vikarti.anatra/nginx-ultimate-bad-bot-blocker
1
0
Fork 0
mirror of https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git synced 2025-09-02 18:50:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove Old TravisCI Testing / Build Scripts

Browse source
This commit is contained in:
Mitchell Krog 2017-06-01 17:14:48 +02:00
parent 29e6ffb3f9
commit 6971ba53f3
17 changed files with 0 additions and 6227 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

103
travisCI/_OLD/bad-referrer-words.tpl.conf
View file

@ -1,103 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
"~*adultgalls" 1;
"~*advair" 1;
"~*allegra" 1;
"~*allopurinol" 1;
"~*amantadine" 1;
"~*amateurxpass" 1;
"~*ambien" 1;
"~*amitriptyline" 1;
"~*amoxicillin" 1;
"~*anafranil" 1;
"~*asshole" 1;
"~*atenolol" 1;
"~*avalide" 1;
"~*baccarat" 1;
"~*beastiality" 1;
"~*bestiality" 1;
"~*bigblackbooty" 1;
"~*bithack" 1;
"~*blackjack" 1;
"~*blacktits" 1;
"~*blogincome" 1;
"~*blowjob" 1;
"~*bontril" 1;
"~*camgirls" 1;
"~*cephalexin" 1;
"~*cialis" 1;
"~*cookie-law-enforcement" 1;
"~*cunt" 1;
"~*dapoxetine" 1;
"~*diclofenac" 1;
"~*dildos" 1;
"~*effexor" 1;
"~*fluoxetine" 1;
"~*free-share-buttons" 1;
"~*free-social-buttons" 1;
"~*fuck" 1;
"~*fuck-paid-share-buttons" 1;
"~*gaygalls" 1;
"~*gaysex" 1;
"~*getamateurs" 1;
"~*glucophage" 1;
"~*holdem" 1;
"~*hold-em" 1;
"~*hydrochlorothiazide" 1;
"~*iconsurf" 1;
"~*ilovevitaly" 1;
"~*incest" 1;
"~*internetsupervision" 1;
"~*law-enforcement-bot" 1;
"~*law-enforcement-check" 1;
"~*lesbian" 1;
"~*levitra" 1;
"~*lipitor" 1;
"~*livesex" 1;
"~*makemoneyonline" 1;
"~*make-money-online" 1;
"~*medikament" 1;
"~*monetisetrk" 1;
"~*myftpupload" 1;
"~*nudeceleb" 1;
"~*oralsex" 1;
"~*paxil" 1;
"~*phentermine" 1;
"~*prednisone" 1;
"~*pussy" 1;
"~*screentoolkit" 1;
"~*seoexperimenty" 1;
"~*share-buttons" 1;
"~*share-buttons-for-free" 1;
"~*skelaxin" 1;
"~*social-buttons-" 1;
"~*social-traffic-" 1;
"~*suhagra" 1;
"~*syntryx" 1;
"~*t0phackteam" 1;
"~*titten" 1;
"~*tramadol" 1;
"~*tramidol" 1;
"~*trazodone" 1;
"~*valtrex" 1;
"~*viagra" 1;
"~*vibrators" 1;
"~*vicodin" 1;
"~*vvakhrin-ws1" 1;
"~*webfuck" 1;
"~*whipme" 1;
"~*whipping" 1;
"~*xanax" 1;
"~*xxxrus" 1;
"~*zanax" 1;
"~*zeroredirect" 1;
"~*zestoretic" 1;
"~*zithromax" 1;
"~*zoloft" 1;

177
travisCI/_OLD/blacklist-ips.tpl.conf
View file

@ -1,177 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's
104.223.37.150 1;
104.5.92.27 1;
107.150.63.170 1;
109.236.83.247 1;
137.74.49.205 1;
137.74.49.208 1;
146.0.74.150 1;
148.251.54.44 1;
149.56.151.180 1;
149.56.232.146 1;
150.70.0.0/16 1;
151.80.27.90 1;
151.80.99.90 1;
151.80.99.91 1;
154.16.199.144 1;
154.16.199.34 1;
154.16.199.48 1;
154.16.199.78 1;
158.69.142.34 1;
166.62.80.172 1;
173.212.192.219 1;
173.234.11.105 1;
173.234.153.106 1;
173.234.153.30 1;
173.234.175.68 1;
173.234.31.9 1;
173.234.38.25 1;
176.126.245.213 1;
178.238.234.1 1;
185.100.87.238 1;
185.115.125.99 1;
185.119.81.11 1;
185.119.81.63 1;
185.119.81.77 1;
185.119.81.78 1;
185.130.225.65 1;
185.130.225.66 1;
185.130.225.83 1;
185.130.225.90 1;
185.130.225.94 1;
185.130.225.95 1;
185.130.226.105 1;
185.153.197.103 1;
185.159.36.6 1;
185.47.62.199 1;
185.62.190.38 1;
185.70.105.161 1;
185.70.105.164 1;
185.85.239.156 1;
185.85.239.157 1;
185.86.13.213 1;
185.86.5.199 1;
185.86.5.212 1;
185.92.72.88 1;
185.93.185.11 1;
185.93.185.12 1;
188.209.52.101 1;
190.152.223.27 1;
191.96.249.29 1;
192.69.89.173 1;
193.201.224.205 1;
195.154.183.190 1;
195.229.241.174 1;
210.212.194.60 1;
216.218.147.194 1;
220.227.234.129 1;
23.253.230.158 1;
23.89.159.176 1;
31.170.160.209 1;
45.32.186.11 1;
45.76.21.179 1;
46.249.38.145 1;
46.249.38.146 1;
46.249.38.148 1;
46.249.38.149 1;
46.249.38.150 1;
46.249.38.151 1;
46.249.38.152 1;
46.249.38.153 1;
46.249.38.154 1;
46.249.38.159 1;
51.255.172.22 1;
5.39.218.232 1;
5.39.219.24 1;
5.39.222.18 1;
5.39.223.134 1;
54.213.16.154 1;
54.213.9.111 1;
62.210.146.49 1;
62.210.88.4 1;
65.98.91.181 1;
69.162.124.237 1;
69.64.147.24 1;
72.8.183.202 1;
77.247.178.191 1;
77.247.178.47 1;
77.247.181.219 1;
78.31.184.0/21 1;
78.31.211.0/24 1;
80.87.205.10 1;
80.87.205.11 1;
85.17.230.23 1;
85.17.26.68 1;
91.185.190.172 1;
91.200.12.0/22 1;
91.200.12.15 1;
91.200.12.49 1;
91.200.12.91 1;
92.222.66.137 1;
93.104.209.11 1;
93.158.200.103 1;
93.158.200.105 1;
93.158.200.115 1;
93.158.200.124 1;
93.158.200.126 1;
93.158.200.66 1;
93.158.200.68 1;
# Cyveillance / Qwest Communications
# **********************************
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
38.100.19.8/29 0;
38.100.21.0/24 0;
38.100.41.64/26 0;
38.105.71.0/25 0;
38.105.83.0/27 0;
38.112.21.140/30 0;
38.118.42.32/29 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.213.208.128/27 0;
65.222.176.96/27 0;
65.222.185.72/29 0;
# ****************
# Berkely Scanner
# ****************
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# If you really do want to block them change all the 0 below to 1.
169.229.3.91 0;

16
travisCI/_OLD/blacklist-user-agents.tpl.conf
View file

@ -1,16 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR ###
# Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block
# This is for User-Agents that are not included in the main list of the bot blocker
# This file must exist on your system or Nginx will fail a reload due to a missing file
# This allows you finer control of keeping certain bots blocked and automatic updates will
# Never be able to remove this custom list of yours
# Plese note this include file loads first before any of the already whitelisted User-Agents
# in the bad bot blocker. By loading first in line it over-rides anything below it so for instance
# if you want to block Baidu, Google or Bing for any reason you add them to this file which loads
# first and takes precedence over anything below it. This now allows even finer control over the
# bad bot blocker. Enjoy !!!
"~*someverybaduseragentname1" 3;
"~*someverybaduseragentname2" 3;

45
travisCI/_OLD/blockbots.tpl.conf
View file

@ -1,45 +0,0 @@
#######################################################################
# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# Include this in a vhost file within a server {} block using and include statement like below
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
# BOTS
# ****
#limit_conn bot1_connlimit 100;
limit_conn bot2_connlimit 10;
#limit_req zone=bot1_reqlimitip burst=50;
limit_req zone=bot2_reqlimitip burst=10;
if ($bad_bot = '3') {
return 444;
}
# BAD REFER WORDS
# ***************
if ($bad_words) {
return 444;
}
# REFERERS
# ********
if ($bad_referer) {
return 444;
}
# IP BLOCKS
# *********
if ($validate_client) {
return 444;
}
#######################################################################

4
travisCI/_OLD/botblocker-nginx-settings.tpl.conf
View file

@ -1,4 +0,0 @@
server_names_hash_bucket_size 64;
server_names_hash_max_size 4096;
limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
limit_conn_zone $binary_remote_addr zone=addr:50m;

10
travisCI/_OLD/custom-bad-referrers.tpl.conf
View file

@ -1,10 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO ADD ANY ADDITIONAL BAD REFERRER DOMAINS YOU WANT TO SCAN FOR ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Only add one entry per line
"~*someveryveryrandomwebsitenamethatdoesnotexist1.com" 1;
"~*someveryveryrandomwebsitenamethatdoesnotexist2.com" 1;
"~*someveryveryrandomwebsitenamethatdoesnotexist3.com" 1;

17
travisCI/_OLD/ddos.tpl.conf
View file

@ -1,17 +0,0 @@
#######################################################################
# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# Include this in a vhost file within a server {} block using and include statement like below
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
limit_conn addr 200;
limit_req zone=flood burst=200 nodelay;

23
travisCI/_OLD/default-site.tpl.conf
View file

@ -1,23 +0,0 @@
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
root {ROOT}/www;
access_log /tmp/access.log;
error_log /tmp/error.log;
# Block Bad Bots
include ddos.conf;
include blockbots.conf;
location ~* "\.php(/|$)" {
include fastcgi.conf;
fastcgi_pass php;
}
location / {
# First attempt to serve request as file, then as directory, then fall back to index.html.
try_files $uri $uri/ /index.html;
}
}

24
travisCI/_OLD/deploy.sh
View file

@ -1,24 +0,0 @@
#!/bin/bash
#BUILDDATE=$(date +"%Y-%m-%d")
YEAR=$(date +"%Y")
MONTH=$(date +"%m")
cd $TRAVIS_BUILD_DIR
git remote rm origin
git config --global user.email "${GIT_EMAIL}"
git config --global user.name "${GIT_NAME}"
git config --global push.default simple
git remote add origin https://${GH_TOKEN}@github.com/${TRAVIS_REPO_SLUG}.git
export GIT_TAG=V3.$YEAR.$MONTH.$TRAVIS_BUILD_NUMBER
#git fetch --tags
#msg="Tag Generated from TravisCI for build $TRAVIS_BUILD_NUMBER"
#if git tag $GIT_TAG -a -m "$msg" 2>/dev/null; then
#git tag $GIT_TAG -a -m "Tag Generated from TravisCI for build $TRAVIS_BUILD_NUMBER"
#git push origin master && git push origin master --tags
#ls -aR
#else echo Tag already exists!; fi
# Tag our release
git tag $GIT_TAG -a -m "V3.$YEAR.$MONTH.$TRAVIS_BUILD_NUMBER"
# Push our commit and tags back to the repo
sudo git push origin master && git push origin master --tags

39
travisCI/_OLD/fastcgi.tpl.conf
View file

@ -1,39 +0,0 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 1800;
fastcgi_read_timeout 1800;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_keep_conn on;

5616
travisCI/_OLD/globalblacklist.tpl.conf
View file

File diff suppressed because it is too large Load diff

56
travisCI/_OLD/install-nginx.sh-old
View file

@ -1,56 +0,0 @@
#!/bin/bash
# Travis CI Code to Configure Nginx
set -e
set -x
DIR=$(realpath $(dirname "$0"))
USER=$(whoami)
PHP_VERSION=$(phpenv version-name)
ROOT=$(realpath "$DIR/..")
PORT=9000
SERVER="/tmp/php.sock"
function tpl {
sed \
-e "s|{DIR}|$DIR|g" \
-e "s|{USER}|$USER|g" \
-e "s|{PHP_VERSION}|$PHP_VERSION|g" \
-e "s|{ROOT}|$ROOT|g" \
-e "s|{PORT}|$PORT|g" \
-e "s|{SERVER}|$SERVER|g" \
< $1 > $2
}
# Make some working directories.
mkdir "$DIR/nginx"
mkdir "$DIR/nginx/sites-enabled"
mkdir "$DIR/nginx/bots.d"
mkdir "$DIR/var"
# Configure the PHP handler.
PHP_FPM_BIN="$HOME/.phpenv/versions/$PHP_VERSION/sbin/php-fpm"
PHP_FPM_CONF="$DIR/nginx/php-fpm.conf"
# Build the php-fpm.conf.
tpl "$DIR/php-fpm.tpl.conf" "$PHP_FPM_CONF"
# Start php-fpm
"$PHP_FPM_BIN" --fpm-config "$PHP_FPM_CONF"
# Build the default nginx config files.
tpl "$DIR/nginx.tpl.conf" "$DIR/nginx/nginx.conf"
tpl "$DIR/fastcgi.tpl.conf" "$DIR/nginx/fastcgi.conf"
tpl "$DIR/ddos.tpl.conf" "$DIR/nginx/ddos.conf"
tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/blockbots.conf"
tpl "$DIR/whitelist-ips.tpl.conf" "$DIR/nginx/bots.d/whitelist-ips.conf"
tpl "$DIR/whitelist-domains.tpl.conf" "$DIR/nginx/bots.d/whitelist-domains.conf"
tpl "$DIR/blacklist-user-agents.tpl.conf" "$DIR/nginx/bots.d/blacklist-user-agents.conf"
tpl "$DIR/bad-referrer-words.tpl.conf" "$DIR/nginx/bots.d/bad-referrer-words.conf"
tpl "$DIR/custom-bad-referrers.tpl.conf" "$DIR/nginx/bots.d/custom-bad-referrers.conf"
tpl "$DIR/blacklist-ips.tpl.conf" "$DIR/nginx/bots.d/blacklist-ips.conf"
tpl "$DIR/botblocker-nginx-settings.tpl.conf" "$DIR/nginx/botblocker-nginx-settings.conf"
tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/globalblacklist.conf"
tpl "$DIR/default-site.tpl.conf" "$DIR/nginx/sites-enabled/default-site.conf"
# Start nginx.
nginx -c "$DIR/nginx/nginx.conf"

67
travisCI/_OLD/nginx.tpl.conf
View file

@ -1,67 +0,0 @@
error_log /tmp/error.log;
pid /tmp/nginx.pid;
worker_processes 1;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
# Set an array of temp and cache file options that will otherwise default to restricted locations accessible only to root.
client_body_temp_path /tmp/client_body;
fastcgi_temp_path /tmp/fastcgi_temp;
proxy_temp_path /tmp/proxy_temp;
scgi_temp_path /tmp/scgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#server_names_hash_bucket_size 64;
#server_names_hash_max_size 4096;
# Our request limiter zone for wp-login attacks
limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
# DDos Mitigation
# ***************
# https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
# Limiting the Rate of Requests
#limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
# Limiting the Number of Connections
#limit_conn_zone $binary_remote_addr zone=addr:50m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /tmp/access.log;
error_log /tmp/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
##
# Virtual Host Configs
##
include {DIR}/nginx/conf.d/*.conf;
include {DIR}/nginx/sites-enabled/*;
include {DIR}/nginx/botblocker-nginx-settings.conf;
include {DIR}/nginx/globalblacklist.conf;
upstream php {
server 127.0.0.1:{PORT};
}
}

9
travisCI/_OLD/php-fpm.tpl.conf
View file

@ -1,9 +0,0 @@
[global]
[travis]
user = {USER}
listen = {PORT}
listen.mode = 0666
pm = static
pm.max_children = 5
php_admin_value[memory_limit] = 32M

9
travisCI/_OLD/whitelist-domains.tpl.conf
View file

@ -1,9 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST YOUR OWN DOMAIN NAMES AND SPARE THEM FROM ANY REFERRER CHECKING ###
# Add One Entry Per Line - List all your own domains of the sites you host on the server
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
"~*myfirstowndomainname.com" 0;
"~*mysecondowndomainname.com" 0;

9
travisCI/_OLD/whitelist-ips.tpl.conf
View file

@ -1,9 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST ALL YOUR IP ADDRESSES AND IP RANGES ###
# Add One Entry Per Line - List all your IP's and IP Ranges you want to whitelist
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line - No need to include 127.0.0.1 as it is covered elsewhere
# Only add actual IP addresses and ranges here
111.111.111.111 0;

3
travisCI/_OLD/www/nginx.php
View file

@ -1,3 +0,0 @@
<?php
echo "Welcome to Nginx\n";