Looking for testers Q-Feeds plugin

[wirehire]

Thanks for this product! I will test it!

How it works with adguard? Is there a manual?

[Patrick M. Hausen]

How it works with adguard? Is there a manual?

Create a DNS blocklist in AdGuard Home with this URL:

Code Select Expand

https://api.qfeeds.com/api.php?feed_type=malware_domains&api_token=<your API token>


[wirehire]

Thanks Patrick.


Another question, in the log from the qfeed , how can i see, which port the blocked actually tried to connect?

[Patrick M. Hausen]

You need to check the firewall logs for your block rule. And set that to logging enabled, of course.

[wirehire]

ok so no more info, likes crowdsec ? or only with the paid version?

[Patrick M. Hausen]

Q-Feeds does not send any info back to them, that's why they cannot show you more info in the dashboard. Great from a privacy point of view, IMHO.

[wirehire]

you right, nothing upload are very good, from this sign. But the plugin matched the list and the blocklist  take from the blocklist the ip. So when the pluing can see that dangerous ip take to connect and block ist, it can also see and write to the plugin log, which port.

for  zero days often, the check in wave specific ports. So when you see that many ips scan for a specific port in a wave, you can take it different.

Where the question to the qfeed maintainer. Can your plugin  without upload to your instances, see which port the attacker probt to be connect ?

[Patrick M. Hausen]

Your block rule does that.

Step 1:



Step 2:

[wirehire]

Patrick thanks, i know that, but why not in the plugin , where the ips block shows up? The read the pf log, so the details are there.

[Q-Feeds]

Patrick thanks, i know that, but why not in the plugin , where the ips block shows up? The read the pf log, so the details are there.

Thank you for the suggestion, you're right and we think that's a nice addition. We've added it to the list but for know Patrick's suggestion is indeed the way to go.

[Jyling]

I've given this whole thread a read and here's my 2c:

A sysadmin with 30+ years of xp here. I run infrastructure for a hosting company, for a dozen of clients of small to medium sizes.
As such, I and my customers are not interested, in any way, shape, and form, in the traditional "threat" detection. We are interested in the blocking of web contact form and email spam, and we achieve this mostly by blocking all things hosting. Everything that comes from hosting providers is considered a threat, plain and simple. Hosting providers are everyone's enemies. So I simply integrated with an API that tells me whether the visitor is from a hosting company, in which case they are given a boot, or from consumer internet providers, in which case we let our tried and tested set of rules to take an action. Nothing that is of my or my customer's concerns can get past my multiple layers of firewalls, and this has been proven many times by all kinds of pen test companies that my customers used to hire until they realized that it's money well wasted, so they cut down on this.

Having said it, what can Q-feeds offer us?

[Q-Feeds]

I've given this whole thread a read and here's my 2c:

A sysadmin with 30+ years of xp here. I run infrastructure for a hosting company, for a dozen of clients of small to medium sizes.
As such, I and my customers are not interested, in any way, shape, and form, in the traditional "threat" detection. We are interested in the blocking of web contact form and email spam, and we achieve this mostly by blocking all things hosting. Everything that comes from hosting providers is considered a threat, plain and simple. Hosting providers are everyone's enemies. So I simply integrated with an API that tells me whether the visitor is from a hosting company, in which case they are given a boot, or from consumer internet providers, in which case we let our tried and tested set of rules to take an action. Nothing that is of my or my customer's concerns can get past my multiple layers of firewalls, and this has been proven many times by all kinds of pen test companies that my customers used to hire until they realized that it's money well wasted, so they cut down on this.

Having said it, what can Q-feeds offer us?

Hi Jyling,

That's an interesting approach, sounds like you've got a pretty tight setup already.

Q-Feeds isn't focused on generic logic. We maintain constantly validated threat intelligence feeds with confirmed malicious IPs, domains, and URLs — actual command-and-control servers, phishing kits, malware activity, and even APT groups. That includes compromised servers within consumer networks and infected sites hosted on otherwise legitimate infrastructure.

So instead of just blocking entire hosting ranges, Q-Feeds helps you block what's actively bad, while still allowing legitimate traffic that comes from hosting environments your customers might actually want to reach (e.g. legitimate mail relays, SaaS, or shared web services).

In short:
You'd get more precision than broad "hosting provider = block" filters.
Our data is updated and validated 24/7 to minimize false positives.
You can integrate it via API or directly into your firewall/DNS with minimal effort.
You could even use it alongside your existing hosting block logic, our feeds would just catch the real threats that slip through.

All that said, the proof is in the pudding, give it a spin and you'll see the difference.

[Q-Feeds]

!! NEW NEW NEW !!

Today we are proud to announce our first External Attack Surface Management (EASM) tools in our Threat Intelligence Portal!

We've added a powerful vulnerability scanner that checks for:

• Open ports
• Web and network vulnerabilities
• Potential misconfiguration flaws

On top of that, we included a range of handy tools for enrichment and quick analysis, such as:

• WHOIS Lookup
• DNS Records
• HTTP Headers
• GeoIP
• SSL Certificate details
• Reverse DNS
• Similar Domains detection

The goal is simple — help users understand what's exposed from their public-facing infrastructure and identify risks before attackers do.

Note: The new EASM features are currently available for Plus and Premium subscriptions only.
Note 2: The new vulnerability scanner is limited to 1 scan per day for Premium and 1 scan per week for Plus.


We'll continue expanding functionality and welcome any feedback.

[Seimus]

Nice sweet!

I really wish this tool-set would be integrated into the OPNsense plugin/GUI.

------

Looks like the HTTP header toolkit the output from "Security Headers Analysis" show duplicated entries (basically shows the same results twice.)

Regards,
S.

[Q-Feeds]

Nice sweet!

I really wish this tool-set would be integrated into the OPNsense plugin/GUI.

------

Looks like the HTTP header toolkit the output from "Security Headers Analysis" show duplicated entries (basically shows the same results twice.)

Regards,
S.

Thank you! We might in the future but that won't be tomorrow I'm afraid ;-)

Fixed the bug right away, thanks for letting us know!