDERgt;80/tcp, [::]:1873-PERMISSIONS_LOG_PLACEHOLDERgt;80/tcp nginx_1872 Up Less than a second 0.0.0.0:1872-PERMISSIONS_LOG_PLACEHOLDERgt;80/tcp, [::]:1872-PERMISSIONS_LOG_PLACEHOLDERgt;80/tcp
π Traefik Access Log (letzte 30 Zeilen)
TRAEFIK_LOG_PLACEHOLDER