CSF Discuss Maxmind GeoLite2 Free Database Download Changes

To ensure you don't get interrupted in future, best to just register your own Maxmind account and use your own Maxmind API key if you want to use Geolite2 database - this ensures CSF Firewall and Nginx GeoIP2 Nginx module works as is. The potential issue right now is I provide a shared API key from my own Maxmind account for default installs of Centmin Mod. So if they ban my Maxmind account, that shared API key won't work.

---

For new Centmin Mod installs, they now default to DB-IP database for CSF Firewall https://community.centminmod.com/th...e-database-download-changes.18960/#post-93007 while shared Maxmind API key is still used for Nginx GeoIP Nginx which is an optional module not enabled by default in Centmin Mod so impact isn't that great if in future Maxmind would block my Maxmind account's shared API key.

 

Generally, Maxmind's GeoLite2 database has been more accurate in the past in detecting IPs and their country/city geolocation data than DP-IP. You can test out different geolocation databases reported geolocation data by inputting an IP address at https://www.iplocation.net/ip-lookup and seeing what each geolocation database reports for DP-IP, IP2Location, ipinfo.io, IPregistry, IPGeolocation.io, IPapi.co, IPAPI, and ipdata.co edit: looks like Maxmind database isn't shown anymore - it use to. Anyway, I usually use Maxmind's GeoLite2 database.

For Maxmind GeoLite2 database lookup, I setup a geolocation site on Centmin Mod powered server at What is my IP address? so you can check that too. It uses Centmin Mod Nginx's GeoLite2 module and Maxmind GeoLite2 database.

 

This serves as another reminder for folks running Centmin Mod in internationally sanctioned countries, that Maxmind is disabling their Geolite2 database download access in this countries come September 1, 2022 - next month. Better than their previous policy of blocking my entire Maxmind account!

Got an email from Maxmind again. I assume these are older Centmin Mod installs prior to May 2022 or Centmin Mod installs that haven't updated Centmin Mod for the changes to using DP-IP etc.

The below quoted statement by me is the current situation for Centmin Mod new installs since late May 2022 in that Centmin Mod doesn't use Maxmind Geolite2 database by default anymore for CSF Firewall but instead uses DP-IP geolocation database. However, Maxmind Geolite2 database is still used for optional Nginx Geolite2 Nginx module which isn't installed by default. If you need Maxmind Geolite2 database usage instead of DP-IP, follow below instructions and register your own Maxmind account and API key GeoLite2 Sign Up | MaxMind

Checking my Maxmind GeoLite2 database download stats for Centmin Mod shared API key after May 19 2022 switch away from Geolite2 database default CSF Firewall usage, there seems to be still 47,000+ downloads of the Geolite2 database from Centmin Mod shared API key! Seems like quite a few Centmin Mod users are either running older versions and/or haven't updated to use their own Maxmind API key! You can't break down downloads by country so can't see how many are from sanctioned countries unfortunately.

 

October 28, 2023 Update

Unfortunate news update. Looks like Maxmind folks now scan Github repositories for Maxmind GeoLite2 database API keys and came across Centmin Mod's shared API key I mentioned in quote above. They are deactivating that key and disabling its usage.

Solution:
For existing users, you can register your own Maxmind account and get your own API key as outlined at https://community.centminmod.com/th...eolite2-free-database-download-changes.18959/. For that, you can set MM_LICENSE_KEY variable with your own API key in persistent config file at /etc/centminmod/custom_config.inc with your manually obtained and generated Maxmind account's token API key via GeoLite2 Sign Up | MaxMind and generate the token API in Services > My License Key section of your Maxmind account or via link at https://www.maxmind.com/en/accounts/current/license-key and then run centmin.sh menu once and then exit, then both CSF Firewall and Nginx geoip2 nginx module routines will download GeoLite2 database via Maxmind API for latest version.

Both 124.00stable and 130.00beta01 by default out of the box already have switched CSF Firewall's geolocation database dependency away from Maxmind's Geolite2 database to DB-IP database. However, this year alone there was 180,000+ downloads linked to the shared API key, so a lot of Centmin Mod users manually still use it even when it's not the default option in latest Centmin Mod. This only fixes CSF Firewall's usage. But Nginx's optional Geolite2 Nginx module and Modsecurity still need to find a solution for. You can switch from Maxmind Geolite2 database to alternative DB-IP geolocation database via setting MM_CSF_SRC='n' by default.

So if you want to continue using Maxmind Geolite2 database, you'd have to register your own Maxmind account and get own API key and these 2 variables in persistent config file /etc/centminmod/custom_config.inc

Code (Text):

MM_LICENSE_KEY='YOUR_OWN_MAXMIND_API_KEY'
MM_CSF_SRC='y'

 

Indeed will need updating on Centmin Mod end

 

Centmin Mod 130.00beta01 has been updated to tackle Maxmind's latest changes in GeoLite2 database download policy and rate limits https://community.centminmod.com/th...ase-routines-for-nginx-in-130-00beta01.24815/. You can discuss these changes in existing thread at https://community.centminmod.com/th...eolite2-free-database-download-changes.18960/.

• Maxmind is now enforcing GeoLite2 database download rate limits as of March 2024 to 30 daily direct API downloads and recommends users to download a copy locally to distribute to many servers if you hit the limits https://support.maxmind.com/hc/en-us/articles/4408216129947-Download-and-Update-Databases
• Maxmind has been slowly clamping down on the free GeoLite2 database downloads see https://community.centminmod.com/th...eolite2-free-database-download-changes.18960/ and https://community.centminmod.com/th...eolite2-free-database-download-changes.18959/.
• Centmin Mod uses GeoLIte2 databases in 2 places, 1 is via CSF Firewall it optionally can use GeoLite2 database for IP address geo meta data lookups but defaults to now using alternative geo meta databases like DB-IP instead of GeoLite2 in CSF Firewall config file /etc/csf/csf.conf CC_SRC = "2" variable set as outlined at https://community.centminmod.com/th...eolite2-free-database-download-changes.18960/. The Maxmind changes here will need CSF Firewall developers to update if impacted
• Centmin Mod's 2nd usage of GeoLite2 database is in optional Nginx GeoLite2 nginx module which isn't enabled by default unless you set in persistent config file /etc/centminmod/custom_config.inc the variable NGINX_GEOIPTWOLITE='y' prior to centmin.sh menu option 4 Nginx upgrade/recompiles or prior to initial Centmin Mod installation. Centmin Mod 130.00beta01 latest update is for this second usage case for Nginx GeoLite2 nginx module routine to use cached copy if the Centmin Mod user doesn't setup their own Maxmind API key as outlined under solutions header in post at .https://community.centminmod.com/th...eolite2-free-database-download-changes.18960/
• Existing Centmin Mod 130.00beta01 users can get this update via cmupdate command. Once that is tested to work well, will also backport changes to 124.00stable.

edit: 124.00stable has also been updated for these changes https://community.centminmod.com/th...le-release-discussion.22675/page-2#post-99127