mirror of
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git
synced 2025-09-02 10:40:36 +00:00
180 lines
5.2 KiB
Text
180 lines
5.2 KiB
Text
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###
|
|
|
|
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
|
|
# This file must exist on your system or Nginx will fail a reload due to a missing file
|
|
# For all intensive purpose you can delete everything inside this file and leave it
|
|
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's
|
|
|
|
104.223.37.150 1;
|
|
104.5.92.27 1;
|
|
107.150.63.170 1;
|
|
109.236.83.247 1;
|
|
137.74.49.205 1;
|
|
137.74.49.208 1;
|
|
146.0.74.150 1;
|
|
148.251.54.44 1;
|
|
149.56.151.180 1;
|
|
149.56.232.146 1;
|
|
150.70.0.0/16 1;
|
|
151.80.27.90 1;
|
|
151.80.99.90 1;
|
|
151.80.99.91 1;
|
|
154.16.199.144 1;
|
|
154.16.199.34 1;
|
|
154.16.199.48 1;
|
|
154.16.199.78 1;
|
|
158.69.142.34 1;
|
|
166.62.80.172 1;
|
|
173.212.192.219 1;
|
|
173.234.11.105 1;
|
|
173.234.153.106 1;
|
|
173.234.153.30 1;
|
|
173.234.175.68 1;
|
|
173.234.31.9 1;
|
|
173.234.38.25 1;
|
|
176.126.245.213 1;
|
|
178.238.234.1 1;
|
|
185.35.63.128 1;
|
|
185.100.87.238 1;
|
|
185.115.125.99 1;
|
|
185.119.81.11 1;
|
|
185.119.81.63 1;
|
|
185.119.81.77 1;
|
|
185.119.81.78 1;
|
|
185.130.225.65 1;
|
|
185.130.225.66 1;
|
|
185.130.225.83 1;
|
|
185.130.225.90 1;
|
|
185.130.225.94 1;
|
|
185.130.225.95 1;
|
|
185.130.226.105 1;
|
|
185.153.197.103 1;
|
|
185.159.36.6 1;
|
|
185.47.62.199 1;
|
|
185.62.190.38 1;
|
|
185.70.105.161 1;
|
|
185.70.105.164 1;
|
|
185.85.239.156 1;
|
|
185.85.239.157 1;
|
|
185.86.13.213 1;
|
|
185.86.5.199 1;
|
|
185.86.5.212 1;
|
|
185.92.72.88 1;
|
|
185.93.185.11 1;
|
|
185.93.185.12 1;
|
|
188.209.52.101 1;
|
|
190.152.223.27 1;
|
|
191.96.249.29 1;
|
|
192.69.89.173 1;
|
|
193.201.224.205 1;
|
|
195.154.183.190 1;
|
|
195.229.241.174 1;
|
|
210.212.194.60 1;
|
|
216.218.147.194 1;
|
|
220.227.234.129 1;
|
|
23.253.230.158 1;
|
|
23.89.159.176 1;
|
|
31.170.160.209 1;
|
|
45.32.186.11 1;
|
|
45.76.21.179 1;
|
|
46.249.38.145 1;
|
|
46.249.38.146 1;
|
|
46.249.38.148 1;
|
|
46.249.38.149 1;
|
|
46.249.38.150 1;
|
|
46.249.38.151 1;
|
|
46.249.38.152 1;
|
|
46.249.38.153 1;
|
|
46.249.38.154 1;
|
|
46.249.38.159 1;
|
|
51.255.172.22 1;
|
|
5.39.218.232 1;
|
|
5.39.219.24 1;
|
|
5.39.222.18 1;
|
|
5.39.223.134 1;
|
|
54.213.16.154 1;
|
|
54.213.9.111 1;
|
|
62.210.146.49 1;
|
|
62.210.88.4 1;
|
|
65.98.91.181 1;
|
|
69.162.124.237 1;
|
|
69.64.147.24 1;
|
|
72.8.183.202 1;
|
|
77.247.178.191 1;
|
|
77.247.178.47 1;
|
|
77.247.181.219 1;
|
|
78.31.184.0/21 1;
|
|
78.31.211.0/24 1;
|
|
80.87.205.10 1;
|
|
80.87.205.11 1;
|
|
85.17.230.23 1;
|
|
85.17.26.68 1;
|
|
91.185.190.172 1;
|
|
91.200.12.0/22 1;
|
|
91.200.12.15 1;
|
|
91.200.12.49 1;
|
|
91.200.12.91 1;
|
|
92.222.66.137 1;
|
|
93.238.198.203 1;
|
|
93.238.196.48 1;
|
|
93.104.209.11 1;
|
|
93.158.200.103 1;
|
|
93.158.200.105 1;
|
|
93.158.200.115 1;
|
|
93.158.200.124 1;
|
|
93.158.200.126 1;
|
|
93.158.200.66 1;
|
|
93.158.200.68 1;
|
|
|
|
# Cyveillance / Qwest Communications
|
|
# **********************************
|
|
# I am extensively researching this subject - appears to be US government involved
|
|
# and also appears to be used by all sorts of law enforcement agencies. For one they
|
|
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
|
|
# tell if this is all correct or not.
|
|
# For now see - https://en.wikipedia.org/wiki/Cyveillance
|
|
|
|
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
|
|
# **********************************************************
|
|
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
|
|
# for sure what companies are using them and what they are actually looking for.
|
|
# My research has led me to understand that Cyveillance services are used by hundreds
|
|
# of companies to help them dicsover theft of copyrighted materials like images, movies
|
|
# music and other materials. I personally believe a lot of block lists who originally recommended
|
|
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
|
|
# I personally have now unblocked them as image theft is a big problem of mine but if you
|
|
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
|
|
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
|
|
|
|
# If you really do want to block them change all the 0's below to 1.
|
|
|
|
38.100.19.8/29 0;
|
|
38.100.21.0/24 0;
|
|
38.100.41.64/26 0;
|
|
38.105.71.0/25 0;
|
|
38.105.83.0/27 0;
|
|
38.112.21.140/30 0;
|
|
38.118.42.32/29 0;
|
|
63.144.0.0/13 0;
|
|
65.112.0.0/12 0;
|
|
65.213.208.128/27 0;
|
|
65.222.176.96/27 0;
|
|
65.222.185.72/29 0;
|
|
|
|
# ****************
|
|
# Berkely Scanner
|
|
# ****************
|
|
|
|
# The Berkeley University has a scanner testing all over the web sending a complex
|
|
# payload an expecting a reply from servers who are infected or who just respond to such
|
|
# a payload. The payload looks similar to this
|
|
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
|
|
# and is sometime VERY long. You may have noticed this in your logs.
|
|
# I support research projects and all my servers respond with an error to this type of
|
|
# string so I do not block them but if you want to block just uncomment the following line
|
|
# or email them asking them not to scan your server. They do respond.
|
|
# Visit http://169.229.3.91/ for more info
|
|
|
|
# If you really do want to block them change all the 0 below to 1.
|
|
|
|
169.229.3.91 0;
|