From f6a4a174b3cea7ff5f126490469a2ae252004f2c Mon Sep 17 00:00:00 2001 From: Mitchell Krog UB1 Date: Fri, 21 Apr 2017 10:18:03 +0200 Subject: [PATCH] Update Changelog / Fix Updating EnginTron globalblacklist.conf --- CHANGELOG.md | 4 + .../etc/nginx/conf.d/globalblacklist.conf | 523 ++++++------------ conf.d/globalblacklist.conf | 4 +- travisCI/globalblacklist.tpl.conf | 4 +- 4 files changed, 187 insertions(+), 348 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b955f65db..ba7a9c16a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CHANGELOG - Nginx Bad Bot Blocker +### 2017-04-21 +- Updated install-ngxblocker script from Stuart Cardall @itoffshore +- Fixed updating globalblacklist.conf in EnginTron example folder + ### 2017-04-20 (MAJOR VERSION UPDATE) - V2.2017.07 - New include files introduced: diff --git a/Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/conf.d/globalblacklist.conf b/Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/conf.d/globalblacklist.conf index f85b07ddf..ad94e3890 100755 --- a/Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/conf.d/globalblacklist.conf +++ b/Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/conf.d/globalblacklist.conf @@ -2,7 +2,7 @@ ### THE ULTIMATE NGINX BAD BOT BLOCKER ### ********************************** -### Version 2.2017.05 +### Version 2.2017.07 ### This file implements a checklist / blacklist for good user agents, bad user agents and ### bad referrers. It also has whitelisting for your own IP's and known good IP Ranges @@ -17,11 +17,11 @@ ### - https://github.com/oohnoitz/nginx-blacklist ### Last Updated -### Mon Apr 17 10:02:09 SAST 2017 +### Fri Apr 21 10:18:03 SAST 2017 ### End Last Updated ### Generated in -### 0.312251091003 seconds +### 0.261167287827 seconds ### End Generated in ### Tested on: nginx/1.10.0 (Ubuntu 16.04) @@ -128,35 +128,35 @@ map $http_user_agent $bad_bot { # *********************************************** # START GOOD BOTS ### DO NOT EDIT THIS LINE AT ALL ### - "~*adidxbot" 0; - "~*AdsBot-Google" 0; - "~*aolbuild" 0; - "~*bingbot" 0; - "~*bingpreview" 0; - "~*DoCoMo" 0; - "~*duckduckgo" 0; - "~*facebookexternalhit" 0; - "~*Feedfetcher-Google" 0; - "~*Googlebot" 0; - "~*Googlebot-Image" 0; - "~*Googlebot-Mobile" 0; - "~*Googlebot-News" 0; - "~*Googlebot/Test" 0; - "~*Googlebot-Video" 0; - "~*Google-HTTP-Java-Client" 0; - "~*gsa-crawler" 0; - "~*Jakarta\ Commons" 0; - "~*Kraken/0.1" 0; - "~*LinkedInBot" 0; - "~*Mediapartners-Google" 0; - "~*msnbot" 0; - "~*msnbot-media" 0; - "~*SAMSUNG" 0; - "~*slurp" 0; - "~*teoma" 0; - "~*TwitterBot" 0; - "~*Wordpress" 0; - "~*yahoo" 0; + "~adidxbot" 0; + "~AdsBot-Google" 0; + "~aolbuild" 0; + "~bingbot" 0; + "~bingpreview" 0; + "~DoCoMo" 0; + "~duckduckgo" 0; + "~facebookexternalhit" 0; + "~Feedfetcher-Google" 0; + "~Googlebot" 0; + "~Googlebot-Image" 0; + "~Googlebot-Mobile" 0; + "~Googlebot-News" 0; + "~Googlebot/Test" 0; + "~Googlebot-Video" 0; + "~Google-HTTP-Java-Client" 0; + "~gsa-crawler" 0; + "~Jakarta\ Commons" 0; + "~Kraken/0.1" 0; + "~LinkedInBot" 0; + "~Mediapartners-Google" 0; + "~msnbot" 0; + "~msnbot-media" 0; + "~SAMSUNG" 0; + "~slurp" 0; + "~teoma" 0; + "~TwitterBot" 0; + "~Wordpress" 0; + "~yahoo" 0; # END GOOD BOTS ### DO NOT EDIT THIS LINE AT ALL ### # ************************************************** @@ -166,12 +166,11 @@ map $http_user_agent $bad_bot { # I allow libwww-perl as I use it for monitoring systems with Munin but it is rate limited # START ALLOWED BOTS ### DO NOT EDIT THIS LINE AT ALL ### - "~*jetmon" 1; - "~*libwww-perl" 1; - "~*Lynx" 1; - "~*munin" 1; - "~*Wget/1.15" 1; - "~*WordPress" 1; + "~jetmon" 1; + "~libwww-perl" 1; + "~Lynx" 1; + "~munin" 1; + "~Wget/1.15" 1; # END ALLOWED BOTS ### DO NOT EDIT THIS LINE AT ALL ### # ************************************************************** @@ -179,22 +178,22 @@ map $http_user_agent $bad_bot { # ************************************************************** # START LIMITED BOTS ### DO NOT EDIT THIS LINE AT ALL ### - "~*Alexa" 2; - "~*archive.org" 2; - "~*Baidu" 2; - "~*FlipboardProxy" 2; - "~*ia_archiver" 2; - "~*Mozilla/4.0" 2; - "~*MSIE\ 7.0" 2; - "~*Presto" 2; - "~*R6_CommentReader" 2; - "~*R6_FeedFetcher" 2; - "~*RPT-HTTPClient" 2; - "~*sfFeedReader/0.9" 2; - "~*Spaidu" 2; - "~*UptimeRobot/2.0" 2; - "~*YandexBot" 2; - "~*YandexImages" 2; + "~Alexa" 2; + "~archive.org" 2; + "~Baidu" 2; + "~FlipboardProxy" 2; + "~ia_archiver" 2; + "~Mozilla/4.0" 2; + "~MSIE\ 7.0" 2; + "~Presto" 2; + "~R6_CommentReader" 2; + "~R6_FeedFetcher" 2; + "~RPT-HTTPClient" 2; + "~sfFeedReader/0.9" 2; + "~Spaidu" 2; + "~UptimeRobot/2.0" 2; + "~YandexBot" 2; + "~YandexImages" 2; # END LIMITED BOTS ### DO NOT EDIT THIS LINE AT ALL ### # ********************************************* @@ -206,9 +205,11 @@ map $http_user_agent $bad_bot { # *********************************************** # Include your Own Custom List of Bad User Agents # *********************************************** +# use the include file below to further customize your own list of additional +# user-agents you wish to permanently block # START BLACKLISTED USER AGENTS ### DO NOT EDIT THIS LINE AT ALL ### - include /etc/nginx/bots.d/blacklist-user-agents.conf; + include /etc/nginx/bots.d/blacklist-user-agents.conf; # END BLACKLISTED USER AGENTS ### DO NOT EDIT THIS LINE AT ALL ### # START BAD BOTS ### DO NOT EDIT THIS LINE AT ALL ### @@ -385,7 +386,6 @@ map $http_user_agent $bad_bot { "~*Jyxobot" 3; "~*Kenjin\ Spider" 3; "~*Keyword\ Density" 3; - "~*Kraken" 3; "~*Lanshanbot" 3; "~*Larbin" 3; "~*LeechFTP" 3; @@ -672,7 +672,6 @@ map $http_user_agent $bad_bot { "~*Xaldon_WebSpider" 3; "~*Xaldon\ WebSpider" 3; "~*Xenu" 3; - "~*Y!J-ASR" 3; "~*YoudaoBot" 3; "~*Zade" 3; "~*Zermelo" 3; @@ -732,107 +731,21 @@ map $http_user_agent $bad_bot { map $http_referer $bad_words { default 0; -# ************************ -# Bad Referer Single Words -# ************************ -# These are Words and Terms often found tagged onto domains or within url query strings. +# ************************* +# Bad Referer Word Scanning +# ************************* + +# These are Words and Terms often found tagged onto domains or within url query strings. +# Create and Customize Your Own Bad Referrer Words Here using the new Include File Method + # New Method Uses the include file below so that when pulling future updates your + # customized list of bad referrer words are automatically now included for you + # Read Comments inside bad-referrer-words.conf for customization tips. + # Updating the main globalblacklist.conf file will not touch your custom include files + +# START CUSTOM BAD REFERRER WORDS ### DO NOT EDIT THIS LINE AT ALL ### + include /etc/nginx/bots.d/bad-referrer-words.conf; +# END CUSTOM BAD REFERRER WORDS ### DO NOT EDIT THIS LINE AT ALL ### -# START BAD REFERER WORDS ### DO NOT EDIT THIS LINE AT ALL ### - "~*adultgalls" 1; - "~*advair" 1; - "~*allegra" 1; - "~*allopurinol" 1; - "~*amantadine" 1; - "~*amateurxpass" 1; - "~*ambien" 1; - "~*amitriptyline" 1; - "~*amoxicillin" 1; - "~*anafranil" 1; - "~*asshole" 1; - "~*atenolol" 1; - "~*avalide" 1; - "~*baccarat" 1; - "~*beastiality" 1; - "~*bestiality" 1; - "~*bigblackbooty" 1; - "~*bithack" 1; - "~*blackjack" 1; - "~*blacktits" 1; - "~*blogincome" 1; - "~*blowjob" 1; - "~*bontril" 1; - "~*camgirls" 1; - "~*cephalexin" 1; - "~*cialis" 1; - "~*cookie-law-enforcement" 1; - "~*cunt" 1; - "~*dapoxetine" 1; - "~*diclofenac" 1; - "~*dildos" 1; - "~*effexor" 1; - "~*fluoxetine" 1; - "~*free-share-buttons" 1; - "~*free-social-buttons" 1; - "~*fuck" 1; - "~*fuck-paid-share-buttons" 1; - "~*gaygalls" 1; - "~*gaysex" 1; - "~*getamateurs" 1; - "~*glucophage" 1; - "~*holdem" 1; - "~*hold-em" 1; - "~*hydrochlorothiazide" 1; - "~*iconsurf" 1; - "~*ilovevitaly" 1; - "~*incest" 1; - "~*internetsupervision" 1; - "~*law-enforcement-bot" 1; - "~*law-enforcement-check" 1; - "~*lesbian" 1; - "~*levitra" 1; - "~*lipitor" 1; - "~*livesex" 1; - "~*makemoneyonline" 1; - "~*make-money-online" 1; - "~*medikament" 1; - "~*monetisetrk" 1; - "~*myftpupload" 1; - "~*nudeceleb" 1; - "~*oralsex" 1; - "~*paxil" 1; - "~*phentermine" 1; - "~*prednisone" 1; - "~*pussy" 1; - "~*screentoolkit" 1; - "~*seoexperimenty" 1; - "~*share-buttons" 1; - "~*share-buttons-for-free" 1; - "~*skelaxin" 1; - "~*social-buttons-" 1; - "~*social-traffic-" 1; - "~*suhagra" 1; - "~*syntryx" 1; - "~*t0phackteam" 1; - "~*titten" 1; - "~*tramadol" 1; - "~*tramidol" 1; - "~*trazodone" 1; - "~*valtrex" 1; - "~*viagra" 1; - "~*vibrators" 1; - "~*vicodin" 1; - "~*vvakhrin-ws1" 1; - "~*webfuck" 1; - "~*whipme" 1; - "~*whipping" 1; - "~*xanax" 1; - "~*xxxrus" 1; - "~*zanax" 1; - "~*zeroredirect" 1; - "~*zestoretic" 1; - "~*zithromax" 1; - "~*zoloft" 1; -# END BAD REFERER WORDS ### DO NOT EDIT THIS LINE AT ALL ### } # ************************ @@ -847,7 +760,7 @@ map $http_referer $bad_words { # Blocking of SEO company Semalt.com (now merged into this one section) # MIRAI Botnet Domains Used for Mass Attacks # Other known bad SEO companies and Ad Hijacking Sites -# Sites linked to malware, adware and ransomware +# Sites linked to malware, adware, clickjacking and ransomware # ***************** # PLEASE TEST !!!! @@ -895,14 +808,29 @@ map $http_referer $bad_referer { # GOOD REFERERS - Spared from Checking # ************************************ -# Add your own domain names here to spare them from referer checking (one per line) - # Use the new include file method so any further updates will no longer require you to - # have to keep putting your whitelisted domains here when updating. +# Add all your own web site domain names and server names in this section + +# WHITELIST Your Own Domain Names Here using the Include File Method + # New Method Uses the include file below so that when pulling future updates your + # whitelisted domain names are automatically now included for you. + # Read Comments inside whitelist-domains.conf for customization tips. + # Updating the main globalblacklist.conf file will not touch your custom include files # START WHITELISTED DOMAINS ### DO NOT EDIT THIS LINE AT ALL ### include /etc/nginx/bots.d/whitelist-domains.conf; # END WHITELISTED DOMAINS ### DO NOT EDIT THIS LINE AT ALL ### +# ******************************************* +# CUSTOM BAD REFERERS - Add your Own +# ******************************************* + +# Add any extra bad referers in the following include file to have them +# permanently included and blocked - avoid duplicates in your custom file + +# START CUSTOM BAD REFERRERS ### DO NOT EDIT THIS LINE AT ALL ### + include /etc/nginx/bots.d/custom-bad-referrers.conf; +# END CUSTOM BAD REFERRERS ### DO NOT EDIT THIS LINE AT ALL ### + # START BAD REFERERS ### DO NOT EDIT THIS LINE AT ALL ### "~*000free.us" 1; "~*007angels.com" 1; @@ -910,6 +838,8 @@ map $http_referer $bad_referer { "~*00go.com" 1; "~*00it.com" 1; "~*00webcams.com" 1; + "~*0912701309f8ce.com" 1; + "~*0c47f8422d3f.com" 1; "~*0n-line.tv" 1; "~*100dollars-seo.com" 1; "~*101billion.com" 1; @@ -935,6 +865,7 @@ map $http_referer $bad_referer { "~*1bet.com" 1; "~*1-free-share-buttons.com" 1; "~*1hwy.com" 1; + "~*1j7740kd.website" 1; "~*1kinobig.ru" 1; "~*1millionusd.xyz" 1; "~*1pamm.ru" 1; @@ -946,6 +877,7 @@ map $http_referer $bad_referer { "~*24videos.tv" 1; "~*24x7-server-support.site" 1; "~*256bit.by" 1; + "~*2728fb936f0.com" 1; "~*273-fz.ru" 1; "~*28n2gl3wfyb0.ru" 1; "~*2ads.co.uk" 1; @@ -973,12 +905,14 @@ map $http_referer $bad_referer { "~*5000-cotydzien.com" 1; "~*51.la" 1; "~*51unlim.ru" 1; + "~*55wmz.ru" 1; "~*57883.net" 1; "~*5elementov.ru" 1; "~*5forex.ru" 1; "~*5i2.net" 1; "~*5kstore.com" 1; "~*5u.com" 1; + "~*66cpwgln.space" 1; "~*6hopping.com" 1; "~*72-news.com" 1; "~*76brighton.co.uk" 1; @@ -995,6 +929,7 @@ map $http_referer $bad_referer { "~*8xv8.com" 1; "~*98oi.ru" 1; "~*999webdesign.com" 1; + "~*9icmzvn6.website" 1; "~*9med.net" 1; "~*a342ae9750004b14b55f7310eff0ab65.com" 1; "~*aa08daf7e13b6345e09e92f771507fa5f4.com" 1; @@ -1170,6 +1105,7 @@ map $http_referer $bad_referer { "~*apartmentbay.ru" 1; "~*apartmentratings.com" 1; "~*apartment.ru" 1; + "~*apccargo.com" 1; "~*apiadanaknet-a.akamaihd.net" 1; "~*apiallgeniusinfo-a.akamaihd.net" 1; "~*apiappenableinfo-a.akamaihd.net" 1; @@ -1195,6 +1131,7 @@ map $http_referer $bad_referer { "~*appfixing.space" 1; "~*appiq.mobi" 1; "~*appleid-verification.com" 1; + "~*applicationg29.com" 1; "~*app-ready.xyz" 1; "~*approved.su" 1; "~*appsaurus.com" 1; @@ -1209,9 +1146,11 @@ map $http_referer $bad_referer { "~*arcadeplayhouse.com" 1; "~*architecturebest.com" 1; "~*arclk.net" 1; + "~*arcteryxsale.online" 1; "~*arenanews.com.ua" 1; "~*arendakvartir.kz" 1; "~*arendas.net" 1; + "~*arendatora.ru" 1; "~*arenda-yeisk.ru" 1; "~*arendovalka.xyz" 1; "~*arkartex.ru" 1; @@ -1222,6 +1161,7 @@ map $http_referer $bad_referer { "~*aruplighting.com" 1; "~*as5000.com" 1; "~*asacopaco.tk" 1; + "~*asdfg.pro" 1; "~*asia-forum.ru" 1; "~*asmxsatadriverin.aircus.com" 1; "~*asophoto.com" 1; @@ -1301,6 +1241,7 @@ map $http_referer $bad_referer { "~*backlink4u.net" 1; "~*backlinkwatch.com" 1; "~*backuperwebcam.weebly.com" 1; + "~*bad-stars.net" 1; "~*baersaratov.ru" 1; "~*bag77.ru" 1; "~*bagcionderlab.com" 1; @@ -1341,7 +1282,9 @@ map $http_referer $bad_referer { "~*beauty-clinic.ru" 1; "~*beauty-things.com" 1; "~*becuo.com" 1; + "~*bedcapdealers.com" 1; "~*belinvestdom.by" 1; + "~*benchmarkcommunications.co.uk" 1; "~*bensbargains.net" 1; "~*berdasovivan.ru" 1; "~*berlininsl.com" 1; @@ -1368,6 +1311,7 @@ map $http_referer $bad_referer { "~*bestssaker.com" 1; "~*bestwebsiteawards.com" 1; "~*bestwebsitesawards.com" 1; + "~*bestwrinklecreamnow.com" 1; "~*betonka.pro" 1; "~*bet-prognoz.com" 1; "~*betterscooter.com" 1; @@ -1458,6 +1402,7 @@ map $http_referer $bad_referer { "~*brendbutik.ru" 1; "~*brewdom.ru" 1; "~*brg8.com" 1; + "~*brimstonehillfortress.org" 1; "~*bristolhostel.com" 1; "~*bristolhotel.com" 1; "~*bristolhotel.com.ua" 1; @@ -1466,6 +1411,7 @@ map $http_referer $bad_referer { "~*bronzeaid-a.akamaihd.net" 1; "~*brothers-smaller.ru" 1; "~*browsepulse-a.akamaihd.net" 1; + "~*browserprotecter.com" 1; "~*brus.city" 1; "~*brus-vsem.ru" 1; "~*bscodecs.com" 1; @@ -1520,6 +1466,7 @@ map $http_referer $bad_referer { "~*calcularpagerank.com" 1; "~*californianews.cf" 1; "~*callejondelpozo.es" 1; + "~*callmd5map.com" 1; "~*call-of-duty.info" 1; "~*calstaterealty.us" 1; "~*calvet.altervista.org" 1; @@ -1549,6 +1496,7 @@ map $http_referer $bad_referer { "~*carson.getenjoyment.net" 1; "~*carsplate.com" 1; "~*cartechnic.ru" 1; + "~*cartierlove2u.com" 1; "~*casablancamanor.co.za" 1; "~*cashkitten-a.akamaihd.net" 1; "~*cashonads.com" 1; @@ -1574,9 +1522,11 @@ map $http_referer $bad_referer { "~*centrumcoachingu.com" 1; "~*cercacamion.it" 1; "~*cezartabac.ro" 1; + "~*cfcl.co.uk" 1; "~*cfjump.com" 1; "~*cfsrating.sonicwall.com" 1; "~*cgi2.nintendo.co.jp" 1; + "~*charmstroy.info" 1; "~*chastnoeporno.com" 1; "~*chat.ru" 1; "~*chatseo.com" 1; @@ -1586,6 +1536,7 @@ map $http_referer $bad_referer { "~*cheapjerseysap.com" 1; "~*cheapjerseysbizwholesale.us" 1; "~*cheapjerseysfootballshop.com" 1; + "~*cheapmarmot.online" 1; "~*cheap-pills-norx.com" 1; "~*cheatcode-lita12.rhcloud.com" 1; "~*checkm8.com" 1; @@ -1651,6 +1602,7 @@ map $http_referer $bad_referer { "~*com-onlinesupport.host" 1; "~*com-onlinesupport.site" 1; "~*compliance-checker.info" 1; + "~*compucelunlock.net" 1; "~*com-secure.download" 1; "~*com-supportcenter.website" 1; "~*concealthyself.com" 1; @@ -1868,6 +1820,8 @@ map $http_referer $bad_referer { "~*e-collantes.com" 1; "~*e-commerce-seo1.com" 1; "~*e-commerce-seo.com" 1; + "~*ecommerce-seo.com" 1; + "~*ecommerce-seo.org" 1; "~*ecomp3.ru" 1; "~*econom.co" 1; "~*ecookna.com.ua" 1; @@ -2137,6 +2091,7 @@ map $http_referer $bad_referer { "~*foxydeal.com" 1; "~*freakycheats.com" 1; "~*freecamdollars.com" 1; + "~*free-fb-traffic.com" 1; "~*free-floating-buttons.com" 1; "~*freejabs.com" 1; "~*freelotto.com" 1; @@ -2157,6 +2112,7 @@ map $http_referer $bad_referer { "~*freewebs.com" 1; "~*freewhatsappload.com" 1; "~*freshberry.com.ua" 1; + "~*freshdz.com" 1; "~*freshmac.space" 1; "~*freshsuperbloop.com" 1; "~*freshwallpapers.info" 1; @@ -2358,6 +2314,7 @@ map $http_referer $bad_referer { "~*handsandlegs.ru" 1; "~*hanink.biz.ly" 1; "~*hasfun.com" 1; + "~*hatdc.org" 1; "~*hauleddes.com" 1; "~*havepussy.com" 1; "~*hayate.biz" 1; @@ -2398,6 +2355,7 @@ map $http_referer $bad_referer { "~*highland-homes.com" 1; "~*highstairs-a.akamaihd.net" 1; "~*histats.com" 1; + "~*histock.info" 1; "~*historichometeam.com" 1; "~*hitsbox.info" 1; "~*hiwibyh.bugs3.com" 1; @@ -2462,6 +2420,7 @@ map $http_referer $bad_referer { "~*hully.altervista.org" 1; "~*humanorightswatch.org" 1; "~*hundejo.com" 1; + "~*hunterboots.online" 1; "~*husky-shop.cz" 1; "~*hustoon.over-blog.com" 1; "~*hvd-store.com" 1; @@ -2531,11 +2490,13 @@ map $http_referer $bad_referer { "~*insta-add.pro" 1; "~*intelhdgraphicsgtdrive6w.metroblog.com" 1; "~*interesnie-faktu.ru" 1; + "~*interferencer.ru" 1; "~*interfucks.net" 1; "~*interior-stickers.ru" 1; "~*intermesh.net" 1; "~*internet-apteka.ru" 1; "~*internetartfair.com" 1; + "~*internetproviderstucson.com" 1; "~*intervsem.ru" 1; "~*intimshop-fantasy.ru" 1; "~*investingclub.ru" 1; @@ -2602,6 +2563,7 @@ map $http_referer $bad_referer { "~*jerseywholesalechinabiz.com" 1; "~*jerseywholesaleelitestore.com" 1; "~*jjbabskoe.ru" 1; + "~*joessmogtestonly.com" 1; "~*joingames.org" 1; "~*jongose.ninja" 1; "~*journalhome.com" 1; @@ -2718,6 +2680,7 @@ map $http_referer $bad_referer { "~*kwzf.net" 1; "~*labplus.ru" 1; "~*labvis.host.sk" 1; + "~*lacloop.info" 1; "~*ladov.ru" 1; "~*la-fa.ru" 1; "~*lafourmiliaire.com" 1; @@ -2790,6 +2753,7 @@ map $http_referer $bad_referer { "~*livetsomudvekslingstudent.bloggersdelight.dk" 1; "~*livingcanarias.com" 1; "~*livingroomdecor.info" 1; + "~*lkbennettstore.online" 1; "~*llastbuy.ru" 1; "~*lmrauction.com" 1; "~*loadopia.com" 1; @@ -2825,6 +2789,7 @@ map $http_referer $bad_referer { "~*macdamaged.space" 1; "~*macdamaged.tech" 1; "~*mackeeper-center.club" 1; + "~*mackeeper-land-672695126.us-east-1.elb.amazonaws.com" 1; "~*macnewtech.com" 1; "~*macresource.co.uk" 1; "~*madot.onlinewebshop.net" 1; @@ -2882,6 +2847,7 @@ map $http_referer $bad_referer { "~*mecash.ru" 1; "~*medanestesia.ru" 1; "~*meddesk.ru" 1; + "~*mediawhirl.net" 1; "~*medicinacom.ru" 1; "~*medicine-4u.org" 1; "~*medicines-choice.com" 1; @@ -2958,6 +2924,7 @@ map $http_referer $bad_referer { "~*mitrasound.ru" 1; "~*mixed-wrestling.ru" 1; "~*mixtapetorrent.com" 1; + "~*mlvc4zzw.space" 1; "~*mmog-play.ru" 1; "~*mmoguider.ru" 1; "~*mncrftpcs.com" 1; @@ -2987,6 +2954,7 @@ map $http_referer $bad_referer { "~*monitorwebsitespeed.com" 1; "~*monthlywinners.com" 1; "~*moomi-daeri.com" 1; + "~*morefastermac.trade" 1; "~*more-letom.ru" 1; "~*morepoweronmac.trade" 1; "~*morf.snn.gr" 1; @@ -3042,6 +3010,8 @@ map $http_referer $bad_referer { "~*muznachas-service.ru" 1; "~*muz-shoes.ru" 1; "~*muztops.ru" 1; + "~*mvpicton.co.uk" 1; + "~*mwtpludn.review" 1; "~*my-bc.ru" 1; "~*my-big-family.com" 1; "~*myblogregistercm.tk" 1; @@ -3053,6 +3023,7 @@ map $http_referer $bad_referer { "~*myfreemp3.eu" 1; "~*myfreetutorials.com" 1; "~*myftpupload.com" 1; + "~*mygameplus.com" 1; "~*myhealthcare.com" 1; "~*myhitmp3.club" 1; "~*myindospace.com" 1; @@ -3115,6 +3086,7 @@ map $http_referer $bad_referer { "~*nhl17coins.exblog.jp" 1; "~*nhl17coinsforps3.gratisblog.biz" 1; "~*nibbler.silktide.com" 1; + "~*nicefloor.co.uk" 1; "~*nicovideo.jp" 1; "~*nightvision746.weebly.com" 1; "~*niki-mlt.ru" 1; @@ -3128,6 +3100,7 @@ map $http_referer $bad_referer { "~*nootrino.com" 1; "~*nordstar.pro" 1; "~*normalegal.ru" 1; + "~*northfacestore.online" 1; "~*notaria-desalas.com" 1; "~*notebook-pro.ru" 1; "~*notfastfood.ru" 1; @@ -3138,6 +3111,7 @@ map $http_referer $bad_referer { "~*novosibirsk.xrus.org" 1; "~*novosti-hi-tech.ru" 1; "~*npoet.ru" 1; + "~*nrv.co.za" 1; "~*nsatc.net" 1; "~*nucia.biz.ly" 1; "~*nudepatch.net" 1; @@ -3355,6 +3329,7 @@ map $http_referer $bad_referer { "~*popads.net" 1; "~*popander.mobi" 1; "~*popcash.net" 1; + "~*popserve.adscpm.net" 1; "~*poptool.net" 1; "~*popup-fdm.xyz" 1; "~*popup-hgd.xyz" 1; @@ -3409,6 +3384,7 @@ map $http_referer $bad_referer { "~*prchecker.info" 1; "~*preparevideosafesystem4unow.site" 1; "~*preparevideosafesystem4unow.space" 1; + "~*pretty-mart.com" 1; "~*pricheski-video.com" 1; "~*printdirectforless.com" 1; "~*printingpeach.com" 1; @@ -3472,6 +3448,7 @@ map $http_referer $bad_referer { "~*psvita.ru" 1; "~*publiccasinoil.com" 1; "~*pufip.com" 1; + "~*pukaporn.com" 1; "~*pulse33.ru" 1; "~*purchasepillsnorx.com" 1; "~*purplesphere.in" 1; @@ -3509,7 +3486,9 @@ map $http_referer $bad_referer { "~*rada.ru" 1; "~*radiogambling.com" 1; "~*ragecash.com" 1; + "~*rainbowice.ru" 1; "~*raisedseo.com" 1; + "~*randki-sex.com" 1; "~*rank-checker.online" 1; "~*rankchecker.online" 1; "~*ranking2017.ga" 1; @@ -3564,6 +3543,7 @@ map $http_referer $bad_referer { "~*remont-ustanovka-tehniki.ru" 1; "~*remorcicomerciale.ro" 1; "~*remote-dba.de" 1; + "~*renecaovilla.online" 1; "~*rentalmaty.kz" 1; "~*rentehno.ru" 1; "~*repeatlogo.co.uk" 1; @@ -3594,6 +3574,7 @@ map $http_referer $bad_referer { "~*rockingclicks.com" 1; "~*roleforum.ru" 1; "~*roma-kukareku.livejournal.com" 1; + "~*roofers.org.uk" 1; "~*rootandroid.org" 1; "~*ros-ctm.ru" 1; "~*rospromtest.ru" 1; @@ -3754,6 +3735,8 @@ map $http_referer $bad_referer { "~*seo-tools-optimizing.com" 1; "~*serialsway.ucoz.ru" 1; "~*serptehnika.ru" 1; + "~*service-core.ru" 1; + "~*servingnotice.com" 1; "~*servisural.ru" 1; "~*seryeznie-znakomstva.ru" 1; "~*sethrollins.net" 1; @@ -4055,6 +4038,7 @@ map $http_referer $bad_referer { "~*telegraf.by" 1; "~*telegramdownload10.com" 1; "~*telesvoboda.ru" 1; + "~*telsis.com" 1; "~*template-kid.com" 1; "~*tennis-img.org" 1; "~*terraclicks.com" 1; @@ -4163,6 +4147,7 @@ map $http_referer $bad_referer { "~*top250movies.ru" 1; "~*topads.men" 1; "~*topappspro.com" 1; + "~*topbestgames.com" 1; "~*topclickguru.com" 1; "~*top-karkas.ru" 1; "~*topmira.com" 1; @@ -4183,6 +4168,7 @@ map $http_referer $bad_referer { "~*toys.erolove.in" 1; "~*tozup.com" 1; "~*tpu.ru" 1; + "~*track-rankings.online" 1; "~*tracksz.co" 1; "~*tradedeals.biz" 1; "~*trafaret74.ru" 1; @@ -4212,6 +4198,7 @@ map $http_referer $bad_referer { "~*trustedmaccleaner.com" 1; "~*tsan.net" 1; "~*tsstcorpcddvdwshbbdriverfb.aircus.com" 1; + "~*ttrraacckkrr.com" 1; "~*tube8.com" 1; "~*tuberkulezanet.ru" 1; "~*tuberkuleznik.ru" 1; @@ -4289,6 +4276,7 @@ map $http_referer $bad_referer { "~*usdx.us" 1; "~*userequip.com" 1; "~*ussearche.cf" 1; + "~*usswrite.com" 1; "~*ustion.ru" 1; "~*utrolive.ru" 1; "~*uvozdeckych.info" 1; @@ -4501,6 +4489,7 @@ map $http_referer $bad_referer { "~*wonderfulflowers.biz" 1; "~*wordpresscore.com" 1; "~*wordpress-crew.net" 1; + "~*word-vorlagen.net" 1; "~*works.if.ua" 1; "~*worldhistory.biz" 1; "~*worldis.me" 1; @@ -4604,6 +4593,7 @@ map $http_referer $bad_referer { "~*xvideosbay.com" 1; "~*xwatt.ru" 1; "~*xxart.ru" 1; + "~*xxlargepop.com" 1; "~*xxxdatinglocal.us" 1; "~*xxxguitars.com" 1; "~*xxxnatelefon.ru" 1; @@ -4630,6 +4620,7 @@ map $http_referer $bad_referer { "~*youdesigner.kz" 1; "~*yougetsignal.com" 1; "~*youghbould.wordpress.com" 1; + "~*yougotanewdomain.com" 1; "~*youjizz.vc" 1; "~*youporn-forum.ga" 1; "~*youporn-forum.uni.me" 1; @@ -4643,6 +4634,7 @@ map $http_referer $bad_referer { "~*yoursite.com" 1; "~*youtoner.it" 1; "~*youtubedownload.org" 1; + "~*yuantuo.co.jp" 1; "~*yuarra.pluto.ro" 1; "~*yubikk.info" 1; "~*yugk.net" 1; @@ -4741,11 +4733,12 @@ geo $validate_client { # Whitelist all your OWN IP addresses # *********************************** -# Whitelist all your own IP addresses from any validate_client checks -# Add all your IP addresses and ranges below (one per line) - # Use the new include file method so any further updates will no longer require you to - # have to keep putting your whitelisted IP addresses here when updating. - +# WHITELIST all your own IP addresses using the include file below. + # New Method Uses the include file below so that when pulling future updates your + # whitelisted IP addresses are automatically now included for you. + # Read Comments inside whitelist-ips.conf for customization tips. + # Updating the main globalblacklist.conf file will not touch your custom include files + # START WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### include /etc/nginx/bots.d/whitelist-ips.conf; # END WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### @@ -4824,61 +4817,6 @@ geo $validate_client { 2a06:98c0::/29 0; 2c0f:f248::/32 0; # END CLOUDFLARE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### - -# Cyveillance / Qwest Communications -# ********************************** -# I am extensively researching this subject - appears to be US government involved -# and also appears to be used by all sorts of law enforcement agencies. For one they -# do not obey robots.txt and continually disguise their User-Agent strings. Time will -# tell if this is all correct or not. -# For now see - https://en.wikipedia.org/wiki/Cyveillance - -# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!! -# ********************************************************** -# I have done a lot of research on Cyveillance now and through monitoring my logs I know -# for sure what companies are using them and what they are actually looking for. -# My research has led me to understand that Cyveillance services are used by hundreds -# of companies to help them dicsover theft of copyrighted materials like images, movies -# music and other materials. I personally believe a lot of block lists who originally recommended -# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned. -# I personally have now unblocked them as image theft is a big problem of mine but if you -# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1" -# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft. - -# If you really do want to block them change all the 0's below to 1. - -# START CYVEILLANCE BLOCK ### DO NOT EDIT THIS LINE AT ALL ### - 38.100.19.8/29 0; - 38.100.21.0/24 0; - 38.100.41.64/26 0; - 38.105.71.0/25 0; - 38.105.83.0/27 0; - 38.112.21.140/30 0; - 38.118.42.32/29 0; - 63.144.0.0/13 0; - 65.112.0.0/12 0; - 65.213.208.128/27 0; - 65.222.176.96/27 0; - 65.222.185.72/29 0; -# END CYVEILLANCE BLOCK ### DO NOT EDIT THIS LINE AT ALL ### - -# **************** -# Berkely Scanner -# **************** - -# The Berkeley University has a scanner testing all over the web sending a complex -# payload an expecting a reply from servers who are infected or who just respond to such -# a payload. The payload looks similar to this -# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-" -# and is sometime VERY long. You may have noticed this in your logs. -# I support research projects and all my servers respond with an error to this type of -# string so I do not block them but if you want to block just uncomment the following line -# or email them asking them not to scan your server. They do respond. -# Visit http://169.229.3.91/ for more info - -# START BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ### - 169.229.3.91 0; -# END BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ### # ************************* # Wordpress Theme Detectors @@ -4933,138 +4871,35 @@ geo $validate_client { # **************************** # Known Bad IP's and IP Ranges -# **************************** +# ************************************************* +# Blacklist IP addresses and IP Ranges Customizable +# ************************************************* -# Add any other IPs or Subnets here that you wish to block -# Although any permanent blocks should be done using Fail2Ban and IPTables and not -# hampering down Nginx with all the checks against perma-banned IP's +# BLACKLIST all your IP addresses and Ranges using the new include file below. + # New Method Uses the include file below so that when pulling future updates your + # Custom Blacklisted IP addresses are automatically now included for you. + # Read Comments inside blacklist-ips.conf for customization tips. + # Updating the main globalblacklist.conf file will not touch your custom include files + +# START BLACKLISTED IPS ### DO NOT EDIT THIS LINE AT ALL ### + include /etc/nginx/bots.d/blacklist-ips.conf; +# END BLACKLISTED IPS ### DO NOT EDIT THIS LINE AT ALL ### -# START BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### - 104.223.37.150 1; - 104.5.92.27 1; - 109.236.83.247 1; - 137.74.49.205 1; - 137.74.49.208 1; - 146.0.74.150 1; - 148.251.54.44 1; - 149.56.151.180 1; - 149.56.232.146 1; - 150.70.0.0/16 1; - 151.80.27.90 1; - 151.80.99.90 1; - 151.80.99.91 1; - 154.16.199.144 1; - 154.16.199.34 1; - 154.16.199.48 1; - 154.16.199.78 1; - 158.69.142.34 1; - 166.62.80.172 1; - 173.212.192.219 1; - 173.234.11.105 1; - 173.234.153.106 1; - 173.234.153.30 1; - 173.234.175.68 1; - 173.234.31.9 1; - 173.234.38.25 1; - 176.126.245.213 1; - 178.238.234.1 1; - 185.100.87.238 1; - 185.115.125.99 1; - 185.119.81.11 1; - 185.119.81.63 1; - 185.119.81.77 1; - 185.119.81.78 1; - 185.130.225.65 1; - 185.130.225.66 1; - 185.130.225.83 1; - 185.130.225.90 1; - 185.130.225.94 1; - 185.130.225.95 1; - 185.130.226.105 1; - 185.153.197.103 1; - 185.159.36.6 1; - 185.47.62.199 1; - 185.62.190.38 1; - 185.70.105.161 1; - 185.70.105.164 1; - 185.85.239.156 1; - 185.85.239.157 1; - 185.86.13.213 1; - 185.86.5.199 1; - 185.86.5.212 1; - 185.92.72.88 1; - 185.93.185.11 1; - 185.93.185.12 1; - 188.209.52.101 1; - 190.152.223.27 1; - 191.96.249.29 1; - 192.69.89.173 1; - 193.201.224.205 1; - 195.154.183.190 1; - 195.229.241.174 1; - 210.212.194.60 1; - 216.218.147.194 1; - 220.227.234.129 1; - 23.253.230.158 1; - 23.89.159.176 1; - 31.170.160.209 1; - 45.32.186.11 1; - 45.76.21.179 1; - 46.249.38.145 1; - 46.249.38.146 1; - 46.249.38.148 1; - 46.249.38.149 1; - 46.249.38.150 1; - 46.249.38.151 1; - 46.249.38.152 1; - 46.249.38.153 1; - 46.249.38.154 1; - 46.249.38.159 1; - 51.255.172.22 1; - 5.39.218.232 1; - 5.39.219.24 1; - 5.39.222.18 1; - 5.39.223.134 1; - 54.213.16.154 1; - 54.213.9.111 1; - 62.210.146.49 1; - 62.210.88.4 1; - 65.98.91.181 1; - 69.162.124.237 1; - 69.64.147.24 1; - 72.8.183.202 1; - 77.247.178.191 1; - 77.247.178.47 1; - 77.247.181.219 1; - 78.31.184.0/21 1; - 78.31.211.0/24 1; - 80.87.205.10 1; - 80.87.205.11 1; - 85.17.230.23 1; - 85.17.26.68 1; - 91.185.190.172 1; - 91.200.12.0/22 1; - 91.200.12.15 1; - 91.200.12.49 1; - 91.200.12.91 1; - 92.222.66.137 1; - 93.104.209.11 1; - 93.158.200.103 1; - 93.158.200.105 1; - 93.158.200.115 1; - 93.158.200.124 1; - 93.158.200.126 1; - 93.158.200.66 1; - 93.158.200.68 1; -# END BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ### } # Keep own IPs out of DDOS Filter # Add your own IP addresses and ranges below to spare them from the rate # limiting DDOS filter (one per line) +# This now automatically includes the whitelist-ips.conf file so you only +# need to edit that include file and have it include here too for you + geo $ratelimited { default 1; - 127.0.0.1 0; + +# START WHITELISTED IP RANGES2 ### DO NOT EDIT THIS LINE AT ALL ### + include /etc/nginx/bots.d/whitelist-ips.conf; +# END WHITELISTED IP RANGES2 ### DO NOT EDIT THIS LINE AT ALL ### + } # ***************************************** diff --git a/conf.d/globalblacklist.conf b/conf.d/globalblacklist.conf index 894e67748..ad94e3890 100644 --- a/conf.d/globalblacklist.conf +++ b/conf.d/globalblacklist.conf @@ -17,11 +17,11 @@ ### - https://github.com/oohnoitz/nginx-blacklist ### Last Updated -### Fri Apr 21 10:02:22 SAST 2017 +### Fri Apr 21 10:18:03 SAST 2017 ### End Last Updated ### Generated in -### 0.265996217728 seconds +### 0.261167287827 seconds ### End Generated in ### Tested on: nginx/1.10.0 (Ubuntu 16.04) diff --git a/travisCI/globalblacklist.tpl.conf b/travisCI/globalblacklist.tpl.conf index 7783d51fe..d96408be9 100644 --- a/travisCI/globalblacklist.tpl.conf +++ b/travisCI/globalblacklist.tpl.conf @@ -17,11 +17,11 @@ ### - https://github.com/oohnoitz/nginx-blacklist ### Last Updated -### Fri Apr 21 10:02:22 SAST 2017 +### Fri Apr 21 10:18:03 SAST 2017 ### End Last Updated ### Generated in -### 0.265996217728 seconds +### 0.261167287827 seconds ### End Generated in ### Tested on: nginx/1.10.0 (Ubuntu 16.04)