From 4d652579900f65c5ae9fcb8b9f82e5bfcabed898 Mon Sep 17 00:00:00 2001 From: Mitchell Krog UB1 Date: Fri, 9 Sep 2016 11:49:20 +0200 Subject: [PATCH] First Gen of globalblacklist.conf --- conf.d/globalblacklist.conf | 2172 +++++++++++++++++++++++++++++++++++ 1 file changed, 2172 insertions(+) create mode 100644 conf.d/globalblacklist.conf diff --git a/conf.d/globalblacklist.conf b/conf.d/globalblacklist.conf new file mode 100644 index 000000000..40552f8da --- /dev/null +++ b/conf.d/globalblacklist.conf @@ -0,0 +1,2172 @@ +### ********************************** +### THE ULTIMATE NGINX BAD BOT BLOCKER +### ********************************** + +### This file implements a checklist / blacklist for good user agents, bad user agents and +### bad referrers. It also has whitelisting for your own IP's and known good IP Ranges +### and also has rate limiting functionality for bad bots who you only want to rate limit +### and not actually block out entirely. It is powerful and also flexible. + +### Created By: https://github.com/mitchellkrogza/ + +### Last Updated +### Fri Sep 9 11:48:43 SAST 2016 +### End Last Updated + +### Generated in +### 0.121287584305 seconds +### End Generated in + +### Tested on: nginx/1.10.0 (Ubuntu 16.04) + +### ********* +### Features: +### ********* +### Clear formatting for Ease of Maintenance. +### Alphabetically ordered lists for Ease of Maintenance. +### Extensive Commenting for Ease of Reference. +### Extensive bad_bot list +### Extensive bad_referer list (please excuse the nasty words and domains) +### Simple regex patterns versus complicated messy regex patterns. +### Checks regardless of http / https urls or the lack of any protocol sent. +### IP range blocking / whitelisting. +### Rate Limiting Functions. + +### *** PLEASE READ ALL INLINE NOTES ON TESTING !!!! + +### I have this set up as an include in nginx.conf as +### Include /etc/nginx/conf.d/globalblacklist.conf +### This is loaded and available for any vhost to use in its config +### Each vhost then just needs the include file mentioned below for it to take effect. + +### Need I say, please don't just copy and paste this without reviewing what bots and +### referers are being blocked, you may want to exclude certain of them +### Also make SURE to whitelist your own IP's in the geo $bad_referer section. +### Know why you are using this or why you want to use it before you do, the implications +### are quite severe. + +### *** PLEASE READ INLINE NOTES ON TESTING !!!! + +### Note that: +### 0 = allowed - no limits +### 1 = allowed or rate limited less restrictive +### 2 = rate limited more +### 3 = block completely + +### To enable it in a host file you just need to add the blockbots.conf file as an include +### in either a server / location context. I use this on all sites in the server content +### so it blocks access before any of your location directives even take effect. +### I have this in a location /etc/nginx/bots.d/blockbots.conf +### The include is then "include /etc/nginx/bots.d/blockbots.conf;" + +### NEED I say do a "sudo nginx -t" to test the config is okay after adding these +### and if so then "sudo service nginx reload" for it to take effect. + + +# ********************************* +# FIRST BLOCK BY USER-AGENT STRINGS +# ********************************* + +# *************** +# PLEASE TEST !!! +# *************** + +# ALWAYS test any User-Agent Strings you add here to make sure you have it right +# Use a Chrome Extension called "User-Agent Switcher for Chrome" where you can create your +# own custom lists of User-Agents and test them easily against your rules below. + +# You can also use Curl to test user-agents as per example below +# curl -I http://www.yourdomain.com -A "GoogleBot" << 200 OK +# curl -I http://www.yourdomain.com -A "80legs" <<< 444 Dropped Connection + +# Here we also allow specific User Agents to come through that we want to allow + +# PLEASE NOTE: In all lists below I use Nginx case-insensitive matching ~* +# This means regardless of how you type the word, upper or lowercase or mixed it will +# be detected by Nginx Regex. Some Names are Capitalised simply for Ease of Reading. +# Especially important for both Googlebot and googlebot to be allowed through no? + +# Now we map all good and bad user agents to a variable called $bad_bot + +map $http_user_agent $bad_bot { + + default 0; + +# *********************** +# Allow Good Bots We Know +# *********************** +# https://perishablepress.com/list-all-user-agents-top-search-engines/ + +# START GOOD BOTS ### DO NOT EDIT THIS LINE AT ALL ### + "~*adidxbot" 0; + "~*AdsBot-Google" 0; + "~*aolbuild" 0; + "~*bingbot" 0; + "~*bingpreview" 0; + "~*DoCoMo" 0; + "~*duckduckgo" 0; + "~*facebookexternalhit" 0; + "~*Feedfetcher-Google" 0; + "~*Googlebot" 0; + "~*Googlebot-Image" 0; + "~*Google-HTTP-Java-Client" 0; + "~*Googlebot-Mobile" 0; + "~*Googlebot-News" 0; + "~*Googlebot/Test" 0; + "~*Googlebot-Video" 0; + "~*gsa-crawler" 0; + "~*Jakarta\ Commons" 0; + "~*Kraken/0.1" 0; + "~*LinkedInBot" 0; + "~*Mediapartners-Google" 0; + "~*msnbot" 0; + "~*msnbot-media" 0; + "~*SAMSUNG" 0; + "~*slurp" 0; + "~*teoma" 0; + "~*TwitterBot" 0; + "~*Wordpress" 0; + "~*yahoo" 0; +# END GOOD BOTS ### DO NOT EDIT THIS LINE AT ALL ### + +# **************************** +# Allowed Through +# **************************** +# I allow libwww-perl as I use it for monitoring systems with Munin but it is rate limited + +# START ALLOWED BOTS ### DO NOT EDIT THIS LINE AT ALL ### + "~*jetmon" 1; + "~*Lynx" 1; + "~*libwww-perl" 1; + "~*munin" 1; + "~*Wget/1.15" 1; + "~*WordPress" 1; +# END ALLOWED BOTS ### DO NOT EDIT THIS LINE AT ALL ### + +# ******************************************************************* +# Rate Limit / Block Other Bots who get a bit aggressive on bandwidth +# ******************************************************************* + +# START LIMITED BOTS ### DO NOT EDIT THIS LINE AT ALL ### + "~*Alexa" 2; + "~*archive.org" 2; + "~*Baidu" 2; + "~*FlipboardProxy" 2; + "~*ia_archiver" 2; + "~*Mozilla/4.0" 2; + "~*MSIE\ 7.0" 2; + "~*Presto" 2; + "~*R6_CommentReader" 2; + "~*R6_FeedFetcher" 2; + "~*RPT-HTTPClient" 2; + "~*Spaidu" 2; + "~*YandexBot" 2; + "~*YandexImages" 2; +# END LIMITED BOTS ### DO NOT EDIT THIS LINE AT ALL ### + +# **************************** +# Known Vulnerability Scanners +# **************************** + +# START KNOWN SCANNERS ### DO NOT EDIT THIS LINE AT ALL ### + "~*Acunetix" 3; + "~*FHscan" 3; + "~*masscan" 3; + "~*probethenet" 3; + "~*scanbot" 3; +# END KNOWN SCANNERS ### DO NOT EDIT THIS LINE AT ALL ### + +# **************************** +# Known Bad User Agents +# **************************** + +# START BAD BOTS ### DO NOT EDIT THIS LINE AT ALL ### + "~*80legs" 3; + "~*360Spider" 3; + "~*Aboundex" 3; + "~*Abonti" 3; + "~*AhrefsBot" 3; + "~*AIBOT" 3; + "~*aipbot" 3; + "~*aiHitBot" 3; + "~*Alexibot" 3; + "~*Alligator" 3; + "~*AllSubmitter" 3; + "~*Anarchie" 3; + "~*Apexoo" 3; + "~*asterias" 3; + "~*ASPSeek" 3; + "~*attach" 3; + "~*autoemailspider" 3; + "~*BackDoorBot" 3; + "~*BackStreet" 3; + "~*BackWeb" 3; + "~*Badass" 3; + "~*Bandit" 3; + "~*BatchFTP" 3; + "~*Battleztar\ Bazinga" 3; + "~*BBBike" 3; + "~*BDFetch" 3; + "~*Bigfoot" 3; + "~*Bitacle" 3; + "~*Black\ Hole" 3; + "~*BlackWidow" 3; + "~*BLEXBot" 3; + "~*BlowFish" 3; + "~*Blow" 3; + "~*boardreader" 3; + "~*BotALot" 3; + "~*Brandprotect" 3; + "~*Brandwatch" 3; + "~*Buddy" 3; + "~*BuiltBotTough" 3; + "~*Bullseye" 3; + "~*BunnySlippers" 3; + "~*calculon\ spider" 3; + "~*CCBot" 3; + "~*Cegbfeieh" 3; + "~*CheeseBot" 3; + "~*CherryPicker" 3; + "~*ChinaClaw" 3; + "~*Claritybot" 3; + "~*Cliqzbot" 3; + "~*Cogentbot" 3; + "~*CPython" 3; + "~*Collector" 3; + "~*Copier" 3; + "~*CopyRightCheck" 3; + "~*Copyscape" 3; + "~*Cosmos" 3; + "~*craftbot@yahoo.com" 3; + "~*CrazyWebCrawler" 3; + "~*Crescent" 3; + "~*CSHttp" 3; + "~*Custo" 3; + "~*DBLBot" 3; + "~*Demon" 3; + "~*Devil" 3; + "~*Disco" 3; + "~*DIIbot" 3; + "~*dirbuster" 3; + "~*discobot" 3; + "~*DittoSpyder" 3; + "~*DomainAppender" 3; + "~*DomainSigmaCrawler" 3; + "~*dotbot" 3; + "~*Download\ Demon" 3; + "~*Download\ Devil" 3; + "~*Download\ Wonder" 3; + "~*dragonfly" 3; + "~*Drip" 3; + "~*DTS\ Agent" 3; + "~*EasyDL" 3; + "~*ebingbong" 3; + "~*eCatch" 3; + "~*ECCP/1.0" 3; + "~*EirGrabber" 3; + "~*EMail\ Collector" 3; + "~*EmailCollector" 3; + "~*EMail\ Extractor" 3; + "~*EMail\ Siphon" 3; + "~*EmailSiphon" 3; + "~*EMail\ Wolf" 3; + "~*EmailWolf" 3; + "~*EroCrawler" 3; + "~*Exabot" 3; + "~*Express\ WebPictures" 3; + "~*Extractor" 3; + "~*ExtractorPro" 3; + "~*EyeNetIE" 3; + "~*ezooms" 3; + "~*fimap" 3; + "~*FlashGet" 3; + "~*flunky" 3; + "~*Foobot" 3; + "~*freeuploader" 3; + "~*FrontPage" 3; + "~*GalaxyBot" 3; + "~*Genieo" 3; + "~*GetRight" 3; + "~*GetWeb" 3; + "~*gigablast" 3; + "~*gigabot" 3; + "~*Go-Ahead-Got-It" 3; + "~*gotit" 3; + "~*Go!Zilla" 3; + "~*Grabber" 3; + "~*GrabNet" 3; + "~*Grafula" 3; + "~*grapeFX" 3; + "~*GrapeshotCrawler" 3; + "~*HaosouSpider" 3; + "~*Harvest" 3; + "~*Havij" 3; + "~*Heritrix" 3; + "~*hloader" 3; + "~*HMView" 3; + "~*HTTrack" 3; + "~*HTMLparser" 3; + "~*Huaweisymantecspider" 3; + "~*humanlinks" 3; + "~*iblog" 3; + "~*IlseBot" 3; + "~*imagefetch" 3; + "~*Image\ Fetch" 3; + "~*Image\ Stripper" 3; + "~*Image\ Sucker" 3; + "~*Indy\ Library" 3; + "~*InfoNaviRobot" 3; + "~*InfoTekies" 3; + "~*Intelliseek" 3; + "~*Internet\ Ninja" 3; + "~*internetVista\ monitor" 3; + "~*InterGET" 3; + "~*Iria" 3; + "~*JamesBOT" 3; + "~*JennyBot" 3; + "~*JetCar" 3; + "~*jbrofuzz" 3; + "~*JikeSpider" 3; + "~*JOC" 3; + "~*JOC\ Web\ Spider" 3; + "~*Joomla" 3; + "~*JustView" 3; + "~*Jyxobot" 3; + "~*Kenjin\ Spider" 3; + "~*Keyword\ Density" 3; + "~*lanshanbot" 3; + "~*larbin" 3; + "~*LeechFTP" 3; + "~*LeechGet" 3; + "~*LexiBot" 3; + "~*lftp" 3; + "~*libcurl" 3; + "~*libWeb" 3; + "~*libwhisker" 3; + "~*likse" 3; + "~*linkdexbot" 3; + "~*LinkpadBot" 3; + "~*LinkextractorPro" 3; + "~*LinkScan" 3; + "~*lmspider" 3; + "~*LNSpiderguy" 3; + "~*LinkWalker" 3; + "~*lwp-request" 3; + "~*LWP::Simple" 3; + "~*magpie-crawler" 3; + "~*Magnet" 3; + "~*Mag-Net" 3; + "~*mail.ru" 3; + "~*Mail.RU_Bot" 3; + "~*majestic12" 3; + "~*MarkMonitor" 3; + "~*MarkWatch" 3; + "~*Mass\ Downloader" 3; + "~*Mata\ Hari" 3; + "~*MegaIndex.ru" 3; + "~*Metauri" 3; + "~*Microsoft\ Data\ Access" 3; + "~*Microsoft\ URL\ Control" 3; + "~*MIDown\ tool" 3; + "~*MIIxpc" 3; + "~*Mister\ PiX" 3; + "~*MJ12bot" 3; + "~*MSIECrawler" 3; + "~*MSIE\ 6.0" 3; + "~*MS\ Web\ Services\ Client\ Protocol" 3; + "~*msrabot" 3; + "~*musobot" 3; + "~*Name\ Intelligence" 3; + "~*Nameprotect" 3; + "~*Navroad" 3; + "~*NearSite" 3; + "~*nessus" 3; + "~*NetAnts" 3; + "~*Netcraft" 3; + "~*netEstate\ NE\ Crawler" 3; + "~*NetMechanic" 3; + "~*NetSpider" 3; + "~*Net\ Vampire" 3; + "~*NetZIP" 3; + "~*NextGenSearchBot" 3; + "~*NICErsPRO" 3; + "~*niki-bot" 3; + "~*nikto" 3; + "~*NimbleCrawler" 3; + "~*Ninja" 3; + "~*Nmap" 3; + "~*NPbot" 3; + "~*Nutch" 3; + "~*Octopus" 3; + "~*Offline\ Explorer" 3; + "~*Offline\ Navigator" 3; + "~*omgilibot" 3; + "~*OpenLinkProfiler" 3; + "~*Openfind" 3; + "~*Openvas" 3; + "~*OrangeBot" 3; + "~*OrangeSpider" 3; + "~*OutfoxBot" 3; + "~*PageAnalyzer" 3; + "~*Page\ Analyzer" 3; + "~*PageGrabber" 3; + "~*Page\ Grabber" 3; + "~*Papa\ Foto" 3; + "~*pavuk" 3; + "~*pcBrowser" 3; + "~*PECL::HTTP" 3; + "~*Picscout" 3; + "~*Picsearch" 3; + "~*pimonster" 3; + "~*Pi-Monster" 3; + "~*Pixray" 3; + "~*Pockey" 3; + "~*POE-Component-Client-HTTP" 3; + "~*ProPowerBot" 3; + "~*ProWebWalker" 3; + "~*proximic" 3; + "~*psbot" 3; + "~*Pump" 3; + "~*PyCurl" 3; + "~*python-requests" 3; + "~*QueryN\ Metasearch" 3; + "~*Qwantify" 3; + "~*Rankivabot" 3; + "~*RealDownload" 3; + "~*Reaper" 3; + "~*Ripper" 3; + "~*Recorder" 3; + "~*ReGet" 3; + "~*RepoMonkey" 3; + "~*Rogerbot" 3; + "~*ScanAlert" 3; + "~*Scrapy" 3; + "~*Screaming\ Frog\ SEO\ Spider" 3; + "~*ScreenerBot" 3; + "~*searchestate" 3; + "~*SearchmetricsBot" 3; + "~*SemrushBot" 3; + "~*SEOkicks" 3; + "~*SEOkicks-Robot" 3; + "~*SEOlyticsCrawler" 3; + "~*seomoz" 3; + "~*SEOstats" 3; + "~*SISTRIX" 3; + "~*Siphon" 3; + "~*SiteExplorer" 3; + "~*Siteimprove" 3; + "~*SiteLockSpider" 3; + "~*SiteSucker" 3; + "~*Site\ Sucker" 3; + "~*SiteSnagger" 3; + "~*Slackbot-LinkExpanding" 3; + "~*SlySearch" 3; + "~*SmartDownload" 3; + "~*Snake" 3; + "~*Snapbot" 3; + "~*Snoopy" 3; + "~*Sogou\ web\ spider" 3; + "~*Sosospider" 3; + "~*SpaceBison" 3; + "~*spammen" 3; + "~*spanner" 3; + "~*SpankBot" 3; + "~*Spinn3r" 3; + "~*spbot" 3; + "~*sqlmap" 3; + "~*Sqlworm" 3; + "~*Sqworm" 3; + "~*Stripper" 3; + "~*Sucker" 3; + "~*Sucuri" 3; + "~*SuperBot" 3; + "~*SuperHTTP" 3; + "~*Surfbot" 3; + "~*SurveyBot" 3; + "~*suzuran" 3; + "~*Swiftbot" 3; + "~*SISTRIX\ Crawler" 3; + "~*Szukacz" 3; + "~*T8Abot" 3; + "~*tAkeOut" 3; + "~*Teleport" 3; + "~*TeleportPro" 3; + "~*Telesoft" 3; + "~*Telesphoreo" 3; + "~*Telesphorep" 3; + "~*The\ Intraformant" 3; + "~*TheNomad" 3; + "~*TightTwatBot" 3; + "~*Titan" 3; + "~*trendictionbot" 3; + "~*True_Robot" 3; + "~*turingos" 3; + "~*TurnitinBot" 3; + "~*Turnitin\ Robot" 3; + "~*Turnitin\ Bot" 3; + "~*Twice" 3; + "~*UptimeRobot/2.0" 3; + "~*URLy.Warning" 3; + "~*URLy\ Warning" 3; + "~*Vacuum" 3; + "~*VB\ Project" 3; + "~*VCI" 3; + "~*VeriCiteCrawler" 3; + "~*VoidEYE" 3; + "~*Voil" 3; + "~*WASALive-Bot" 3; + "~*WBSearchBot" 3; + "~*WebAuto" 3; + "~*WebBandit" 3; + "~*Web\ Bandit" 3; + "~*WebCopier" 3; + "~*Web\ Copier" 3; + "~*WEBDAV" 3; + "~*WEBDAV\ Client" 3; + "~*WebEnhancer" 3; + "~*Web\ Enhancer" 3; + "~*WebFetch" 3; + "~*Web\ Fetch" 3; + "~*WebGo\ IS" 3; + "~*Web\ Image\ Collector" 3; + "~*WebLeacher" 3; + "~*WebmasterWorldForumBot" 3; + "~*WebPix" 3; + "~*Web\ Pix" 3; + "~*WebReaper" 3; + "~*Web\ Reaper" 3; + "~*WebSauger" 3; + "~*Web\ Sauger" 3; + "~*webshag" 3; + "~*WebsiteExtractor" 3; + "~*Website\ Extractor" 3; + "~*WebsiteQuester" 3; + "~*Website\ Quester" 3; + "~*Webster" 3; + "~*WebStripper" 3; + "~*Web\ Stripper" 3; + "~*WebSucker" 3; + "~*Web\ Sucker" 3; + "~*WebWhacker" 3; + "~*Web\ Whacker" 3; + "~*WebZIP" 3; + "~*WeSEE" 3; + "~*Whack" 3; + "~*Whacker" 3; + "~*whatweb" 3; + "~*Widow" 3; + "~*WinHTTrack" 3; + "~*WiseGuys\ Robot" 3; + "~*WISENutbot" 3; + "~*wonderbot" 3; + "~*woobot" 3; + "~*WWWOFFLE" 3; + "~*WWW::Mechanize" 3; + "~*WWW-Collector-E" 3; + "~*Xaldon_WebSpider" 3; + "~*Xaldon\ WebSpider" 3; + "~*Xenu" 3; + "~*Y!J-ASR" 3; + "~*YoudaoBot" 3; + "~*Zade" 3; + "~*Zeus" 3; + "~*zgrab" 3; + "~*zitebot" 3; + "~*ZmEu" 3; + "~*ZumBot" 3; + "~*Zyborg" 3; +# END BAD BOTS ### DO NOT EDIT THIS LINE AT ALL ### +} + + +# **************************************** +# SECOND BLOCK BY REFERER STRINGS AND URLS +# **************************************** + +# Add here all referrer words and URL's that are to blocked. + +# ***************** +# PLEASE TEST !!!! +# ***************** + +# ALWAYS test referers that you add. This is done manually as follows + +# curl -I http://www.yourdomain.com -e http://anything.adcash.com +# curl -I http://www.yourdomain.com -e http://www.goodwebsite.com/not-adcash +# curl -I http://www.yourdomain.com -e http://www.betterwebsite.com/not/adcash + +# This uses curl to send the referer string to your site and you should see an immediate +# 403 Forbidden Error or No Response at all if you use the 444 error like I do. + +# Because of case-insensitive matching any combination of capitilization in the names +# will all produce a positive hit - make sure you always test thoroughly and monitor logs +# This also does NOT check for a preceding www. nor does it check for it ending in .com +# .net .org or any long string attached at the end. It also does not care if the referer +# was sent with http https or even ftp. + +# REAL WORLD EXAMPLE +# ******************* +# If you were a photographer like me and say took a photo of a "girl" and you then posted +# a blog showing everyone your new photo and your blog slug / permalink was +# http://www.mysite.com/blog/photo-of-girl/ +# You can go and monitor your logs and you will see lots of 444 from other pages on your +# site that have been clicked on sending that page as a referer so in the example below +# you will generate a 403 error. + +# curl --referer http://www.mysite.com/blog/photo-of-girl/ http://www.mysite.com/ + +# So please be careful with these and think carefully before you add new words. +# Remember we are trying to keep out the general riff-raff not kill your web sites. + +# ********************************************************************** +# Now we map all bad referer words below to a variable called $bad_words +# ********************************************************************** + +map $http_referer $bad_words { + default 0; + +# ************************ +# Bad Referer Single Words +# ************************ + +# Found tagged onto domains or in query strings. + +# START BAD REFERER WORDS ### DO NOT EDIT THIS LINE AT ALL ### + "~*advair" 1; + "~*allegra" 1; + "~*amateurxpass" 1; + "~*ambien" 1; + "~*amoxicillin" 1; + "~*asshole" 1; + "~*baccarat" 1; + "~*beastiality" 1; + "~*bestiality" 1; + "~*bithack" 1; + "~*blackjack" 1; + "~*blogincome" 1; + "~*blowjob" 1; + "~*bontril" 1; + "~*cialis" 1; + "~*cunt" 1; + "~*effexor" 1; + "~*fuck" 1; + "~*gaysex" 1; + "~*hardcore" 1; + "~*hold-em" 1; + "~*holdem" 1; + "~*iconsurf" 1; + "~*ilovevitaly" 1; + "~*incest" 1; + "~*internetsupervision" 1; + "~*levitra" 1; + "~*lipitor" 1; + "~*makemoneyonline" 1; + "~*make-money-online" 1; + "~*myftpupload" 1; + "~*nudeceleb" 1; + "~*paxil" 1; + "~*phentermine" 1; + "~*pussy" 1; + "~*screentoolkit" 1; + "~*seoexperimenty" 1; + "~*syntryx" 1; + "~*titten" 1; + "~*tramadol" 1; + "~*tramidol" 1; + "~*valtrex" 1; + "~*viagra" 1; + "~*vicodin" 1; + "~*xanax" 1; + "~*zanax" 1; + "~*zoloft" 1; +# END BAD REFERER WORDS ### DO NOT EDIT THIS LINE AT ALL ### +} + +# ************************ +# Bad Referer Domain Names +# ************************ + +# Now a list of bad referer urls these domains or any combination of them ie .com .net +# will be blocked out. Doesn't matter if the protocol is http, https or even ftp + +# ***************** +# PLEASE TEST !!!! +# ***************** + +# ALWAYS test referers that you add. This is done manually as follows + +# curl -I http://www.yourdomain.com -e http://8gold.com + +# This uses curl to send the referer string to your site and you should see an immediate +# 403 Forbidden Error or No Response at all if you use the 444 error like I do. + +# Because of case-insensitive matching any combination of capitilization +# will all produce a positive hit - make sure you always test. + +# curl -I http://www.yourdomain.com -e http://NOT-8gold.com +# curl -I http://www.yourdomain.com -e http://this.is.not8gOlD.net +# curl -I http://www.yourdomain.com -e ftp://8gold.com +# curl -I http://www.yourdomain.com -e ftp://www.weare8gold.NET +# curl -I http://www.yourdomain.com -e https://subdomain.8gold.com +# curl -I http://www.yourdomain.com -e https://NOT8GolD.org + +# This works exactly like the bad referer word lists above and is very strict !!! +# I have gone for the simple stricter approach which blocks all variants for those +# who just hop out and but another domain name. + +# In some cases I block an actual domain like izito.co.za which is a small search +# engine in South Africa which I don't particularly want feeding off my site. +# If you are ever unsure about adding a new referer to this list rather than add them +# with their domain name extension to avoid any false positives. + +# So if you see a bad referer from wearegoogle.com and you want to block them just add +# them as "~*wearegoogle.com" don't ever go and do something like "~*google(-|.)" you will +# kill all your SEO in a week. + +# I also include any sites that hotlink images from my sites into the list below. +# There are hundreds of image stealing sites out there so this list WILL grow now doubt. + + +# *********************************************************************** +# Now we map all good & bad referer urls to variable called #bad_referer +# *********************************************************************** + +map $http_referer $bad_referer { + hostnames; + default 0; + +# ************************************************************************************** +# GOOD REFERERS - Spared from Checking - Your own web site domain names and server names +# ************************************************************************************** + +# Add your own domain names here to spare them from referer checking (one per line) + "~*~*mydomain.com" 0; + +# START BAD REFERERS ### DO NOT EDIT THIS LINE AT ALL ### + "~*0n-line.tv" 1; + "~*1-free-share-buttons.com" 1; + "~*100dollars-seo.com" 1; + "~*101imagedatabase.com" 1; + "~*12masterov.com" 1; + "~*1kinobig.ru" 1; + "~*1pamm.ru" 1; + "~*1webmaster.ml" 1; + "~*214jaluwobapef.cf" 1; + "~*273-fz.ru" 1; + "~*2your.site" 1; + "~*45tahunkhongguan.com" 1; + "~*4istoshop.com" 1; + "~*4webmasters.org" 1; + "~*5forex.ru" 1; + "~*6hopping.com" 1; + "~*76brighton.com" 1; + "~*7makemoneyonline.com" 1; + "~*7zap.com" 1; + "~*883zy.com" 1; + "~*8gold.com" 1; + "~*abiente.ru" 1; + "~*abovetherivernc.com" 1; + "~*absolute-s.ru" 1; + "~*acads.net" 1; + "~*actremage.com" 1; + "~*acunetix-referrer.com" 1; + "~*adcash.com" 1; + "~*addons.mozilla.org/en-US/firefox/addon/ilovevitaly" 1; + "~*adelly.bg" 1; + "~*adf.ly" 1; + "~*adminshop.com" 1; + "~*adspart.com" 1; + "~*adtiger.tk" 1; + "~*adultactioncam.com" 1; + "~*adultgalls.com" 1; + "~*adultnet.in" 1; + "~*adventureparkcostarica.com" 1; + "~*adviceforum.info" 1; + "~*advokateg.co" 1; + "~*advokateg.com" 1; + "~*advokateg.ru" 1; + "~*affordablewebsitesandmobileapps.com" 1; + "~*afora.ru" 1; + "~*ahrefs.com" 1; + "~*akuhni.by" 1; + "~*alarmobninsk.ru" 1; + "~*alborzan.com" 1; + "~*alessandraleone.com" 1; + "~*alfa9.com" 1; + "~*alibestsale.com" 1; + "~*aliexpress.com" 1; + "~*all-number.com" 1; + "~*all4invest.ru" 1; + "~*allknow.info" 1; + "~*allkrim.com" 1; + "~*allnews.md" 1; + "~*anal-acrobats.com" 1; + "~*anticrawler.org" 1; + "~*alphacarolinas.com" 1; + "~*allboard.xobor.de" 1; + "~*allsilver925.co.il" 1; + "~*allwidewallpapers.com" 1; + "~*allwomen.info" 1; + "~*alot.com" 1; + "~*alpharma.net" 1; + "~*altermix.ua" 1; + "~*alveris.ru" 1; + "~*amanda-porn.ga" 1; + "~*amt-k.ru" 1; + "~*anapa-inns.ru" 1; + "~*android-style.com" 1; + "~*ansar-u-deen.com" 1; + "~*anticrawler.org" 1; + "~*aosheng-tech.com" 1; + "~*approved.su" 1; + "~*arabgirls.adultgalls.com" 1; + "~*arate.ru" 1; + "~*arclk.net" 1; + "~*arendakvartir.kz" 1; + "~*arkkivoltti.net" 1; + "~*artdeko.info" 1; + "~*artparquet.ru" 1; + "~*artpicso.com" 1; + "~*aruplighting.com" 1; + "~*asseenontv.ru" 1; + "~*audiobangout.com" 1; + "~*auto-moto-elektronika.cz" 1; + "~*auto-zapchasti.org" 1; + "~*auto.rusvile.lt" 1; + "~*autobrennero.it" 1; + "~*autobudpostach.club" 1; + "~*autoplate.info" 1; + "~*autovideobroadcast.com" 1; + "~*aviva-limoux.com" 1; + "~*avkzarabotok.com" 1; + "~*avkzarabotok.info" 1; + "~*avramstroy.ru" 1; + "~*avtocredit-legko.ru" 1; + "~*avtolombard-krasnodar.com" 1; + "~*awency.com" 1; + "~*axbocz.net" 1; + "~*ayakino.net" 1; + "~*azartclub.org" 1; + "~*azartmix.com" 1; + "~*azartniy-bonus.com" 1; + "~*azazu.ru" 1; + "~*azlex.uz" 1; + "~*babespcs.com" 1; + "~*bablonow.ru" 1; + "~*backgroundpictures.net" 1; + "~*backlinkwatch.com" 1; + "~*baixar-musicas-gratis.com" 1; + "~*baladur.ru" 1; + "~*balitouroffice.com" 1; + "~*bard-real.com.ua" 1; + "~*basedecor.ru" 1; + "~*bausparen.bz.it" 1; + "~*bbtec.net" 1; + "~*beachpics.com" 1; + "~*beauty-clinic.ru" 1; + "~*beauty-things.com" 1; + "~*berlininsl.com" 1; + "~*bestchoice.cf" 1; + "~*best-deals-products.com" 1; + "~*bestimagecoollibrary.com" 1; + "~*bestmobilityscooterstoday.com" 1; + "~*bestofferswalkmydogouteveryday.gq" 1; + "~*bestofpicture.com" 1; + "~*bestwebsitesawards.com" 1; + "~*betonka.pro" 1; + "~*bif-ru.info" 1; + "~*biglistofwebsites.com" 1; + "~*bikini-image.com" 1; + "~*billiard-classic.com.ua" 1; + "~*binomo.kz" 1; + "~*bio-japan.net" 1; + "~*bio.trade-jp.net" 1; + "~*bioca.org" 1; + "~*biznesluxe.ru" 1; + "~*biznesschat.net" 1; + "~*bizru.info" 1; + "~*bkns.vn" 1; + "~*black-friday.ga" 1; + "~*blackhatworth.com" 1; + "~*blackle.com" 1; + "~*blagovest-med.ru" 1; + "~*blogporn.in" 1; + "~*blogtotal.de" 1; + "~*blue-square.biz" 1; + "~*bluerobot.info" 1; + "~*boleznikogi.com" 1; + "~*boobsimge.com" 1; + "~*bookmark4you.biz" 1; + "~*bookmark4you.com" 1; + "~*boost-my-site.com" 1; + "~*braip.com.br" 1; + "~*brakehawk.com" 1; + "~*break-the-chains.com" 1; + "~*bristolhostel.com" 1; + "~*bristolhotel.com" 1; + "~*bristolhotel.com.ua" 1; + "~*brk-rti.ru" 1; + "~*brothers-smaller.ru" 1; + "~*bruce-holdeman.com" 1; + "~*brus.city" 1; + "~*bscodecs.com" 1; + "~*budmavtomatika.com.ua" 1; + "~*budpost.com.ua" 1; + "~*burger-imperia.com" 1; + "~*burn-fat.ga" 1; + "~*buttons-for-website.com" 1; + "~*buttons-for-your-website.com" 1; + "~*buy-cheap-online.info" 1; + "~*buy-cheap-pills-order-online.com" 1; + "~*buy-forum.ru" 1; + "~*buyantiviralwp.com" 1; + "~*buyessaynow.biz" 1; + "~*buypharmacydrug.com" 1; + "~*bycontext.com" 1; + "~*c-english.ru" 1; + "~*cacheimages.com" 1; + "~*cakics.com" 1; + "~*calc-for-credit.ru" 1; + "~*call-of-duty.info" 1; + "~*callejondelpozo.es" 1; + "~*canphotograph.com" 1; + "~*canrole.com" 1; + "~*carapics.com" 1; + "~*cardiosport.com.ua" 1; + "~*carsnumber.com" 1; + "~*carsplate.com" 1; + "~*cartechnic.ru" 1; + "~*castingbank.ru" 1; + "~*cbcseward.com" 1; + "~*cbox.ws" 1; + "~*celebsopics.com" 1; + "~*cenokos.ru" 1; + "~*cenoval.ru" 1; + "~*cezartabac.ro" 1; + "~*chcu.net" 1; + "~*cheerlemage.com" 1; + "~*chelyabinsk.xrus.org" 1; + "~*cherrypointplace.ca" 1; + "~*cherubinimobili.it" 1; + "~*chinese-amezon.com" 1; + "~*chiptuninger.com" 1; + "~*ci.ua" 1; + "~*cityadspix.com" 1; + "~*civilwartheater.com" 1; + "~*clicksor.com" 1; + "~*clinchimage.com" 1; + "~*clipartnew.com" 1; + "~*clmforexeu.com" 1; + "~*clgrmgds.com" 1; + "~*coderstate.com" 1; + "~*codysbbq.com" 1; + "~*collectionimags.com" 1; + "~*collemages.com" 1; + "~*conciergegroup.org" 1; + "~*connectikastudio.com" 1; + "~*constantaservice.net" 1; + "~*contextualyield.com" 1; + "~*coolingoods.com" 1; + "~*coolinstagoods.com" 1; + "~*cool-wedding.net" 1; + "~*cookie-law-enforcement-aa.xyz" 1; + "~*cookie-law-enforcement-bb.xyz" 1; + "~*cookie-law-enforcement-cc.xyz" 1; + "~*cookie-law-enforcement-dd.xyz" 1; + "~*cookie-law-enforcement-ee.xyz" 1; + "~*cookie-law-enforcement-ff.xyz" 1; + "~*cookie-law-enforcement-gg.xyz" 1; + "~*cookie-law-enforcement-hh.xyz" 1; + "~*cookie-law-enforcement-ii.xyz" 1; + "~*cookingmeat.ru" 1; + "~*coolgramgoods.com" 1; + "~*cool-wedding.net" 1; + "~*copyrightclaims.org" 1; + "~*covadhosting.biz" 1; + "~*crafthubs.com" 1; + "~*creditmoney.com.ua" 1; + "~*cubook.supernew.org" 1; + "~*curatorimages.com" 1; + "~*customcatchcan.com" 1; + "~*customchocolate.business-for-home.com" 1; + "~*customsua.com.ua" 1; + "~*cutalltheshit.com" 1; + "~*cyber-monday.ga" 1; + "~*cyprusbuyproperties.com" 1; + "~*dailyrank.net" 1; + "~*darodar.com" 1; + "~*dbutton.net" 1; + "~*deadlinkchecker.com" 1; + "~*dear-diary.ru" 1; + "~*decorationspcs.com" 1; + "~*dekorkeramik.ru" 1; + "~*delfin-aqua.com.ua" 1; + "~*demenageur.com" 1; + "~*den-noch24.ru" 1; + "~*depositfiles-porn.com" 1; + "~*descargar-musica-gratis.net" 1; + "~*detskie-konstruktory.ru" 1; + "~*dimkino.ru" 1; + "~*dipstar.org" 1; + "~*directrev.com" 1; + "~*discountliv.com" 1; + "~*distver.ru" 1; + "~*diy-handmade-ideas.com" 1; + "~*djekxa.ru" 1; + "~*djonwatch.ru" 1; + "~*dktr.ru" 1; + "~*dnepr-avtospar.com.ua" 1; + "~*dneprsvet.com.ua" 1; + "~*dogoimage.com" 1; + "~*dogshowsonice.com" 1; + "~*dojki-hd.com" 1; + "~*domaintuno.com" 1; + "~*doktoronline.no" 1; + "~*dokumentalkino.net" 1; + "~*domainsatcost.com" 1; + "~*domain-tracker.com" 1; + "~*dominateforex.ml" 1; + "~*domination.ml" 1; + "~*dominterior.org" 1; + "~*doska-vsem.ru" 1; + "~*dostavka-v-krym.com" 1; + "~*dotnetdotcom.org" 1; + "~*drugstoreforyou.com" 1; + "~*drupa.com" 1; + "~*dvr.biz.ua" 1; + "~*e-buyeasy.com" 1; + "~*e-collantes.com" 1; + "~*e-kwiaciarz.pl" 1; + "~*e-poker-2005.com" 1; + "~*e2click.com" 1; + "~*easycommerce.cf" 1; + "~*easync.io" 1; + "~*easyshoppermac.com" 1; + "~*ecomp3.ru" 1; + "~*econom.co" 1; + "~*edakgfvwql.ru" 1; + "~*edelstahlschornstein-123.de" 1; + "~*egovaleo.it" 1; + "~*ekatalog.xyz" 1; + "~*ekaterinburg.xrus.org" 1; + "~*ekspertmed.com" 1; + "~*ekto.ee" 1; + "~*el-nation.com" 1; + "~*elitesportsadvisor.com" 1; + "~*elmifarhangi.com" 1; + "~*embedle.com" 1; + "~*empathica.com" 1; + "~*empirepoker.com" 1; + "~*envaseslotusama.com" 1; + "~*eredijovon.com" 1; + "~*eropornosex.ru" 1; + "~*erot.co" 1; + "~*escort-russian.com" 1; + "~*eshopcomp.com" 1; + "~*este-line.com.ua" 1; + "~*eu-cookie-law-enforcement-4.xyz" 1; + "~*eu-cookie-law-enforcement-5.xyz" 1; + "~*eu-cookie-law-enforcement-6.xyz" 1; + "~*eu-cookie-law-enforcement-7.xyz" 1; + "~*eu-cookie-law-enforcement1.xyz" 1; + "~*eu-cookie-law-enforcement2.xyz" 1; + "~*eu-cookie-law.blogspot.com" 1; + "~*eupornstar.info" 1; + "~*euromasterclass.ru" 1; + "~*euronis-free.com" 1; + "~*europages.com.ru" 1; + "~*eurosamodelki.ru" 1; + "~*event-tracking.com" 1; + "~*example.com" 1; + "~*exchangeit.gq" 1; + "~*expresstoplivo.ru" 1; + "~*extener.com" 1; + "~*extremez.net" 1; + "~*eyemagination.com" 1; + "~*facebook-mobile.xyz" 1; + "~*falcoware.com" 1; + "~*family1st.ca" 1; + "~*fantasticpixcool.com" 1; + "~*fast-wordpress-start.com" 1; + "~*fastcrawl.com" 1; + "~*fbdownloader.com" 1; + "~*fbfreegifts.com" 1; + "~*fceateachers.com" 1; + "~*fealq.com" 1; + "~*fearcrow.com" 1; + "~*feedback.sharemyfile.ru" 1; + "~*feedouble.com" 1; + "~*feedouble.net" 1; + "~*ferretsoft.com" 1; + "~*ferieboligkbh.dk" 1; + "~*fidelityfunding.com" 1; + "~*film-one.ru" 1; + "~*filmetricsasia.com" 1; + "~*finteks.ru" 1; + "~*fitnesspiks.com" 1; + "~*fitness-video.net" 1; + "~*flight-tickets.info" 1; + "~*floating-share-buttons.com" 1; + "~*flooringinstallation-edmonton.com" 1; + "~*flowecs.com" 1; + "~*flprog.com" 1; + "~*fm-upgrade.ru" 1; + "~*footbalive.org" 1; + "~*for-your.website" 1; + "~*forex-procto.ru" 1; + "~*forsex.info" 1; + "~*fortawesome.github.io" 1; + "~*forum.tvmir.org" 1; + "~*forum69.info" 1; + "~*forumprofi.de" 1; + "~*foto-telok.net" 1; + "~*foxinsocks.ru" 1; + "~*foxtechfpv.com" 1; + "~*freakycheats.com" 1; + "~*free-floating-buttons.com" 1; + "~*free-share-buttons-aaa.xyz" 1; + "~*free-share-buttons-bbb.xyz" 1; + "~*free-share-buttons-ccc.xyz" 1; + "~*free-share-buttons-ddd.xyz" 1; + "~*free-share-buttons-eee.xyz" 1; + "~*free-share-buttons-fff.xyz" 1; + "~*free-share-buttons.blogspot.com" 1; + "~*free-share-buttons.com" 1; + "~*free-social-buttons-aaa.xyz" 1; + "~*free-social-buttons-bbb.xyz" 1; + "~*free-social-buttons-ccc.xyz" 1; + "~*free-social-buttons-ddd.xyz" 1; + "~*free-social-buttons-eee.xyz" 1; + "~*free-social-buttons-fff.xyz" 1; + "~*free-social-buttons-hhh.xyz" 1; + "~*free-social-buttons-iii.xyz" 1; + "~*free-social-buttons.com" 1; + "~*free-social-buttons.xyz" 1; + "~*free-social-buttons1.xyz" 1; + "~*free-social-buttons6.xyz" 1; + "~*free-social-buttons7.xyz" 1; + "~*free-stock-illustration.com" 1; + "~*free-traffic.xyz" 1; + "~*freeseedsonline.com" 1; + "~*freshwallpapers.info" 1; + "~*freeuploader.com" 1; + "~*freeuploader.ml" 1; + "~*freewhatsappload.com" 1; + "~*fsalas.com" 1; + "~*ftns.ru" 1; + "~*fuck-paid-share-buttons.xyz" 1; + "~*fungirlsgames.net" 1; + "~*funnypica.com" 1; + "~*gallerily.com" 1; + "~*galleryimagesrug.com" 1; + "~*gallerylisting.com" 1; + "~*gazobeton-p.com.ua" 1; + "~*gazoblok.net.ua" 1; + "~*gazporno.com" 1; + "~*gdebestkupit.ru" 1; + "~*generalporn.org" 1; + "~*generic-pills-online.com" 1; + "~*genericviagrasildenafiled.net" 1; + "~*germes-trans.com" 1; + "~*get-free-social-traffic.com" 1; + "~*get-free-traffic-now.com" 1; + "~*get-your-social-buttons.info" 1; + "~*getlamborghini.ga" 1; + "~*getmyads24.com" 1; + "~*getoutofdebtfree.org" 1; + "~*getprismatic.com" 1; + "~*getrichquick.ml" 1; + "~*getrichquickly.info" 1; + "~*ghazel.ru" 1; + "~*ghostvisitor.com" 1; + "~*gifspics.com" 1; + "~*gigablast.com" 1; + "~*girlporn.ru" 1; + "~*girlspicsa.com" 1; + "~*gkvector.ru" 1; + "~*glass-msk.ru" 1; + "~*glavprofit.ru" 1; + "~*gobongo.info" 1; + "~*gogps.me" 1; + "~*goodprotein.ru" 1; + "~*googlemare.com" 1; + "~*googlsucks.com" 1; + "~*gopixdatabase.com" 1; + "~*gototal.co.nz" 1; + "~*gragoods.com" 1; + "~*grand-chlen.ru" 1; + "~*growshop.es" 1; + "~*gsmtlf.ru" 1; + "~*guardlink.com" 1; + "~*guardlink.org" 1; + "~*guruofcasino.com" 1; + "~*h2monline.com" 1; + "~*handicapvantoday.com" 1; + "~*handmadepics.net" 1; + "~*hasfun.com" 1; + "~*hazardky.net" 1; + "~*hd720kino.ru" 1; + "~*hdmoviecamera.net" 1; + "~*hdmoviecams.com" 1; + "~*hdmoviecams.net" 1; + "~*hdpixent.com" 1; + "~*hdpixion.com" 1; + "~*hellokittyimg.com" 1; + "~*hifidesign.ru" 1; + "~*highprofitclub.com" 1; + "~*histats.com" 1; + "~*hmmm.cz" 1; + "~*hol.es" 1; + "~*homelygarden.com" 1; + "~*hongfanji.com" 1; + "~*horseimg.com" 1; + "~*hostcritique.com" 1; + "~*hosting-tracker.com" 1; + "~*hostingclub.lk" 1; + "~*hotblog.top" 1; + "~*hotwatersdamps.com" 1; + "~*houseofrose.com" 1; + "~*how-to-earn-quick-money.com" 1; + "~*howopen.ru" 1; + "~*howtostopreferralspam.eu" 1; + "~*hspline.com" 1; + "~*https-legalrc.biz" 1; + "~*hulfingtonpost.com" 1; + "~*humanorightswatch.org" 1; + "~*hundejo.com" 1; + "~*hvd-store.com" 1; + "~*hyipmanager.in" 1; + "~*i-x.wiki" 1; + "~*ibb.com.ua" 1; + "~*ico.re" 1; + "~*idc.com.ua" 1; + "~*ideaspicz.com" 1; + "~*ideibiznesa2015.ru" 1; + "~*ideoworld.org" 1; + "~*ifirestarter.ru" 1; + "~*igrovyeavtomaty777.ru" 1; + "~*igru-xbox.net" 1; + "~*ilikevitaly.com" 1; + "~*iloveitaly.ro" 1; + "~*iloveitaly.ru" 1; + "~*ilovevitaly.co" 1; + "~*ilovevitaly.com" 1; + "~*ilovevitaly.info" 1; + "~*ilovevitaly.org" 1; + "~*ilovevitaly.ro" 1; + "~*ilovevitaly.ru" 1; + "~*ilovevitaly.xyz" 1; + "~*imabase.com" 1; + "~*imagecoolpub.com" 1; + "~*imagesproduct.com" 1; + "~*imediadesk.com" 1; + "~*imgata.com" 1; + "~*iminent.com" 1; + "~*imogoods.com" 1; + "~*imperiafilm.ru" 1; + "~*inboxdollars.com" 1; + "~*incolors.club" 1; + "~*increasewwwtraffic.info" 1; + "~*instoods.com" 1; + "~*interesnie-faktu.ru" 1; + "~*intermesh.net" 1; + "~*investingclub.ru" 1; + "~*investpamm.ru" 1; + "~*invivo.hu" 1; + "~*inzn.ru" 1; + "~*iqbazar.ru" 1; + "~*iqoption-bin.com" 1; + "~*iqoption.pro" 1; + "~*i-service.kz" 1; + "~*isistaylorporn.info" 1; + "~*iskalko.ru" 1; + "~*ispaniya-costa-blanca.ru" 1; + "~*istanbulit.com" 1; + "~*istock-mebel.ru" 1; + "~*it-max.com.ua" 1; + "~*itbc.kiev.ua" 1; + "~*itrevolution.cf" 1; + "~*itronics.ca" 1; + "~*itsdp3.com" 1; + "~*izhevsk.xrus.org" 1; + "~*izoll.ru" 1; + "~*jamiembrown.com" 1; + "~*janettabridal.com" 1; + "~*jasonpartington.com" 1; + "~*jazzstyle4us.com" 1; + "~*jjbabskoe.ru" 1; + "~*joinandplay.me" 1; + "~*joingames.org" 1; + "~*justprofit.xyz" 1; + "~*jwss.cc" 1; + "~*kabbalah-red-bracelets.com" 1; + "~*kambasoft.com" 1; + "~*kanimage.com" 1; + "~*karusel-market.ru" 1; + "~*kazinogames.lv" 1; + "~*kazan.xrus.org" 1; + "~*kazrent.com" 1; + "~*kino-fun.ru" 1; + "~*kino-key.info" 1; + "~*kino-rating.ru" 1; + "~*kinobaks.com" 1; + "~*kinofak.net" 1; + "~*kinoflux.net" 1; + "~*kinogonew.ru" 1; + "~*kinopolet.net" 1; + "~*kinostorm.net" 1; + "~*kiwe-analytics.com" 1; + "~*kiwi237au.tk" 1; + "~*knigonosha.net" 1; + "~*konkursov.net" 1; + "~*konoplisemena.com" 1; + "~*kosova.de" 1; + "~*kosynka-games.ru" 1; + "~*kraljeva-sutjeska.com" 1; + "~*krasivye-devushki.net" 1; + "~*krasnodar.xrus.org" 1; + "~*krynica.info" 1; + "~*kupit-adenu.ru" 1; + "~*kupitwindows.com" 1; + "~*kw21.org" 1; + "~*lakesimg.com" 1; + "~*laudit.ru" 1; + "~*lancheck.net" 1; + "~*law-enforcement-aa.xyz" 1; + "~*law-enforcement-bb.xyz" 1; + "~*law-enforcement-bot-aa.xyz" 1; + "~*law-enforcement-bot-bb.xyz" 1; + "~*law-enforcement-bot-cc.xyz" 1; + "~*law-enforcement-bot-dd.xyz" 1; + "~*law-enforcement-bot-ee.xyz" 1; + "~*law-enforcement-bot-ff.xyz" 1; + "~*law-enforcement-bot-hh.xyz" 1; + "~*law-enforcement-bot-ii.xyz" 1; + "~*law-enforcement-cc.xyz" 1; + "~*law-enforcement-check-eight.xyz" 1; + "~*law-enforcement-check-five.xyz" 1; + "~*law-enforcement-check-four.xyz" 1; + "~*law-enforcement-check-nine.xyz" 1; + "~*law-enforcement-check-one.xyz" 1; + "~*law-enforcement-check-six.xyz" 1; + "~*law-enforcement-check-three.xyz" 1; + "~*law-enforcement-check-two.xyz" 1; + "~*law-enforcement-dd.xyz" 1; + "~*law-enforcement-ee.xyz" 1; + "~*law-enforcement-eight.xyz" 1; + "~*law-enforcement-ff.xyz" 1; + "~*law-enforcement-five.xyz" 1; + "~*law-enforcement-four.xyz" 1; + "~*law-enforcement-gg.xyz" 1; + "~*law-enforcement-hh.xyz" 1; + "~*law-enforcement-one.xyz" 1; + "~*law-enforcement-seven.xyz" 1; + "~*law-enforcement-three.xyz" 1; + "~*law-enforcement-two.xyz" 1; + "~*law-five.xyz" 1; + "~*law-four.xyz" 1; + "~*law-one.xyz" 1; + "~*law-six.xyz" 1; + "~*law-three.xyz" 1; + "~*law-two.xyz" 1; + "~*laxdrills.com" 1; + "~*leadwayau.com" 1; + "~*lego4x4.ru" 1; + "~*legoimg.com" 1; + "~*letolove.ru" 1; + "~*letsgotofriday.com" 1; + "~*likesdesign.com" 1; + "~*lilishopstogether.com" 1; + "~*linerdrilling.com" 1; + "~*link.web-list.xyz" 1; + "~*littleberry.ru" 1; + "~*liupis.com" 1; + "~*livefixer.com" 1; + "~*liveshoppersmac.com" 1; + "~*lmrauction.com" 1; + "~*lol-smurfs.com" 1; + "~*lombia.co" 1; + "~*lombia.com" 1; + "~*lostfilm-online.ru" 1; + "~*lottospring.com" 1; + "~*lsex.xyz" 1; + "~*lumb.co" 1; + "~*luxmagazine.cf" 1; + "~*luxup.ru" 1; + "~*m-google.xyz" 1; + "~*m1media.net" 1; + "~*m4ever.net" 1; + "~*magento-crew.net" 1; + "~*magicdiet.gq" 1; + "~*mainlinehobby.net" 1; + "~*majestic.com" 1; + "~*makemoneyonline.com" 1; + "~*makeprogress.ga" 1; + "~*mall.uk" 1; + "~*malls.com" 1; + "~*maridan.com.au" 1; + "~*marketland.ml" 1; + "~*massage-info.nl" 1; + "~*masterseek.com" 1; + "~*mastershef.club" 1; + "~*maxthon.com" 1; + "~*mebelcomplekt.ru" 1; + "~*mebeldekor.com.au" 1; + "~*med-zdorovie.com.au" 1; + "~*medi-fitt.hu" 1; + "~*medicovi.com" 1; + "~*medispainstitute.com.au" 1; + "~*meds-online24.com" 1; + "~*meendo-free-traffic.ga" 1; + "~*megaindex.ru" 1; + "~*memovn.com" 1; + "~*mericanmopedstore.com" 1; + "~*micasainvest.com" 1; + "~*microsearch.ru" 1; + "~*millionare.com" 1; + "~*minegam.com" 1; + "~*mini.7zap.com" 1; + "~*minneapoliscopiers.com" 1; + "~*mir-betting.ru" 1; + "~*mirobuvi.com.au" 1; + "~*mirror.sytes" 1; + "~*mirtorrent.net" 1; + "~*misswell.net" 1; + "~*misswootwoot.com" 1; + "~*missvietnam.org" 1; + "~*mitrasound.ru" 1; + "~*mmog-play.ru" 1; + "~*mncrftpcs.com" 1; + "~*mobilemedia.md" 1; + "~*mobot.site" 1; + "~*monetizationking.net" 1; + "~*money-every-day.com" 1; + "~*moscow.xrus.org" 1; + "~*mosrif.ru" 1; + "~*most-kerch.org" 1; + "~*motion-interactive.com" 1; + "~*mototsikl.org" 1; + "~*mountainstream.ms" 1; + "~*movaimg.com" 1; + "~*movies-in-theaters.net" 1; + "~*moyakuhnia.ru" 1; + "~*moz.com" 1; + "~*mpftpupload.com" 1; + "~*mriyadh.com" 1; + "~*mrlmedia.net" 1; + "~*mrmoneymustache.com" 1; + "~*mrwhite.biz" 1; + "~*muscle-factory.com.au" 1; + "~*musicas.baixar-musicas-gratis.com" 1; + "~*musicprojectfoundation.com" 1; + "~*muz-baza.net" 1; + "~*muz-shoes.ru" 1; + "~*mycaf.it" 1; + "~*myftpupload.com" 1; + "~*mylesosibirsk.ru" 1; + "~*mylida.org" 1; + "~*myplaycity.com" 1; + "~*myprintscreen.com" 1; + "~*mywallpaper.top" 1; + "~*na-telefon.biz" 1; + "~*nailsimg.com" 1; + "~*namecheap.com" 1; + "~*nate.com" 1; + "~*net-profits.xyz" 1; + "~*new-post.tk" 1; + "~*nextconseil.com" 1; + "~*niki-mlt.ru" 1; + "~*notaria-desalas.com" 1; + "~*noumeda.com" 1; + "~*novgorod.xrus.org" 1; + "~*novosibirsk.xrus.org" 1; + "~*novosti-hi-tech.ru" 1; + "~*nufaq.com" 1; + "~*nullrefer.com" 1; + "~*o-dachnik.ru" 1; + "~*o-o-11-o-o.com" 1; + "~*o-o-6-o-o.com" 1; + "~*o-o-6-o-o.ru" 1; + "~*o-o-8-o-o.com" 1; + "~*o-o-8-o-o.ru" 1; + "~*o00.in" 1; + "~*offers.bycontext.com" 1; + "~*office-windows.ru" 1; + "~*offre-meditel-telecom.tk" 1; + "~*ok.ru" 1; + "~*olympescort.com" 1; + "~*omsk.xrus.org" 1; + "~*online-hit.info" 1; + "~*onlinetvseries.me" 1; + "~*onlyforemont.ru" 1; + "~*onlywoman.org" 1; + "~*ooo-olni.ru" 1; + "~*openfrost.com" 1; + "~*openmediasoft.com" 1; + "~*ordernorxx.com" 1; + "~*orgasmus-virtual.com" 1; + "~*osoznanie-narkotikam.net" 1; + "~*ossmalta.com" 1; + "~*outfitpicz.com" 1; + "~*outpersonals.com" 1; + "~*outshop.ru" 1; + "~*ownshop.cf" 1; + "~*owohho.com" 1; + "~*ozas.net" 1; + "~*palvira.com.au" 1; + "~*paparazzistudios.com.au" 1; + "~*paperics.com" 1; + "~*pechikamini.ru" 1; + "~*pensplan.com" 1; + "~*pensplan4u.com" 1; + "~*perm.xrus.org" 1; + "~*petrovka-online.com" 1; + "~*photokitchendesign.com" 1; + "~*piccdata.com" 1; + "~*picphotos.net" 1; + "~*picscout.com" 1; + "~*picsearch.com" 1; + "~*piccshare.com" 1; + "~*picturesify.com" 1; + "~*pintattoos.com" 1; + "~*piter.xrus.org" 1; + "~*pix24x7.com" 1; + "~*pixhdawesom.com" 1; + "~*pixsad.com" 1; + "~*pizza-imperia.com" 1; + "~*pizza-tycoon.com" 1; + "~*pkmnpcs.com" 1; + "~*pochemychka.net" 1; + "~*poisk-zakona.ru" 1; + "~*pokemongooo.ml" 1; + "~*popads.net" 1; + "~*pops.foundation" 1; + "~*porndairy.in" 1; + "~*pornhub-forum.ga" 1; + "~*pornhub-forum.uni.me" 1; + "~*pornhub-ru.com" 1; + "~*pornhubforum.tk" 1; + "~*porno-video-chati.ru" 1; + "~*pornoblood.com" 1; + "~*pornodojd.ru" 1; + "~*pornoforadult.com" 1; + "~*pornogig.com" 1; + "~*pornoklad.net" 1; + "~*pornophoto.xyz" 1; + "~*porodasobak.net" 1; + "~*portal-eu.ru" 1; + "~*portnoff.od.au" 1; + "~*positive2b.ru" 1; + "~*powitania.pl" 1; + "~*pozdravleniya-c.ru" 1; + "~*pozdrawleniya.com" 1; + "~*pozdrawleniya.ru" 1; + "~*pp-budpostach.com.ua" 1; + "~*pravoholding.ru" 1; + "~*prcikkek.info" 1; + "~*priceg.com" 1; + "~*pricheski-video.com" 1; + "~*princeadvantagesales.com" 1; + "~*printdirectforless.com" 1; + "~*printingpeach.com" 1; + "~*privatefx-in.ru" 1; + "~*privatefx.all4invest.info" 1; + "~*prlog.ru" 1; + "~*producm.ru" 1; + "~*prodvigator.au" 1; + "~*proekt-mos.ru" 1; + "~*prohoster.info" 1; + "~*prointer.net.au" 1; + "~*prokotov.com" 1; + "~*prombudpostach.com.ua" 1; + "~*promoforum.ru" 1; + "~*pron.pro" 1; + "~*proposal-engine.com" 1; + "~*proxyradar.com" 1; + "~*psa48.ru" 1; + "~*pulse33.ru" 1; + "~*purchasepillsnorx.com" 1; + "~*putitin.me" 1; + "~*pyrodesigns.com.au" 1; + "~*qitt.ru" 1; + "~*qualitymarketzone.com" 1; + "~*quality-traffic.com" 1; + "~*quit-smoking.ga" 1; + "~*qwesa.ru" 1; + "~*rada.ru" 1; + "~*rank-checker.online" 1; + "~*ranking2017.ga" 1; + "~*rankscanner.com" 1; + "~*ranksignals.com" 1; + "~*ranksonic.info" 1; + "~*ranksonic.net" 1; + "~*ranksonic.org" 1; + "~*rapidgator-porn.com" 1; + "~*rapidgator-porn.ga" 1; + "~*razyboard.com" 1; + "~*rcb101.ru" 1; + "~*realting-moscow.ru" 1; + "~*rednise.com" 1; + "~*regionshop.biz" 1; + "~*remontgruzovik.ru" 1; + "~*rentalmaty.kz" 1; + "~*repeatlogo.co.uk" 1; + "~*replica-watch.ru" 1; + "~*replicaclub.ru" 1; + "~*research.ifmo.ru" 1; + "~*resellerclub.com" 1; + "~*responsinator.com" 1; + "~*retreatia.com" 1; + "~*reversing.cc" 1; + "~*rightenergysolutions.com.au" 1; + "~*ring4rhino.com" 1; + "~*risparmiocasa.bz.it" 1; + "~*roleforum.ru" 1; + "~*rospromtest.ru" 1; + "~*rostov.xrus.org" 1; + "~*royal-betting.net" 1; + "~*royal-investments.net" 1; + "~*rucrypt.com" 1; + "~*rumamba.com" 1; + "~*running-line.ru" 1; + "~*runovschool.ua" 1; + "~*runstocks.com" 1; + "~*rusexy.xyz" 1; + "~*sad-torg.com.ua" 1; + "~*sady-urala.ru" 1; + "~*saitevpatorii.com" 1; + "~*sale-japan.com" 1; + "~*salutmontreal.com" 1; + "~*sanjosestartups.com" 1; + "~*santasgift.ml" 1; + "~*saratov.xrus.org" 1; + "~*savefrom.com" 1; + "~*savetubevideo.com" 1; + "~*sbetodiodnye-lampy.ru" 1; + "~*sbwealthsolutions.ca" 1; + "~*scansafe.net" 1; + "~*screentoolkit.com" 1; + "~*scripted.com" 1; + "~*sdi-pme.com" 1; + "~*search-error.com" 1; + "~*search-helper.ru" 1; + "~*selfipicz.com" 1; + "~*seo-smm.kz" 1; + "~*seoanalyses.com" 1; + "~*seoexperimenty.ru" 1; + "~*seokicks.de" 1; + "~*seopub.net" 1; + "~*seorankinglinks.us" 1; + "~*seorankinglinks.com" 1; + "~*setioweb.com" 1; + "~*sex.hotblog.top" 1; + "~*sexphoto.site" 1; + "~*sexsaoy.com" 1; + "~*sexsearch.com" 1; + "~*sexyali.com" 1; + "~*share-button.xyz" 1; + "~*share-buttons.xyz" 1; + "~*sharebutton.net" 1; + "~*sharebutton.to" 1; + "~*sharemyfile.ru" 1; + "~*shariki-zuma-lines.ru" 1; + "~*shemalegalls.blogporn.in" 1; + "~*shitmovs.com" 1; + "~*ship-marvel.co.ua" 1; + "~*shopvilleroyboch.com.ua" 1; + "~*skhoolimg.com" 1; + "~*sibecoprom.ru" 1; + "~*silvermature.net" 1; + "~*similardeals.net" 1; + "~*simple-share-buttons.com" 1; + "~*site-auditor.online" 1; + "~*siteripz.net" 1; + "~*sitevaluation.com" 1; + "~*sitevaluation.org" 1; + "~*sivs.ru" 1; + "~*sklad-24.ru" 1; + "~*sky-mine.ru" 1; + "~*sledstvie-veli.net" 1; + "~*slftsdybbg.ru" 1; + "~*slkrm.ru" 1; + "~*slow-website.xyz" 1; + "~*smailik.org" 1; + "~*smarcarrambfortza.gq" 1; + "~*smartphonediscount.info" 1; + "~*smartshoppymac.com" 1; + "~*smstraf.ru" 1; + "~*snip.to" 1; + "~*snip.tw" 1; + "~*snowplanes.com" 1; + "~*soaksoak.ru" 1; + "~*social-button.xyz" 1; + "~*social-buttons-aa.xyz" 1; + "~*social-buttons-aaa.xyz" 1; + "~*social-buttons-bb.xyz" 1; + "~*social-buttons-bbb.xyz" 1; + "~*social-buttons-cc.xyz" 1; + "~*social-buttons-ccc.xyz" 1; + "~*social-buttons-dd.xyz" 1; + "~*social-buttons-ddd.xyz" 1; + "~*social-buttons-ee.xyz" 1; + "~*social-buttons-eee.xyz" 1; + "~*social-buttons-ff.xyz" 1; + "~*social-buttons-fff.xyz" 1; + "~*social-buttons-gg.xyz" 1; + "~*social-buttons-ggg.xyz" 1; + "~*social-buttons-hh.xyz" 1; + "~*social-buttons-ii.xyz" 1; + "~*social-buttons-iii.xyz" 1; + "~*social-buttons.com" 1; + "~*social-buttons.xyz" 1; + "~*social-search.me" 1; + "~*social-traffic-1.xyz" 1; + "~*social-traffic-2.xyz" 1; + "~*social-traffic-7.xyz" 1; + "~*social-widget.xyz" 1; + "~*socialbutton.xyz" 1; + "~*socialbuttons.xyz" 1; + "~*socialmadesimple.com" 1; + "~*socialseet.ru" 1; + "~*softomix.com" 1; + "~*softomix.net" 1; + "~*softomix.org" 1; + "~*softomix.ru" 1; + "~*sohoindia.net" 1; + "~*solitaire-game.ru" 1; + "~*solnplast.ru" 1; + "~*sonyelektronik.com" 1; + "~*sortthemesitesby.com" 1; + "~*sosdepotdebilan.com" 1; + "~*soundfrost.org" 1; + "~*spammen.de" 1; + "~*special-porn.com" 1; + "~*spravka130.ru" 1; + "~*srdrvp.com" 1; + "~*srecorder.com" 1; + "~*stairliftstrue.com" 1; + "~*starwarspcs.com" 1; + "~*stats-public.grammarly.io" 1; + "~*steame.ru" 1; + "~*stmassage.ru" 1; + "~*stoki.ru" 1; + "~*streha-metalko.si" 1; + "~*styro.ru" 1; + "~*suche.t-online.de" 1; + "~*superiends.org" 1; + "~*supernew.org" 1; + "~*superpages.com" 1; + "~*supervesti.ru" 1; + "~*susanholtphotography.com" 1; + "~*swiped.su" 1; + "~*sygraem.com" 1; + "~*taihouse.ru" 1; + "~*taleimages.com" 1; + "~*takeitdumps.com" 1; + "~*tasteidea.com" 1; + "~*tastyfoodideas.com" 1; + "~*tattogirlspix.com" 1; + "~*tattooha.com" 1; + "~*taxidermy.net" 1; + "~*td-33.ru" 1; + "~*teaminspection.com" 1; + "~*teastory.co" 1; + "~*tedxrj.com" 1; + "~*template-kid.com" 1; + "~*tennis-img.org" 1; + "~*thecoral.com.br" 1; + "~*theguardlan.com" 1; + "~*thepokertimer.com" 1; + "~*thetattoohut.com" 1; + "~*tomatis.gospartner.com" 1; + "~*tomck.com" 1; + "~*topquality.cf" 1; + "~*topseoservices.co" 1; + "~*torture.ml" 1; + "~*touchmods.fr" 1; + "~*tpu.ru" 1; + "~*traffic-cash.xyz" 1; + "~*traffic2cash.org" 1; + "~*traffic2cash.xyz" 1; + "~*traffic2money.com" 1; + "~*trafficgenius.xyz" 1; + "~*trafficmonetize.org" 1; + "~*trafficmonetizer.org" 1; + "~*trafficnetzwerk.de" 1; + "~*traffictomoney.com" 1; + "~*traffixer.com" 1; + "~*traffixer.org" 1; + "~*traffixer.xyz" 1; + "~*trion.od.au" 1; + "~*tripper.de" 1; + "~*trk-4.net" 1; + "~*trudogolik.net" 1; + "~*tryimagesgoods.com" 1; + "~*tula.howotorg.ru" 1; + "~*turbo-suslik.org" 1; + "~*tvand.ru" 1; + "~*tversvet.ru" 1; + "~*twincitiescarservice.com" 1; + "~*twinderbella.com" 1; + "~*tytoona.com" 1; + "~*tyumen.xrus.org" 1; + "~*uasb.ru" 1; + "~*ubudair.com" 1; + "~*ucoz.ru" 1; + "~*ufa.xrus.org" 1; + "~*ufoto.us" 1; + "~*ultramart.biz" 1; + "~*uni.me" 1; + "~*unpredictable.ga" 1; + "~*urlopener.com" 1; + "~*uptime.com" 1; + "~*uptimebot.net" 1; + "~*uptimechecker.com" 1; + "~*urlopener.blogspot.com.au" 1; + "~*uroki.net" 1; + "~*usdx.us" 1; + "~*userequip.com" 1; + "~*ustion.ru" 1; + "~*uzungil.com" 1; + "~*vapmedia.org" 1; + "~*vashsvet.com" 1; + "~*velobikestock.com" 1; + "~*vesnatehno.com" 1; + "~*vesnatehno.ru" 1; + "~*vgoloveboli.net" 1; + "~*video-chat.in" 1; + "~*video-woman.com" 1; + "~*videochat.mx" 1; + "~*videochat.tv.br" 1; + "~*videofrost.com" 1; + "~*videofrost.net" 1; + "~*viel.su" 1; + "~*viktoria-center.ru" 1; + "~*vilingstore.net" 1; + "~*vip-dom.in" 1; + "~*vipsiterip.org" 1; + "~*visa-china.ru" 1; + "~*vladimir.xrus.org" 1; + "~*vodaodessa.com" 1; + "~*vodkoved.ru" 1; + "~*volgograd.xrus.org" 1; + "~*voloomoney.com" 1; + "~*voronezh.xrus.org" 1; + "~*vote-up.ru" 1; + "~*vpnhowto.info" 1; + "~*vykup-avto-krasnodar.ru" 1; + "~*vykupavto-krasnodar.ru" 1; + "~*w3javascript.com" 1; + "~*wallpapersdesk.info" 1; + "~*warningzscaler.heraeus.com" 1; + "~*wdfdocando.com" 1; + "~*web-betting.ru" 1; + "~*web-revenue.xyz" 1; + "~*webmaster-traffic.com" 1; + "~*webmonetizer.net" 1; + "~*website-analyzer.info" 1; + "~*website-datenbank.de" 1; + "~*website-errors-scanner.com" 1; + "~*website-stealer-warning-alert.hdmoviecams.com" 1; + "~*websites-reviews.com" 1; + "~*websocial.me" 1; + "~*weclipart.com" 1; + "~*wedding-salon.net" 1; + "~*wenimage.com" 1; + "~*wesharepics.com" 1; + "~*whatzmyip.net" 1; + "~*whois.domaintools.com" 1; + "~*whos.amung.us" 1; + "~*williamrobsonproperty.com" 1; + "~*wmasterlead.com" 1; + "~*woman-h.ru" 1; + "~*woman-orgasm.ru" 1; + "~*womenpics.net" 1; + "~*womensplay.net" 1; + "~*womensterritory.ru" 1; + "~*wordpress-crew.net" 1; + "~*wordpresscore.com" 1; + "~*work-from-home-earn-money-online.com" 1; + "~*worthimages.com" 1; + "~*x-rates.ru" 1; + "~*x.rafomedia.com" 1; + "~*xbaboon.com" 1; + "~*xboxster.ru" 1; + "~*xn-----6kcaacnblni5c5bicdpcmficy.xn--p1ai" 1; + "~*xn------7cdbapdecfd4ak1bn0amjffj7afu3y.xn--p1ai" 1; + "~*xn-----8kcatubaocd1bneepefojs1h2e.xn--p1ai" 1; + "~*xn----7sbahjd3btneuw1joc.xn--p1ai" 1; + "~*xn----7sbaphztdjeboffeiof6c.xn--p1ai" 1; + "~*xn----7sbho2agebbhlivy.xn--p1ai" 1; + "~*xn----8sbhefaln6acifdaon5c6f4axh.xn--p1ai" 1; + "~*xn----8sbdbjgb1ap7a9c4czbh.xn--p1acf" 1; + "~*xn----gtbdb0beu1bb8gj.xn--p1ai" 1; + "~*xn----9sbebi2bvzr7h.xn--p1ai" 1; + "~*xn--80aaajbdbddwj2alwjieei2afr3v.xn--p1ai" 1; + "~*xn--80aebbcbcdemfkhba4byaehoejh8dza3v.xn--p1ai" 1; + "~*xn--80aaagvmjabrs1aoc9luc.xn--p1ai" 1; + "~*xn--80aanaardaperhcem4a6i.com" 1; + "~*xn--80aaomkdl5amcy.xn--p1ai" 1; + "~*xn--80adaggc5bdhlfamsfdij4p7b.xn--p1ai" 1; + "~*xn--80adgcaax6acohn6r.xn--p1ai" 1; + "~*xn--80ajjbdhgmudixfjc8c5a9df8b.xn--p1ai" 1; + "~*xn--90acenikpebbdd4f6d.xn--p1ai" 1; + "~*xn--b1adccaf1bzj.xn--p1ai" 1; + "~*xn--c1acygb.xn--p1ai" 1; + "~*xn--e1aggki3c.xn--80adxhks" 1; + "~*xn--q1a.xn--b1aube0e.xn--c1acygb.xn--p1ai" 1; + "~*xn--h1aakne2ba.xn--p1ai" 1; + "~*xnxx.com" 1; + "~*xnxx.org" 1; + "~*xpresscare.ru" 1; + "~*xrus.org" 1; + "~*xuki.us" 1; + "~*xz618.com" 1; + "~*yeartwit.com" 1; + "~*ykecwqlixx.ru" 1; + "~*youandcredit.ru" 1; + "~*youcollectionimages.com" 1; + "~*yougetsignal.com" 1; + "~*youporn-forum.ga" 1; + "~*youporn-forum.uni.me" 1; + "~*youporn-ru.com" 1; + "~*youradulthosting.com" 1; + "~*yourserverisdown.com" 1; + "~*youtubedownload.org" 1; + "~*yurgorod.ru" 1; + "~*zahvat.ru" 1; + "~*zaim-pod-zalog-krasnodar.ru" 1; + "~*zajm-pod-zalog-nedvizhimosti.ru" 1; + "~*zakon-ob-obrazovanii.ru" 1; + "~*zarabotat-na-sajte.ru" 1; + "~*zastenchivosti.net" 1; + "~*zastroyka.org" 1; + "~*zazagames.org" 1; + "~*zdesoboi.com" 1; + "~*zebradudka.com" 1; + "~*znaniyapolza.ru" 1; + "~*zverokruh-shop.cz" 1; + "~*zvetki.ru" 1; +# END BAD REFERERS ### DO NOT EDIT THIS LINE AT ALL ### + + +# ************************************** +# SEMALT BLOCK - Read following articles +# ************************************** + +# https://www.incapsula.com/blog/semalt-botnet-spam.html +# http://www.kymodo.com.au/what-is-semalt-doing-on-your-website/ +# https://www.ohow.co/what-is-semalt-com-and-semalt-media-referral-analytics/ +# http://www.forthea.com/block-semalt-crawler/ + +# I actually registered on their site to see what SEO services and reports they +# offer and within 3 hours I had a phone call from Florida in the US with a sales +# guy hassling me and telling me how wonderful they were and how they would guarantee +# me a number one place on Google ... ha ha !!! Goodbye to bad seo companies !!! +# I have also catered for them buying any other domain like .info .net .org + +# I will no doubt be adding to this list as they email me every day now so I am sure +# I will see more referers of theirs popping up. Domains are cheap !!! + +# START SEMALT BLOCK ### DO NOT EDIT THIS LINE AT ALL ### + "~*1-99seo.com" 1; + "~*best-seo-offer.com" 1; + "~*best-seo-software.xyz" 1; + "~*best-seo-solution.com" 1; + "~*fix-website-errors.com" 1; + "~*free-video-tool.com" 1; + "~*keywords-monitoring-success.com" 1; + "~*keywords-monitoring-your-success.com" 1; + "~*rankings-analytics.com" 1; + "~*responsive-test.net" 1; + "~*semalt.com" 1; + "~*semaltmedia.com" 1; + "~*seo-2-0.com" 1; + "~*seo-platform.com" 1; + "~*success-seo.com" 1; + "~*top1-seo-service.com" 1; + "~*videos-for-your-business.com" 1; + "~*video--production.com" 1; +# END SEMALT BLOCK ### DO NOT EDIT THIS LINE AT ALL ### +} + + +# ***************************** +# The GOOD the BAD and the UGLY +# ***************************** + +# Geo directive to deny and also whitelist certain ip addresses + +geo $validate_client { + +# ******************** +# First Our Safety Net +# ******************** + +# Anything not matching our rules is allowed through with default 0; + + default 0; + +# ************************** +# Whitelist OWN IP addresses +# ************************** + +# Whitelist all your own IP addresses from any validate_client checks +# Add all your IP addresses and ranges below (one per line) + 127.0.0.1 0; + +# *********** +# Google Bots +# *********** + +# For Safety Sake Google's Known BOT IP Ranges are all white listed in case you add +# anything lower down that you mistakenly picked up as a bad bot. + +# UA "AdsBot-Google (+http://www.google.com/adsbot.html)" +# UA "DoCoMo/2.0 N905i(c100;TB;W24H16) (compatible; Googlebot-Mobile/2.3; +http://www.google.com/bot.html)" +# UA "Googlebot-Image/1.0" +# UA "Googlebot/2.1 (+http://www.google.com/bot.html)" +# UA "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" +# UA "Googlebot/Test (+http://www.googlebot.com/bot.html)" +# UA "Googlebot/Test" +# UA "Mediapartners-Google/2.1 (+http://www.googlebot.com/bot.html)" +# UA "Mediapartners-Google/2.1" +# UA "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +# UA "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)" +# UA "gsa-crawler (Enterprise; S4-E9LJ2B82FJJAA; me@mycompany.com)" + +# START GOOGLE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### + 64.68.80.0/21 0; + 64.233.160.0/19 0; + 66.102.0.0/20 0; + 66.249.64.0/19 0; + 72.14.128.0/17 0; + 74.125.0.0/16 0; + 209.85.128.0/17 0; + 216.239.32.0/19 0; +# END GOOGLE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### + +# ********* +# Bing Bots +# ********* + +# START BING IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### + 40.74.0.0/15 0; + 40.96.0.0/12 0; + 40.112.0.0/13 0; + 40.76.0.0/14 0; + 40.125.0.0/17 0; + 40.120.0.0/14 0; + 40.80.0.0/12 0; + 40.124.0.0/16 0; + 207.46.0.0/16 0; + 157.56.0.0/14 0; + 157.54.0.0/15 0; + 157.60.0.0/16 0; +# END BING IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### + +# *********** +# Cyveillance +# *********** +# see wiki - + +# START CYVEILLANCE BLOCK ### DO NOT EDIT THIS LINE AT ALL ### + 38.100.19.8/29 1; + 38.100.21.0/24 1; + 38.100.41.64/26 1; + 38.105.71.0/25 1; + 38.105.83.0/27 1; + 38.112.21.140/30 1; + 38.118.42.32/29 1; + 65.213.208.128/27 1; + 65.222.176.96/27 1; + 65.222.185.72/29 1; + 63.144.0.0/13 1; + 65.112.0.0/12 1; +# END CYVEILLANCE BLOCK ### DO NOT EDIT THIS LINE AT ALL ### + +# **************** +# Berkely Scanner +# **************** + +# The Berkeley University has a scanner testing all over the web sending a complex +# payload an expecting a reply from servers who are infected or who just respond to such +# a payload. The payload looks similar to this +# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-" +# and is sometime VERY long. You may have noticed this in your logs. +# I support research projects and all my servers respond with an error to this type of +# string so I do not block them but if you want to block just uncomment the following line +# or email them asking them not to scan your server. They do respond. +# Visit http://169.229.3.91/ for more info + +# START BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ### + 169.229.3.91 0; +# END BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ### + +# **************************** +# Other Bad IP's and IP Ranges +# **************************** + +# Add any other IPs or Subnets here that you wish to block +# Although any permanent blocks should be done using Fail2Ban and IPTables and not +# hampering down Nginx with all the checks against perma-banned IP's + +# START BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### + 69.64.147.24 1; + 85.17.26.68 1; + 85.17.230.23 1; + 173.234.11.105 1; + 173.234.31.9 1; + 173.234.38.25 1; + 173.234.153.30 1; + 173.234.153.106 1; + 173.234.175.68 1; + 178.238.234.1 1; + 190.152.223.27 1; + 195.229.241.174 1; + 210.212.194.60 1; + 78.31.184.0/21 1; + 78.31.211.0/24 1; + 150.70.0.0/16 1; + 69.162.124.237 1; + 104.5.92.27 1; +# END BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### +} + +# Keep own IPs out of DDOS Filter +# Add your own IP addresses and ranges below to spare them from the rate +# limiting DDOS filter (one per line) +geo $ratelimited { + default 1; + 127.0.0.1 0; +} + +# ***************************************** +# MAP BAD BOTS TO OUR RATE LIMITER FUNCTION +# ***************************************** + + map $bad_bot $bot_iplimit { + 0 ""; + 1 ""; + 2 $binary_remote_addr; + } + +# *********************** +# SET RATE LIMITING ZONES +# *********************** + +# BAD BOT RATE LIMITING ZONE +# limits for Zone $bad_bot = 1 +# Nothing Set - you can set a different zone limiter here if you like +# We issue a 444 response instead to all bad bots. + +# limits for Zone $bad_bot = 2 +# this rate limiting will only take effect if you change any of the bots and change +# their block value from 1 to 2. + limit_conn_zone $bot_iplimit zone=bot2_connlimit:16m; + limit_req_zone $bot_iplimit zone=bot2_reqlimitip:16m rate=2r/s; + +### THE END of the Long and Winding Road + +### Also check out my Ultimate Apache Bad Bot Blocker on Github +### https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker