vikarti.anatra/nginx-ultimate-bad-bot-blocker
1
0
Fork 0
mirror of https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git synced 2025-09-02 10:40:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

UPDATE bad-referrer-words.conf include file [ci skip]

Browse source
This commit is contained in:
Mitchell Krog 2019-06-28 10:49:12 +02:00
parent 9c38932b8e
commit ad53f0f867
No known key found for this signature in database
GPG key ID: C243C388553EDE5D
1 changed files with 27 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
bots.d/bad-referrer-words.conf
View file

@ -1,10 +1,10 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
### VERSION INFORMATION #
###################################################
### Version: V4.2019.09
### Updated: 2019-06-25
###################################################
#--------------------------------------------------
### Version: V4.2019.10
### Updated: 2019-06-28
#--------------------------------------------------
### VERSION INFORMATION ##
##############################################################################
@ -25,13 +25,13 @@
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
# *******************************
# -------------------------------
# !!! WARNING WARNING WARNING !!!
# *******************************
# -------------------------------
# ***************************************
# ---------------------------------------
# PLEASE BE VERY CAREFUL HOW YOU USE THIS
# ***************************************
# ---------------------------------------
# Here is an example of how one supposed bad word can cause your whole site to go down.
# An issue was logged where the users own domain name was specialisteparquet.com
# Because this list contained the word "cialis" it was detected within his domain name causing
@ -42,9 +42,9 @@
# Think very carefully before you add any word here
# *****************************************************************************************
# -----------------------------------------------------------------------------------------
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# -----------------------------------------------------------------------------------------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
@ -69,9 +69,24 @@
# "~*(?:\b)webfuck(?:\b|)" 1;
# "~*(?:\b)xxxrus(?:\b|)" 1;
# "~*(?:\b)zeroredirect(?:\b|)" 1;
# "~*(?:\b|)x22(?:\b|)" 1; (in this string if your own domain name was sex22.com it would be blocked)
# Here is a list of unsanitary words to be in a referrer string - these are used in various injection attacks
# Here is a list of unsanitary words used in referrer strings - used in various injection attacks
# THE RULES BELOW ARE ENABLED BY DEFAULT
# You can disable this default list by switching the values to 0
"~*(?:\b)mb_ereg_replace(?:\b|)" 1;
"~*(?:\b|)mb_ereg_replace(?:\b|)" 1;
# -----------
# PLEASE NOTE
# -----------
# If you whitelist your own domain in whitelist-domains.conf and your own domain is passed in the referrer string with an attack string it will NOT be blocked.
# --------
# EXAMPLE:
# --------
# This string "http://yourwebsite.com/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=gqopu.php&vars[1][]=<?php mb_ereg_replace('.*',@$_REQUEST[_], '', 'e');?>$"
# contains the above 'mb_ereg_replace" attack string
# If your domain is whitelisted in whitelist-domains.conf this string will NOT be detected