Looking for testers Q-Feeds plugin

Q-Feeds · October 17, 2025, 07:47:33 PM

Quote from: Seimus on October 17, 2025, 07:28:39 PMQuick question and two requests.

I try to access the main q-feeds page to access the account https://qfeeds.com/my-account (not speaking about TIP). But its not working getting Error 406.
Same happens now for some reason for https://qfeeds.com. TIP works okay.

R1: The subscription management looks like is on a different system from TIP. Would not be it better if subscription management is handled as well from the TIP?
As the license is there anyway?

R2: When we have multiples API keys, checking the API logs from TIP does not clearly state what API key did what. There is a key ID but that ID isnt clearly showing which key is which. Would it be possible for that specific ID associate the Description? Or include that ID in the API key management.

Regards,
S.

Hi S.

That's exactly what we thought, that said the integration of the subscription management pages and the TIP is actually already in development.
For the logging, that's a great idea as well! I've added it to the list!

That 406 error is interesting! We'll start investigating.
Edit: Solved, a bit too restrictive WAF.

Seimus · October 17, 2025, 08:08:37 PM

Quote from: Q-Feeds on October 17, 2025, 07:47:33 PMEdit: Solved, a bit too restrictive WAF.

Thanks!

Now I can access it but... When I fill in the creds I get:

QuoteThere has been a critical error on this website.

Looks like I am being unlucky today.

Regards,
S.

Q-Feeds · October 17, 2025, 08:17:15 PM

Quote from: Seimus on October 17, 2025, 08:08:37 PM
Quote from: Q-Feeds on October 17, 2025, 07:47:33 PMEdit: Solved, a bit too restrictive WAF.

Thanks!

Now I can access it but... When I fill in the creds I get:
QuoteThere has been a critical error on this website.

Looks like I am being unlucky today.

Regards,
S.

haha Murphy's law... Funny thing was that this was caused by a part of the integration between the website and the TIP which is already implemented in the background. That said it's solved now, you should be able to login. Now fingers crossed for the next issue haha

Seimus · October 17, 2025, 08:19:47 PM

Yea, I tent to be unlucky when I don't try to do anything bad....

Can confirm it works now. Many thanks for fixing it so quickly!

Regards,
S.

Q-Feeds · October 17, 2025, 08:21:40 PM

Quote from: Seimus on October 17, 2025, 08:19:47 PMYea, I tent to be unlucky when I don't try to do anything bad....

Can confirm it works now. Many thanks for fixing it so quickly!

Regards,
S.

On our end it seems to go the other way around today... :D
Thanks for letting us know and your support!

wbennett · Reply #260 - Re: Looking for testers Q-Feeds plugin

I am seeing many blocks, all to the WAN interface but not a single block from the LAN. Is this normal behaviour or is there something I messed up?

Q-Feeds · Reply #261 - Re: Looking for testers Q-Feeds plugin

Quote from: wbennett on Today at 12:16:11 AMI am seeing many blocks, all to the WAN interface but not a single block from the LAN. Is this normal behaviour or is there something I messed up?

It means you're behaving yourself, your devices probably aren't part of a botnet, you likely don't have any viruses, and your LAN's in good health 😄
Jokes aside, that's expected behavior. Most bad traffic comes from the outside, and if you're not seeing outbound blocks, that's actually a good sign.

Seimus · Reply #262 - Re: Looking for testers Q-Feeds plugin

Well, bought the Plus license. I like the overall premise + bonus points for listening to the community.

Cant say as a community we have always the best or brightest ideas, but so far changes made based on community feedback were very welcome. I hope this cooperation between Q-Feeds and community will continue.

Regards,
S.

zz00mm · Reply #263 - Re: Looking for testers Q-Feeds plugin

Qfeeds,
the Q-Feeds widget on the dashboard show's IP's are being block, right now 1633
Security-> Q-Feeds Connect -> Events: shows nothing.
qfeedsctl.py logs via command line: output show nothing.
cat /var/log/filter/latest.log | grep block: does show IPs being blocked on em1 (WAN)
What information can I provide to troubleshoot this?
Config:
running os-q-feeds-connecter-1.1_2, GUI plugin shows version 1.1 not 1.1_2
completely uninstalled and reinstalled version 1.1_2 just to doublecheck myself.
2 Node HA cluster
10 vLANs internal network

Zz00mm

qfeedsctl.py stats:
{"feeds":[{"name":"malware_ip","total_entries":491863,"packets_blocked":16765,"bytes_blocked":791023,"addresses_blocked":1645}],"totals":{"entries":491863,"addresses_blocked":1645,"packets_blocked":16765,"bytes_blocked":791023}}
qfeedsctl.py logs:
{"rows":[]}
qfeedsctl.py show_index:
{"company_info":{"id":106,"name":"xxxxxxx Company","token_expiration":null,"p remium_access":false},"security_settings":{"rate_limit_window":10,"allowed_ips": "*","allowed_user_agents":"*"},"licensing_summary":{"features":{"total":5,"licen sed":0,"unlicensed":5},"feeds":{"total":3,"licensed":3,"unlicensed":0}},"feature s":[{"id":1,"name":"attack_surface","description":"Access to the External Attack -Surface Management functionality.","licensed":false},{"id":6,"name":"manage_api _key_settings","description":"Allows users to edit advanced settings for API key s, such as IP restrictions, feed access, and rate limits.","licensed":false},{"i d":3,"name":"manage_users","description":"Ability to create, edit, and delete su b-users.","licensed":false},{"id":7,"name":"support","description":"Access to su pport ticketing system and false positive reporting","licensed":false},{"id":4," name":"threat_lookup","description":"Access to the Threat-Intelligence lookup fu nctionality.","licensed":false}],"feeds":[{"id":9,"feed_type":"malware_ip","type ":"ip","description":"Malicious IP addresses","created_at":"2024-09-02T12:00:00Z ","updated_at":"2025-10-18T00:00:00Z","frequency":1200,"next_update":"2025-10-19 T00:17:31Z","licensed":true,"local_filename":"\/var\/db\/qfeeds-tables\/malware_ ip.txt","updated_at_dt":1760745600.0,"next_update_dt":1760833051.0},{"id":10,"fe ed_type":"malware_domains","type":"domains","description":"Malicious domain name s","created_at":"2024-09-02T12:00:00Z","updated_at":"2025-10-18T00:00:00Z","freq uency":1200,"next_update":"2025-10-19T00:17:31Z","licensed":true,"local_filename ":"\/var\/db\/qfeeds-tables\/malware_domains.txt","updated_at_dt":1760745600.0," next_update_dt":1760833051.0},{"id":11,"feed_type":"phishing_urls","type":"urls" ,"description":"Phishing URLS","created_at":"2024-09-02T12:00:00Z","updated_at": "2025-10-18T00:00:00Z","frequency":1200,"next_update":"2025-10-19T00:17:31Z","li censed":true,"local_filename":"\/var\/db\/qfeeds-tables\/phishing_urls.txt","upd ated_at_dt":1760745600.0,"next_update_dt":1760833051.0}]}

passeri · Reply #264 - Re: Looking for testers Q-Feeds plugin

Currently I am getting an error "An error occurred while searching" while trying to do a threat lookup. Tried three different blocked IPs. When I then went to History those searches are present with results, including the one I did twice, so the error message appears to be an error.

Consistent with the fact of an error message, available searches did not decrement.

A separate cosmetic query: I do not mind seeing time stamps in the European zone, but is there anything to be done to see those dates in a format which is not American? ISO format would cover all territories more sensibly.

Q-Feeds · Reply #265 - Re: Looking for testers Q-Feeds plugin

Quote from: zz00mm on Today at 03:58:37 AMQfeeds,
the Q-Feeds widget on the dashboard show's IP's are being block, right now 1633
Security-> Q-Feeds Connect -> Events: shows nothing.
qfeedsctl.py logs via command line: output show nothing.
cat /var/log/filter/latest.log | grep block: does show IPs being blocked on em1 (WAN)
What information can I provide to troubleshoot this?
Config:
running os-q-feeds-connecter-1.1_2, GUI plugin shows version 1.1 not 1.1_2
completely uninstalled and reinstalled version 1.1_2 just to doublecheck myself.
2 Node HA cluster
10 vLANs internal network

Zz00mm

qfeedsctl.py stats:
{"feeds":[{"name":"malware_ip","total_entries":491863,"packets_blocked":16765,"bytes_blocked":791023,"addresses_blocked":1645}],"totals":{"entries":491863,"addresses_blocked":1645,"packets_blocked":16765,"bytes_blocked":791023}}
qfeedsctl.py logs:
{"rows":[]}
qfeedsctl.py show_index:
{"company_info":{"id":106,"name":"xxxxxxx Company","token_expiration":null,"p remium_access":false},"security_settings":{"rate_limit_window":10,"allowed_ips": "*","allowed_user_agents":"*"},"licensing_summary":{"features":{"total":5,"licen sed":0,"unlicensed":5},"feeds":{"total":3,"licensed":3,"unlicensed":0}},"feature s":[{"id":1,"name":"attack_surface","description":"Access to the External Attack -Surface Management functionality.","licensed":false},{"id":6,"name":"manage_api _key_settings","description":"Allows users to edit advanced settings for API key s, such as IP restrictions, feed access, and rate limits.","licensed":false},{"i d":3,"name":"manage_users","description":"Ability to create, edit, and delete su b-users.","licensed":false},{"id":7,"name":"support","description":"Access to su pport ticketing system and false positive reporting","licensed":false},{"id":4," name":"threat_lookup","description":"Access to the Threat-Intelligence lookup fu nctionality.","licensed":false}],"feeds":[{"id":9,"feed_type":"malware_ip","type ":"ip","description":"Malicious IP addresses","created_at":"2024-09-02T12:00:00Z ","updated_at":"2025-10-18T00:00:00Z","frequency":1200,"next_update":"2025-10-19 T00:17:31Z","licensed":true,"local_filename":"\/var\/db\/qfeeds-tables\/malware_ ip.txt","updated_at_dt":1760745600.0,"next_update_dt":1760833051.0},{"id":10,"fe ed_type":"malware_domains","type":"domains","description":"Malicious domain name s","created_at":"2024-09-02T12:00:00Z","updated_at":"2025-10-18T00:00:00Z","freq uency":1200,"next_update":"2025-10-19T00:17:31Z","licensed":true,"local_filename ":"\/var\/db\/qfeeds-tables\/malware_domains.txt","updated_at_dt":1760745600.0," next_update_dt":1760833051.0},{"id":11,"feed_type":"phishing_urls","type":"urls" ,"description":"Phishing URLS","created_at":"2024-09-02T12:00:00Z","updated_at": "2025-10-18T00:00:00Z","frequency":1200,"next_update":"2025-10-19T00:17:31Z","li censed":true,"local_filename":"\/var\/db\/qfeeds-tables\/phishing_urls.txt","upd ated_at_dt":1760745600.0,"next_update_dt":1760833051.0}]}

Hi zz00mm,

Could you share the following with me:

Check if Q-Feeds tables exist and contain entries:

pfctl -t __qfeeds_malware_ip -T show | head -10
pfctl -t __qfeeds_malware_ip -T show | wc -l

Check firewall rules for Q-Feeds table references:
pfctl -sr | grep "<__qfeeds" | tail -5

Kind regards,

David

Q-Feeds · Reply #266 - Re: Looking for testers Q-Feeds plugin

Quote from: passeri on Today at 05:30:44 AMCurrently I am getting an error "An error occurred while searching" while trying to do a threat lookup. Tried three different blocked IPs. When I then went to History those searches are present with results, including the one I did twice, so the error message appears to be an error.

It seems this was an issue in the javascript presenting the results. This should be fixed now. Thanks for letting us know!

Quote from: passeri on Today at 05:30:44 AMA separate cosmetic query: I do not mind seeing time stamps in the European zone, but is there anything to be done to see those dates in a format which is not American? ISO format would cover all territories more sensibly.

Totally agree! Thanks for this. We will add it to the list!

Q-Feeds · Reply #267 - Re: Looking for testers Q-Feeds plugin

Quote from: passeri on Today at 05:30:44 AMCurrently I am getting an error "An error occurred while searching" while trying to do a threat lookup. Tried three different blocked IPs. When I then went to History those searches are present with results, including the one I did twice, so the error message appears to be an error.

Consistent with the fact of an error message, available searches did not decrement.

A separate cosmetic query: I do not mind seeing time stamps in the European zone, but is there anything to be done to see those dates in a format which is not American? ISO format would cover all territories more sensibly.

Made some improvements on this; you can now set it to your own liking under 'account settings'. Also created a browser auto-detect function. That said it was a Saturday-morning (Europe/Amsterdam) quicky so please let me know if I missed a few timestamps :)

Q-Feeds · Reply #268 - Re: Looking for testers Q-Feeds plugin

Quote from: Seimus on Today at 02:03:50 AMWell, bought the Plus license. I like the overall premise + bonus points for listening to the community.

Cant say as a community we have always the best or brightest ideas, but so far changes made based on community feedback were very welcome. I hope this cooperation between Q-Feeds and community will continue.

Regards,
S.

Thank you very much Seimus, we will definitely do the best we can!

passeri · Reply #269 - Re: Looking for testers Q-Feeds plugin

Quote from: Q-Feeds on Today at 11:07:28 AMMade some improvements on this; you can now set it to your own liking under 'account settings'. Also created a browser auto-detect function. That said it was a Saturday-morning (Europe/Amsterdam) quicky so please let me know if I missed a few timestamps :)

Thank you, seems to work well. I found myself on Reykjavik time; Mullvad browser declines or fails to auto-detect but Safari does.

I see that you have even picked up on Eucla time, an unofficial zone, and an entry for Broken Hill in case they forget they are on Central not Eastern. The national capital is missing (same as Sydney and Melbourne times) though no-one pays Canberra much attention anyway so that is fine. :)

Looking for testers Q-Feeds plugin

Q-Feeds

October 17, 2025, 07:47:33 PM #255 Last Edit: October 17, 2025, 07:54:43 PM by Q-Feeds

Seimus

October 17, 2025, 08:08:37 PM #256

Q-Feeds

October 17, 2025, 08:17:15 PM #257

Seimus

October 17, 2025, 08:19:47 PM #258

Q-Feeds

October 17, 2025, 08:21:40 PM #259

wbennett

Today at 12:16:11 AM #260

Q-Feeds

Today at 12:56:33 AM #261

Seimus

Today at 02:03:50 AM #262

zz00mm

Today at 03:58:37 AM #263

passeri

Today at 05:30:44 AM #264

Q-Feeds

Today at 10:28:20 AM #265

Q-Feeds

Today at 10:41:06 AM #266 Last Edit: Today at 11:05:30 AM by Q-Feeds

Q-Feeds

Today at 11:07:28 AM #267

Q-Feeds

Today at 11:08:09 AM #268

passeri

Today at 11:57:20 AM #269