The version I had played around with about 10 years ago could.

There’s also The Dude - although it’s a Windows-only application. But the visualisation is great.

I’m running SpotWeb to browse spots. It’s kind of a curated list of NZBs. So, most things you can find a spot for, are still actually available to download.

It was heavily used by the Dutch to distribute movies with baked-in (“ingebakken”) Dutch subtitles for older media players.

If you like to checkin manually to places, there’s PrivateSquare which will query places around you from Foursquare (so, 4sq will still see whereabout you are), but store the actual checkin in a local database.

If you want some automated tracking, I’m mostly happy with OwnTracks which logs to my DaWarIch instance. (I’ve previously used Traccar and php-owntracks-recorder.)

While I don’t see any battery usage from OwnTracks, my only gripe is that it can’t increase the amount of points logged when it detects movement because of Apple iOS limitations.

(For iOS, there’s also Geory which will log into a local database and CAN increase the logging by spawning a Live Activity. It gives me the most accurate logs so far. But they have to be exported manually to be stored elsewhere and the author wants to keep the app simple and doesn’t want to implement logging to external systems.)

I let CrowdSec determine that. I’m seeing /13, /12 and even /10 in my decisions list. All seem to be Amazon AWS ranges.

In the Traefik static configuration (usually traefik.yml), add this to load the CrowdSec plugin:

experimental:
  plugins:
    crowdsec-bouncer-traefik-plugin:
      moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
      version: "v1.4.2"

(The name for the plugin is defined here as crowdsec-bouncer-traefik-plugin.)

Then, in your dynamic configuration, add this (I’ve used a separate file dynamic_conf/050-plugin-crowdsec-bouncer.yml):

http:
  middlewares:
    crowdsec-bouncer:
      plugin:
        crowdsec-bouncer-traefik-plugin:
          CrowdsecLapiKey: "...YOUR CROWDSEC LAPI KEY HERE..."
          Enabled: true

(The name for this new middleware defined here is crowdsec-bouncer. It uses the crowdsec-bouncer-traefik-plugin defined in the previous step. Make sure these names match.)

You can get the LAPI key by registering a new bouncer in CrowdSec.

And, finally, make sure all incoming traffic routes through the bouncer plugin. You can do this individually, or in general via the static config:

entryPoints:

  websecure:
    address: :443
    http:
      middlewares:
        - crowdsec-bouncer@file
        - secure-headers@file

The middlewares are processed top to bottom.

Any change to the static configuration requires a restart of Traefik to become active.

I’ve recently enabled banning whole subnets if more than 3 malicious actors from that subnet are on the blocklist. This is great for all those DigitalOcean droplets and other cheap hosters used by those people…

I had fail2ban running for several years before switching to CrowdSec late last year. They both work in a similar fashion and watch your logfiles for break in attempts. With the small difference that CrowdSec also lets you use blocklists from the “crowd” to block malicious actors before they even get to try their luck on your machine(s).

I’m using CrowdSec with Traefik and nftables. But there are some bouncer plugins for nginx and OpnSense, too.

I just followed their example configurations for Docker, Docker Compose and then started tinkering with the config until everything worked as desired.

why bother with the aliases

Because once some service “loses” (or sells) your email and you start getting spam, it’s pretty easy to burn that specific email address and change it to something else with that specific service and the spam will stop.