Looking for testers Q-Feeds plugin

[Maurice]

Here you can find the latest package with the bug fixes for Unbound and the Events page

Both fixes work as intended, thanks!

(In the Unbound settings, I had to reapply the DNSBLs and restart the service for it to merge and load the lists.)

[Lurick]

Did the feeds get messed up?
At about 8:45am EST QFeeds started blocking EVERYTHING on my network out of nowhere.
I had to disable the firewall rules to regain connectivity.

[Q-Feeds]

Did the feeds get messed up?
At about 8:45am EST QFeeds started blocking EVERYTHING on my network out of nowhere.
I had to disable the firewall rules to regain connectivity.

That's severe! Can you share some logs? Which blocks have been registered?

[Q-Feeds]

Did the feeds get messed up?
At about 8:45am EST QFeeds started blocking EVERYTHING on my network out of nowhere.
I had to disable the firewall rules to regain connectivity.

That's severe! Can you share some logs? Which blocks have been registered?

Just reverted the set (temporary) from a few hours ago, yet I'm not able to reproduce your problem without a bit more information. If you pull the list now it should solve.

[Lurick]

Did the feeds get messed up?
At about 8:45am EST QFeeds started blocking EVERYTHING on my network out of nowhere.
I had to disable the firewall rules to regain connectivity.

That's severe! Can you share some logs? Which blocks have been registered?

It seemed to be blocking everything outbound from the LAN interface, from 192.168.0.0/16
Which logs should I collect to help narrow this down?

[Lurick]

[Q-Feeds]

Thx! Still investigating but can't seem to find any RFC IOCs in our list. Which shouldn't either of course!

[Seimus]

Hey guys,

Can you tell me why did you pushed into your TI subnets

0.0.0.0/1
64.0.0.0/2

This caused a huge network outage and blocked everything..
This as well caused the issues described above...

Regards,
S.

[Q-Feeds]

We've learned a valuable lesson just now. One of our premium suppliers pushed two IP Adresses into our list:

64.52.80.21/2
64.52.80.21/1

We do have several filters to filter False Positives and RFC related stuff. Unfortunately we were not prepared for IOCs as shown above.
As you've already experienced this caused a major disruption. We're really sorry for it, and obviously we'll take extensive measures to prevent this in the future.

Thank you very much for letting us know, it helps us to react quickly and improve our services. Once more very sorry for the disruption it has caused!

[Seimus]

This was nasty,

Please be careful with such things pushing into TIs. As this is one of the things that should NEVER HAPPEN.

Also keep in mind not many users are able to restore their connectivity using the console. So this could result into a hard-lock.

Regards,
S.

[Q-Feeds]

This was nasty,

Please be careful with such things pushing into TIs. As this is one of the things that should NEVER HAPPEN.

Also keep in mind not many users are able to restore their connectivity using the console. So this could result into a hard-lock.

Regards,
S.

Can't agree more! And thank you for staying polite... ;-) This was a huge one and we promise take measures against it!

[Seimus]

Can't agree more! And thank you for staying polite... ;-) This was a huge one and we promise take measures against it!

Indeed there is no reason to be rude, my comment was in good will, so I am glad it didn't sounded like I am going to burn a farm.

Can happen to anyone, there is saying we like to use in work;

"Trust but verify."
          - Bunch of tired engineers

[Q-Feeds]

Can't agree more! And thank you for staying polite... ;-) This was a huge one and we promise take measures against it!

Indeed there is no reason to be rude, my comment was in good will, so I am glad it didn't sounded like I am going to burn a farm.

Can happen to anyone, there is saying we like to use in work;

"Trust but verify."
          - Bunch of tired engineers

Haha you're absolutely right, but I can imagine some nasty words came up your mind when this happend.. ;)
That said it was panic on our side as you can imagine and we might put that saying up on our wall :D

[Seimus]

Haha you're absolutely right, but I can imagine some nasty words came up your mind when this happend.. ;)

It was more of an initial surprise "wtf did I do this time" cause I am lately doing a lot of implementations

That said it was panic on our side as you can imagine and we might put that saying up on our wall :D

Feel free :), if nothing at least some fun.

Regards,
S.

[Seimus]

Quick question and two requests.

I try to access the main q-feeds page to access the account https://qfeeds.com/my-account (not speaking about TIP). But its not working getting Error 406.
Same happens now for some reason for https://qfeeds.com. TIP works okay.


R1: The subscription management looks like is on a different system from TIP. Would not be it better if subscription management is handled as well from the TIP?
As the license is there anyway?

R2: When we have multiples API keys, checking the API logs from TIP does not clearly state what API key did what. There is a key ID but that ID isnt clearly showing which key is which. Would it be possible for that specific ID associate the Description? Or include that ID in the API key management.

Regards,
S.