From 027dba985515c3af4eb6c13704b58c1626e30f28 Mon Sep 17 00:00:00 2001 From: Mitchell Krog UB1 Date: Sat, 22 Oct 2016 10:07:10 +0200 Subject: [PATCH] New Referers / Bots Added --- conf.d/globalblacklist.conf | 110 +++++++++++++++++++++++++++++++++++- 1 file changed, 108 insertions(+), 2 deletions(-) diff --git a/conf.d/globalblacklist.conf b/conf.d/globalblacklist.conf index 6ae5e354f..ccb4b7020 100644 --- a/conf.d/globalblacklist.conf +++ b/conf.d/globalblacklist.conf @@ -10,11 +10,11 @@ ### Created By: https://github.com/mitchellkrogza/ ### Last Updated -### Sat Oct 22 09:03:42 SAST 2016 +### Sat Oct 22 10:07:10 SAST 2016 ### End Last Updated ### Generated in -### 0.116784095764 seconds +### 0.148224830627 seconds ### End Generated in ### Tested on: nginx/1.10.0 (Ubuntu 16.04) @@ -2227,6 +2227,39 @@ map $http_referer $bad_referer { "~*videos-for-your-business.com" 1; "~*video--production.com" 1; # END SEMALT BLOCK ### DO NOT EDIT THIS LINE AT ALL ### + +# ******************* +# MIRAI Botnet Attack +# ******************** +# New block added for all known domains and referers being used by +# the MIRAI botnet attack +# See - http://blog.level3.com/security/grinch-stole-iot/ + +# START MIRAI REFERERS ### DO NOT EDIT THIS LINE AT ALL ### + "~*b0ts.xf0.pw" 1; + "~*disabled.racing" 1; + "~*cnc.disabled.racing" 1; + "~*dongs.disabled.racing" 1; + "~*dongs.icmp.online" 1; + "~*eport.queryhost.xyz" 1; + "~*gay.disabled.racing" 1; + "~*icmp.online" 1; + "~*imscaredaf.xyz" 1; + "~*kankerc.queryhost.xyz" 1; + "~*lol.disabled.racing" 1; + "~*meme.icmp.online" 1; + "~*network.santasbigcandycane.cx" 1; + "~*penis.disabled.racing" 1; + "~*queryhost.xyz" 1; + "~*report.disabled.racing" 1; + "~*report.santasbigcandycane.cx" 1; + "~*report.xf0.pw" 1; + "~*reports.icmp.online" 1; + "~*santasbigcandycane.cx" 1; + "~*swinginwithme.ru" 1; + "~*xf0.pw" 1; +# END MIRAI REFERERS ### DO NOT EDIT THIS LINE AT ALL ### + } @@ -2355,6 +2388,79 @@ geo $validate_client { # START BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ### 169.229.3.91 0; # END BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ### + +# ******************* +# MIRAI Botnet Attack +# ******************* +# Known IP ranges being used in the Mirai Botnet Attack +# See - http://blog.level3.com/security/grinch-stole-iot/ + +# START MIRAIBOTNET IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### + 104.223.37.150 1; + 137.74.49.205 1; + 137.74.49.208 1; + 149.56.151.180 1; + 149.56.232.146 1; + 151.80.27.90 1; + 151.80.99.90 1; + 151.80.99.91 1; + 154.16.199.144 1; + 154.16.199.34 1; + 154.16.199.48 1; + 154.16.199.78 1; + 158.69.142.34 1; + 166.62.80.172 1; + 173.212.192.219 1; + 176.126.245.213 1; + 185.100.87.238 1; + 185.115.125.99 1; + 185.130.225.65 1; + 185.130.225.66 1; + 185.130.225.83 1; + 185.130.225.90 1; + 185.130.225.94 1; + 185.130.225.95 1; + 185.153.197.103 1; + 185.47.62.199 1; + 185.62.190.38 1; + 185.70.105.161 1; + 185.70.105.164 1; + 185.93.185.11 1; + 185.93.185.12 1; + 188.209.52.101 1; + 191.96.249.29 1; + 192.69.89.173 1; + 23.89.159.176 1; + 45.32.186.11 1; + 46.249.38.145 1; + 46.249.38.146 1; + 46.249.38.148 1; + 46.249.38.149 1; + 46.249.38.150 1; + 46.249.38.151 1; + 46.249.38.152 1; + 46.249.38.153 1; + 46.249.38.154 1; + 46.249.38.159 1; + 51.255.172.22 1; + 65.98.91.181 1; + 72.8.183.202 1; + 77.247.178.191 1; + 77.247.178.47 1; + 77.247.181.219 1; + 80.87.205.10 1; + 80.87.205.11 1; + 91.185.190.172 1; + 92.222.66.137 1; + 93.104.209.11 1; + 93.158.200.103 1; + 93.158.200.105 1; + 93.158.200.115 1; + 93.158.200.124 1; + 93.158.200.126 1; + 93.158.200.66 1; + 93.158.200.68 1; +# END MIRAIBOTNET BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### # **************************** # Other Bad IP's and IP Ranges