vikarti.anatra/nginx-ultimate-bad-bot-blocker
1
0
Fork 0
mirror of https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git synced 2025-09-02 02:29:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Version 2.2017.07 - MAJOR VERSION UPDATE

Browse source
This commit is contained in:
Mitchell Krog UB1 2017-04-20 14:31:18 +02:00
parent b2553bb5c4
commit f82cc6c3d5
26 changed files with 1075 additions and 593 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.travis.yml
View file

@ -50,6 +50,9 @@ deploy:
- "bots.d/whitelist-ips.conf"
- "bots.d/whitelist-domains.conf"
- "bots.d/blacklist-user-agents.conf"
- "bots.d/bad-referrer-words.conf"
- "bots.d/custom-bad-referrers.conf.conf"
- "bots.d/blacklist-ips.conf.conf"
skip_cleanup: true
on:
repo: mitchellkrogza/nginx-ultimate-bad-bot-blocker

103
Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/bots.d/bad-referrer-words.conf Normal file
View file

@ -0,0 +1,103 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
"~*adultgalls" 1;
"~*advair" 1;
"~*allegra" 1;
"~*allopurinol" 1;
"~*amantadine" 1;
"~*amateurxpass" 1;
"~*ambien" 1;
"~*amitriptyline" 1;
"~*amoxicillin" 1;
"~*anafranil" 1;
"~*asshole" 1;
"~*atenolol" 1;
"~*avalide" 1;
"~*baccarat" 1;
"~*beastiality" 1;
"~*bestiality" 1;
"~*bigblackbooty" 1;
"~*bithack" 1;
"~*blackjack" 1;
"~*blacktits" 1;
"~*blogincome" 1;
"~*blowjob" 1;
"~*bontril" 1;
"~*camgirls" 1;
"~*cephalexin" 1;
"~*cialis" 1;
"~*cookie-law-enforcement" 1;
"~*cunt" 1;
"~*dapoxetine" 1;
"~*diclofenac" 1;
"~*dildos" 1;
"~*effexor" 1;
"~*fluoxetine" 1;
"~*free-share-buttons" 1;
"~*free-social-buttons" 1;
"~*fuck" 1;
"~*fuck-paid-share-buttons" 1;
"~*gaygalls" 1;
"~*gaysex" 1;
"~*getamateurs" 1;
"~*glucophage" 1;
"~*holdem" 1;
"~*hold-em" 1;
"~*hydrochlorothiazide" 1;
"~*iconsurf" 1;
"~*ilovevitaly" 1;
"~*incest" 1;
"~*internetsupervision" 1;
"~*law-enforcement-bot" 1;
"~*law-enforcement-check" 1;
"~*lesbian" 1;
"~*levitra" 1;
"~*lipitor" 1;
"~*livesex" 1;
"~*makemoneyonline" 1;
"~*make-money-online" 1;
"~*medikament" 1;
"~*monetisetrk" 1;
"~*myftpupload" 1;
"~*nudeceleb" 1;
"~*oralsex" 1;
"~*paxil" 1;
"~*phentermine" 1;
"~*prednisone" 1;
"~*pussy" 1;
"~*screentoolkit" 1;
"~*seoexperimenty" 1;
"~*share-buttons" 1;
"~*share-buttons-for-free" 1;
"~*skelaxin" 1;
"~*social-buttons-" 1;
"~*social-traffic-" 1;
"~*suhagra" 1;
"~*syntryx" 1;
"~*t0phackteam" 1;
"~*titten" 1;
"~*tramadol" 1;
"~*tramidol" 1;
"~*trazodone" 1;
"~*valtrex" 1;
"~*viagra" 1;
"~*vibrators" 1;
"~*vicodin" 1;
"~*vvakhrin-ws1" 1;
"~*webfuck" 1;
"~*whipme" 1;
"~*whipping" 1;
"~*xanax" 1;
"~*xxxrus" 1;
"~*zanax" 1;
"~*zeroredirect" 1;
"~*zestoretic" 1;
"~*zithromax" 1;
"~*zoloft" 1;

176
Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/bots.d/blacklist-ips.conf Normal file
View file

@ -0,0 +1,176 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's
104.223.37.150 1;
104.5.92.27 1;
109.236.83.247 1;
137.74.49.205 1;
137.74.49.208 1;
146.0.74.150 1;
148.251.54.44 1;
149.56.151.180 1;
149.56.232.146 1;
150.70.0.0/16 1;
151.80.27.90 1;
151.80.99.90 1;
151.80.99.91 1;
154.16.199.144 1;
154.16.199.34 1;
154.16.199.48 1;
154.16.199.78 1;
158.69.142.34 1;
166.62.80.172 1;
173.212.192.219 1;
173.234.11.105 1;
173.234.153.106 1;
173.234.153.30 1;
173.234.175.68 1;
173.234.31.9 1;
173.234.38.25 1;
176.126.245.213 1;
178.238.234.1 1;
185.100.87.238 1;
185.115.125.99 1;
185.119.81.11 1;
185.119.81.63 1;
185.119.81.77 1;
185.119.81.78 1;
185.130.225.65 1;
185.130.225.66 1;
185.130.225.83 1;
185.130.225.90 1;
185.130.225.94 1;
185.130.225.95 1;
185.130.226.105 1;
185.153.197.103 1;
185.159.36.6 1;
185.47.62.199 1;
185.62.190.38 1;
185.70.105.161 1;
185.70.105.164 1;
185.85.239.156 1;
185.85.239.157 1;
185.86.13.213 1;
185.86.5.199 1;
185.86.5.212 1;
185.92.72.88 1;
185.93.185.11 1;
185.93.185.12 1;
188.209.52.101 1;
190.152.223.27 1;
191.96.249.29 1;
192.69.89.173 1;
193.201.224.205 1;
195.154.183.190 1;
195.229.241.174 1;
210.212.194.60 1;
216.218.147.194 1;
220.227.234.129 1;
23.253.230.158 1;
23.89.159.176 1;
31.170.160.209 1;
45.32.186.11 1;
45.76.21.179 1;
46.249.38.145 1;
46.249.38.146 1;
46.249.38.148 1;
46.249.38.149 1;
46.249.38.150 1;
46.249.38.151 1;
46.249.38.152 1;
46.249.38.153 1;
46.249.38.154 1;
46.249.38.159 1;
51.255.172.22 1;
5.39.218.232 1;
5.39.219.24 1;
5.39.222.18 1;
5.39.223.134 1;
54.213.16.154 1;
54.213.9.111 1;
62.210.146.49 1;
62.210.88.4 1;
65.98.91.181 1;
69.162.124.237 1;
69.64.147.24 1;
72.8.183.202 1;
77.247.178.191 1;
77.247.178.47 1;
77.247.181.219 1;
78.31.184.0/21 1;
78.31.211.0/24 1;
80.87.205.10 1;
80.87.205.11 1;
85.17.230.23 1;
85.17.26.68 1;
91.185.190.172 1;
91.200.12.0/22 1;
91.200.12.15 1;
91.200.12.49 1;
91.200.12.91 1;
92.222.66.137 1;
93.104.209.11 1;
93.158.200.103 1;
93.158.200.105 1;
93.158.200.115 1;
93.158.200.124 1;
93.158.200.126 1;
93.158.200.66 1;
93.158.200.68 1;
# Cyveillance / Qwest Communications
# **********************************
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
38.100.19.8/29 0;
38.100.21.0/24 0;
38.100.41.64/26 0;
38.105.71.0/25 0;
38.105.83.0/27 0;
38.112.21.140/30 0;
38.118.42.32/29 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.213.208.128/27 0;
65.222.176.96/27 0;
65.222.185.72/29 0;
# ****************
# Berkely Scanner
# ****************
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# If you really do want to block them change all the 0 below to 1.
169.229.3.91 0;

6
Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/bots.d/blacklist-user-agents.conf Executable file → Normal file
View file

@ -1,6 +1,10 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR ###
# Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block
# This is for User-Agents that are not included in the main list of the bot blocker
# This file must exist on your system or Nginx will fail a reload due to a missing file
# This allows you finer control of keeping certain bots blocked and automatic updates will
# Never be able to remove this custom list of yours
"~*mybaduseragentname" 3;
"~*someverybaduseragentname1" 3;
"~*someverybaduseragentname2" 3;

10
Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/bots.d/custom-bad-referrers.conf Normal file
View file

@ -0,0 +1,10 @@
# EDIT THIS FILE AS YOU LIKE TO ADD ANY ADDITIONAL BAD REFERRER DOMAINS YOU WANT TO SCAN FOR ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Only add one entry per line
"~*someveryveryrandomwebsitenamethatdoesnotexist1.com" 1;
"~*someveryveryrandomwebsitenamethatdoesnotexist2.com" 1;
"~*someveryveryrandomwebsitenamethatdoesnotexist3.com" 1;

11
Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/bots.d/whitelist-domains.conf Executable file → Normal file
View file

@ -1,2 +1,9 @@
# Add One Entry Per Line - List all the domains of the web sites you run on your Nginx to spare them from referrer checking
"~*mydomain.com" 0;
# EDIT THIS FILE AS YOU LIKE TO WHITELIST YOUR OWN DOMAIN NAMES AND SPARE THEM FROM ANY REFERRER CHECKING ###
# Add One Entry Per Line - List all your own domains of the sites you host on the server
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
"~*myfirstowndomainname.com" 0;
"~*mysecondowndomainname.com" 0;

8
Engintron_for_cPanel_WHM_Configuration_Example/etc/nginx/bots.d/whitelist-ips.conf Executable file → Normal file
View file

@ -1,2 +1,8 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST ALL YOUR IP ADDRESSES AND IP RANGES ###
# Add One Entry Per Line - List all your IP's and IP Ranges you want to whitelist
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line - Can Include Ranges like 127.0.0.1/32
127.0.0.1 0;
127.0.0.1 0;

1
Pull_Requests_Here_Please/badreferers.list
View file

@ -2687,6 +2687,7 @@ remontbiz.ru
remontgruzovik.ru
remorcicomerciale.ro
remote-dba.de
renecaovilla.online
rentalmaty.kz
rentehno.ru
repeatlogo.co.uk

103
bots.d/bad-referrer-words.conf Normal file
View file

@ -0,0 +1,103 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
"~*adultgalls" 1;
"~*advair" 1;
"~*allegra" 1;
"~*allopurinol" 1;
"~*amantadine" 1;
"~*amateurxpass" 1;
"~*ambien" 1;
"~*amitriptyline" 1;
"~*amoxicillin" 1;
"~*anafranil" 1;
"~*asshole" 1;
"~*atenolol" 1;
"~*avalide" 1;
"~*baccarat" 1;
"~*beastiality" 1;
"~*bestiality" 1;
"~*bigblackbooty" 1;
"~*bithack" 1;
"~*blackjack" 1;
"~*blacktits" 1;
"~*blogincome" 1;
"~*blowjob" 1;
"~*bontril" 1;
"~*camgirls" 1;
"~*cephalexin" 1;
"~*cialis" 1;
"~*cookie-law-enforcement" 1;
"~*cunt" 1;
"~*dapoxetine" 1;
"~*diclofenac" 1;
"~*dildos" 1;
"~*effexor" 1;
"~*fluoxetine" 1;
"~*free-share-buttons" 1;
"~*free-social-buttons" 1;
"~*fuck" 1;
"~*fuck-paid-share-buttons" 1;
"~*gaygalls" 1;
"~*gaysex" 1;
"~*getamateurs" 1;
"~*glucophage" 1;
"~*holdem" 1;
"~*hold-em" 1;
"~*hydrochlorothiazide" 1;
"~*iconsurf" 1;
"~*ilovevitaly" 1;
"~*incest" 1;
"~*internetsupervision" 1;
"~*law-enforcement-bot" 1;
"~*law-enforcement-check" 1;
"~*lesbian" 1;
"~*levitra" 1;
"~*lipitor" 1;
"~*livesex" 1;
"~*makemoneyonline" 1;
"~*make-money-online" 1;
"~*medikament" 1;
"~*monetisetrk" 1;
"~*myftpupload" 1;
"~*nudeceleb" 1;
"~*oralsex" 1;
"~*paxil" 1;
"~*phentermine" 1;
"~*prednisone" 1;
"~*pussy" 1;
"~*screentoolkit" 1;
"~*seoexperimenty" 1;
"~*share-buttons" 1;
"~*share-buttons-for-free" 1;
"~*skelaxin" 1;
"~*social-buttons-" 1;
"~*social-traffic-" 1;
"~*suhagra" 1;
"~*syntryx" 1;
"~*t0phackteam" 1;
"~*titten" 1;
"~*tramadol" 1;
"~*tramidol" 1;
"~*trazodone" 1;
"~*valtrex" 1;
"~*viagra" 1;
"~*vibrators" 1;
"~*vicodin" 1;
"~*vvakhrin-ws1" 1;
"~*webfuck" 1;
"~*whipme" 1;
"~*whipping" 1;
"~*xanax" 1;
"~*xxxrus" 1;
"~*zanax" 1;
"~*zeroredirect" 1;
"~*zestoretic" 1;
"~*zithromax" 1;
"~*zoloft" 1;

176
bots.d/blacklist-ips.conf Normal file
View file

@ -0,0 +1,176 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's
104.223.37.150 1;
104.5.92.27 1;
109.236.83.247 1;
137.74.49.205 1;
137.74.49.208 1;
146.0.74.150 1;
148.251.54.44 1;
149.56.151.180 1;
149.56.232.146 1;
150.70.0.0/16 1;
151.80.27.90 1;
151.80.99.90 1;
151.80.99.91 1;
154.16.199.144 1;
154.16.199.34 1;
154.16.199.48 1;
154.16.199.78 1;
158.69.142.34 1;
166.62.80.172 1;
173.212.192.219 1;
173.234.11.105 1;
173.234.153.106 1;
173.234.153.30 1;
173.234.175.68 1;
173.234.31.9 1;
173.234.38.25 1;
176.126.245.213 1;
178.238.234.1 1;
185.100.87.238 1;
185.115.125.99 1;
185.119.81.11 1;
185.119.81.63 1;
185.119.81.77 1;
185.119.81.78 1;
185.130.225.65 1;
185.130.225.66 1;
185.130.225.83 1;
185.130.225.90 1;
185.130.225.94 1;
185.130.225.95 1;
185.130.226.105 1;
185.153.197.103 1;
185.159.36.6 1;
185.47.62.199 1;
185.62.190.38 1;
185.70.105.161 1;
185.70.105.164 1;
185.85.239.156 1;
185.85.239.157 1;
185.86.13.213 1;
185.86.5.199 1;
185.86.5.212 1;
185.92.72.88 1;
185.93.185.11 1;
185.93.185.12 1;
188.209.52.101 1;
190.152.223.27 1;
191.96.249.29 1;
192.69.89.173 1;
193.201.224.205 1;
195.154.183.190 1;
195.229.241.174 1;
210.212.194.60 1;
216.218.147.194 1;
220.227.234.129 1;
23.253.230.158 1;
23.89.159.176 1;
31.170.160.209 1;
45.32.186.11 1;
45.76.21.179 1;
46.249.38.145 1;
46.249.38.146 1;
46.249.38.148 1;
46.249.38.149 1;
46.249.38.150 1;
46.249.38.151 1;
46.249.38.152 1;
46.249.38.153 1;
46.249.38.154 1;
46.249.38.159 1;
51.255.172.22 1;
5.39.218.232 1;
5.39.219.24 1;
5.39.222.18 1;
5.39.223.134 1;
54.213.16.154 1;
54.213.9.111 1;
62.210.146.49 1;
62.210.88.4 1;
65.98.91.181 1;
69.162.124.237 1;
69.64.147.24 1;
72.8.183.202 1;
77.247.178.191 1;
77.247.178.47 1;
77.247.181.219 1;
78.31.184.0/21 1;
78.31.211.0/24 1;
80.87.205.10 1;
80.87.205.11 1;
85.17.230.23 1;
85.17.26.68 1;
91.185.190.172 1;
91.200.12.0/22 1;
91.200.12.15 1;
91.200.12.49 1;
91.200.12.91 1;
92.222.66.137 1;
93.104.209.11 1;
93.158.200.103 1;
93.158.200.105 1;
93.158.200.115 1;
93.158.200.124 1;
93.158.200.126 1;
93.158.200.66 1;
93.158.200.68 1;
# Cyveillance / Qwest Communications
# **********************************
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
38.100.19.8/29 0;
38.100.21.0/24 0;
38.100.41.64/26 0;
38.105.71.0/25 0;
38.105.83.0/27 0;
38.112.21.140/30 0;
38.118.42.32/29 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.213.208.128/27 0;
65.222.176.96/27 0;
65.222.185.72/29 0;
# ****************
# Berkely Scanner
# ****************
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# If you really do want to block them change all the 0 below to 1.
169.229.3.91 0;

6
bots.d/blacklist-user-agents.conf
View file

@ -1,6 +1,10 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR ###
# Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block
# This is for User-Agents that are not included in the main list of the bot blocker
# This file must exist on your system or Nginx will fail a reload due to a missing file
# This allows you finer control of keeping certain bots blocked and automatic updates will
# Never be able to remove this custom list of yours
"~*mybaduseragentname" 3;
"~*someverybaduseragentname1" 3;
"~*someverybaduseragentname2" 3;

10
bots.d/custom-bad-referrers.conf Normal file
View file

@ -0,0 +1,10 @@
# EDIT THIS FILE AS YOU LIKE TO ADD ANY ADDITIONAL BAD REFERRER DOMAINS YOU WANT TO SCAN FOR ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Only add one entry per line
"~*someveryveryrandomwebsitenamethatdoesnotexist1.com" 1;
"~*someveryveryrandomwebsitenamethatdoesnotexist2.com" 1;
"~*someveryveryrandomwebsitenamethatdoesnotexist3.com" 1;

11
bots.d/whitelist-domains.conf
View file

@ -1,2 +1,9 @@
# Add One Entry Per Line - List all the domains of the web sites you run on your Nginx to spare them from referrer checking
"~*mydomain.com" 0;
# EDIT THIS FILE AS YOU LIKE TO WHITELIST YOUR OWN DOMAIN NAMES AND SPARE THEM FROM ANY REFERRER CHECKING ###
# Add One Entry Per Line - List all your own domains of the sites you host on the server
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
"~*myfirstowndomainname.com" 0;
"~*mysecondowndomainname.com" 0;

8
bots.d/whitelist-ips.conf
View file

@ -1,2 +1,8 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST ALL YOUR IP ADDRESSES AND IP RANGES ###
# Add One Entry Per Line - List all your IP's and IP Ranges you want to whitelist
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line - Can Include Ranges like 127.0.0.1/32
127.0.0.1 0;
127.0.0.1 0;

356
conf.d/globalblacklist.conf
View file

@ -2,7 +2,7 @@
### THE ULTIMATE NGINX BAD BOT BLOCKER
### **********************************
### Version 2.2017.06
### Version 2.2017.07
### This file implements a checklist / blacklist for good user agents, bad user agents and
### bad referrers. It also has whitelisting for your own IP's and known good IP Ranges
@ -17,11 +17,11 @@
### - https://github.com/oohnoitz/nginx-blacklist
### Last Updated
### Thu Apr 20 12:32:25 SAST 2017
### Thu Apr 20 14:31:18 SAST 2017
### End Last Updated
### Generated in
### 0.311395645142 seconds
### 0.269454717636 seconds
### End Generated in
### Tested on: nginx/1.10.0 (Ubuntu 16.04)
@ -205,9 +205,11 @@ map $http_user_agent $bad_bot {
# ***********************************************
# Include your Own Custom List of Bad User Agents
# ***********************************************
# use the include file below to further customize your own list of additional
# user-agents you wish to permanently block
# START BLACKLISTED USER AGENTS ### DO NOT EDIT THIS LINE AT ALL ###
include /etc/nginx/bots.d/blacklist-user-agents.conf;
include /etc/nginx/bots.d/blacklist-user-agents.conf;
# END BLACKLISTED USER AGENTS ### DO NOT EDIT THIS LINE AT ALL ###
# START BAD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
@ -729,107 +731,21 @@ map $http_user_agent $bad_bot {
map $http_referer $bad_words {
default 0;
# ************************
# Bad Referer Single Words
# ************************
# These are Words and Terms often found tagged onto domains or within url query strings.
# *************************
# Bad Referer Word Scanning
# *************************
# These are Words and Terms often found tagged onto domains or within url query strings.
# Create and Customize Your Own Bad Referrer Words Here using the new Include File Method
# New Method Uses the include file below so that when pulling future updates your
# customized list of bad referrer words are automatically now included for you
# Read Comments inside bad-referrer-words.conf for customization tips.
# Updating the main globalblacklist.conf file will not touch your custom include files
# START CUSTOM BAD REFERRER WORDS ### DO NOT EDIT THIS LINE AT ALL ###
include /etc/nginx/bots.d/bad-referrer-words.conf;
# END CUSTOM BAD REFERRER WORDS ### DO NOT EDIT THIS LINE AT ALL ###
# START BAD REFERER WORDS ### DO NOT EDIT THIS LINE AT ALL ###
"~*adultgalls" 1;
"~*advair" 1;
"~*allegra" 1;
"~*allopurinol" 1;
"~*amantadine" 1;
"~*amateurxpass" 1;
"~*ambien" 1;
"~*amitriptyline" 1;
"~*amoxicillin" 1;
"~*anafranil" 1;
"~*asshole" 1;
"~*atenolol" 1;
"~*avalide" 1;
"~*baccarat" 1;
"~*beastiality" 1;
"~*bestiality" 1;
"~*bigblackbooty" 1;
"~*bithack" 1;
"~*blackjack" 1;
"~*blacktits" 1;
"~*blogincome" 1;
"~*blowjob" 1;
"~*bontril" 1;
"~*camgirls" 1;
"~*cephalexin" 1;
"~*cialis" 1;
"~*cookie-law-enforcement" 1;
"~*cunt" 1;
"~*dapoxetine" 1;
"~*diclofenac" 1;
"~*dildos" 1;
"~*effexor" 1;
"~*fluoxetine" 1;
"~*free-share-buttons" 1;
"~*free-social-buttons" 1;
"~*fuck" 1;
"~*fuck-paid-share-buttons" 1;
"~*gaygalls" 1;
"~*gaysex" 1;
"~*getamateurs" 1;
"~*glucophage" 1;
"~*holdem" 1;
"~*hold-em" 1;
"~*hydrochlorothiazide" 1;
"~*iconsurf" 1;
"~*ilovevitaly" 1;
"~*incest" 1;
"~*internetsupervision" 1;
"~*law-enforcement-bot" 1;
"~*law-enforcement-check" 1;
"~*lesbian" 1;
"~*levitra" 1;
"~*lipitor" 1;
"~*livesex" 1;
"~*makemoneyonline" 1;
"~*make-money-online" 1;
"~*medikament" 1;
"~*monetisetrk" 1;
"~*myftpupload" 1;
"~*nudeceleb" 1;
"~*oralsex" 1;
"~*paxil" 1;
"~*phentermine" 1;
"~*prednisone" 1;
"~*pussy" 1;
"~*screentoolkit" 1;
"~*seoexperimenty" 1;
"~*share-buttons" 1;
"~*share-buttons-for-free" 1;
"~*skelaxin" 1;
"~*social-buttons-" 1;
"~*social-traffic-" 1;
"~*suhagra" 1;
"~*syntryx" 1;
"~*t0phackteam" 1;
"~*titten" 1;
"~*tramadol" 1;
"~*tramidol" 1;
"~*trazodone" 1;
"~*valtrex" 1;
"~*viagra" 1;
"~*vibrators" 1;
"~*vicodin" 1;
"~*vvakhrin-ws1" 1;
"~*webfuck" 1;
"~*whipme" 1;
"~*whipping" 1;
"~*xanax" 1;
"~*xxxrus" 1;
"~*zanax" 1;
"~*zeroredirect" 1;
"~*zestoretic" 1;
"~*zithromax" 1;
"~*zoloft" 1;
# END BAD REFERER WORDS ### DO NOT EDIT THIS LINE AT ALL ###
}
# ************************
@ -844,7 +760,7 @@ map $http_referer $bad_words {
# Blocking of SEO company Semalt.com (now merged into this one section)
# MIRAI Botnet Domains Used for Mass Attacks
# Other known bad SEO companies and Ad Hijacking Sites
# Sites linked to malware, adware and ransomware
# Sites linked to malware, adware, clickjacking and ransomware
# *****************
# PLEASE TEST !!!!
@ -892,14 +808,29 @@ map $http_referer $bad_referer {
# GOOD REFERERS - Spared from Checking
# ************************************
# Add your own domain names here to spare them from referer checking (one per line)
# Use the new include file method so any further updates will no longer require you to
# have to keep putting your whitelisted domains here when updating.
# Add all your own web site domain names and server names in this section
# WHITELIST Your Own Domain Names Here using the Include File Method
# New Method Uses the include file below so that when pulling future updates your
# whitelisted domain names are automatically now included for you.
# Read Comments inside whitelist-domains.conf for customization tips.
# Updating the main globalblacklist.conf file will not touch your custom include files
# START WHITELISTED DOMAINS ### DO NOT EDIT THIS LINE AT ALL ###
include /etc/nginx/bots.d/whitelist-domains.conf;
# END WHITELISTED DOMAINS ### DO NOT EDIT THIS LINE AT ALL ###
# *******************************************
# CUSTOM BAD REFERERS - Add your Own
# *******************************************
# Add any extra bad referers in the following include file to have them
# permanently included and blocked - avoid duplicates in your custom file
# START CUSTOM BAD REFERRERS ### DO NOT EDIT THIS LINE AT ALL ###
include /etc/nginx/bots.d/custom-bad-referrers.conf;
# END CUSTOM BAD REFERRERS ### DO NOT EDIT THIS LINE AT ALL ###
# START BAD REFERERS ### DO NOT EDIT THIS LINE AT ALL ###
"~*000free.us" 1;
"~*007angels.com" 1;
@ -3590,6 +3521,7 @@ map $http_referer $bad_referer {
"~*remont-ustanovka-tehniki.ru" 1;
"~*remorcicomerciale.ro" 1;
"~*remote-dba.de" 1;
"~*renecaovilla.online" 1;
"~*rentalmaty.kz" 1;
"~*rentehno.ru" 1;
"~*repeatlogo.co.uk" 1;
@ -4777,11 +4709,12 @@ geo $validate_client {
# Whitelist all your OWN IP addresses
# ***********************************
# Whitelist all your own IP addresses from any validate_client checks
# Add all your IP addresses and ranges below (one per line)
# Use the new include file method so any further updates will no longer require you to
# have to keep putting your whitelisted IP addresses here when updating.
# WHITELIST all your own IP addresses using the include file below.
# New Method Uses the include file below so that when pulling future updates your
# whitelisted IP addresses are automatically now included for you.
# Read Comments inside whitelist-ips.conf for customization tips.
# Updating the main globalblacklist.conf file will not touch your custom include files
# START WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
include /etc/nginx/bots.d/whitelist-ips.conf;
# END WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
@ -4860,61 +4793,6 @@ geo $validate_client {
2a06:98c0::/29 0;
2c0f:f248::/32 0;
# END CLOUDFLARE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
# Cyveillance / Qwest Communications
# **********************************
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
# START CYVEILLANCE BLOCK ### DO NOT EDIT THIS LINE AT ALL ###
38.100.19.8/29 0;
38.100.21.0/24 0;
38.100.41.64/26 0;
38.105.71.0/25 0;
38.105.83.0/27 0;
38.112.21.140/30 0;
38.118.42.32/29 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.213.208.128/27 0;
65.222.176.96/27 0;
65.222.185.72/29 0;
# END CYVEILLANCE BLOCK ### DO NOT EDIT THIS LINE AT ALL ###
# ****************
# Berkely Scanner
# ****************
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# START BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ###
169.229.3.91 0;
# END BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ###
# *************************
# Wordpress Theme Detectors
@ -4969,138 +4847,36 @@ geo $validate_client {
# ****************************
# Known Bad IP's and IP Ranges
# ****************************
# *************************************************
# Blacklist IP addresses and IP Ranges Customizable
# *************************************************
# Add any other IPs or Subnets here that you wish to block
# Although any permanent blocks should be done using Fail2Ban and IPTables and not
# hampering down Nginx with all the checks against perma-banned IP's
# BLACKLIST all your IP addresses and Ranges using the new include file below.
# New Method Uses the include file below so that when pulling future updates your
# Custom Blacklisted IP addresses are automatically now included for you.
# Read Comments inside blacklist-ips.conf for customization tips.
# Updating the main globalblacklist.conf file will not touch your custom include files
# START BLACKLISTED IPS ### DO NOT EDIT THIS LINE AT ALL ###
include /etc/nginx/bots.d/blacklist-ips.conf;
# END BLACKLISTED IPS ### DO NOT EDIT THIS LINE AT ALL ###
# START BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
104.223.37.150 1;
104.5.92.27 1;
109.236.83.247 1;
137.74.49.205 1;
137.74.49.208 1;
146.0.74.150 1;
148.251.54.44 1;
149.56.151.180 1;
149.56.232.146 1;
150.70.0.0/16 1;
151.80.27.90 1;
151.80.99.90 1;
151.80.99.91 1;
154.16.199.144 1;
154.16.199.34 1;
154.16.199.48 1;
154.16.199.78 1;
158.69.142.34 1;
166.62.80.172 1;
173.212.192.219 1;
173.234.11.105 1;
173.234.153.106 1;
173.234.153.30 1;
173.234.175.68 1;
173.234.31.9 1;
173.234.38.25 1;
176.126.245.213 1;
178.238.234.1 1;
185.100.87.238 1;
185.115.125.99 1;
185.119.81.11 1;
185.119.81.63 1;
185.119.81.77 1;
185.119.81.78 1;
185.130.225.65 1;
185.130.225.66 1;
185.130.225.83 1;
185.130.225.90 1;
185.130.225.94 1;
185.130.225.95 1;
185.130.226.105 1;
185.153.197.103 1;
185.159.36.6 1;
185.47.62.199 1;
185.62.190.38 1;
185.70.105.161 1;
185.70.105.164 1;
185.85.239.156 1;
185.85.239.157 1;
185.86.13.213 1;
185.86.5.199 1;
185.86.5.212 1;
185.92.72.88 1;
185.93.185.11 1;
185.93.185.12 1;
188.209.52.101 1;
190.152.223.27 1;
191.96.249.29 1;
192.69.89.173 1;
193.201.224.205 1;
195.154.183.190 1;
195.229.241.174 1;
210.212.194.60 1;
216.218.147.194 1;
220.227.234.129 1;
23.253.230.158 1;
23.89.159.176 1;
31.170.160.209 1;
45.32.186.11 1;
45.76.21.179 1;
46.249.38.145 1;
46.249.38.146 1;
46.249.38.148 1;
46.249.38.149 1;
46.249.38.150 1;
46.249.38.151 1;
46.249.38.152 1;
46.249.38.153 1;
46.249.38.154 1;
46.249.38.159 1;
51.255.172.22 1;
5.39.218.232 1;
5.39.219.24 1;
5.39.222.18 1;
5.39.223.134 1;
54.213.16.154 1;
54.213.9.111 1;
62.210.146.49 1;
62.210.88.4 1;
65.98.91.181 1;
69.162.124.237 1;
69.64.147.24 1;
72.8.183.202 1;
77.247.178.191 1;
77.247.178.47 1;
77.247.181.219 1;
78.31.184.0/21 1;
78.31.211.0/24 1;
80.87.205.10 1;
80.87.205.11 1;
85.17.230.23 1;
85.17.26.68 1;
91.185.190.172 1;
91.200.12.0/22 1;
91.200.12.15 1;
91.200.12.49 1;
91.200.12.91 1;
92.222.66.137 1;
93.104.209.11 1;
93.158.200.103 1;
93.158.200.105 1;
93.158.200.115 1;
93.158.200.124 1;
93.158.200.126 1;
93.158.200.66 1;
93.158.200.68 1;
# END BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
}
# Keep own IPs out of DDOS Filter
# Add your own IP addresses and ranges below to spare them from the rate
# limiting DDOS filter (one per line)
# This now automatically includes the whitelist-ips.conf file so you only
# need to edit that include file and have it include here too for you
geo $ratelimited {
default 1;
127.0.0.1 0;
# START WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
include /etc/nginx/bots.d/whitelist-ips.conf;
# END WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
}
# *****************************************

1
google-disavow.txt
View file

@ -2687,6 +2687,7 @@ domain:remont-mobile-phones.ru
domain:remont-ustanovka-tehniki.ru
domain:remorcicomerciale.ro
domain:remote-dba.de
domain:renecaovilla.online
domain:rentalmaty.kz
domain:rentehno.ru
domain:repeatlogo.co.uk

2
google-exclude-02.txt
View file

File diff suppressed because one or more lines are too long

2
google-exclude-03.txt
View file

File diff suppressed because one or more lines are too long

103
travisCI/bad-referrer-words.tpl.conf Normal file
View file

@ -0,0 +1,103 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
"~*adultgalls" 1;
"~*advair" 1;
"~*allegra" 1;
"~*allopurinol" 1;
"~*amantadine" 1;
"~*amateurxpass" 1;
"~*ambien" 1;
"~*amitriptyline" 1;
"~*amoxicillin" 1;
"~*anafranil" 1;
"~*asshole" 1;
"~*atenolol" 1;
"~*avalide" 1;
"~*baccarat" 1;
"~*beastiality" 1;
"~*bestiality" 1;
"~*bigblackbooty" 1;
"~*bithack" 1;
"~*blackjack" 1;
"~*blacktits" 1;
"~*blogincome" 1;
"~*blowjob" 1;
"~*bontril" 1;
"~*camgirls" 1;
"~*cephalexin" 1;
"~*cialis" 1;
"~*cookie-law-enforcement" 1;
"~*cunt" 1;
"~*dapoxetine" 1;
"~*diclofenac" 1;
"~*dildos" 1;
"~*effexor" 1;
"~*fluoxetine" 1;
"~*free-share-buttons" 1;
"~*free-social-buttons" 1;
"~*fuck" 1;
"~*fuck-paid-share-buttons" 1;
"~*gaygalls" 1;
"~*gaysex" 1;
"~*getamateurs" 1;
"~*glucophage" 1;
"~*holdem" 1;
"~*hold-em" 1;
"~*hydrochlorothiazide" 1;
"~*iconsurf" 1;
"~*ilovevitaly" 1;
"~*incest" 1;
"~*internetsupervision" 1;
"~*law-enforcement-bot" 1;
"~*law-enforcement-check" 1;
"~*lesbian" 1;
"~*levitra" 1;
"~*lipitor" 1;
"~*livesex" 1;
"~*makemoneyonline" 1;
"~*make-money-online" 1;
"~*medikament" 1;
"~*monetisetrk" 1;
"~*myftpupload" 1;
"~*nudeceleb" 1;
"~*oralsex" 1;
"~*paxil" 1;
"~*phentermine" 1;
"~*prednisone" 1;
"~*pussy" 1;
"~*screentoolkit" 1;
"~*seoexperimenty" 1;
"~*share-buttons" 1;
"~*share-buttons-for-free" 1;
"~*skelaxin" 1;
"~*social-buttons-" 1;
"~*social-traffic-" 1;
"~*suhagra" 1;
"~*syntryx" 1;
"~*t0phackteam" 1;
"~*titten" 1;
"~*tramadol" 1;
"~*tramidol" 1;
"~*trazodone" 1;
"~*valtrex" 1;
"~*viagra" 1;
"~*vibrators" 1;
"~*vicodin" 1;
"~*vvakhrin-ws1" 1;
"~*webfuck" 1;
"~*whipme" 1;
"~*whipping" 1;
"~*xanax" 1;
"~*xxxrus" 1;
"~*zanax" 1;
"~*zeroredirect" 1;
"~*zestoretic" 1;
"~*zithromax" 1;
"~*zoloft" 1;

176
travisCI/blacklist-ips.tpl.conf Normal file
View file

@ -0,0 +1,176 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's
104.223.37.150 1;
104.5.92.27 1;
109.236.83.247 1;
137.74.49.205 1;
137.74.49.208 1;
146.0.74.150 1;
148.251.54.44 1;
149.56.151.180 1;
149.56.232.146 1;
150.70.0.0/16 1;
151.80.27.90 1;
151.80.99.90 1;
151.80.99.91 1;
154.16.199.144 1;
154.16.199.34 1;
154.16.199.48 1;
154.16.199.78 1;
158.69.142.34 1;
166.62.80.172 1;
173.212.192.219 1;
173.234.11.105 1;
173.234.153.106 1;
173.234.153.30 1;
173.234.175.68 1;
173.234.31.9 1;
173.234.38.25 1;
176.126.245.213 1;
178.238.234.1 1;
185.100.87.238 1;
185.115.125.99 1;
185.119.81.11 1;
185.119.81.63 1;
185.119.81.77 1;
185.119.81.78 1;
185.130.225.65 1;
185.130.225.66 1;
185.130.225.83 1;
185.130.225.90 1;
185.130.225.94 1;
185.130.225.95 1;
185.130.226.105 1;
185.153.197.103 1;
185.159.36.6 1;
185.47.62.199 1;
185.62.190.38 1;
185.70.105.161 1;
185.70.105.164 1;
185.85.239.156 1;
185.85.239.157 1;
185.86.13.213 1;
185.86.5.199 1;
185.86.5.212 1;
185.92.72.88 1;
185.93.185.11 1;
185.93.185.12 1;
188.209.52.101 1;
190.152.223.27 1;
191.96.249.29 1;
192.69.89.173 1;
193.201.224.205 1;
195.154.183.190 1;
195.229.241.174 1;
210.212.194.60 1;
216.218.147.194 1;
220.227.234.129 1;
23.253.230.158 1;
23.89.159.176 1;
31.170.160.209 1;
45.32.186.11 1;
45.76.21.179 1;
46.249.38.145 1;
46.249.38.146 1;
46.249.38.148 1;
46.249.38.149 1;
46.249.38.150 1;
46.249.38.151 1;
46.249.38.152 1;
46.249.38.153 1;
46.249.38.154 1;
46.249.38.159 1;
51.255.172.22 1;
5.39.218.232 1;
5.39.219.24 1;
5.39.222.18 1;
5.39.223.134 1;
54.213.16.154 1;
54.213.9.111 1;
62.210.146.49 1;
62.210.88.4 1;
65.98.91.181 1;
69.162.124.237 1;
69.64.147.24 1;
72.8.183.202 1;
77.247.178.191 1;
77.247.178.47 1;
77.247.181.219 1;
78.31.184.0/21 1;
78.31.211.0/24 1;
80.87.205.10 1;
80.87.205.11 1;
85.17.230.23 1;
85.17.26.68 1;
91.185.190.172 1;
91.200.12.0/22 1;
91.200.12.15 1;
91.200.12.49 1;
91.200.12.91 1;
92.222.66.137 1;
93.104.209.11 1;
93.158.200.103 1;
93.158.200.105 1;
93.158.200.115 1;
93.158.200.124 1;
93.158.200.126 1;
93.158.200.66 1;
93.158.200.68 1;
# Cyveillance / Qwest Communications
# **********************************
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
38.100.19.8/29 0;
38.100.21.0/24 0;
38.100.41.64/26 0;
38.105.71.0/25 0;
38.105.83.0/27 0;
38.112.21.140/30 0;
38.118.42.32/29 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.213.208.128/27 0;
65.222.176.96/27 0;
65.222.185.72/29 0;
# ****************
# Berkely Scanner
# ****************
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# If you really do want to block them change all the 0 below to 1.
169.229.3.91 0;

6
travisCI/blacklist-user-agents.tpl.conf
View file

@ -1,6 +1,10 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR ###
# Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block
# This is for User-Agents that are not included in the main list of the bot blocker
# This file must exist on your system or Nginx will fail a reload due to a missing file
# This allows you finer control of keeping certain bots blocked and automatic updates will
# Never be able to remove this custom list of yours
"~*mybaduseragentname" 3;
"~*someverybaduseragentname1" 3;
"~*someverybaduseragentname2" 3;

10
travisCI/custom-bad-referrers.tpl.conf Normal file
View file

@ -0,0 +1,10 @@
# EDIT THIS FILE AS YOU LIKE TO ADD ANY ADDITIONAL BAD REFERRER DOMAINS YOU WANT TO SCAN FOR ###
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Only add one entry per line
"~*someveryveryrandomwebsitenamethatdoesnotexist1.com" 1;
"~*someveryveryrandomwebsitenamethatdoesnotexist2.com" 1;
"~*someveryveryrandomwebsitenamethatdoesnotexist3.com" 1;

358
travisCI/globalblacklist.tpl.conf
View file

@ -2,7 +2,7 @@
### THE ULTIMATE NGINX BAD BOT BLOCKER
### **********************************
### Version 2.2017.06
### Version 2.2017.07
### This file implements a checklist / blacklist for good user agents, bad user agents and
### bad referrers. It also has whitelisting for your own IP's and known good IP Ranges
@ -17,11 +17,11 @@
### - https://github.com/oohnoitz/nginx-blacklist
### Last Updated
### Thu Apr 20 12:32:25 SAST 2017
### Thu Apr 20 14:31:18 SAST 2017
### End Last Updated
### Generated in
### 0.311395645142 seconds
### 0.269454717636 seconds
### End Generated in
### Tested on: nginx/1.10.0 (Ubuntu 16.04)
@ -205,6 +205,8 @@ map $http_user_agent $bad_bot {
# ***********************************************
# Include your Own Custom List of Bad User Agents
# ***********************************************
# use the include file below to further customize your own list of additional
# user-agents you wish to permanently block
# START BLACKLISTED USER AGENTS ### DO NOT EDIT THIS LINE AT ALL ###
include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisCI/nginx/bots.d/blacklist-user-agents.conf;
@ -729,107 +731,21 @@ include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisC
map $http_referer $bad_words {
default 0;
# ************************
# Bad Referer Single Words
# ************************
# These are Words and Terms often found tagged onto domains or within url query strings.
# *************************
# Bad Referer Word Scanning
# *************************
# These are Words and Terms often found tagged onto domains or within url query strings.
# Create and Customize Your Own Bad Referrer Words Here using the new Include File Method
# New Method Uses the include file below so that when pulling future updates your
# customized list of bad referrer words are automatically now included for you
# Read Comments inside bad-referrer-words.conf for customization tips.
# Updating the main globalblacklist.conf file will not touch your custom include files
# START CUSTOM BAD REFERRER WORDS ### DO NOT EDIT THIS LINE AT ALL ###
include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisCI/nginx/bots.d/bad-referrer-words.conf;
# END CUSTOM BAD REFERRER WORDS ### DO NOT EDIT THIS LINE AT ALL ###
# START BAD REFERER WORDS ### DO NOT EDIT THIS LINE AT ALL ###
"~*adultgalls" 1;
"~*advair" 1;
"~*allegra" 1;
"~*allopurinol" 1;
"~*amantadine" 1;
"~*amateurxpass" 1;
"~*ambien" 1;
"~*amitriptyline" 1;
"~*amoxicillin" 1;
"~*anafranil" 1;
"~*asshole" 1;
"~*atenolol" 1;
"~*avalide" 1;
"~*baccarat" 1;
"~*beastiality" 1;
"~*bestiality" 1;
"~*bigblackbooty" 1;
"~*bithack" 1;
"~*blackjack" 1;
"~*blacktits" 1;
"~*blogincome" 1;
"~*blowjob" 1;
"~*bontril" 1;
"~*camgirls" 1;
"~*cephalexin" 1;
"~*cialis" 1;
"~*cookie-law-enforcement" 1;
"~*cunt" 1;
"~*dapoxetine" 1;
"~*diclofenac" 1;
"~*dildos" 1;
"~*effexor" 1;
"~*fluoxetine" 1;
"~*free-share-buttons" 1;
"~*free-social-buttons" 1;
"~*fuck" 1;
"~*fuck-paid-share-buttons" 1;
"~*gaygalls" 1;
"~*gaysex" 1;
"~*getamateurs" 1;
"~*glucophage" 1;
"~*holdem" 1;
"~*hold-em" 1;
"~*hydrochlorothiazide" 1;
"~*iconsurf" 1;
"~*ilovevitaly" 1;
"~*incest" 1;
"~*internetsupervision" 1;
"~*law-enforcement-bot" 1;
"~*law-enforcement-check" 1;
"~*lesbian" 1;
"~*levitra" 1;
"~*lipitor" 1;
"~*livesex" 1;
"~*makemoneyonline" 1;
"~*make-money-online" 1;
"~*medikament" 1;
"~*monetisetrk" 1;
"~*myftpupload" 1;
"~*nudeceleb" 1;
"~*oralsex" 1;
"~*paxil" 1;
"~*phentermine" 1;
"~*prednisone" 1;
"~*pussy" 1;
"~*screentoolkit" 1;
"~*seoexperimenty" 1;
"~*share-buttons" 1;
"~*share-buttons-for-free" 1;
"~*skelaxin" 1;
"~*social-buttons-" 1;
"~*social-traffic-" 1;
"~*suhagra" 1;
"~*syntryx" 1;
"~*t0phackteam" 1;
"~*titten" 1;
"~*tramadol" 1;
"~*tramidol" 1;
"~*trazodone" 1;
"~*valtrex" 1;
"~*viagra" 1;
"~*vibrators" 1;
"~*vicodin" 1;
"~*vvakhrin-ws1" 1;
"~*webfuck" 1;
"~*whipme" 1;
"~*whipping" 1;
"~*xanax" 1;
"~*xxxrus" 1;
"~*zanax" 1;
"~*zeroredirect" 1;
"~*zestoretic" 1;
"~*zithromax" 1;
"~*zoloft" 1;
# END BAD REFERER WORDS ### DO NOT EDIT THIS LINE AT ALL ###
}
# ************************
@ -844,7 +760,7 @@ map $http_referer $bad_words {
# Blocking of SEO company Semalt.com (now merged into this one section)
# MIRAI Botnet Domains Used for Mass Attacks
# Other known bad SEO companies and Ad Hijacking Sites
# Sites linked to malware, adware and ransomware
# Sites linked to malware, adware, clickjacking and ransomware
# *****************
# PLEASE TEST !!!!
@ -892,14 +808,29 @@ map $http_referer $bad_referer {
# GOOD REFERERS - Spared from Checking
# ************************************
# Add your own domain names here to spare them from referer checking (one per line)
# Use the new include file method so any further updates will no longer require you to
# have to keep putting your whitelisted domains here when updating.
# Add all your own web site domain names and server names in this section
# WHITELIST Your Own Domain Names Here using the Include File Method
# New Method Uses the include file below so that when pulling future updates your
# whitelisted domain names are automatically now included for you.
# Read Comments inside whitelist-domains.conf for customization tips.
# Updating the main globalblacklist.conf file will not touch your custom include files
# START WHITELISTED DOMAINS ### DO NOT EDIT THIS LINE AT ALL ###
include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisCI/nginx/bots.d/whitelist-domains.conf;
# END WHITELISTED DOMAINS ### DO NOT EDIT THIS LINE AT ALL ###
# *******************************************
# CUSTOM BAD REFERERS - Add your Own
# *******************************************
# Add any extra bad referers in the following include file to have them
# permanently included and blocked - avoid duplicates in your custom file
# START CUSTOM BAD REFERRERS ### DO NOT EDIT THIS LINE AT ALL ###
include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisCI/nginx/bots.d/custom-bad-referrers.conf;
# END CUSTOM BAD REFERRERS ### DO NOT EDIT THIS LINE AT ALL ###
# START BAD REFERERS ### DO NOT EDIT THIS LINE AT ALL ###
"~*000free.us" 1;
"~*007angels.com" 1;
@ -3590,6 +3521,7 @@ include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisC
"~*remont-ustanovka-tehniki.ru" 1;
"~*remorcicomerciale.ro" 1;
"~*remote-dba.de" 1;
"~*renecaovilla.online" 1;
"~*rentalmaty.kz" 1;
"~*rentehno.ru" 1;
"~*repeatlogo.co.uk" 1;
@ -4777,13 +4709,16 @@ geo $validate_client {
# Whitelist all your OWN IP addresses
# ***********************************
# Whitelist all your own IP addresses from any validate_client checks
# Add all your IP addresses and ranges below (one per line)
# Use the new include file method so any further updates will no longer require you to
# have to keep putting your whitelisted IP addresses here when updating.
# WHITELIST all your own IP addresses using the include file below.
# New Method Uses the include file below so that when pulling future updates your
# whitelisted IP addresses are automatically now included for you.
# Read Comments inside whitelist-ips.conf for customization tips.
# Updating the main globalblacklist.conf file will not touch your custom include files
# START WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisCI/nginx/bots.d/whitelist-ips.conf;
\include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisCI/nginx/bots.d/whitelist-ips.conf;
# END WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
# ***********
@ -4860,61 +4795,6 @@ include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisC
2a06:98c0::/29 0;
2c0f:f248::/32 0;
# END CLOUDFLARE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
# Cyveillance / Qwest Communications
# **********************************
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
# START CYVEILLANCE BLOCK ### DO NOT EDIT THIS LINE AT ALL ###
38.100.19.8/29 0;
38.100.21.0/24 0;
38.100.41.64/26 0;
38.105.71.0/25 0;
38.105.83.0/27 0;
38.112.21.140/30 0;
38.118.42.32/29 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.213.208.128/27 0;
65.222.176.96/27 0;
65.222.185.72/29 0;
# END CYVEILLANCE BLOCK ### DO NOT EDIT THIS LINE AT ALL ###
# ****************
# Berkely Scanner
# ****************
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# START BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ###
169.229.3.91 0;
# END BERKELEY SCANNER ### DO NOT EDIT THIS LINE AT ALL ###
# *************************
# Wordpress Theme Detectors
@ -4969,138 +4849,36 @@ include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisC
# ****************************
# Known Bad IP's and IP Ranges
# ****************************
# *************************************************
# Blacklist IP addresses and IP Ranges Customizable
# *************************************************
# Add any other IPs or Subnets here that you wish to block
# Although any permanent blocks should be done using Fail2Ban and IPTables and not
# hampering down Nginx with all the checks against perma-banned IP's
# BLACKLIST all your IP addresses and Ranges using the new include file below.
# New Method Uses the include file below so that when pulling future updates your
# Custom Blacklisted IP addresses are automatically now included for you.
# Read Comments inside blacklist-ips.conf for customization tips.
# Updating the main globalblacklist.conf file will not touch your custom include files
# START BLACKLISTED IPS ### DO NOT EDIT THIS LINE AT ALL ###
include /home/travis/build/mitchellkrogza/nginx-ultimate-bad-bot-blocker/travisCI/nginx/bots.d/blacklist-ips.conf;
# END BLACKLISTED IPS ### DO NOT EDIT THIS LINE AT ALL ###
# START BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
104.223.37.150 1;
104.5.92.27 1;
109.236.83.247 1;
137.74.49.205 1;
137.74.49.208 1;
146.0.74.150 1;
148.251.54.44 1;
149.56.151.180 1;
149.56.232.146 1;
150.70.0.0/16 1;
151.80.27.90 1;
151.80.99.90 1;
151.80.99.91 1;
154.16.199.144 1;
154.16.199.34 1;
154.16.199.48 1;
154.16.199.78 1;
158.69.142.34 1;
166.62.80.172 1;
173.212.192.219 1;
173.234.11.105 1;
173.234.153.106 1;
173.234.153.30 1;
173.234.175.68 1;
173.234.31.9 1;
173.234.38.25 1;
176.126.245.213 1;
178.238.234.1 1;
185.100.87.238 1;
185.115.125.99 1;
185.119.81.11 1;
185.119.81.63 1;
185.119.81.77 1;
185.119.81.78 1;
185.130.225.65 1;
185.130.225.66 1;
185.130.225.83 1;
185.130.225.90 1;
185.130.225.94 1;
185.130.225.95 1;
185.130.226.105 1;
185.153.197.103 1;
185.159.36.6 1;
185.47.62.199 1;
185.62.190.38 1;
185.70.105.161 1;
185.70.105.164 1;
185.85.239.156 1;
185.85.239.157 1;
185.86.13.213 1;
185.86.5.199 1;
185.86.5.212 1;
185.92.72.88 1;
185.93.185.11 1;
185.93.185.12 1;
188.209.52.101 1;
190.152.223.27 1;
191.96.249.29 1;
192.69.89.173 1;
193.201.224.205 1;
195.154.183.190 1;
195.229.241.174 1;
210.212.194.60 1;
216.218.147.194 1;
220.227.234.129 1;
23.253.230.158 1;
23.89.159.176 1;
31.170.160.209 1;
45.32.186.11 1;
45.76.21.179 1;
46.249.38.145 1;
46.249.38.146 1;
46.249.38.148 1;
46.249.38.149 1;
46.249.38.150 1;
46.249.38.151 1;
46.249.38.152 1;
46.249.38.153 1;
46.249.38.154 1;
46.249.38.159 1;
51.255.172.22 1;
5.39.218.232 1;
5.39.219.24 1;
5.39.222.18 1;
5.39.223.134 1;
54.213.16.154 1;
54.213.9.111 1;
62.210.146.49 1;
62.210.88.4 1;
65.98.91.181 1;
69.162.124.237 1;
69.64.147.24 1;
72.8.183.202 1;
77.247.178.191 1;
77.247.178.47 1;
77.247.181.219 1;
78.31.184.0/21 1;
78.31.211.0/24 1;
80.87.205.10 1;
80.87.205.11 1;
85.17.230.23 1;
85.17.26.68 1;
91.185.190.172 1;
91.200.12.0/22 1;
91.200.12.15 1;
91.200.12.49 1;
91.200.12.91 1;
92.222.66.137 1;
93.104.209.11 1;
93.158.200.103 1;
93.158.200.105 1;
93.158.200.115 1;
93.158.200.124 1;
93.158.200.126 1;
93.158.200.66 1;
93.158.200.68 1;
# END BAD IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
}
# Keep own IPs out of DDOS Filter
# Add your own IP addresses and ranges below to spare them from the rate
# limiting DDOS filter (one per line)
# This now automatically includes the whitelist-ips.conf file so you only
# need to edit that include file and have it include here too for you
geo $ratelimited {
default 1;
127.0.0.1 0;
# START WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
include /etc/nginx/bots.d/whitelist-ips.conf;
# END WHITELISTED IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
}
# *****************************************

3
travisCI/install-nginx.sh
View file

@ -45,6 +45,9 @@ tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/blockbots.conf"
tpl "$DIR/whitelist-ips.tpl.conf" "$DIR/nginx/bots.d/whitelist-ips.conf"
tpl "$DIR/whitelist-domains.tpl.conf" "$DIR/nginx/bots.d/whitelist-domains.conf"
tpl "$DIR/blacklist-user-agents.tpl.conf" "$DIR/nginx/bots.d/blacklist-user-agents.conf"
tpl "$DIR/bad-referrer-words.tpl.conf" "$DIR/nginx/bots.d/bad-referrer-words.conf"
tpl "$DIR/custom-bad-referrers.tpl.conf" "$DIR/nginx/bots.d/custom-bad-referrers.conf"
tpl "$DIR/blacklist-ips.tpl.conf" "$DIR/nginx/bots.d/blacklist-ips.conf"
tpl "$DIR/botblocker-nginx-settings.tpl.conf" "$DIR/nginx/botblocker-nginx-settings.conf"
tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/globalblacklist.conf"
tpl "$DIR/default-site.tpl.conf" "$DIR/nginx/sites-enabled/default-site.conf"

10
travisCI/whitelist-domains.tpl.conf
View file

@ -1 +1,9 @@
"~*~*mydomain.com" 0;
# EDIT THIS FILE AS YOU LIKE TO WHITELIST YOUR OWN DOMAIN NAMES AND SPARE THEM FROM ANY REFERRER CHECKING ###
# Add One Entry Per Line - List all your own domains of the sites you host on the server
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
"~*myfirstowndomainname.com" 0;
"~*mysecondowndomainname.com" 0;

9
travisCI/whitelist-ips.tpl.conf
View file

@ -1 +1,8 @@
127.0.0.1 0;
# EDIT THIS FILE AS YOU LIKE TO WHITELIST ALL YOUR IP ADDRESSES AND IP RANGES ###
# Add One Entry Per Line - List all your IP's and IP Ranges you want to whitelist
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line - Can Include Ranges like 127.0.0.1/32
127.0.0.1 0;