Jump to content



Photo
- - - - -

INSTANTLY stop WORTHLESS traffic


This topic has been archived. This means that you cannot reply to this topic.
10 replies to this topic

#1   DRIVE

DRIVE
  • Members
  • 121 posts

Posted 08 August 2011 - 18:35

This cut hack attempts and worthless traffic on one of my servers OVERNIGHT. If you dont care about or sell to any of these, this will cut down your server LOAD overnight as these are the biggest offenders of hacks, spam and general tom-foolery.

* USE IN APACHE .HTACCESS FILES YOU CAN GET ANY FORMAT YOU LIKE WITH LINKS BELOW. E.G. WORKING AT SERVER LEVEL WITH IP TABLES AND/OR SOFT OR HARDWARE FIREWALLS

#http://www.wizcrafts.net/
#
#http://www.wizcrafts.net/chinese-blocklist.html (this alone is worth its weight in gold)
<Files *>
order deny,allow

# Chinese (CN) IP addresses follow:
deny from 27.8.0.0/13 27.16.0.0/12 27.36.0.0/14 27.40.0.0/13 58.16.0.0/15 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15 58.34.0.0/16 58.37.0.0/16 58.38.0.0/16 58.42.0.0/16 58.44.0.0/14 58.56.0.0/15 58.58.0.0/16 58.59.0.0/17 58.60.0.0/14 58.82.0.0/15 58.100.0.0/15 58.208.0.0/12 58.242.0.0/15 58.246.0.0/15 58.248.0.0/13 59.32.0.0/13 59.40.0.0/15 59.42.0.0/16 59.44.0.0/14 59.51.0.0/16 59.52.0.0/14 59.56.0.0/13 59.108.0.0/15 60.0.0.0/13 60.11.0.0/16 60.12.0.0/16 60.28.0.0/15 60.160.0.0/11 60.194.0.0/15 60.208.0.0/13 60.216.0.0/15 60.220.0.0/14 61.4.64.0/20 61.4.80.0/22 61.4.176.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16 61.136.0.0/18 61.139.128.0/18 61.145.73.208/28 61.147.0.0/16 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16 61.177.0.0/16 61.179.0.0/16 61.183.0.0/16 61.184.0.0/16 61.185.219.232/29 61.187.0.0/16 61.188.0.0/16 61.191.0.0/16 61.232.0.0/14 61.236.0.0/15 110.6.0.0/15 110.96.0.0/11 110.240.0.0/12 111.0.0.0/10 112.0.0.0/10 112.64.0.0/14 112.111.0.0/16 112.224.0.0/11 113.0.0.0/13 113.8.0.0/15 113.16.0.0/15 113.62.0.0/15 113.64.0.0/10 113.128.0.0/15 114.28.0.0/16 114.80.0.0/12 114.104.0.0/14 114.216.0.0/13 114.224.0.0/11 115.24.0.0/15 115.32.0.0/14 115.48.0.0/12 115.84.0.0/18 115.100.0.0/15 115.168.0.0/14 115.239.228.0/22 116.1.0.0/16 116.2.0.0/15 116.4.0.0/14 116.8.0.0/14 116.16.0.0/12 116.76.0.0/15 116.204.0.0/15 116.208.0.0/14 117.21.0.0/16 117.22.0.0/15 117.24.0.0/13 117.32.0.0/13 117.40.0.0/14 117.44.0.0/15 117.80.0.0/12 118.72.0.0/13 118.112.0.0/13 118.132.0.0/14 118.144.0.0/14 118.180.0.0/14 118.192.0.0/16 118.248.0.0/13 119.0.0.0/13 119.8.0.0/15 119.10.0.0/17 119.18.192.0/20 119.88.0.0/14 119.120.0.0/13 119.128.0.0/12 119.144.0.0/14 119.164.0.0/14 119.176.0.0/12 120.0.0.0/12 120.32.0.0/13 121.0.16.0/20 121.8.0.0/13 121.16.0.0/12 121.32.0.0/14 121.60.0.0/14 121.76.0.0/15 121.204.0.0/14 122.51.128.0/17 122.64.0.0/11 122.136.0.0/13 122.156.0.0/14 122.198.0.0/16 122.200.64.0/18 122.224.0.0/12 123.4.0.0/14 123.52.0.0/14 123.64.0.0/11 123.97.128.0/17 123.100.0.0/19 123.112.0.0/12 123.128.0.0/13 123.152.0.0/13 123.164.0.0/14 123.184.0.0/14 123.232.0.0/14 124.42.64.0/18 124.64.0.0/15 124.114.0.0/15 124.128.0.0/13 124.163.0.0/16 124.200.0.0/13 124.236.0.0/14 124.248.0.0/17 125.40.0.0/13 125.64.0.0/12 125.80.0.0/13 125.88.0.0/13 125.115.0.0/16 159.226.0.0/16 182.112.0.0/12 183.0.0.0/10 221.204.0.0/15 202.43.144.0/22 202.66.0.0/16 202.96.0.0/12 202.111.160.0/19 202.112.0.0/14 202.117.0.0/16 202.165.176.0/20 203.69.0.0/16 203.93.0.0/16 203.169.160.0/19 210.5.0.0/19 210.14.128.0/19 210.21.0.0/16 210.32.0.0/14 210.51.0.0/16 210.52.0.0/15 210.192.96.0/19 211.76.96.0/20 211.78.208.0/20 211.90.0.0/15 211.92.0.0/14 211.96.0.0/15 211.136.0.0/13 211.144.12.0/22 211.144.96.0/19 211.144.160.0/20 211.147.208.0/20 211.152.14.0/24 211.154.128.0/19 211.155.24.0/22 211.157.32.0/19 211.160.0.0/13 211.233.70.0/24 218.0.0.0/11 218.56.0.0/13 218.64.0.0/11 218.88.0.0/13 218.96.0.0/14 218.102.0.0/16 218.104.0.0/14 218.194.80.0/20 218.240.0.0/13 219.128.0.0/11 219.232.0.0/16 219.154.0.0/15 220.160.0.0/11 220.181.0.0/16 220.192.0.0/12 220.228.70.0/24 220.248.0.0/14 220.250.0.0/19 220.252.0.0/16 221.0.0.0/12 221.122.0.0/15 221.176.0.0/13 221.192.0.0/14 221.200.0.0/14 221.204.0.0/15 221.207.0.0/16 221.208.0.0/14 221.212.0.0/16 221.214.0.0/15 221.216.0.0/13 221.224.0.0/13 221.228.0.0/14 221.238.0.0/15 222.32.0.0/11 222.64.0.0/12 222.80.0.0/12 222.132.0.0/14 222.136.0.0/13 222.166.0.0/16 222.168.0.0/13 222.172.222.0/24 222.176.0.0/13 222.184.0.0/13 222.241.0.0/19 222.245.0.0/16

# Hong Kong (HK)
deny from 58.65.232.0/21 59.148.0.0/15 112.121.160.0/19 113.252.0.0/14 121.127.224.0/19 123.242.229.0/24 202.69.64.0/19 202.85.128.0/19 202.133.8.0/21 203.218.0.0/16 210.176.0.0/19 210.176.48.0/20 210.176.64.0/18 210.176.128.0/17 210.177.0.0/16 218.103.0.0/16 218.252.0.0/14 219.76.0.0/14 222.166.0.0/16

# India (IN), Bangladesh (BD) and Pakistan (PK)
deny from 59.88.0.0/13 59.96.0.0/14 59.164.0.0/16 9.176.0.0/13 59.184.0.0/15 61.247.238.0/24 112.110.40.0/21 115.108.0.0/14 115.240.0.0/12 116.72.0.0/14 117.192.0.0/10 120.56.0.0/13 121.240.0.0/13 122.160.0.0/14 122.164.0.0/15 122.166.0.0/15 122.167.0.0/16 122.169.0.0/16 122.170.0.0/17 122.173.0.0/16 122.174.0.0/16 122.176.0.0/13 123.236.0.0/14 124.124.0.0/15 124.247.235.0/24 182.64.0.0/12 182.176.0.0/12 193.53.87.0/24 202.63.160.0/19 202.154.224.0/24 203.115.80.0/20 203.188.247.0/24 203.197.0.0/16 218.248.0.0/20

# Indonesia (ID)
deny from 110.136.176.0/20 110.139.0.0/16 118.96.0.0/15 119.110.68.0/24 125.164.64.0/19 125.165.128.0/18

# Japan (JP) (hacking, scraping, or spamming)
deny from 58.188.0.0/14 59.146.0.0/15 61.112.0.0/12 118.0.0.0/12 118.86.0.0/15 118.106.0.0/16 122.200.192.0/18 122.208.0.0/12 123.216.0.0/13 126.0.0.0/8 150.70.84.41 210.248.0.0/13 211.19.0.0/16 218.216.0.0/13 218.224.0.0/13 219.94.128.0/17 219.96.0.0/11 221.121.160.0/20 222.231.64.0/18 222.231.128.0/17 222.144.0.0/13

# Korea (KR) IP addresses follow:
deny from 58.72.0.0/13 58.120.0.0/13 58.140.0.0/14 58.148.0.0/14 58.180.40.0/21 58.224.0.0/12 59.0.0.0/11 59.86.192.0/18 59.186.0.0/15 61.32.0.0/13 61.72.0.0/14 61.76.0.0/15 61.96.0.0/12 61.110.16.0/20 61.248.0.0/13 110.8.0.0/13 110.45.0.0/16 112.159.224.0/20 113.30.64.0/18 114.29.0.0/17 114.108.128.0/18 114.200.0.0/13 115.0.0.0/12 115.16.0.0/13 115.40.0.0/15 115.68.0.0/16 115.88.0.0/13 116.40.0.0/16 116.45.176.0/20 116.93.192.0/19 116.120.0.0/13 117.110.0.0/15 118.32.0.0/11 118.128.0.0/14 118.216.0.0/13 119.64.0.0/13 119.192.0.0/11 120.50.64.0/18 121.88.0.0/16 121.101.224.0/19 121.127.64.0/18 121.127.128.0/18 121.128.0.0/10 121.254.0.0/16 122.44.112.0/20 122.99.128.0/17 123.111.0.0/16 123.140.0.0/14 123.212.0.0/14 123.248.0.0/16 124.0.0.0/15 124.50.87.161 124.136.0.0/14 125.128.0.0/11 125.176.0.0/12 125.240.0.0/13 125.248.0.0/14 143.248.0.0/16 166.104.0.0/16 168.188.0.0/16 175.112.0.0/12 202.30.0.0/15 202.133.16.0/20 202.179.176.0/21 203.226.0.0/15 203.228.0.0/14 203.244.0.0/14 203.248.0.0/13 210.93.0.0/16 210.94.0.0/15 210.108.0.0/14 210.112.0.0/14 210.117.128.0/18 210.118.216.192/26 210.124.0.0/14 210.178.0.0/15 210.180.0.0/15 210.204.0.0/15 210.210.192.0/18 210.219.0.0/16 210.220.0.0/14 211.32.0.0/12 211.48.0.0/15 211.50.0.0/15 211.52.0.0/16 211.62.35.0/24 211.104.0.0/13 211.112.0.0/13 211.168.0.0/13 211.176.0.0/12 211.192.0.0/12 211.208.0.0/14 211.216.0.0/13 211.224.0.0/13 211.232.0.0/13 211.240.0.0/12 218.36.0.0/14 218.48.0.0/13 218.144.0.0/12 218.209.0.0/16 218.232.0.0/14 218.236.0.0/14 219.240.0.0/15 219.248.0.0/13 219.250.88.0/21 220.72.0.0/13 220.80.0.0/13 220.95.88.0/24 220.118.0.0/16 220.119.0.0/16 221.128.0.0/12 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24 222.96.0.0/12 222.112.0.0/13 222.120.0.0/15 222.122.0.0/16 222.231.0.0/18 222.232.0.0/13

# Yahoo-Korea (provides free email services used by some spammers)
deny from 123.0.0.0/20

# Neighboring Asian countries:

# Malaysia (MY)
deny from 27.131.32.0/24 60.48.0.0/14 60.52.0.0/15 60.54.0.0/16 110.159.0.0/16 112.137.160.0/20 113.23.128.0/17 115.132.0.0/14 116.197.0.0/17 116.206.0.0/16 120.50.48.0/20 120.140.0.0/15 124.82.0.0/16 124.217.224.0/19 202.58.80.0/20 202.71.96.0/20 202.75.32.0/19 202.190.0.0/16 203.106.0.0/16 203.223.128.0/19 210.187.49.0/25 218.111.0.0/16 218.208.12.64/27

# Philippines (PH)
deny from 85.92.152.0/21 112.201.128.0/17 112.202.0.0/16 120.28.64.0/18 125.60.128.0/17 202.52.54.0/23 202.133.192.0/24 222.127.32.0/19 222.127.64.0/19

# Singapore (SG)
deny from 59.189.0.0/16 116.14.0.0/15 121.6.0.0/15 165.21.0.0/16 180.210.200.0/21 192.169.40.0/23 203.92.64.0/18 203.117.0.0/24 218.186.0.0/16 218.212.0.0/16 219.74.0.0/15 219.75.0.0/17

# Taiwan (TW)
deny from 59.124.0.0/14 60.198.0.0/15 60.249.0.0/16 60.250.0.0/15 61.31.0.0/16 61.59.0.0/16 61.67.128.0/17 61.220.0.0/14 61.224.0.0/14 61.228.0.0/14 110.24.0.0/13 110.50.128.0/18 111.240.0.0/12 114.24.0.0/14 114.32.0.0/12 115.80.0.0/14 115.85.144.0/20 118.160.0.0/13 122.116.0.0/15 122.120.0.0/13 123.240.0.0/15 124.8.0.0/14 140.109.0.0/16 140.110.0.0/15 140.112.0.0/12 140.128.0.0/13 140.136.0.0/15 140.138.0.0/16 163.24.0.0/16 203.64.0.0/14 203.71.0.0/16 203.72.0.0/16 210.59.0.0/17 210.240.0.0/16 211.20.0.0/15 211.23.0.0/16 211.75.0.0/16 211.76.160.0/20 211.79.32.0/20 218.160.0.0/12 219.84.0.0/15 219.90.3.0/24 220.128.0.0/12

# Thailand (TH)
deny from 1.46.0.0/15 58.8.0.0/16 58.9.0.0/16 58.10.0.0/16 58.137.13.0/24 61.19.64.0/18 61.19.205.0/24 61.19.240.0/20 61.47.0.0/17 113.53.0.0/17 115.87.128.0/17 117.47.0.0/16 118.172.0.0/14 123.242.128.0/18 124.120.0.0/16 124.121.0.0/16 124.122.0.0/16 125.25.0.0/19 202.28.0.0/15 202.44.135.0/24 202.133.128.0/18 202.143.128.0/18 203.107.142.0/24 203.113.0.0/17 203.130.149.0/24 203.144.128.0/17 203.148.128.0/17 203.149.0.0/18 203.150.128.0/17 203.151.38.0/24 203.155.0.0/16 203.158.96.0/19 203.158.128.0/17 203.172.128.0/17 203.185.128.0/19 210.213.0.0/18 222.123.0.0/16

# Vietnam (VN)
deny from 58.186.0.0/16 58.187.96.0/20 58.187.112.0/20 112.78.0.0/20 112.213.80.0/20 113.22.0.0/16 113.23.0.0/17 113.160.0.0/11 115.72.0.0/13 115.84.176.0/22 116.96.0.0/12 117.0.0.0/13 118.68.0.0/14 123.16.0.0/12 125.234.0.0/15 183.81.0.0/17 183.91.0.0/19 202.78.227.0/24 203.113.128.0/18 203.162.0.0/16 203.210.192.0/18 210.245.80.0/21 220.231.124.0/22 222.252.0.0/14

# End Chinese-Korean blocklist

# Add other blocked domain names or IP addresses here, starting with "deny from " without quotes

# If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0

# Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag.

# Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive.

# Russia (RU), Ukraine (UA), Belarus (BY), Bulgaria (BG), Czech Republic (CZ), Romania (RO), Latvia (LV), Estonia (EE), Kazakstan (KZ), Moldavia/Moldova (MD), Poland (PL), Serbia (RS), Siberia, Slovakia (SK), Slovenia (SL)
deny from 62.16.96.0/19 62.21.0.0/17 62.64.64.0/18 62.69.0.0/19 62.76.126.0/24 62.85.0.0/17 62.129.192.0/18 62.133.128.0/19 62.141.64.0/18 62.168.224.0/19 62.182.104.0/21 62.213.64.0/18 62.221.64.0/19 62.233.142.0/26 70.85.189.224/29 77.37.128.0/17 77.41.0.0/17 77.43.128.0/17 77.45.128.0/17 77.46.128.0/17 77.51.0.0/18 77.51.64.0/18 77.75.8.0/21 77.79.128.0/18 77.79.192.0/18 77.87.152.0/21 77.88.0.0/18 77.91.224.0/21 77.94.124.0/22 77.120.0.0/14 77.221.0.0/16 77.222.56.0/22 77.222.128.0/19 77.233.160.0/19 77.234.0.0/19 77.234.192.0/19 77.235.96.0/20 77.244.208.0/20 77.252.0.0/14 78.26.128.0/18 78.31.176.0/21 78.36.0.0/15 78.85.0.0/16 78.96.0.0/15 78.106.0.0/15 78.108.86.0/23 78.108.176.0/20 78.109.16.0/20 78.110.48.0/20 78.110.160.0/20 78.157.128.0/19 79.96.0.0/16 79.98.208.0/21 79.99.216.0/21 79.105.0.0/16 79.111.0.0/16 79.112.0.0/13 79.120.0.0/17 79.126.0.0/18 79.135.128.0/19 79.136.128.0/17 79.139.0.0/16 79.140.64.0/20 79.140.160.0/20 79.162.128.0/18 79.163.0.0/16 80.48.0.0/13 80.70.96.0/20 80.71.240.0/20 80.73.0.0/20 80.73.64.0/21 80.77.80.0/24 80.82.160.0/20 80.85.176.0/20 80.86.96.0/19 80.86.240.0/21 80.91.160.0/19 80.93.48.0/21 80.233.128.0/17 80.235.0.0/17 80.251.112.0/20 81.5.96.0/20 81.9.0.0/20 81.16.80.0/20 81.19.64.0/19 81.21.0.0/20 81.30.176.0/20 81.88.208.0/20 81.89.112.0/20 81.90.224.0/20 81.94.32.0/20 81.95.144.0/20 81.176.0.0/15 81.180.64.0/20 81.181.16.0/22 81.195.0.0/16 81.196.0.0/16 81.200.0.0/20 81.222.128.0/20 82.76.0.0/14 82.103.64.0/18 82.114.64.0/19 82.114.224.0/19 82.138.6.128/25 82.138.32.0/19 82.140.64.0/18 82.144.192.0/19 82.146.40.0/21 82.146.56.0/21 82.151.112.0/21 82.160.203.0/24 82.179.0.0/16 82.198.160.0/19 82.199.96.0/19 82.204.128.0/17 83.0.0.0/11 83.69.114.0/23 83.69.240.0/21 83.102.128.0/17 83.139.128.0/18 83.142.184.0/21 83.148.64.0/18 83.166.192.0/19 83.167.96.0/19 83.170.192.0/18 83.174.192.0/18 83.219.129.0/24 83.222.0.0/19 83.222.160.0/19 83.222.192.0/19 83.229.128.0/17 83.237.0.0/16 84.17.0.0/19 84.21.64.0/19 84.51.64.0/19 84.253.64.0/18 85.12.192.0/18 85.14.35.0/24 85.21.0.0/16 85.29.192.0/18 85.90.192.0/19 85.93.32.0/19 85.93.128.0/19 85.94.0.0/19 85.94.32.0/19 85.112.112.0/20 85.113.128.0/19 85.121.180.0/23 85.140.0.0/15 85.142.0.0/15 85.186.0.0/16 85.192.60.0/23 85.204.24.0/23 85.207.0.0/16 85.249.0.0/16 85.254.0.0/16 85.255.0.0/20 85.255.112.0/20 86.34.0.0/16 86.35.0.0/21 86.35.128.0/17 86.55.120.0/22 86.57.128.0/17 86.61.0.0/17 86.105.172.0/22 86.120.0.0/13 87.99.64.0/19 87.103.192.0/20 87.103.208.0/20 87.110.0.0/16 87.117.0.0/18 87.118.128.0/18 87.119.224.0/19 87.120.16.0/20 87.204.0.0/15 87.226.0.0/17 87.229.128.0/17 87.242.116.0/23 87.244.128.0/18 87.248.160.0/19 87.251.128.0/19 87.253.192.0/19 88.81.248.0/21 88.147.128.0/17 88.200.128.0/17 88.201.128.0/17 88.205.128.0/17 88.212.192.0/18 89.18.16.0/21 89.20.128.0/19 89.21.128.0/19 89.28.0.0/17 89.32.152.0/21 89.33.72.0/21 89.35.64.0/21 89.37.144.0/21 89.38.112.0/20 89.38.128.0/21 89.41.176.0/20 89.44.142.0/23 89.104.64.0/19 89.106.96.0/19 89.108.64.0/19 89.108.120.0/22 89.109.0.0/18 89.110.0.0/18 89.110.64.0/18 89.111.160.0/20 89.111.176.0/20 89.113.72.0/21 89.114.0.0/15 89.121.128.0/17 89.122.0.0/16 89.123.0.0/16 89.136.0.0/15 89.149.0.0/17 89.161.128.0/17 89.165.128.0/17 89.175.0.0/16 89.178.0.0/15 89.186.0.0/19 89.187.48.0/23 89.187.128.0/19 89.189.0.0/19 89.189.128.0/19 89.190.224.0/19 89.204.0.0/17 89.208.160.0/19 89.212.0.0/17 89.216.0.0/16 89.218.0.0/16 89.222.128.0/17 89.223.0.0/16 89.230.0.0/16 89.232.192.0/18 89.239.128.0/18 89.251.96.0/20 89.253.0.0/18 90.150.112.0/20 90.150.128.0/20 90.151.128.0/20 90.156.128.0/17 90.176.0.0/13 90.188.64.0/19 91.76.0.0/14 91.122.0.0/16 91.123.0.0/19 91.124.0.0/16 91.135.192.0/22 91.143.160.0/20 91.149.157.0/24 91.149.180.0/24 91.188.32.0/19 91.189.80.0/21 91.189.128.0/21 91.191.64.0/18 91.192.68.0/22 91.193.140.0/22 91.194.10.0/23 91.197.128.0/22 91.200.164.0/22 91.200.228.0/22 91.200.232.0/22 91.201.28.0/22 91.201.64.0/22 91.201.196.0/22 91.203.4.0/22 91.203.92.0/22 91.204.84.0/22 91.205.120.0/21 91.206.200.0/23 91.206.226.0/23 91.207.4.0/22 91.207.60.0/23 91.208.228.0/24 91.211.64.0/22 91.211.68.0/22 91.212.41.0/24 91.212.65.0/24 91.212.226.0/24 91.212.132.0/24 91.212.198.0/24 91.213.33.0/24 91.213.117.0/24 91.213.121.0/24 91.216.122.0/24 91.216.141.0/24 91.216.215.0/24 92.36.0.0/17 92.46.0.0/15 92.48.126.128/25 92.48.201.0/26 92.50.128.0/18 92.53.104.0/22 92.80.0.0/13 92.112.0.0/15 92.114.128.0/17 92.124.0.0/14 92.241.160.0/19 92.243.64.0/19 92.244.224.0/19 92.255.0.0/16 93.80.0.0/15 93.84.0.0/15 93.86.0.0/15 93.89.208.0/20 93.92.32.0/21 93.99.0.0/16 93.113.27.0/24 93.120.128.0/18 93.124.0.0/17 93.125.99.0/24 93.159.0.0/18 93.170.0.0/15 93.183.128.0/18 94.25.0.0/17 94.26.0.0/17 94.41.0.0/17 94.50.0.0/15 94.73.192.0/18 94.79.0.0/18 94.100.181.128/25 94.103.80.0/20 94.112.0.0/14 94.142.128.0/21 94.176.96.0/24 94.178.0.0/15 94.180.0.0/16 94.188.0.0/17 94.189.128.0/17 94.229.65.160/27 94.230.0.0/20 94.231.160.0/20 94.232.232.0/21 94.233.192.0/18 94.247.0.0/21 95.24.0.0/13 95.32.0.0/16 95.40.0.0/14 95.52.0.0/14 95.56.0.0/14 95.78.128.0/19 95.84.192.0/18 95.86.128.0/18 95.108.128.0/17 95.132.0.0/14 95.142.46.0/24 95.165.0.0/16 95.168.160.0/19 95.169.160.0/19 95.179.0.0/17 95.188.0.0/14 109.72.112.0/20 109.86.0.0/15 109.92.0.0/15 109.95.112.0/22 109.96.0.0/13 109.122.0.0/18 109.124.0.0/18 109.167.0.0/16 109.169.192.0/18 109.194.0.0/18 109.194.64.0/19 109.196.16.0/20 109.196.128.0/20 109.243.0.0/16 141.85.0.0/16 158.197.0.0/16 160.99.0.0/16 178.46.32.0/19 178.88.0.0/14 178.92.0.0/14 178.120.0.0/13 178.129.0.0/16 178.154.0.0/17 178.184.0.0/14 178.206.0.0/16 178.220.0.0/14 178.234.0.0/16 188.18.16.0/20 188.18.64.0/19 188.18.240.0/20 188.24.0.0/14 188.47.64.0/18 188.92.72.0/21 188.95.152.0/21 188.115.128.0/18 188.120.32.0/20 188.131.0.0/17 188.187.128.0/18 192.129.3.0/24 193.19.244.0/22 193.25.112.0/23 193.37.138.0/24 193.37.156.0/23 193.39.113.0/24 193.47.166.0/24 193.77.64.0/18 193.104.27.0/24 193.104.41.0/24 193.104.94.0/24 193.105.0.0/24 193.105.154.0/24 193.105.210.0/24 193.108.38.0/23 193.108.248.0/22 193.111.48.0/22 193.169.12.0/23 193.178.144.0/22 193.178.228.0/23 193.200.50.0/23 193.223.101.0/24 193.227.226.0/23 193.230.232.0/24 193.238.74.0/23 193.238.128.0/22 193.239.24.0/22 193.239.36.0/22 193.239.44.0/22 193.239.64.0/21 193.239.72.0/22 194.0.88.0/22 194.8.156.0/22 194.8.250.0/23 194.28.44.0/22 194.29.60.0/22 194.44.0.0/16 194.54.88.0/22 194.85.88.0/21 194.85.128.0/19 194.102.114.0/24 194.114.136.0/22 194.114.144.0/22 194.146.136.0/22 194.160.0.0/16 194.169.126.0/24 194.176.176.0/24 194.181.0.0/16 194.186.0.0/16 194.187.108.0/22 195.2.96.0/19 195.2.240.0/23 195.2.252.0/23 195.3.148.0/22 195.5.32.0/19 195.5.116.0/23 195.5.161.0/24 195.9.0.0/16 195.14.112.0/23 195.28.32.0/19 195.34.208.0/22 195.34.224.0/19 195.42.160.0/19 195.60.174.0/23 195.78.124.0/23 195.88.32.0/23 195.93.218.0/23 195.93.218.0/24 195.95.218.0/23 195.95.228.0/23 195.112.96.0/19 195.116.0.0/16 195.128.16.0/22 195.128.48.0/21 195.131.0.0/16 195.137.200.0/23 195.138.64.0/19 195.138.198.0/24 195.170.192.0/19 195.189.246.0/23 195.190.13.0/24 195.208.0.0/15 195.209.32.0/19 195.209.224.0/19 195.211.100.0/22 195.216.243.0/24 195.225.64.0/22 195.225.176.0/22 195.239.0.0/16 195.242.98.0/23 195.242.232.0/22 195.244.128.128/25 195.245.112.0/23 195.245.208.0/24 204.9.184.0/21 212.1.224.0/19 212.9.224.0/19 212.24.32.0/19 212.33.224.0/19 212.44.64.0/20 212.44.80.0/22 212.44.128.0/19 212.58.192.0/19 212.87.160.0/19 212.92.128.0/18 212.95.54.0/24 212.96.160.0/19 212.118.32.0/19 212.158.160.0/20 212.178.0.0/19 212.220.0.0/16 213.5.128.0/21 213.25.0.0/16 213.35.224.0/23 213.91.128.0/17 213.140.96.0/19 213.141.128.0/19 213.142.192.0/19 213.154.192.0/19 213.155.0.0/19 213.156.192.0/24 213.170.64.0/19 213.180.147.0/24 213.186.192.0/19 213.215.64.0/18 213.233.101.0/24 213.242.12.0/22 213.248.0.0/18 217.12.112.0/20 217.12.240.0/20 217.16.16.0/20 217.18.240.0/20 217.20.160.0/20 217.23.128.0/19 217.27.144.0/20 217.28.208.0/21 217.65.0.0/20 217.65.208.0/20 217.67.16.0/20 217.69.128.0/20 217.77.208.0/20 217.79.0.0/20 217.106.0.0/15 217.114.224.0/20 217.146.240.0/20 217.147.0.0/19 217.149.240.0/20 217.173.64.0/20 217.174.96.0/20 217.197.240.0/20
# Start second list to avoid Apache Server 500 error for exceeding allowable line length (~8193)
deny from 2.132.0.0/14 31.170.168.0/21 46.4.240.0/27 46.16.240.0/21 46.72.0.0/15 46.109.0.0/16 46.175.200.0/21 46.191.128.0/18 62.24.64.0/19 62.122.64.0/21 62.140.224.0/19 62.152.32.0/19 62.213.32.0/19 69.175.104.218 77.34.0.0/15 77.65.0.0/17 77.87.32.0/20 77.87.168.0/21 77.87.192.0/21 77.93.0.0/18 77.94.192.0/19 77.239.224.0/19 77.241.160.0/20 77.243.96.0/22 78.29.0.0/18 78.111.48.0/20 78.137.0.0/19 79.101.0.0/16 79.133.128.0/19 79.184.0.0/13 80.77.160.0/20 80.239.224.0/19 82.193.128.0/19 82.200.0.0/17 83.228.0.0/17 83.234.0.0/16 84.53.192.0/18 85.26.184.0/22 85.172.0.0/14 85.222.0.0/17 86.35.15.0/24 86.55.140.0/24 86.55.210.0/23 86.111.240.0/21 88.213.192.0/18 89.23.0.0/19 89.33.252.0/22 89.37.120.0/21 89.39.200.0/21 89.45.14.0/24 89.47.224.0/21 89.116.0.0/15 89.189.176.0/20 89.238.192.0/18 91.148.128.0/18 91.193.80.0/22 91.204.16.0/21 91.204.24.0/22 91.204.36.0/22 91.204.40.0/21 91.204.48.0/20 91.204.64.0/22 91.204.128.0/22 91.207.44.0/23 91.210.104.0/22 91.211.16.0/22 91.211.248.0/22 91.213.174.0/24 92.38.128.0/17 92.115.0.0/16 92.248.128.0/17 92.249.64.0/18 93.72.0.0/13 94.19.128.0/17 94.45.160.0/19 94.60.176.0/22 94.75.0.0/18 94.77.0.0/19 94.181.0.0/18 94.232.48.0/21 94.232.144.0/21 95.64.0.0/16 95.65.0.0/17 95.67.128.0/17 95.68.128.0/17 95.129.60.0/22 95.168.192.0/19 95.171.96.0/19 95.172.32.0/19 95.220.0.0/16 108.62.150.0/24 109.95.224.0/21 109.110.32.0/19 109.120.128.0/18 109.126.136.0/21 109.126.192.0/18 109.229.0.0/19 109.230.0.0/18 109.161.0.0/17 109.165.0.0/17 109.171.0.0/17 109.184.0.0/16 109.227.64.0/18 109.254.0.0/16 178.34.128.0/18 178.45.0.0/20 178.73.0.0/18 178.130.0.0/16 178.150.0.0/15 178.159.80.0/20 178.159.208.0/20 178.216.32.0/21 178.217.160.0/21 178.218.96.0/20 188.16.192.0/18 188.129.128.0/17 188.143.128.0/17 188.163.0.0/16 188.186.128.0/17 188.229.0.0/17 188.235.128.0/18 193.9.28.0/24 193.30.248.0/22 193.93.228.0/22 193.106.136.0/22 193.110.120.0/22 193.169.86.0/23 193.238.0.0/22 193.243.168.0/22 194.50.7.0/24 194.79.60.0/22 194.247.24.0/23 195.22.104.0/22 195.78.108.0/23 195.190.157.0/24 195.191.54.0/23 195.242.161.0/24 195.245.96.0/23 212.27.192.0/19 212.59.96.0/19 212.91.160.0/19 212.160.0.0/16 213.108.144.0/21 213.171.0.0/19 213.191.0.0/19 217.77.48.0/20 217.117.208.0/20 217.196.160.0/20 217.197.0.0/20

# Turkey (TR): web hosts and Turk Telekom customers - scammers, spammers, phishing websites and server script exploiters:
deny from 62.248.0.0/17 77.79.64.0/18 77.92.128.0/19 78.160.0.0/11 79.135.160.0/19 81.6.64.0/18 81.213.0.0/16 81.214.0.0/16 81.215.0.0/16 82.222.0.0/16 84.51.0.0/18 85.96.0.0/12 85.100.128.0/17 85.101.0.0/17 85.103.0.0/17 85.105.0.0/17 85.106.128.0/17 85.110.0.0/16 88.226.0.0/16 88.229.0.0/16 88.231.0.0/16 88.232.0.0/16 88.233.0.0/16 88.234.0.0/16 88.238.0.0/16 88.239.0.0/17 88.241.128.0/17 88.243.0.0/17 88.245.0.0/16 88.247.128.0/17 88.248.0.0/13 88.255.0.0/16 89.106.0.0/19 89.113.72.0/21 92.44.0.0/15 92.63.0.0/20 93.186.112.0/20 93.187.200.0/21 94.78.64.0/18 95.0.128.0/17 95.65.128.0/17 95.130.168.0/21 160.75.0.0/16 178.242.0.0/15 188.3.0.0/16 188.38.0.0/16 188.56.0.0/14 188.124.0.0/19 188.132.128.0/17 194.27.48.0/23 194.54.32.0/19 195.155.0.0/16 195.174.0.0/15 195.175.0.0/17 212.15.0.0/19 212.95.40.0/23 212.174.113.0/24 212.175.0.0/16 213.248.128.0/18 217.195.192.0/20

# German (DE) ISPs used by hackers and spammers including 1&1internet DE, Deutsche Telekom AG, NetDirekt and Schlund & Partners
deny from 77.176.0.0/12 78.46.0.0/15 78.159.96.0/19  79.192.0.0/10 80.128.0.0/11 82.165.128.0/20 83.138.64.0/21 83.169.40.0/21 85.214.0.0/16 87.106.0.0/16 87.118.64.0/18 87.247.192.0/22 89.149.192.0/18 89.200.168.0/21 91.0.0.0/10 91.213.217.0/24 93.186.192.0/20 93.192.0.0/10 188.72.192.0/18 188.102.0.0/15 212.95.32.0/19 212.227.0.0/16 213.133.96.0/19 217.72.192.0/20

# Iran (IR)
deny from 86.109.32.0/19 109.122.192.0/18 178.131.0.0/16

</Files>

Edited by DRIVE, 08 August 2011 - 18:38.


#2   spitlikethis

spitlikethis
  • Members
  • 63 posts

Posted 10 September 2011 - 15:37

This looks useful - can you tell me where to place it? Is it within the .htaccess code in admin?

#3   MrPhil

MrPhil
  • Members
  • 5,241 posts

Posted 24 September 2011 - 17:48

Not admin (or whatever you've renamed it to). Place it as high up in your site as is reasonable. If not / (HTML root, public_html), then /catalog (osC's root).

#4   Parikesit

Parikesit
  • Members
  • 263 posts

Posted 03 October 2011 - 00:16

Ouch, you banned all IP from south east asia.

@zaenal

#5   Parikesit

Parikesit
  • Members
  • 263 posts

Posted 03 October 2011 - 00:33

I guess below is better approach

 
 
#BADENGINE
SetEnvIfNoCase User-Agent (^$|\<|\>|\'|\%|\_iRc|\_Works|\@\$x|\<\?|\$x0e|\+select\+|\+union\+|1\,\1\,1\,|2icommerce|3GSE|4all|59\.64\.153\.|88\.0\.106\.|85\.17\.|A\_Browser|ABAC|Abont|abot|Accept|Access|Accoo|AceFTP|Acme|ActiveTouristBot|Address|Adopt|adress|adressendeutschland|ADSARobot|ah\-ha|Ahead|AESOP\_com\_SpiderMan|aipbot|Alarm|Albert|Alek|Alexibot|Alligator|AllSubmitter|alma|almaden|ALot|Alpha|aktuelles|Akregat|Amfi|amzn\_assoc|Anal|Anarchie|andit|Anon|AnotherBot|Ansearch|AnswerBus|antivirx|Apexoo|appie|Aqua_Products|Arachmo|archive|arian|ASPSe|ASSORT|Atari|ATHENS|AtHome|Atlocal|Atomic_Email_Hunter|Atomz|Atrop|^attach|attrib|autoemailspider|autohttp|axod|batch|b2w|Back|BackDoorBot|BackStreet|BackWeb|Badass|Bali|Bandit|Barry|BasicHTTP|BatchFTP|bdfetch|beat|Become|Beij|BenchMark|berts|bew|big\.brother|Bigfoot|Bilgi|Bison|Bitacle|Biz360|Black|Black\.Hole|BlackWidow|bladder\.fusion|Blaiz|Blog\.Checker|Blogl|BlogPeople|Blogshares\.Spiders|Bloodhound|Blow|bmclient|Board|BOI|boitho|Bond|Bookmark\.search\.tool|boris|Bost|Boston\.Project|BotRightHere|Bot\.mailto:craftbot@yahoo\.com|BotALot|botpaidtoclick|botw|brandwatch|BravoBrian|Brok|Bropwers|Broth|browseabit|BrowseX|Browsezilla|Bruin|bsalsa|Buddy|Build|Built|Bulls|bumblebee|Bunny|Busca|Busi|Buy|bwh3) BADENGINE
SetEnvIfNoCase User-Agent (c\-spider|CafeK|Cafi|camel|Cand|captu|Catch|cd34|Ceg|CFNetwork|cgichk|Cha0s|Chang|chaos|Char|char\(32\,35\)|charlotte|CheeseBot|Chek|CherryPicker|chill|ChinaClaw|CICC|Cisco|Cita|Clam|Claw|Click\.Bot|clipping|clshttp|Clush|COAST|ColdFusion|Coll|Comb|commentreader|Compan|contact|Control|contype|Conc|Conv|Copernic|Copi|Copy|Coral|Corn|core-project|cosmos|costa|cr4nk|crank|craft|Crap|Crawler0|Crazy|Cres|cs\-CZ|cuill|Custo|Cute|CSHttp|Cyber|cyberalert|^DA$|daoBot|DARK|Data|Daten|Daum|dcbot|dcs|Deep|DepS|Detect|Deweb|Diam|Digger|Digimarc|digout4uagent|DIIbot|Dillo|Ding|DISC|discobot|Disp|Ditto|DLC|DnloadMage|DotBot|Doubanbot|Download|Download\.Demon|Download\.Devil|Download\.Wonder|Downloader|drag|DreamPassport|Drec|Drip|dsdl|dsok|DSurf|DTAAgent|DTS|Dual|dumb|DynaWeb) BADENGINE
SetEnvIfNoCase User-Agent (e\-collector|eag|earn|EARTHCOM|EasyDL|ebin|EBM-APPLE|EBrowse|eCatch|echo|ecollector|Edco|edgeio|efp\@gmx\.net|EirGrabber|email|Email\.Extractor|EmailCollector|EmailSearch|EmailSiphon|EmailWolf|Emer|empas|Enfi|Enhan|Enterprise\_Search|envolk|erck|EroCr|ESurf|Eval|Evil|Evere|EWH|Exabot|Exact|EXPLOITER|Expre|Extra|ExtractorPro|EyeN|FairAd|Fake|FANG|FAST|fastlwspider|FavOrg|Favorites\.Sweeper|Faxo|FDM\_1|FDSE|FEZhead|Filan|FileHound|find|Firebat|Firs|Flam|Flash|FlickBot|Flip|fluffy|flunky|focus|Foob|Fooky|Forex|Forum|ForV|Fost|Foto|Foun|Franklin\.Locator|freefind|FreshDownload|FrontPage|FSurf|Fuck|Fuer|futile|Fyber|Gais|GalaxyBot|Galbot|Gamespy\_Arcade|GbPl|Gener|geni|Geona|Get|gigabaz|Gira|Ginxbot|gluc|glx\.?v|gnome|Go\.Zilla|Goldfire|Got\-It|GOFORIT|gonzo|GornKer|GoSearch|^gotit$|gozilla|grab|Grabber|GrabNet|Grub|Grup|Graf|Green\.Research|grub|grub\-client|gsa\-cra|GSearch|GT\:\:WWW|GuideBot|guruji|gvfs|Gyps|hack|haha|hailo|Harv|Hatena|Hax|Head|Helm|herit|hgre|hhjhj\@yahoo|Hippo|hloader|HMView|holm|holy|HomePageSearch|HooWWWer|HouxouCrawler|HMSE|HPPrint|htdig|HTTPConnect|httpdown|http\.generic|HTTPGet|httplib|HTTPRetriever|HTTrack|human|Huron|hverify|Hybrid|Hyper|ia\_archiver|iaskspi|IBM\_Planetwide|iCCra|ichiro|ID\-Search|IDA|IDBot|IEAuto|IEMPT|iexplore\.exe|iGetter|Ilse|Iltrov|Image\.Stripper|Image\.Sucker|imagefetch|iimds\_monitor|Incutio|IncyWincy|Indexer|Industry\.Program|Indy|InetURL|informant|InfoNav|InfoTekies|Ingelin|Innerpr|Inspect|InstallShield\.DigitalWizard|Insuran\.|Intellig|Intelliseek|InterGET|Internet\.Ninja|Internet\.x|Internet\_Explorer|InternetLinkagent|InternetSeer\.com|Intraf|IP2|Ipsel|Iria|IRLbot|Iron33|Irvine|ISC\_Sys|iSilo|ISRCCrawler|ISSpi|IUPUI\.Research\.Bot|Jady|Jaka|Jam|^Java|java\/|Java\(tm\)|JBH\.agent|Jenny|JetB|JetC|jeteye|jiro|JoBo|JOC|jupit|Just|Jyx|Kapere|kash|Kazo|KBee|Kenjin|Kernel|Keywo|KFSW|KKma|Know|kosmix|KRAE|KRetrieve|Krug|ksibot|ksoap|Kum|KWebGet) BADENGINE
SetEnvIfNoCase User-Agent (Lachesis|lanshan|Lapo|larbin|leacher|leech|LeechFTP|LeechGet|leipzig\.de|Lets|Lexi|lftp|Libby|libcrawl|libfetch|libghttp|libWeb|libwhisker|libwww|libwww\-FM|libwww\-perl|LightningDownload|likse|Linc|Link\.Sleuth|LinkextractorPro|Linkie|LINKS\.ARoMATIZED|LinkScan|linktiger|LinkWalker|Lint|List|lmcrawler|LMQ|LNSpiderguy|loader|LocalcomBot|Locu|London|lone|looksmart|loop|Lork|LTH\_|lwp\-request|LWP|lwp-request|lwp-trivial|Mac\.Finder|Macintosh\;\.I\;\.PPC|Mac\_F|magi|Mag\-Net|Magnet|Magp|Mail\.Sweeper|main|majest|Mam|Mana|MarcoPolo|mark\.blonin|MarkWatch|MaSagool|Mass|Mass\.Downloader|Mata|mavi|McBot|Mecha|MCspider|^Memo|MetaProducts\.Download\.Express|Metaspin|Mete|Microsoft\.Data\.Access|Microsoft\.URL|Microsoft\_Internet\_Explorer|MIDo|MIIx|miner|Mira|MIRE|Mirror|Miss|Missauga|Missigua\.Locator|Missouri\.College\.Browse|Mist|Mizz|MJ12|mkdb|mlbot|MLM|MMMoCrawl|MnoG|moge|Moje|Monster|Monza\.Browser|Mooz|Moreoverbot|MOT\-MPx220|mothra\/netscan|mouse|MovableType|Mozdex|Mozi\!|Mp3Bot|MPF|MRA|MS\.FrontPage|MS\.?Search|MSFrontPage|MSIECrawler|msnbot\-media|msnbot\-Products|MSNPTC|MSProxy|MSRBOT|multithreaddb|musc|MVAC|MWM|My\_age|MyApp|MyDog|MyEng|MyFamilyBot|MyGetRight|MyIE2|mysearch|myurl|NAG|NAMEPROTECT|NASA\.Search|nationaldirectory|Naver|Navr|Near|NetAnts|netattache|Netcach|NetCarta|Netcraft|NetCrawl|NetMech|netprospector|NetResearchServer|NetSp|Net\.Vampire|netX|NetZ|Neut|newLISP|NewsGatorInbox|NEWT|NEWT\.ActiveX|Next|^NG|NICE|nikto|Nimb|Ninja|Ninte|NIPGCrawler|Noga|nogo|Noko|Nomad|Norb|noxtrumbot|NPbot|NuSe|Nutch|Nutex|NWSp|Obje|Ocel|Octo|ODI3|oegp|Offline|Offline\.Explorer|Offline\.Navigator|OK\.Mozilla|omg|Omni|Onfo|onyx|OpaL|OpenBot|Openf|OpenTextSiteCrawler|OpenU|Orac|OrangeBot|Orbit|Oreg|osis|Outf|Owl) BADENGINE
SetEnvIfNoCase User-Agent (P3P|PackRat|PageGrabber|PagmIEDownload|pansci|Papa|Pars|Patw|pavu|Pb2Pb|pcBrow|PEAR|PEER|PECL|pepe|Perl|PerMan|PersonaPilot|Persuader|petit|PHP\.vers|PHPot|Phras|PicaLo|Piff|Pige|pigs|^Ping|Pingd|PingALink|Pipe|Plag|Plant|playstarmusic|Pluck|Pockey|POE\-Com|Poirot|Pomp|Port\.Huron|Post|powerset|Preload|press|Privoxy|Probe|Program\.Shareware|Progressive\.Download|ProPowerBot|prospector|Provider\.Protocol\.Discover|ProWebWalker|Prowl|Proxy|Prozilla|psbot|PSurf|psycheclone|^puf$|Pulse|Pump|PushSite|PussyCat|PuxaRapido|Pyth|PyQ|QuepasaCreep|Query|Quest|QRVA|Qweer|radian|Radiation|Rambler|RAMP|RealDownload|Reap|Recorder|RedCarpet|RedKernel|ReGet|^Mozilla$|Mozilla\:|Mozilla\/Firefox|^Mozilla\.*Indy|^Mozilla\.*NEWT|^Mozilla*MSIECrawler|relevantnoise|replacer|Repo|requ|Rese|Retrieve|Rip|Rix|RMA|Roboz|Rogue|Rover|RPT\-HTTP|Rsync|RTG30|\.ru\)|ruby|Rufus|Salt|Sample|SAPO|Sauger|savvy|SBIder|SBP|SCAgent|scan|SCEJ\_|Sched|Schizo|Schlong|Schmo|Scout|Scooter|Scorp|ScoutOut|SCrawl|screen|script|SearchExpress|searchhippo|Searchme|searchpreview|searchterms|Second\.Street\.Research|Security\.Kol|Seekbot|Sega|Sensis|Sept|Serious|Sezn|Shai|Share|Sharp|Shaz|shell|shelo|Sherl|Shim|Shiretoko|ShopWiki|SickleBot|Simple|Siph|sitecheck|SiteCrawler|SiteSnagger|Site\.Sniper|SiteSucker|sitevigil|SiteX|Sleip|Slide|Slurpy\.Verifier|Sly|Smag|SmartDownload|Smurf|sna\-|snag|Snake|Snapbot|Snip|Snoop|So\-net|SocSci|sogou|Sohu|solr|sootle|Soso|SpaceBison|Spad|Span|spanner|Speed|Spegla|Sphere|Sphider|SpiderBot|SpiderEngine|SpiderView|Spin|sproose|Spurl|Spyder|Squi|SQ\.Webscanner|sqwid|Sqworm|SSM\_Ag|Stack|Stamina|stamp|Stanford|Statbot|State|Steel|Strateg|Stress|Strip|studybot|Style|subot|Suck|Sume|sun4m|Sunrise|SuperBot|SuperBro|Supervi|Surf4Me|SuperHTTP|Surfbot|SurfWalker|Susi|suza|suzu|Sweep|sygol|syncrisis|Systems|Szukacz) BADENGINE
SetEnvIfNoCase User-Agent (Tagger|Tagyu|tAke|Talkro|TALWinHttpClient|tamu|Tandem|Tarantula|tarspider|tBot|TCF|Tcs\/1|TeamSoft|Tecomi|Teleport|Telesoft|Templeton|Tencent|Terrawiz|Test|TexNut|trivial|Turnitin|The\.Intraformant|TheNomad|Thomas|TightTwatBot|Timely|Titan|TMCrawler|TMhtload|toCrawl|Todobr|Tongco|topic|Torrent|Track|translate|Traveler|TREEVIEW|True|Tunnel|turing|Turnitin|TutorGig|TV33\_Mercator|Twat|Tweak|Twice|Twisted\.PageGetter|Tygo|ubee|UCmore|UdmSearch|UIowaCrawler|Ultraseek|UMBC|unf|UniversalFeedParser|unknown|UPG1|UtilMind|URLBase|URL\.Control|URL\_Spider\_Pro|urldispatcher|URLGetFile|urllib|URLSpiderPro|URLy|User\-Agent|UserAgent|USyd|Vacuum|vagabo|Valet|Valid|Vamp|vayala|VB\_|VCI|VERI\~LI|versus|via|Viewer|virtual|visibilitygap|Visual|vobsub|Void|VoilaBot|voyager|vspider|VSyn|w\:PACBHO60|w0000t|W3C|w3m|w3search|walhello|Walker|Wand|WAOL|WAPT|Watch|Wavefire|wbdbot|Weather|web\.by\.mail|Web\.Data\.Extractor|Web\.Downloader|Web\.Ima|Web\.Mole|Web\.Sucker|Web2Mal|Web2WAP|WebaltBot|WebAuto|WebBandit|WebCapture|WebCat|webcraft\@bea|Webclip|webcollage|WebCollector|WebCopier|WebCopy|WebCor|webcrawl|WebDat|WebDav|webdevil|webdownloader|Webdup|WebEMail|WebEMailExtrac|WebEnhancer|WebFetch|WebGo|WebHook|Webinator|WebInd|webitpr|WebFilter|WebFountain|WebLea|WebmasterWorldForumBot|WebMin|WebMirror|webmole|webpic|WebPin|WebPix|WebReaper|WebRipper|WebRobot|WebSauger|Website\.eXtractor|Website\.Quester|WebSnake|webspider|Webster|WebStripper|websucker|WebTre|WebVac|webwalk|WebWasher|WebWeasel|WebWhacker|WebZIP|Wells|WEP\_S|WEP\.Search\.00|WeRelateBot|wget|Whack|Whacker|whiz|WhosTalking|Widow|Win67|window\.location|Windows\.95\;|Windows\.98\;|Winodws|Wildsoft\.Surfer|WinHT|winhttp|WinHttpRequest|WinHTTrack|Winnie\.Poh|WISEbot|wisenutbot|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW\.Mechanize|www\.ranks\.nl|wwwster|^x$|X12R1|x\-Tractor|Xaldon|Xenu|XGET|xirq|Y\!OASIS|Y\!Tunnel|yacy|YaDirectBot|Yahoo\-MMAudVid|YahooYSMcm|Yamm|Yand|yang|Yeti|Yoono|yori|Yotta|YTunnel|Zade|zagre|ZBot|Zeal|ZeBot|zerx|Zeus|ZIPCode|Zixy|zmao|Zyborg) BADENGINE
SetEnvIfNoCase User-Agent (cyberpatrol\.com|Macintosh\;\s+) !BADENGINE
#SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE
 
#BADFILE
SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE
SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE
SetEnvIfNoCase Request_URI "(entry(.*)\.txt|categories\.dat|categories(.*)\.dat|index(.*)\.dat|css\.js|css(.*)\.js|panels\.prototypes\.php|core\.config\.php|core\.static\.php)" BADFILE
 
#BADCALL
SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL
SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL
SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol)  BADCALL
 
#Someone trying to $_POST not from mydomain
#SetEnvIfNoCase Host (.*) this_host=$1
#SetEnvIfNoCase Request_Method (POST) BLOCKPOST
 
#Someone trying to put/delete something
#SetEnvIfNoCase Request_Method (PUT|DELETE) BLOCKPUT
 
#MAKE SOME TEST HERE
#SetEnvIfNoCase Request_Method "(POST)" BLOCKPOSTTEST
#SetEnvIfNoCase Request_URI "!(\/$|index\.php)" !BLOCKPOSTTEST
 
 
<LimitExcept CONNECT>
Order Allow,Deny
Allow from all
#Deny from env=BLOCKPOSTTEST
Deny from env=BLOCKPOST
Deny from env=BADCALL
Deny from env=BADFILE
Deny from env=BADGUESTBOOK
Deny from env=BADENGINE
Deny from env=BLOCKPUT
 
#deny_from_specific_ip_address_below
Deny from 66.225.201.*
Deny from 67.228.235.52
</LimitExcept>


#6   Parikesit

Parikesit
  • Members
  • 263 posts

Posted 03 October 2011 - 00:52

If you want to allow robot (BADENGINE) to read robots.txt, just uncomment one line above that mentioned it.

SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE

@zaenal

#7   Parikesit

Parikesit
  • Members
  • 263 posts

Posted 05 October 2011 - 08:52

If you experienced your admin page not render correctly, try to commented one of below lines or edit it as you want...

#BADFILE
#SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE
SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE
#SetEnvIfNoCase Request_URI "(some\.suspicious\.files)" BADFILE

@zaenal

#8   Parikesit

Parikesit
  • Members
  • 263 posts

Posted 05 October 2011 - 09:00

Here another version of bad robots (BADENGINE) from askapache.com
http://www.askapache...h-htaccess.html

I modified askapache.com trap to make it works with my version
#BADENGINE from ASKAPACHE
SetEnvIfNoCase User-Agent .*(aesop_com_spiderman|alexibot|backweb|bandit|batchftp|bigfoot) BADENGINE
SetEnvIfNoCase User-Agent .*(black.?hole|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye) BADENGINE
SetEnvIfNoCase User-Agent .*(cheesebot|cherrypicker|chinaclaw|collector|copier|copyrightcheck) BADENGINE
SetEnvIfNoCase User-Agent .*(cosmos|crescent|curl|custo|da|diibot|disco|dittospyder|dragonfly) BADENGINE
SetEnvIfNoCase User-Agent .*(drip|easydl|ebingbong|ecatch|eirgrabber|emailcollector|emailsiphon) BADENGINE
SetEnvIfNoCase User-Agent .*(emailwolf|erocrawler|exabot|eyenetie|filehound|flashget|flunky) BADENGINE
SetEnvIfNoCase User-Agent .*(frontpage|getright|getweb|go.?zilla|go-ahead-got-it|gotit|grabnet) BADENGINE
SetEnvIfNoCase User-Agent .*(grafula|harvest|hloader|hmview|httplib|httrack|humanlinks|ilsebot) BADENGINE
SetEnvIfNoCase User-Agent .*(infonavirobot|infotekies|intelliseek|interget|iria|jennybot|jetcar) BADENGINE
SetEnvIfNoCase User-Agent .*(joc|justview|jyxobot|kenjin|keyword|larbin|leechftp|lexibot|lftp|libweb) BADENGINE
SetEnvIfNoCase User-Agent .*(likse|linkscan|linkwalker|lnspiderguy|lwp|magnet|mag-net|markwatch) BADENGINE
SetEnvIfNoCase User-Agent .*(mata.?hari|memo|microsoft.?url|midown.?tool|miixpc|mirror|missigua) BADENGINE
SetEnvIfNoCase User-Agent .*(mister.?pix|moget|mozilla.?newt|nameprotect|navroad|backdoorbot|nearsite) BADENGINE
SetEnvIfNoCase User-Agent .*(net.?vampire|netants|netcraft|netmechanic|netspider|nextgensearchbot) BADENGINE
SetEnvIfNoCase User-Agent .*(attach|nicerspro|nimblecrawler|npbot|octopus|offline.?explorer) BADENGINE
SetEnvIfNoCase User-Agent .*(offline.?navigator|openfind|outfoxbot|pagegrabber|papa|pavuk) BADENGINE
SetEnvIfNoCase User-Agent .*(pcbrowser|php.?version.?tracker|pockey|propowerbot|prowebwalker) BADENGINE
SetEnvIfNoCase User-Agent .*(psbot|pump|queryn|recorder|realdownload|reaper|reget|true_robot) BADENGINE
SetEnvIfNoCase User-Agent .*(repomonkey|rma|internetseer|sitesnagger|siphon|slysearch|smartdownload) BADENGINE
SetEnvIfNoCase User-Agent .*(snake|snapbot|snoopy|sogou|spacebison|spankbot|spanner|sqworm|superbot) BADENGINE
SetEnvIfNoCase User-Agent .*(superhttp|surfbot|asterias|suzuran|szukacz|takeout|teleport) BADENGINE
SetEnvIfNoCase User-Agent .*(telesoft|the.?intraformant|thenomad|tighttwatbot|titan|urldispatcher) BADENGINE
SetEnvIfNoCase User-Agent .*(turingos|turnitinbot|urly.?warning|vacuum|vci|voideye|whacker) BADENGINE
SetEnvIfNoCase User-Agent .*(widow|wisenutbot|wwwoffle|xaldon|xenu|zeus|zyborg|anonymouse) BADENGINE
SetEnvIfNoCase User-Agent .*web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) BADENGINE
SetEnvIfNoCase User-Agent .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) BADENGINE
SetEnvIfNoCase User-Agent .*(libwww-perl|aesop_com_spiderman) BADENGINE
 
#ALLOW BADENGINE to ACCESS robots.txt
SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE

@zaenal

#9   trauko

trauko
  • Members
  • 9 posts

Posted 13 October 2011 - 22:52

If you experienced your admin page not render correctly, try to commented one of below lines or edit it as you want...

#BADFILE
#SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE
SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE
#SetEnvIfNoCase Request_URI "(some\.suspicious\.files)" BADFILE

@zaenal

Hi There,
My admin page did not render correctly after that I have uploaded your file to catalog/.htaccess. I commented all the 3 lines suggested and still I have problems..any ideas??

#10   Parikesit

Parikesit
  • Members
  • 263 posts

Posted 16 October 2011 - 00:31

Hi There,
My admin page did not render correctly after that I have uploaded your file to catalog/.htaccess. I commented all the 3 lines suggested and still I have problems..any ideas??


You should also try to commented others env. I suspected some of your js or css blocked by following code:

#BADCALL
SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL
SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL
SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol)  BADCALL

@zaenal

#11   Taipo

Taipo
  • Members
  • 794 posts

Posted 17 December 2011 - 04:36

I guess below is better approach

 
 
#BADENGINE
SetEnvIfNoCase User-Agent (^$|\<|\>|\'|\%|\_iRc|\_Works|\@\$x|\<\?|\$x0e|\+select\+|\+union\+|1\,\1\,1\,|2icommerce|3GSE|4all|59\.64\.153\.|88\.0\.106\.|85\.17\.|A\_Browser|ABAC|Abont|abot|Accept|Access|Accoo|AceFTP|Acme|ActiveTouristBot|Address|Adopt|adress|adressendeutschland|ADSARobot|ah\-ha|Ahead|AESOP\_com\_SpiderMan|aipbot|Alarm|Albert|Alek|Alexibot|Alligator|AllSubmitter|alma|almaden|ALot|Alpha|aktuelles|Akregat|Amfi|amzn\_assoc|Anal|Anarchie|andit|Anon|AnotherBot|Ansearch|AnswerBus|antivirx|Apexoo|appie|Aqua_Products|Arachmo|archive|arian|ASPSe|ASSORT|Atari|ATHENS|AtHome|Atlocal|Atomic_Email_Hunter|Atomz|Atrop|^attach|attrib|autoemailspider|autohttp|axod|batch|b2w|Back|BackDoorBot|BackStreet|BackWeb|Badass|Bali|Bandit|Barry|BasicHTTP|BatchFTP|bdfetch|beat|Become|Beij|BenchMark|berts|bew|big\.brother|Bigfoot|Bilgi|Bison|Bitacle|Biz360|Black|Black\.Hole|BlackWidow|bladder\.fusion|Blaiz|Blog\.Checker|Blogl|BlogPeople|Blogshares\.Spiders|Bloodhound|Blow|bmclient|Board|BOI|boitho|Bond|Bookmark\.search\.tool|boris|Bost|Boston\.Project|BotRightHere|Bot\.mailto:craftbot@yahoo\.com|BotALot|botpaidtoclick|botw|brandwatch|BravoBrian|Brok|Bropwers|Broth|browseabit|BrowseX|Browsezilla|Bruin|bsalsa|Buddy|Build|Built|Bulls|bumblebee|Bunny|Busca|Busi|Buy|bwh3) BADENGINE
SetEnvIfNoCase User-Agent (c\-spider|CafeK|Cafi|camel|Cand|captu|Catch|cd34|Ceg|CFNetwork|cgichk|Cha0s|Chang|chaos|Char|char\(32\,35\)|charlotte|CheeseBot|Chek|CherryPicker|chill|ChinaClaw|CICC|Cisco|Cita|Clam|Claw|Click\.Bot|clipping|clshttp|Clush|COAST|ColdFusion|Coll|Comb|commentreader|Compan|contact|Control|contype|Conc|Conv|Copernic|Copi|Copy|Coral|Corn|core-project|cosmos|costa|cr4nk|crank|craft|Crap|Crawler0|Crazy|Cres|cs\-CZ|cuill|Custo|Cute|CSHttp|Cyber|cyberalert|^DA$|daoBot|DARK|Data|Daten|Daum|dcbot|dcs|Deep|DepS|Detect|Deweb|Diam|Digger|Digimarc|digout4uagent|DIIbot|Dillo|Ding|DISC|discobot|Disp|Ditto|DLC|DnloadMage|DotBot|Doubanbot|Download|Download\.Demon|Download\.Devil|Download\.Wonder|Downloader|drag|DreamPassport|Drec|Drip|dsdl|dsok|DSurf|DTAAgent|DTS|Dual|dumb|DynaWeb) BADENGINE
SetEnvIfNoCase User-Agent (e\-collector|eag|earn|EARTHCOM|EasyDL|ebin|EBM-APPLE|EBrowse|eCatch|echo|ecollector|Edco|edgeio|efp\@gmx\.net|EirGrabber|email|Email\.Extractor|EmailCollector|EmailSearch|EmailSiphon|EmailWolf|Emer|empas|Enfi|Enhan|Enterprise\_Search|envolk|erck|EroCr|ESurf|Eval|Evil|Evere|EWH|Exabot|Exact|EXPLOITER|Expre|Extra|ExtractorPro|EyeN|FairAd|Fake|FANG|FAST|fastlwspider|FavOrg|Favorites\.Sweeper|Faxo|FDM\_1|FDSE|FEZhead|Filan|FileHound|find|Firebat|Firs|Flam|Flash|FlickBot|Flip|fluffy|flunky|focus|Foob|Fooky|Forex|Forum|ForV|Fost|Foto|Foun|Franklin\.Locator|freefind|FreshDownload|FrontPage|FSurf|Fuck|Fuer|futile|Fyber|Gais|GalaxyBot|Galbot|Gamespy\_Arcade|GbPl|Gener|geni|Geona|Get|gigabaz|Gira|Ginxbot|gluc|glx\.?v|gnome|Go\.Zilla|Goldfire|Got\-It|GOFORIT|gonzo|GornKer|GoSearch|^gotit$|gozilla|grab|Grabber|GrabNet|Grub|Grup|Graf|Green\.Research|grub|grub\-client|gsa\-cra|GSearch|GT\:\:WWW|GuideBot|guruji|gvfs|Gyps|hack|haha|hailo|Harv|Hatena|Hax|Head|Helm|herit|hgre|hhjhj\@yahoo|Hippo|hloader|HMView|holm|holy|HomePageSearch|HooWWWer|HouxouCrawler|HMSE|HPPrint|htdig|HTTPConnect|httpdown|http\.generic|HTTPGet|httplib|HTTPRetriever|HTTrack|human|Huron|hverify|Hybrid|Hyper|ia\_archiver|iaskspi|IBM\_Planetwide|iCCra|ichiro|ID\-Search|IDA|IDBot|IEAuto|IEMPT|iexplore\.exe|iGetter|Ilse|Iltrov|Image\.Stripper|Image\.Sucker|imagefetch|iimds\_monitor|Incutio|IncyWincy|Indexer|Industry\.Program|Indy|InetURL|informant|InfoNav|InfoTekies|Ingelin|Innerpr|Inspect|InstallShield\.DigitalWizard|Insuran\.|Intellig|Intelliseek|InterGET|Internet\.Ninja|Internet\.x|Internet\_Explorer|InternetLinkagent|InternetSeer\.com|Intraf|IP2|Ipsel|Iria|IRLbot|Iron33|Irvine|ISC\_Sys|iSilo|ISRCCrawler|ISSpi|IUPUI\.Research\.Bot|Jady|Jaka|Jam|^Java|java\/|Java\(tm\)|JBH\.agent|Jenny|JetB|JetC|jeteye|jiro|JoBo|JOC|jupit|Just|Jyx|Kapere|kash|Kazo|KBee|Kenjin|Kernel|Keywo|KFSW|KKma|Know|kosmix|KRAE|KRetrieve|Krug|ksibot|ksoap|Kum|KWebGet) BADENGINE
SetEnvIfNoCase User-Agent (Lachesis|lanshan|Lapo|larbin|leacher|leech|LeechFTP|LeechGet|leipzig\.de|Lets|Lexi|lftp|Libby|libcrawl|libfetch|libghttp|libWeb|libwhisker|libwww|libwww\-FM|libwww\-perl|LightningDownload|likse|Linc|Link\.Sleuth|LinkextractorPro|Linkie|LINKS\.ARoMATIZED|LinkScan|linktiger|LinkWalker|Lint|List|lmcrawler|LMQ|LNSpiderguy|loader|LocalcomBot|Locu|London|lone|looksmart|loop|Lork|LTH\_|lwp\-request|LWP|lwp-request|lwp-trivial|Mac\.Finder|Macintosh\;\.I\;\.PPC|Mac\_F|magi|Mag\-Net|Magnet|Magp|Mail\.Sweeper|main|majest|Mam|Mana|MarcoPolo|mark\.blonin|MarkWatch|MaSagool|Mass|Mass\.Downloader|Mata|mavi|McBot|Mecha|MCspider|^Memo|MetaProducts\.Download\.Express|Metaspin|Mete|Microsoft\.Data\.Access|Microsoft\.URL|Microsoft\_Internet\_Explorer|MIDo|MIIx|miner|Mira|MIRE|Mirror|Miss|Missauga|Missigua\.Locator|Missouri\.College\.Browse|Mist|Mizz|MJ12|mkdb|mlbot|MLM|MMMoCrawl|MnoG|moge|Moje|Monster|Monza\.Browser|Mooz|Moreoverbot|MOT\-MPx220|mothra\/netscan|mouse|MovableType|Mozdex|Mozi\!|Mp3Bot|MPF|MRA|MS\.FrontPage|MS\.?Search|MSFrontPage|MSIECrawler|msnbot\-media|msnbot\-Products|MSNPTC|MSProxy|MSRBOT|multithreaddb|musc|MVAC|MWM|My\_age|MyApp|MyDog|MyEng|MyFamilyBot|MyGetRight|MyIE2|mysearch|myurl|NAG|NAMEPROTECT|NASA\.Search|nationaldirectory|Naver|Navr|Near|NetAnts|netattache|Netcach|NetCarta|Netcraft|NetCrawl|NetMech|netprospector|NetResearchServer|NetSp|Net\.Vampire|netX|NetZ|Neut|newLISP|NewsGatorInbox|NEWT|NEWT\.ActiveX|Next|^NG|NICE|nikto|Nimb|Ninja|Ninte|NIPGCrawler|Noga|nogo|Noko|Nomad|Norb|noxtrumbot|NPbot|NuSe|Nutch|Nutex|NWSp|Obje|Ocel|Octo|ODI3|oegp|Offline|Offline\.Explorer|Offline\.Navigator|OK\.Mozilla|omg|Omni|Onfo|onyx|OpaL|OpenBot|Openf|OpenTextSiteCrawler|OpenU|Orac|OrangeBot|Orbit|Oreg|osis|Outf|Owl) BADENGINE
SetEnvIfNoCase User-Agent (P3P|PackRat|PageGrabber|PagmIEDownload|pansci|Papa|Pars|Patw|pavu|Pb2Pb|pcBrow|PEAR|PEER|PECL|pepe|Perl|PerMan|PersonaPilot|Persuader|petit|PHP\.vers|PHPot|Phras|PicaLo|Piff|Pige|pigs|^Ping|Pingd|PingALink|Pipe|Plag|Plant|playstarmusic|Pluck|Pockey|POE\-Com|Poirot|Pomp|Port\.Huron|Post|powerset|Preload|press|Privoxy|Probe|Program\.Shareware|Progressive\.Download|ProPowerBot|prospector|Provider\.Protocol\.Discover|ProWebWalker|Prowl|Proxy|Prozilla|psbot|PSurf|psycheclone|^puf$|Pulse|Pump|PushSite|PussyCat|PuxaRapido|Pyth|PyQ|QuepasaCreep|Query|Quest|QRVA|Qweer|radian|Radiation|Rambler|RAMP|RealDownload|Reap|Recorder|RedCarpet|RedKernel|ReGet|^Mozilla$|Mozilla\:|Mozilla\/Firefox|^Mozilla\.*Indy|^Mozilla\.*NEWT|^Mozilla*MSIECrawler|relevantnoise|replacer|Repo|requ|Rese|Retrieve|Rip|Rix|RMA|Roboz|Rogue|Rover|RPT\-HTTP|Rsync|RTG30|\.ru\)|ruby|Rufus|Salt|Sample|SAPO|Sauger|savvy|SBIder|SBP|SCAgent|scan|SCEJ\_|Sched|Schizo|Schlong|Schmo|Scout|Scooter|Scorp|ScoutOut|SCrawl|screen|script|SearchExpress|searchhippo|Searchme|searchpreview|searchterms|Second\.Street\.Research|Security\.Kol|Seekbot|Sega|Sensis|Sept|Serious|Sezn|Shai|Share|Sharp|Shaz|shell|shelo|Sherl|Shim|Shiretoko|ShopWiki|SickleBot|Simple|Siph|sitecheck|SiteCrawler|SiteSnagger|Site\.Sniper|SiteSucker|sitevigil|SiteX|Sleip|Slide|Slurpy\.Verifier|Sly|Smag|SmartDownload|Smurf|sna\-|snag|Snake|Snapbot|Snip|Snoop|So\-net|SocSci|sogou|Sohu|solr|sootle|Soso|SpaceBison|Spad|Span|spanner|Speed|Spegla|Sphere|Sphider|SpiderBot|SpiderEngine|SpiderView|Spin|sproose|Spurl|Spyder|Squi|SQ\.Webscanner|sqwid|Sqworm|SSM\_Ag|Stack|Stamina|stamp|Stanford|Statbot|State|Steel|Strateg|Stress|Strip|studybot|Style|subot|Suck|Sume|sun4m|Sunrise|SuperBot|SuperBro|Supervi|Surf4Me|SuperHTTP|Surfbot|SurfWalker|Susi|suza|suzu|Sweep|sygol|syncrisis|Systems|Szukacz) BADENGINE
SetEnvIfNoCase User-Agent (Tagger|Tagyu|tAke|Talkro|TALWinHttpClient|tamu|Tandem|Tarantula|tarspider|tBot|TCF|Tcs\/1|TeamSoft|Tecomi|Teleport|Telesoft|Templeton|Tencent|Terrawiz|Test|TexNut|trivial|Turnitin|The\.Intraformant|TheNomad|Thomas|TightTwatBot|Timely|Titan|TMCrawler|TMhtload|toCrawl|Todobr|Tongco|topic|Torrent|Track|translate|Traveler|TREEVIEW|True|Tunnel|turing|Turnitin|TutorGig|TV33\_Mercator|Twat|Tweak|Twice|Twisted\.PageGetter|Tygo|ubee|UCmore|UdmSearch|UIowaCrawler|Ultraseek|UMBC|unf|UniversalFeedParser|unknown|UPG1|UtilMind|URLBase|URL\.Control|URL\_Spider\_Pro|urldispatcher|URLGetFile|urllib|URLSpiderPro|URLy|User\-Agent|UserAgent|USyd|Vacuum|vagabo|Valet|Valid|Vamp|vayala|VB\_|VCI|VERI\~LI|versus|via|Viewer|virtual|visibilitygap|Visual|vobsub|Void|VoilaBot|voyager|vspider|VSyn|w\:PACBHO60|w0000t|W3C|w3m|w3search|walhello|Walker|Wand|WAOL|WAPT|Watch|Wavefire|wbdbot|Weather|web\.by\.mail|Web\.Data\.Extractor|Web\.Downloader|Web\.Ima|Web\.Mole|Web\.Sucker|Web2Mal|Web2WAP|WebaltBot|WebAuto|WebBandit|WebCapture|WebCat|webcraft\@bea|Webclip|webcollage|WebCollector|WebCopier|WebCopy|WebCor|webcrawl|WebDat|WebDav|webdevil|webdownloader|Webdup|WebEMail|WebEMailExtrac|WebEnhancer|WebFetch|WebGo|WebHook|Webinator|WebInd|webitpr|WebFilter|WebFountain|WebLea|WebmasterWorldForumBot|WebMin|WebMirror|webmole|webpic|WebPin|WebPix|WebReaper|WebRipper|WebRobot|WebSauger|Website\.eXtractor|Website\.Quester|WebSnake|webspider|Webster|WebStripper|websucker|WebTre|WebVac|webwalk|WebWasher|WebWeasel|WebWhacker|WebZIP|Wells|WEP\_S|WEP\.Search\.00|WeRelateBot|wget|Whack|Whacker|whiz|WhosTalking|Widow|Win67|window\.location|Windows\.95\;|Windows\.98\;|Winodws|Wildsoft\.Surfer|WinHT|winhttp|WinHttpRequest|WinHTTrack|Winnie\.Poh|WISEbot|wisenutbot|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW\.Mechanize|www\.ranks\.nl|wwwster|^x$|X12R1|x\-Tractor|Xaldon|Xenu|XGET|xirq|Y\!OASIS|Y\!Tunnel|yacy|YaDirectBot|Yahoo\-MMAudVid|YahooYSMcm|Yamm|Yand|yang|Yeti|Yoono|yori|Yotta|YTunnel|Zade|zagre|ZBot|Zeal|ZeBot|zerx|Zeus|ZIPCode|Zixy|zmao|Zyborg) BADENGINE
SetEnvIfNoCase User-Agent (cyberpatrol\.com|Macintosh\;\s+) !BADENGINE
#SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE
 
#BADFILE
SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE
SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE
SetEnvIfNoCase Request_URI "(entry(.*)\.txt|categories\.dat|categories(.*)\.dat|index(.*)\.dat|css\.js|css(.*)\.js|panels\.prototypes\.php|core\.config\.php|core\.static\.php)" BADFILE
 
#BADCALL
SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL
SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL
SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol)  BADCALL
 
#Someone trying to $_POST not from mydomain
#SetEnvIfNoCase Host (.*) this_host=$1
#SetEnvIfNoCase Request_Method (POST) BLOCKPOST
 
#Someone trying to put/delete something
#SetEnvIfNoCase Request_Method (PUT|DELETE) BLOCKPUT
 
#MAKE SOME TEST HERE
#SetEnvIfNoCase Request_Method "(POST)" BLOCKPOSTTEST
#SetEnvIfNoCase Request_URI "!(\/$|index\.php)" !BLOCKPOSTTEST
 
 
<LimitExcept CONNECT>
Order Allow,Deny
Allow from all
#Deny from env=BLOCKPOSTTEST
Deny from env=BLOCKPOST
Deny from env=BADCALL
Deny from env=BADFILE
Deny from env=BADGUESTBOOK
Deny from env=BADENGINE
Deny from env=BLOCKPUT
 
#deny_from_specific_ip_address_below
Deny from 66.225.201.*
Deny from 67.228.235.52
</LimitExcept>


@Zaenal

If you ever feel like developing this out to be an addon, see if there are any ideas in the code below that might help. This was something I was working on a while back but never really got finished playing with.

 
########## osC_Sec for HTACCESS Version 1.0 #################
 
Options +FollowSymlinks
 
# disable the server signature
ServerSignature Off
 
# set the server administrator email
SetEnv SERVER_ADMIN default@yourdomain.com
 
# disable directory browsing
Options All -Indexes
 
# prevent folder listing
IndexIgnore *
 
# ~~~~ START OF FILTERING ~~~~~ #
 
# secure htaccess and other files
<FilesMatch "\.(htaccess|htpasswd|ini|phps|log)$">
Order Allow,Deny
Deny from all
</FilesMatch>
 
<IfModule mod_rewrite.c>
RewriteEngine On
 
# server request method
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD|OPTIONS) [OR]
 
# osCommerce 2.2x
RewriteCond %{THE_REQUEST} ^.*\.php/login\.php.*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*login.php\?action\=backupnow.*$ [NC,OR]
 
# _REQUEST
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} %20HTTP/1. [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\./\.\.//?)+ [OR]
RewriteCond %{THE_REQUEST} (showimg=|cookies=|passwd) [NC,OR]
RewriteCond %{THE_REQUEST} (eval\%28|eval\%2528|eval\(|base64_(en|de)code[^(]*\([^)]*\)|base64_encode.*\(.*\)) [NC,OR]
RewriteCond %{THE_REQUEST} (JHs\=|replace\(|return\%20clk|boot\.ini|php\/password_for|announce\?info_hash) [NC,OR]
RewriteCond %{THE_REQUEST} (\,0x3a\,|unescape\(|fromcharcode|pwtoken_get|php_uname|passthru\() [NC,OR]
RewriteCond %{THE_REQUEST} (allow_url_fopen|\%23include\+\<|get_defined_vars\(|\%22\'\%2f|error_reporting\(0\)) [NC,OR]
RewriteCond %{THE_REQUEST} (fwrite\(|waitfor\%20delay|shell_exec|gzinflate\(|prompt\(|php_value\%20auto) [NC,OR]
RewriteCond %{THE_REQUEST} (file_get_contents\(|setcookie\() [NC,OR]
RewriteCond %{THE_REQUEST} (onmouseover|onmousedown|ct\(this) [NC,OR]
RewriteCond %{THE_REQUEST} (\_START\_|\=alert\(|mysql\_query|\.\.\/cmd|rush\=|EXTRACTVALUE\(|phpinfo\() [NC,OR]
RewriteCond %{THE_REQUEST} (ftp\:\/\/|1\=1\-\-|current\_user\(\)|\%3Cform|sha1\(|self\/environ|JHs\=) [NC,OR]
RewriteCond %{THE_REQUEST} (\<\%3Fphp|\%\%|1\+and\+1|\/iframe|\$\_GET|document\.cookie|onload\%3d|onunload\%3d) [NC,OR]
RewriteCond %{THE_REQUEST} (\%00|hex\_ent|ob\_starting|PHP\_SELF|etc\/passwd|shell\_exec|data\:\/\/|\$\_SERVER|\$\_POST) [NC,OR]
RewriteCond %{THE_REQUEST} (\/frameset|\$\_SESSION|\$\_REQUEST|\$HTTP\_|mosConfig\_|inurl\:|\/iframe|onload\=) [NC,OR]
RewriteCond %{THE_REQUEST} (\@\@datadir|\@\@version|version\(\)|localhost|\}\)\%3B|Set\-Cookie|\%253C\%2Fscript\%253E) [NC,OR]
RewriteCond %{THE_REQUEST} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
 
# http referer
RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
 
# mysql related
RewriteCond %{THE_REQUEST} (null\,null|outfile|load_file) [NC,OR]
RewriteCond %{THE_REQUEST} \bunion\b([^s]*s)+elect [NC,OR]
RewriteCond %{THE_REQUEST} \bunion\b([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{THE_REQUEST} (\bdelete\b|\bupdate\b|\bcreate\b|\balter\b|\bdeclare\b|\border\b|\bscript\b|\bset\<img src='http://forums.oscommerce.com//public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' /> [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR]
 
# cookies
RewriteCond %{HTTP_COOKIE} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_COOKIE} (eval\%28|eval\%2528|eval\(|information_schema) [NC,OR]
RewriteCond %{HTTP_COOKIE} (null\,null|outfile) [NC,OR]
RewriteCond %{HTTP_COOKIE} \bunion\b([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{HTTP_COOKIE} (\bdelete\b|\bupdate\b|\bcreate\b|\balter\b|\bdeclare\b|\border\b|\bscript\b|\bset\<img src='http://forums.oscommerce.com//public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' /> [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR]
 
# misc
RewriteCond %{QUERY_STRING} PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 [NC]
 
RewriteRule ^(.*)$ - [F,L]
</IfModule>
 
# ~~~~ END OF FILTERING ~~~~~ #
# OPTIONAL EXTRAS
# Uncomment and use.
# If Error 500 encountered then comment out
 
# php_value session.use_trans_sid 0
 
# auto keep the config file read only
# chmod configure.php files 444
 
# turn off magic_quotes_gpc
# <ifmodule mod_php4.c>
# php_flag magic_quotes_gpc off
# </ifmodule>
 
########## osC_Sec for HTACCESS #################

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1BkbNA1tK3q7ZRkCJj6f1ELK2A152eEtoW