Guest Posted August 8, 2011 Share Posted August 8, 2011 This cut hack attempts and worthless traffic on one of my servers OVERNIGHT. If you dont care about or sell to any of these, this will cut down your server LOAD overnight as these are the biggest offenders of hacks, spam and general tom-foolery. * USE IN APACHE .HTACCESS FILES YOU CAN GET ANY FORMAT YOU LIKE WITH LINKS BELOW. E.G. WORKING AT SERVER LEVEL WITH IP TABLES AND/OR SOFT OR HARDWARE FIREWALLS #http://www.wizcrafts.net/ # #http://www.wizcrafts.net/chinese-blocklist.html (this alone is worth its weight in gold) <Files *> order deny,allow # Chinese (CN) IP addresses follow: deny from 27.8.0.0/13 27.16.0.0/12 27.36.0.0/14 27.40.0.0/13 58.16.0.0/15 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15 58.34.0.0/16 58.37.0.0/16 58.38.0.0/16 58.42.0.0/16 58.44.0.0/14 58.56.0.0/15 58.58.0.0/16 58.59.0.0/17 58.60.0.0/14 58.82.0.0/15 58.100.0.0/15 58.208.0.0/12 58.242.0.0/15 58.246.0.0/15 58.248.0.0/13 59.32.0.0/13 59.40.0.0/15 59.42.0.0/16 59.44.0.0/14 59.51.0.0/16 59.52.0.0/14 59.56.0.0/13 59.108.0.0/15 60.0.0.0/13 60.11.0.0/16 60.12.0.0/16 60.28.0.0/15 60.160.0.0/11 60.194.0.0/15 60.208.0.0/13 60.216.0.0/15 60.220.0.0/14 61.4.64.0/20 61.4.80.0/22 61.4.176.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16 61.136.0.0/18 61.139.128.0/18 61.145.73.208/28 61.147.0.0/16 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16 61.177.0.0/16 61.179.0.0/16 61.183.0.0/16 61.184.0.0/16 61.185.219.232/29 61.187.0.0/16 61.188.0.0/16 61.191.0.0/16 61.232.0.0/14 61.236.0.0/15 110.6.0.0/15 110.96.0.0/11 110.240.0.0/12 111.0.0.0/10 112.0.0.0/10 112.64.0.0/14 112.111.0.0/16 112.224.0.0/11 113.0.0.0/13 113.8.0.0/15 113.16.0.0/15 113.62.0.0/15 113.64.0.0/10 113.128.0.0/15 114.28.0.0/16 114.80.0.0/12 114.104.0.0/14 114.216.0.0/13 114.224.0.0/11 115.24.0.0/15 115.32.0.0/14 115.48.0.0/12 115.84.0.0/18 115.100.0.0/15 115.168.0.0/14 115.239.228.0/22 116.1.0.0/16 116.2.0.0/15 116.4.0.0/14 116.8.0.0/14 116.16.0.0/12 116.76.0.0/15 116.204.0.0/15 116.208.0.0/14 117.21.0.0/16 117.22.0.0/15 117.24.0.0/13 117.32.0.0/13 117.40.0.0/14 117.44.0.0/15 117.80.0.0/12 118.72.0.0/13 118.112.0.0/13 118.132.0.0/14 118.144.0.0/14 118.180.0.0/14 118.192.0.0/16 118.248.0.0/13 119.0.0.0/13 119.8.0.0/15 119.10.0.0/17 119.18.192.0/20 119.88.0.0/14 119.120.0.0/13 119.128.0.0/12 119.144.0.0/14 119.164.0.0/14 119.176.0.0/12 120.0.0.0/12 120.32.0.0/13 121.0.16.0/20 121.8.0.0/13 121.16.0.0/12 121.32.0.0/14 121.60.0.0/14 121.76.0.0/15 121.204.0.0/14 122.51.128.0/17 122.64.0.0/11 122.136.0.0/13 122.156.0.0/14 122.198.0.0/16 122.200.64.0/18 122.224.0.0/12 123.4.0.0/14 123.52.0.0/14 123.64.0.0/11 123.97.128.0/17 123.100.0.0/19 123.112.0.0/12 123.128.0.0/13 123.152.0.0/13 123.164.0.0/14 123.184.0.0/14 123.232.0.0/14 124.42.64.0/18 124.64.0.0/15 124.114.0.0/15 124.128.0.0/13 124.163.0.0/16 124.200.0.0/13 124.236.0.0/14 124.248.0.0/17 125.40.0.0/13 125.64.0.0/12 125.80.0.0/13 125.88.0.0/13 125.115.0.0/16 159.226.0.0/16 182.112.0.0/12 183.0.0.0/10 221.204.0.0/15 202.43.144.0/22 202.66.0.0/16 202.96.0.0/12 202.111.160.0/19 202.112.0.0/14 202.117.0.0/16 202.165.176.0/20 203.69.0.0/16 203.93.0.0/16 203.169.160.0/19 210.5.0.0/19 210.14.128.0/19 210.21.0.0/16 210.32.0.0/14 210.51.0.0/16 210.52.0.0/15 210.192.96.0/19 211.76.96.0/20 211.78.208.0/20 211.90.0.0/15 211.92.0.0/14 211.96.0.0/15 211.136.0.0/13 211.144.12.0/22 211.144.96.0/19 211.144.160.0/20 211.147.208.0/20 211.152.14.0/24 211.154.128.0/19 211.155.24.0/22 211.157.32.0/19 211.160.0.0/13 211.233.70.0/24 218.0.0.0/11 218.56.0.0/13 218.64.0.0/11 218.88.0.0/13 218.96.0.0/14 218.102.0.0/16 218.104.0.0/14 218.194.80.0/20 218.240.0.0/13 219.128.0.0/11 219.232.0.0/16 219.154.0.0/15 220.160.0.0/11 220.181.0.0/16 220.192.0.0/12 220.228.70.0/24 220.248.0.0/14 220.250.0.0/19 220.252.0.0/16 221.0.0.0/12 221.122.0.0/15 221.176.0.0/13 221.192.0.0/14 221.200.0.0/14 221.204.0.0/15 221.207.0.0/16 221.208.0.0/14 221.212.0.0/16 221.214.0.0/15 221.216.0.0/13 221.224.0.0/13 221.228.0.0/14 221.238.0.0/15 222.32.0.0/11 222.64.0.0/12 222.80.0.0/12 222.132.0.0/14 222.136.0.0/13 222.166.0.0/16 222.168.0.0/13 222.172.222.0/24 222.176.0.0/13 222.184.0.0/13 222.241.0.0/19 222.245.0.0/16 # Hong Kong (HK) deny from 58.65.232.0/21 59.148.0.0/15 112.121.160.0/19 113.252.0.0/14 121.127.224.0/19 123.242.229.0/24 202.69.64.0/19 202.85.128.0/19 202.133.8.0/21 203.218.0.0/16 210.176.0.0/19 210.176.48.0/20 210.176.64.0/18 210.176.128.0/17 210.177.0.0/16 218.103.0.0/16 218.252.0.0/14 219.76.0.0/14 222.166.0.0/16 # India (IN), Bangladesh (BD) and Pakistan (PK) deny from 59.88.0.0/13 59.96.0.0/14 59.164.0.0/16 9.176.0.0/13 59.184.0.0/15 61.247.238.0/24 112.110.40.0/21 115.108.0.0/14 115.240.0.0/12 116.72.0.0/14 117.192.0.0/10 120.56.0.0/13 121.240.0.0/13 122.160.0.0/14 122.164.0.0/15 122.166.0.0/15 122.167.0.0/16 122.169.0.0/16 122.170.0.0/17 122.173.0.0/16 122.174.0.0/16 122.176.0.0/13 123.236.0.0/14 124.124.0.0/15 124.247.235.0/24 182.64.0.0/12 182.176.0.0/12 193.53.87.0/24 202.63.160.0/19 202.154.224.0/24 203.115.80.0/20 203.188.247.0/24 203.197.0.0/16 218.248.0.0/20 # Indonesia (ID) deny from 110.136.176.0/20 110.139.0.0/16 118.96.0.0/15 119.110.68.0/24 125.164.64.0/19 125.165.128.0/18 # Japan (JP) (hacking, scraping, or spamming) deny from 58.188.0.0/14 59.146.0.0/15 61.112.0.0/12 118.0.0.0/12 118.86.0.0/15 118.106.0.0/16 122.200.192.0/18 122.208.0.0/12 123.216.0.0/13 126.0.0.0/8 150.70.84.41 210.248.0.0/13 211.19.0.0/16 218.216.0.0/13 218.224.0.0/13 219.94.128.0/17 219.96.0.0/11 221.121.160.0/20 222.231.64.0/18 222.231.128.0/17 222.144.0.0/13 # Korea (KR) IP addresses follow: deny from 58.72.0.0/13 58.120.0.0/13 58.140.0.0/14 58.148.0.0/14 58.180.40.0/21 58.224.0.0/12 59.0.0.0/11 59.86.192.0/18 59.186.0.0/15 61.32.0.0/13 61.72.0.0/14 61.76.0.0/15 61.96.0.0/12 61.110.16.0/20 61.248.0.0/13 110.8.0.0/13 110.45.0.0/16 112.159.224.0/20 113.30.64.0/18 114.29.0.0/17 114.108.128.0/18 114.200.0.0/13 115.0.0.0/12 115.16.0.0/13 115.40.0.0/15 115.68.0.0/16 115.88.0.0/13 116.40.0.0/16 116.45.176.0/20 116.93.192.0/19 116.120.0.0/13 117.110.0.0/15 118.32.0.0/11 118.128.0.0/14 118.216.0.0/13 119.64.0.0/13 119.192.0.0/11 120.50.64.0/18 121.88.0.0/16 121.101.224.0/19 121.127.64.0/18 121.127.128.0/18 121.128.0.0/10 121.254.0.0/16 122.44.112.0/20 122.99.128.0/17 123.111.0.0/16 123.140.0.0/14 123.212.0.0/14 123.248.0.0/16 124.0.0.0/15 124.50.87.161 124.136.0.0/14 125.128.0.0/11 125.176.0.0/12 125.240.0.0/13 125.248.0.0/14 143.248.0.0/16 166.104.0.0/16 168.188.0.0/16 175.112.0.0/12 202.30.0.0/15 202.133.16.0/20 202.179.176.0/21 203.226.0.0/15 203.228.0.0/14 203.244.0.0/14 203.248.0.0/13 210.93.0.0/16 210.94.0.0/15 210.108.0.0/14 210.112.0.0/14 210.117.128.0/18 210.118.216.192/26 210.124.0.0/14 210.178.0.0/15 210.180.0.0/15 210.204.0.0/15 210.210.192.0/18 210.219.0.0/16 210.220.0.0/14 211.32.0.0/12 211.48.0.0/15 211.50.0.0/15 211.52.0.0/16 211.62.35.0/24 211.104.0.0/13 211.112.0.0/13 211.168.0.0/13 211.176.0.0/12 211.192.0.0/12 211.208.0.0/14 211.216.0.0/13 211.224.0.0/13 211.232.0.0/13 211.240.0.0/12 218.36.0.0/14 218.48.0.0/13 218.144.0.0/12 218.209.0.0/16 218.232.0.0/14 218.236.0.0/14 219.240.0.0/15 219.248.0.0/13 219.250.88.0/21 220.72.0.0/13 220.80.0.0/13 220.95.88.0/24 220.118.0.0/16 220.119.0.0/16 221.128.0.0/12 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24 222.96.0.0/12 222.112.0.0/13 222.120.0.0/15 222.122.0.0/16 222.231.0.0/18 222.232.0.0/13 # Yahoo-Korea (provides free email services used by some spammers) deny from 123.0.0.0/20 # Neighboring Asian countries: # Malaysia (MY) deny from 27.131.32.0/24 60.48.0.0/14 60.52.0.0/15 60.54.0.0/16 110.159.0.0/16 112.137.160.0/20 113.23.128.0/17 115.132.0.0/14 116.197.0.0/17 116.206.0.0/16 120.50.48.0/20 120.140.0.0/15 124.82.0.0/16 124.217.224.0/19 202.58.80.0/20 202.71.96.0/20 202.75.32.0/19 202.190.0.0/16 203.106.0.0/16 203.223.128.0/19 210.187.49.0/25 218.111.0.0/16 218.208.12.64/27 # Philippines (PH) deny from 85.92.152.0/21 112.201.128.0/17 112.202.0.0/16 120.28.64.0/18 125.60.128.0/17 202.52.54.0/23 202.133.192.0/24 222.127.32.0/19 222.127.64.0/19 # Singapore (SG) deny from 59.189.0.0/16 116.14.0.0/15 121.6.0.0/15 165.21.0.0/16 180.210.200.0/21 192.169.40.0/23 203.92.64.0/18 203.117.0.0/24 218.186.0.0/16 218.212.0.0/16 219.74.0.0/15 219.75.0.0/17 # Taiwan (TW) deny from 59.124.0.0/14 60.198.0.0/15 60.249.0.0/16 60.250.0.0/15 61.31.0.0/16 61.59.0.0/16 61.67.128.0/17 61.220.0.0/14 61.224.0.0/14 61.228.0.0/14 110.24.0.0/13 110.50.128.0/18 111.240.0.0/12 114.24.0.0/14 114.32.0.0/12 115.80.0.0/14 115.85.144.0/20 118.160.0.0/13 122.116.0.0/15 122.120.0.0/13 123.240.0.0/15 124.8.0.0/14 140.109.0.0/16 140.110.0.0/15 140.112.0.0/12 140.128.0.0/13 140.136.0.0/15 140.138.0.0/16 163.24.0.0/16 203.64.0.0/14 203.71.0.0/16 203.72.0.0/16 210.59.0.0/17 210.240.0.0/16 211.20.0.0/15 211.23.0.0/16 211.75.0.0/16 211.76.160.0/20 211.79.32.0/20 218.160.0.0/12 219.84.0.0/15 219.90.3.0/24 220.128.0.0/12 # Thailand (TH) deny from 1.46.0.0/15 58.8.0.0/16 58.9.0.0/16 58.10.0.0/16 58.137.13.0/24 61.19.64.0/18 61.19.205.0/24 61.19.240.0/20 61.47.0.0/17 113.53.0.0/17 115.87.128.0/17 117.47.0.0/16 118.172.0.0/14 123.242.128.0/18 124.120.0.0/16 124.121.0.0/16 124.122.0.0/16 125.25.0.0/19 202.28.0.0/15 202.44.135.0/24 202.133.128.0/18 202.143.128.0/18 203.107.142.0/24 203.113.0.0/17 203.130.149.0/24 203.144.128.0/17 203.148.128.0/17 203.149.0.0/18 203.150.128.0/17 203.151.38.0/24 203.155.0.0/16 203.158.96.0/19 203.158.128.0/17 203.172.128.0/17 203.185.128.0/19 210.213.0.0/18 222.123.0.0/16 # Vietnam (VN) deny from 58.186.0.0/16 58.187.96.0/20 58.187.112.0/20 112.78.0.0/20 112.213.80.0/20 113.22.0.0/16 113.23.0.0/17 113.160.0.0/11 115.72.0.0/13 115.84.176.0/22 116.96.0.0/12 117.0.0.0/13 118.68.0.0/14 123.16.0.0/12 125.234.0.0/15 183.81.0.0/17 183.91.0.0/19 202.78.227.0/24 203.113.128.0/18 203.162.0.0/16 203.210.192.0/18 210.245.80.0/21 220.231.124.0/22 222.252.0.0/14 # End Chinese-Korean blocklist # Add other blocked domain names or IP addresses here, starting with "deny from " without quotes # If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0 # Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag. # Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive. # Russia (RU), Ukraine (UA), Belarus (BY), Bulgaria (BG), Czech Republic (CZ), Romania (RO), Latvia (LV), Estonia (EE), Kazakstan (KZ), Moldavia/Moldova (MD), Poland (PL), Serbia (RS), Siberia, Slovakia (SK), Slovenia (SL) deny from 62.16.96.0/19 62.21.0.0/17 62.64.64.0/18 62.69.0.0/19 62.76.126.0/24 62.85.0.0/17 62.129.192.0/18 62.133.128.0/19 62.141.64.0/18 62.168.224.0/19 62.182.104.0/21 62.213.64.0/18 62.221.64.0/19 62.233.142.0/26 70.85.189.224/29 77.37.128.0/17 77.41.0.0/17 77.43.128.0/17 77.45.128.0/17 77.46.128.0/17 77.51.0.0/18 77.51.64.0/18 77.75.8.0/21 77.79.128.0/18 77.79.192.0/18 77.87.152.0/21 77.88.0.0/18 77.91.224.0/21 77.94.124.0/22 77.120.0.0/14 77.221.0.0/16 77.222.56.0/22 77.222.128.0/19 77.233.160.0/19 77.234.0.0/19 77.234.192.0/19 77.235.96.0/20 77.244.208.0/20 77.252.0.0/14 78.26.128.0/18 78.31.176.0/21 78.36.0.0/15 78.85.0.0/16 78.96.0.0/15 78.106.0.0/15 78.108.86.0/23 78.108.176.0/20 78.109.16.0/20 78.110.48.0/20 78.110.160.0/20 78.157.128.0/19 79.96.0.0/16 79.98.208.0/21 79.99.216.0/21 79.105.0.0/16 79.111.0.0/16 79.112.0.0/13 79.120.0.0/17 79.126.0.0/18 79.135.128.0/19 79.136.128.0/17 79.139.0.0/16 79.140.64.0/20 79.140.160.0/20 79.162.128.0/18 79.163.0.0/16 80.48.0.0/13 80.70.96.0/20 80.71.240.0/20 80.73.0.0/20 80.73.64.0/21 80.77.80.0/24 80.82.160.0/20 80.85.176.0/20 80.86.96.0/19 80.86.240.0/21 80.91.160.0/19 80.93.48.0/21 80.233.128.0/17 80.235.0.0/17 80.251.112.0/20 81.5.96.0/20 81.9.0.0/20 81.16.80.0/20 81.19.64.0/19 81.21.0.0/20 81.30.176.0/20 81.88.208.0/20 81.89.112.0/20 81.90.224.0/20 81.94.32.0/20 81.95.144.0/20 81.176.0.0/15 81.180.64.0/20 81.181.16.0/22 81.195.0.0/16 81.196.0.0/16 81.200.0.0/20 81.222.128.0/20 82.76.0.0/14 82.103.64.0/18 82.114.64.0/19 82.114.224.0/19 82.138.6.128/25 82.138.32.0/19 82.140.64.0/18 82.144.192.0/19 82.146.40.0/21 82.146.56.0/21 82.151.112.0/21 82.160.203.0/24 82.179.0.0/16 82.198.160.0/19 82.199.96.0/19 82.204.128.0/17 83.0.0.0/11 83.69.114.0/23 83.69.240.0/21 83.102.128.0/17 83.139.128.0/18 83.142.184.0/21 83.148.64.0/18 83.166.192.0/19 83.167.96.0/19 83.170.192.0/18 83.174.192.0/18 83.219.129.0/24 83.222.0.0/19 83.222.160.0/19 83.222.192.0/19 83.229.128.0/17 83.237.0.0/16 84.17.0.0/19 84.21.64.0/19 84.51.64.0/19 84.253.64.0/18 85.12.192.0/18 85.14.35.0/24 85.21.0.0/16 85.29.192.0/18 85.90.192.0/19 85.93.32.0/19 85.93.128.0/19 85.94.0.0/19 85.94.32.0/19 85.112.112.0/20 85.113.128.0/19 85.121.180.0/23 85.140.0.0/15 85.142.0.0/15 85.186.0.0/16 85.192.60.0/23 85.204.24.0/23 85.207.0.0/16 85.249.0.0/16 85.254.0.0/16 85.255.0.0/20 85.255.112.0/20 86.34.0.0/16 86.35.0.0/21 86.35.128.0/17 86.55.120.0/22 86.57.128.0/17 86.61.0.0/17 86.105.172.0/22 86.120.0.0/13 87.99.64.0/19 87.103.192.0/20 87.103.208.0/20 87.110.0.0/16 87.117.0.0/18 87.118.128.0/18 87.119.224.0/19 87.120.16.0/20 87.204.0.0/15 87.226.0.0/17 87.229.128.0/17 87.242.116.0/23 87.244.128.0/18 87.248.160.0/19 87.251.128.0/19 87.253.192.0/19 88.81.248.0/21 88.147.128.0/17 88.200.128.0/17 88.201.128.0/17 88.205.128.0/17 88.212.192.0/18 89.18.16.0/21 89.20.128.0/19 89.21.128.0/19 89.28.0.0/17 89.32.152.0/21 89.33.72.0/21 89.35.64.0/21 89.37.144.0/21 89.38.112.0/20 89.38.128.0/21 89.41.176.0/20 89.44.142.0/23 89.104.64.0/19 89.106.96.0/19 89.108.64.0/19 89.108.120.0/22 89.109.0.0/18 89.110.0.0/18 89.110.64.0/18 89.111.160.0/20 89.111.176.0/20 89.113.72.0/21 89.114.0.0/15 89.121.128.0/17 89.122.0.0/16 89.123.0.0/16 89.136.0.0/15 89.149.0.0/17 89.161.128.0/17 89.165.128.0/17 89.175.0.0/16 89.178.0.0/15 89.186.0.0/19 89.187.48.0/23 89.187.128.0/19 89.189.0.0/19 89.189.128.0/19 89.190.224.0/19 89.204.0.0/17 89.208.160.0/19 89.212.0.0/17 89.216.0.0/16 89.218.0.0/16 89.222.128.0/17 89.223.0.0/16 89.230.0.0/16 89.232.192.0/18 89.239.128.0/18 89.251.96.0/20 89.253.0.0/18 90.150.112.0/20 90.150.128.0/20 90.151.128.0/20 90.156.128.0/17 90.176.0.0/13 90.188.64.0/19 91.76.0.0/14 91.122.0.0/16 91.123.0.0/19 91.124.0.0/16 91.135.192.0/22 91.143.160.0/20 91.149.157.0/24 91.149.180.0/24 91.188.32.0/19 91.189.80.0/21 91.189.128.0/21 91.191.64.0/18 91.192.68.0/22 91.193.140.0/22 91.194.10.0/23 91.197.128.0/22 91.200.164.0/22 91.200.228.0/22 91.200.232.0/22 91.201.28.0/22 91.201.64.0/22 91.201.196.0/22 91.203.4.0/22 91.203.92.0/22 91.204.84.0/22 91.205.120.0/21 91.206.200.0/23 91.206.226.0/23 91.207.4.0/22 91.207.60.0/23 91.208.228.0/24 91.211.64.0/22 91.211.68.0/22 91.212.41.0/24 91.212.65.0/24 91.212.226.0/24 91.212.132.0/24 91.212.198.0/24 91.213.33.0/24 91.213.117.0/24 91.213.121.0/24 91.216.122.0/24 91.216.141.0/24 91.216.215.0/24 92.36.0.0/17 92.46.0.0/15 92.48.126.128/25 92.48.201.0/26 92.50.128.0/18 92.53.104.0/22 92.80.0.0/13 92.112.0.0/15 92.114.128.0/17 92.124.0.0/14 92.241.160.0/19 92.243.64.0/19 92.244.224.0/19 92.255.0.0/16 93.80.0.0/15 93.84.0.0/15 93.86.0.0/15 93.89.208.0/20 93.92.32.0/21 93.99.0.0/16 93.113.27.0/24 93.120.128.0/18 93.124.0.0/17 93.125.99.0/24 93.159.0.0/18 93.170.0.0/15 93.183.128.0/18 94.25.0.0/17 94.26.0.0/17 94.41.0.0/17 94.50.0.0/15 94.73.192.0/18 94.79.0.0/18 94.100.181.128/25 94.103.80.0/20 94.112.0.0/14 94.142.128.0/21 94.176.96.0/24 94.178.0.0/15 94.180.0.0/16 94.188.0.0/17 94.189.128.0/17 94.229.65.160/27 94.230.0.0/20 94.231.160.0/20 94.232.232.0/21 94.233.192.0/18 94.247.0.0/21 95.24.0.0/13 95.32.0.0/16 95.40.0.0/14 95.52.0.0/14 95.56.0.0/14 95.78.128.0/19 95.84.192.0/18 95.86.128.0/18 95.108.128.0/17 95.132.0.0/14 95.142.46.0/24 95.165.0.0/16 95.168.160.0/19 95.169.160.0/19 95.179.0.0/17 95.188.0.0/14 109.72.112.0/20 109.86.0.0/15 109.92.0.0/15 109.95.112.0/22 109.96.0.0/13 109.122.0.0/18 109.124.0.0/18 109.167.0.0/16 109.169.192.0/18 109.194.0.0/18 109.194.64.0/19 109.196.16.0/20 109.196.128.0/20 109.243.0.0/16 141.85.0.0/16 158.197.0.0/16 160.99.0.0/16 178.46.32.0/19 178.88.0.0/14 178.92.0.0/14 178.120.0.0/13 178.129.0.0/16 178.154.0.0/17 178.184.0.0/14 178.206.0.0/16 178.220.0.0/14 178.234.0.0/16 188.18.16.0/20 188.18.64.0/19 188.18.240.0/20 188.24.0.0/14 188.47.64.0/18 188.92.72.0/21 188.95.152.0/21 188.115.128.0/18 188.120.32.0/20 188.131.0.0/17 188.187.128.0/18 192.129.3.0/24 193.19.244.0/22 193.25.112.0/23 193.37.138.0/24 193.37.156.0/23 193.39.113.0/24 193.47.166.0/24 193.77.64.0/18 193.104.27.0/24 193.104.41.0/24 193.104.94.0/24 193.105.0.0/24 193.105.154.0/24 193.105.210.0/24 193.108.38.0/23 193.108.248.0/22 193.111.48.0/22 193.169.12.0/23 193.178.144.0/22 193.178.228.0/23 193.200.50.0/23 193.223.101.0/24 193.227.226.0/23 193.230.232.0/24 193.238.74.0/23 193.238.128.0/22 193.239.24.0/22 193.239.36.0/22 193.239.44.0/22 193.239.64.0/21 193.239.72.0/22 194.0.88.0/22 194.8.156.0/22 194.8.250.0/23 194.28.44.0/22 194.29.60.0/22 194.44.0.0/16 194.54.88.0/22 194.85.88.0/21 194.85.128.0/19 194.102.114.0/24 194.114.136.0/22 194.114.144.0/22 194.146.136.0/22 194.160.0.0/16 194.169.126.0/24 194.176.176.0/24 194.181.0.0/16 194.186.0.0/16 194.187.108.0/22 195.2.96.0/19 195.2.240.0/23 195.2.252.0/23 195.3.148.0/22 195.5.32.0/19 195.5.116.0/23 195.5.161.0/24 195.9.0.0/16 195.14.112.0/23 195.28.32.0/19 195.34.208.0/22 195.34.224.0/19 195.42.160.0/19 195.60.174.0/23 195.78.124.0/23 195.88.32.0/23 195.93.218.0/23 195.93.218.0/24 195.95.218.0/23 195.95.228.0/23 195.112.96.0/19 195.116.0.0/16 195.128.16.0/22 195.128.48.0/21 195.131.0.0/16 195.137.200.0/23 195.138.64.0/19 195.138.198.0/24 195.170.192.0/19 195.189.246.0/23 195.190.13.0/24 195.208.0.0/15 195.209.32.0/19 195.209.224.0/19 195.211.100.0/22 195.216.243.0/24 195.225.64.0/22 195.225.176.0/22 195.239.0.0/16 195.242.98.0/23 195.242.232.0/22 195.244.128.128/25 195.245.112.0/23 195.245.208.0/24 204.9.184.0/21 212.1.224.0/19 212.9.224.0/19 212.24.32.0/19 212.33.224.0/19 212.44.64.0/20 212.44.80.0/22 212.44.128.0/19 212.58.192.0/19 212.87.160.0/19 212.92.128.0/18 212.95.54.0/24 212.96.160.0/19 212.118.32.0/19 212.158.160.0/20 212.178.0.0/19 212.220.0.0/16 213.5.128.0/21 213.25.0.0/16 213.35.224.0/23 213.91.128.0/17 213.140.96.0/19 213.141.128.0/19 213.142.192.0/19 213.154.192.0/19 213.155.0.0/19 213.156.192.0/24 213.170.64.0/19 213.180.147.0/24 213.186.192.0/19 213.215.64.0/18 213.233.101.0/24 213.242.12.0/22 213.248.0.0/18 217.12.112.0/20 217.12.240.0/20 217.16.16.0/20 217.18.240.0/20 217.20.160.0/20 217.23.128.0/19 217.27.144.0/20 217.28.208.0/21 217.65.0.0/20 217.65.208.0/20 217.67.16.0/20 217.69.128.0/20 217.77.208.0/20 217.79.0.0/20 217.106.0.0/15 217.114.224.0/20 217.146.240.0/20 217.147.0.0/19 217.149.240.0/20 217.173.64.0/20 217.174.96.0/20 217.197.240.0/20 # Start second list to avoid Apache Server 500 error for exceeding allowable line length (~8193) deny from 2.132.0.0/14 31.170.168.0/21 46.4.240.0/27 46.16.240.0/21 46.72.0.0/15 46.109.0.0/16 46.175.200.0/21 46.191.128.0/18 62.24.64.0/19 62.122.64.0/21 62.140.224.0/19 62.152.32.0/19 62.213.32.0/19 69.175.104.218 77.34.0.0/15 77.65.0.0/17 77.87.32.0/20 77.87.168.0/21 77.87.192.0/21 77.93.0.0/18 77.94.192.0/19 77.239.224.0/19 77.241.160.0/20 77.243.96.0/22 78.29.0.0/18 78.111.48.0/20 78.137.0.0/19 79.101.0.0/16 79.133.128.0/19 79.184.0.0/13 80.77.160.0/20 80.239.224.0/19 82.193.128.0/19 82.200.0.0/17 83.228.0.0/17 83.234.0.0/16 84.53.192.0/18 85.26.184.0/22 85.172.0.0/14 85.222.0.0/17 86.35.15.0/24 86.55.140.0/24 86.55.210.0/23 86.111.240.0/21 88.213.192.0/18 89.23.0.0/19 89.33.252.0/22 89.37.120.0/21 89.39.200.0/21 89.45.14.0/24 89.47.224.0/21 89.116.0.0/15 89.189.176.0/20 89.238.192.0/18 91.148.128.0/18 91.193.80.0/22 91.204.16.0/21 91.204.24.0/22 91.204.36.0/22 91.204.40.0/21 91.204.48.0/20 91.204.64.0/22 91.204.128.0/22 91.207.44.0/23 91.210.104.0/22 91.211.16.0/22 91.211.248.0/22 91.213.174.0/24 92.38.128.0/17 92.115.0.0/16 92.248.128.0/17 92.249.64.0/18 93.72.0.0/13 94.19.128.0/17 94.45.160.0/19 94.60.176.0/22 94.75.0.0/18 94.77.0.0/19 94.181.0.0/18 94.232.48.0/21 94.232.144.0/21 95.64.0.0/16 95.65.0.0/17 95.67.128.0/17 95.68.128.0/17 95.129.60.0/22 95.168.192.0/19 95.171.96.0/19 95.172.32.0/19 95.220.0.0/16 108.62.150.0/24 109.95.224.0/21 109.110.32.0/19 109.120.128.0/18 109.126.136.0/21 109.126.192.0/18 109.229.0.0/19 109.230.0.0/18 109.161.0.0/17 109.165.0.0/17 109.171.0.0/17 109.184.0.0/16 109.227.64.0/18 109.254.0.0/16 178.34.128.0/18 178.45.0.0/20 178.73.0.0/18 178.130.0.0/16 178.150.0.0/15 178.159.80.0/20 178.159.208.0/20 178.216.32.0/21 178.217.160.0/21 178.218.96.0/20 188.16.192.0/18 188.129.128.0/17 188.143.128.0/17 188.163.0.0/16 188.186.128.0/17 188.229.0.0/17 188.235.128.0/18 193.9.28.0/24 193.30.248.0/22 193.93.228.0/22 193.106.136.0/22 193.110.120.0/22 193.169.86.0/23 193.238.0.0/22 193.243.168.0/22 194.50.7.0/24 194.79.60.0/22 194.247.24.0/23 195.22.104.0/22 195.78.108.0/23 195.190.157.0/24 195.191.54.0/23 195.242.161.0/24 195.245.96.0/23 212.27.192.0/19 212.59.96.0/19 212.91.160.0/19 212.160.0.0/16 213.108.144.0/21 213.171.0.0/19 213.191.0.0/19 217.77.48.0/20 217.117.208.0/20 217.196.160.0/20 217.197.0.0/20 # Turkey (TR): web hosts and Turk Telekom customers - scammers, spammers, phishing websites and server script exploiters: deny from 62.248.0.0/17 77.79.64.0/18 77.92.128.0/19 78.160.0.0/11 79.135.160.0/19 81.6.64.0/18 81.213.0.0/16 81.214.0.0/16 81.215.0.0/16 82.222.0.0/16 84.51.0.0/18 85.96.0.0/12 85.100.128.0/17 85.101.0.0/17 85.103.0.0/17 85.105.0.0/17 85.106.128.0/17 85.110.0.0/16 88.226.0.0/16 88.229.0.0/16 88.231.0.0/16 88.232.0.0/16 88.233.0.0/16 88.234.0.0/16 88.238.0.0/16 88.239.0.0/17 88.241.128.0/17 88.243.0.0/17 88.245.0.0/16 88.247.128.0/17 88.248.0.0/13 88.255.0.0/16 89.106.0.0/19 89.113.72.0/21 92.44.0.0/15 92.63.0.0/20 93.186.112.0/20 93.187.200.0/21 94.78.64.0/18 95.0.128.0/17 95.65.128.0/17 95.130.168.0/21 160.75.0.0/16 178.242.0.0/15 188.3.0.0/16 188.38.0.0/16 188.56.0.0/14 188.124.0.0/19 188.132.128.0/17 194.27.48.0/23 194.54.32.0/19 195.155.0.0/16 195.174.0.0/15 195.175.0.0/17 212.15.0.0/19 212.95.40.0/23 212.174.113.0/24 212.175.0.0/16 213.248.128.0/18 217.195.192.0/20 # German (DE) ISPs used by hackers and spammers including 1&1internet DE, Deutsche Telekom AG, NetDirekt and Schlund & Partners deny from 77.176.0.0/12 78.46.0.0/15 78.159.96.0/19 79.192.0.0/10 80.128.0.0/11 82.165.128.0/20 83.138.64.0/21 83.169.40.0/21 85.214.0.0/16 87.106.0.0/16 87.118.64.0/18 87.247.192.0/22 89.149.192.0/18 89.200.168.0/21 91.0.0.0/10 91.213.217.0/24 93.186.192.0/20 93.192.0.0/10 188.72.192.0/18 188.102.0.0/15 212.95.32.0/19 212.227.0.0/16 213.133.96.0/19 217.72.192.0/20 # Iran (IR) deny from 86.109.32.0/19 109.122.192.0/18 178.131.0.0/16 </Files> Link to comment Share on other sites More sharing options...
spitlikethis Posted September 10, 2011 Share Posted September 10, 2011 This looks useful - can you tell me where to place it? Is it within the .htaccess code in admin? Link to comment Share on other sites More sharing options...
MrPhil Posted September 24, 2011 Share Posted September 24, 2011 Not admin (or whatever you've renamed it to). Place it as high up in your site as is reasonable. If not / (HTML root, public_html), then /catalog (osC's root). Link to comment Share on other sites More sharing options...
Parikesit Posted October 3, 2011 Share Posted October 3, 2011 Ouch, you banned all IP from south east asia. @zaenal recent contributions: mySQLi extension for osc 2.X, OPI: advanced image handling (ajax, thumbnail, watermark, etc), and other contributions all here Link to comment Share on other sites More sharing options...
Parikesit Posted October 3, 2011 Share Posted October 3, 2011 I guess below is better approach #BADENGINE SetEnvIfNoCase User-Agent (^$|\<|\>|\'|\%|\_iRc|\_Works|\@\$x|\<\?|\$x0e|\+select\+|\+union\+|1\,\1\,1\,|2icommerce|3GSE|4all|59\.64\.153\.|88\.0\.106\.|85\.17\.|A\_Browser|ABAC|Abont|abot|Accept|Access|Accoo|AceFTP|Acme|ActiveTouristBot|Address|Adopt|adress|adressendeutschland|ADSARobot|ah\-ha|Ahead|AESOP\_com\_SpiderMan|aipbot|Alarm|Albert|Alek|Alexibot|Alligator|AllSubmitter|alma|almaden|ALot|Alpha|aktuelles|Akregat|Amfi|amzn\_assoc|Anal|Anarchie|andit|Anon|AnotherBot|Ansearch|AnswerBus|antivirx|Apexoo|appie|Aqua_Products|Arachmo|archive|arian|ASPSe|ASSORT|Atari|ATHENS|AtHome|Atlocal|Atomic_Email_Hunter|Atomz|Atrop|^attach|attrib|autoemailspider|autohttp|axod|batch|b2w|Back|BackDoorBot|BackStreet|BackWeb|Badass|Bali|Bandit|Barry|BasicHTTP|BatchFTP|bdfetch|beat|Become|Beij|BenchMark|berts|bew|big\.brother|Bigfoot|Bilgi|Bison|Bitacle|Biz360|Black|Black\.Hole|BlackWidow|bladder\.fusion|Blaiz|Blog\.Checker|Blogl|BlogPeople|Blogshares\.Spiders|Bloodhound|Blow|bmclient|Board|BOI|boitho|Bond|Bookmark\.search\.tool|boris|Bost|Boston\.Project|BotRightHere|Bot\.mailto:craftbot@yahoo\.com|BotALot|botpaidtoclick|botw|brandwatch|BravoBrian|Brok|Bropwers|Broth|browseabit|BrowseX|Browsezilla|Bruin|bsalsa|Buddy|Build|Built|Bulls|bumblebee|Bunny|Busca|Busi|Buy|bwh3) BADENGINE SetEnvIfNoCase User-Agent (c\-spider|CafeK|Cafi|camel|Cand|captu|Catch|cd34|Ceg|CFNetwork|cgichk|Cha0s|Chang|chaos|Char|char\(32\,35\)|charlotte|CheeseBot|Chek|CherryPicker|chill|ChinaClaw|CICC|Cisco|Cita|Clam|Claw|Click\.Bot|clipping|clshttp|Clush|COAST|ColdFusion|Coll|Comb|commentreader|Compan|contact|Control|contype|Conc|Conv|Copernic|Copi|Copy|Coral|Corn|core-project|cosmos|costa|cr4nk|crank|craft|Crap|Crawler0|Crazy|Cres|cs\-CZ|cuill|Custo|Cute|CSHttp|Cyber|cyberalert|^DA$|daoBot|DARK|Data|Daten|Daum|dcbot|dcs|Deep|DepS|Detect|Deweb|Diam|Digger|Digimarc|digout4uagent|DIIbot|Dillo|Ding|DISC|discobot|Disp|Ditto|DLC|DnloadMage|DotBot|Doubanbot|Download|Download\.Demon|Download\.Devil|Download\.Wonder|Downloader|drag|DreamPassport|Drec|Drip|dsdl|dsok|DSurf|DTAAgent|DTS|Dual|dumb|DynaWeb) BADENGINE SetEnvIfNoCase User-Agent (e\-collector|eag|earn|EARTHCOM|EasyDL|ebin|EBM-APPLE|EBrowse|eCatch|echo|ecollector|Edco|edgeio|efp\@gmx\.net|EirGrabber|email|Email\.Extractor|EmailCollector|EmailSearch|EmailSiphon|EmailWolf|Emer|empas|Enfi|Enhan|Enterprise\_Search|envolk|erck|EroCr|ESurf|Eval|Evil|Evere|EWH|Exabot|Exact|EXPLOITER|Expre|Extra|ExtractorPro|EyeN|FairAd|Fake|FANG|FAST|fastlwspider|FavOrg|Favorites\.Sweeper|Faxo|FDM\_1|FDSE|FEZhead|Filan|FileHound|find|Firebat|Firs|Flam|Flash|FlickBot|Flip|fluffy|flunky|focus|Foob|Fooky|Forex|Forum|ForV|Fost|Foto|Foun|Franklin\.Locator|freefind|FreshDownload|FrontPage|FSurf|Fuck|Fuer|futile|Fyber|Gais|GalaxyBot|Galbot|Gamespy\_Arcade|GbPl|Gener|geni|Geona|Get|gigabaz|Gira|Ginxbot|gluc|glx\.?v|gnome|Go\.Zilla|Goldfire|Got\-It|GOFORIT|gonzo|GornKer|GoSearch|^gotit$|gozilla|grab|Grabber|GrabNet|Grub|Grup|Graf|Green\.Research|grub|grub\-client|gsa\-cra|GSearch|GT\:\:WWW|GuideBot|guruji|gvfs|Gyps|hack|haha|hailo|Harv|Hatena|Hax|Head|Helm|herit|hgre|hhjhj\@yahoo|Hippo|hloader|HMView|holm|holy|HomePageSearch|HooWWWer|HouxouCrawler|HMSE|HPPrint|htdig|HTTPConnect|httpdown|http\.generic|HTTPGet|httplib|HTTPRetriever|HTTrack|human|Huron|hverify|Hybrid|Hyper|ia\_archiver|iaskspi|IBM\_Planetwide|iCCra|ichiro|ID\-Search|IDA|IDBot|IEAuto|IEMPT|iexplore\.exe|iGetter|Ilse|Iltrov|Image\.Stripper|Image\.Sucker|imagefetch|iimds\_monitor|Incutio|IncyWincy|Indexer|Industry\.Program|Indy|InetURL|informant|InfoNav|InfoTekies|Ingelin|Innerpr|Inspect|InstallShield\.DigitalWizard|Insuran\.|Intellig|Intelliseek|InterGET|Internet\.Ninja|Internet\.x|Internet\_Explorer|InternetLinkagent|InternetSeer\.com|Intraf|IP2|Ipsel|Iria|IRLbot|Iron33|Irvine|ISC\_Sys|iSilo|ISRCCrawler|ISSpi|IUPUI\.Research\.Bot|Jady|Jaka|Jam|^Java|java\/|Java\(tm\)|JBH\.agent|Jenny|JetB|JetC|jeteye|jiro|JoBo|JOC|jupit|Just|Jyx|Kapere|kash|Kazo|KBee|Kenjin|Kernel|Keywo|KFSW|KKma|Know|kosmix|KRAE|KRetrieve|Krug|ksibot|ksoap|Kum|KWebGet) BADENGINE SetEnvIfNoCase User-Agent (Lachesis|lanshan|Lapo|larbin|leacher|leech|LeechFTP|LeechGet|leipzig\.de|Lets|Lexi|lftp|Libby|libcrawl|libfetch|libghttp|libWeb|libwhisker|libwww|libwww\-FM|libwww\-perl|LightningDownload|likse|Linc|Link\.Sleuth|LinkextractorPro|Linkie|LINKS\.ARoMATIZED|LinkScan|linktiger|LinkWalker|Lint|List|lmcrawler|LMQ|LNSpiderguy|loader|LocalcomBot|Locu|London|lone|looksmart|loop|Lork|LTH\_|lwp\-request|LWP|lwp-request|lwp-trivial|Mac\.Finder|Macintosh\;\.I\;\.PPC|Mac\_F|magi|Mag\-Net|Magnet|Magp|Mail\.Sweeper|main|majest|Mam|Mana|MarcoPolo|mark\.blonin|MarkWatch|MaSagool|Mass|Mass\.Downloader|Mata|mavi|McBot|Mecha|MCspider|^Memo|MetaProducts\.Download\.Express|Metaspin|Mete|Microsoft\.Data\.Access|Microsoft\.URL|Microsoft\_Internet\_Explorer|MIDo|MIIx|miner|Mira|MIRE|Mirror|Miss|Missauga|Missigua\.Locator|Missouri\.College\.Browse|Mist|Mizz|MJ12|mkdb|mlbot|MLM|MMMoCrawl|MnoG|moge|Moje|Monster|Monza\.Browser|Mooz|Moreoverbot|MOT\-MPx220|mothra\/netscan|mouse|MovableType|Mozdex|Mozi\!|Mp3Bot|MPF|MRA|MS\.FrontPage|MS\.?Search|MSFrontPage|MSIECrawler|msnbot\-media|msnbot\-Products|MSNPTC|MSProxy|MSRBOT|multithreaddb|musc|MVAC|MWM|My\_age|MyApp|MyDog|MyEng|MyFamilyBot|MyGetRight|MyIE2|mysearch|myurl|NAG|NAMEPROTECT|NASA\.Search|nationaldirectory|Naver|Navr|Near|NetAnts|netattache|Netcach|NetCarta|Netcraft|NetCrawl|NetMech|netprospector|NetResearchServer|NetSp|Net\.Vampire|netX|NetZ|Neut|newLISP|NewsGatorInbox|NEWT|NEWT\.ActiveX|Next|^NG|NICE|nikto|Nimb|Ninja|Ninte|NIPGCrawler|Noga|nogo|Noko|Nomad|Norb|noxtrumbot|NPbot|NuSe|Nutch|Nutex|NWSp|Obje|Ocel|Octo|ODI3|oegp|Offline|Offline\.Explorer|Offline\.Navigator|OK\.Mozilla|omg|Omni|Onfo|onyx|OpaL|OpenBot|Openf|OpenTextSiteCrawler|OpenU|Orac|OrangeBot|Orbit|Oreg|osis|Outf|Owl) BADENGINE SetEnvIfNoCase User-Agent (P3P|PackRat|PageGrabber|PagmIEDownload|pansci|Papa|Pars|Patw|pavu|Pb2Pb|pcBrow|PEAR|PEER|PECL|pepe|Perl|PerMan|PersonaPilot|Persuader|petit|PHP\.vers|PHPot|Phras|PicaLo|Piff|Pige|pigs|^Ping|Pingd|PingALink|Pipe|Plag|Plant|playstarmusic|Pluck|Pockey|POE\-Com|Poirot|Pomp|Port\.Huron|Post|powerset|Preload|press|Privoxy|Probe|Program\.Shareware|Progressive\.Download|ProPowerBot|prospector|Provider\.Protocol\.Discover|ProWebWalker|Prowl|Proxy|Prozilla|psbot|PSurf|psycheclone|^puf$|Pulse|Pump|PushSite|PussyCat|PuxaRapido|Pyth|PyQ|QuepasaCreep|Query|Quest|QRVA|Qweer|radian|Radiation|Rambler|RAMP|RealDownload|Reap|Recorder|RedCarpet|RedKernel|ReGet|^Mozilla$|Mozilla\:|Mozilla\/Firefox|^Mozilla\.*Indy|^Mozilla\.*NEWT|^Mozilla*MSIECrawler|relevantnoise|replacer|Repo|requ|Rese|Retrieve|Rip|Rix|RMA|Roboz|Rogue|Rover|RPT\-HTTP|Rsync|RTG30|\.ru\)|ruby|Rufus|Salt|Sample|SAPO|Sauger|savvy|SBIder|SBP|SCAgent|scan|SCEJ\_|Sched|Schizo|Schlong|Schmo|Scout|Scooter|Scorp|ScoutOut|SCrawl|screen|script|SearchExpress|searchhippo|Searchme|searchpreview|searchterms|Second\.Street\.Research|Security\.Kol|Seekbot|Sega|Sensis|Sept|Serious|Sezn|Shai|Share|Sharp|Shaz|shell|shelo|Sherl|Shim|Shiretoko|ShopWiki|SickleBot|Simple|Siph|sitecheck|SiteCrawler|SiteSnagger|Site\.Sniper|SiteSucker|sitevigil|SiteX|Sleip|Slide|Slurpy\.Verifier|Sly|Smag|SmartDownload|Smurf|sna\-|snag|Snake|Snapbot|Snip|Snoop|So\-net|SocSci|sogou|Sohu|solr|sootle|Soso|SpaceBison|Spad|Span|spanner|Speed|Spegla|Sphere|Sphider|SpiderBot|SpiderEngine|SpiderView|Spin|sproose|Spurl|Spyder|Squi|SQ\.Webscanner|sqwid|Sqworm|SSM\_Ag|Stack|Stamina|stamp|Stanford|Statbot|State|Steel|Strateg|Stress|Strip|studybot|Style|subot|Suck|Sume|sun4m|Sunrise|SuperBot|SuperBro|Supervi|Surf4Me|SuperHTTP|Surfbot|SurfWalker|Susi|suza|suzu|Sweep|sygol|syncrisis|Systems|Szukacz) BADENGINE SetEnvIfNoCase User-Agent (Tagger|Tagyu|tAke|Talkro|TALWinHttpClient|tamu|Tandem|Tarantula|tarspider|tBot|TCF|Tcs\/1|TeamSoft|Tecomi|Teleport|Telesoft|Templeton|Tencent|Terrawiz|Test|TexNut|trivial|Turnitin|The\.Intraformant|TheNomad|Thomas|TightTwatBot|Timely|Titan|TMCrawler|TMhtload|toCrawl|Todobr|Tongco|topic|Torrent|Track|translate|Traveler|TREEVIEW|True|Tunnel|turing|Turnitin|TutorGig|TV33\_Mercator|Twat|Tweak|Twice|Twisted\.PageGetter|Tygo|ubee|UCmore|UdmSearch|UIowaCrawler|Ultraseek|UMBC|unf|UniversalFeedParser|unknown|UPG1|UtilMind|URLBase|URL\.Control|URL\_Spider\_Pro|urldispatcher|URLGetFile|urllib|URLSpiderPro|URLy|User\-Agent|UserAgent|USyd|Vacuum|vagabo|Valet|Valid|Vamp|vayala|VB\_|VCI|VERI\~LI|versus|via|Viewer|virtual|visibilitygap|Visual|vobsub|Void|VoilaBot|voyager|vspider|VSyn|w\:PACBHO60|w0000t|W3C|w3m|w3search|walhello|Walker|Wand|WAOL|WAPT|Watch|Wavefire|wbdbot|Weather|web\.by\.mail|Web\.Data\.Extractor|Web\.Downloader|Web\.Ima|Web\.Mole|Web\.Sucker|Web2Mal|Web2WAP|WebaltBot|WebAuto|WebBandit|WebCapture|WebCat|webcraft\@bea|Webclip|webcollage|WebCollector|WebCopier|WebCopy|WebCor|webcrawl|WebDat|WebDav|webdevil|webdownloader|Webdup|WebEMail|WebEMailExtrac|WebEnhancer|WebFetch|WebGo|WebHook|Webinator|WebInd|webitpr|WebFilter|WebFountain|WebLea|WebmasterWorldForumBot|WebMin|WebMirror|webmole|webpic|WebPin|WebPix|WebReaper|WebRipper|WebRobot|WebSauger|Website\.eXtractor|Website\.Quester|WebSnake|webspider|Webster|WebStripper|websucker|WebTre|WebVac|webwalk|WebWasher|WebWeasel|WebWhacker|WebZIP|Wells|WEP\_S|WEP\.Search\.00|WeRelateBot|wget|Whack|Whacker|whiz|WhosTalking|Widow|Win67|window\.location|Windows\.95\;|Windows\.98\;|Winodws|Wildsoft\.Surfer|WinHT|winhttp|WinHttpRequest|WinHTTrack|Winnie\.Poh|WISEbot|wisenutbot|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW\.Mechanize|www\.ranks\.nl|wwwster|^x$|X12R1|x\-Tractor|Xaldon|Xenu|XGET|xirq|Y\!OASIS|Y\!Tunnel|yacy|YaDirectBot|Yahoo\-MMAudVid|YahooYSMcm|Yamm|Yand|yang|Yeti|Yoono|yori|Yotta|YTunnel|Zade|zagre|ZBot|Zeal|ZeBot|zerx|Zeus|ZIPCode|Zixy|zmao|Zyborg) BADENGINE SetEnvIfNoCase User-Agent (cyberpatrol\.com|Macintosh\;\s+) !BADENGINE #SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE #BADFILE SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE SetEnvIfNoCase Request_URI "(entry(.*)\.txt|categories\.dat|categories(.*)\.dat|index(.*)\.dat|css\.js|css(.*)\.js|panels\.prototypes\.php|core\.config\.php|core\.static\.php)" BADFILE #BADCALL SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol) BADCALL #Someone trying to $_POST not from mydomain #SetEnvIfNoCase Host (.*) this_host=$1 #SetEnvIfNoCase Request_Method (POST) BLOCKPOST #Someone trying to put/delete something #SetEnvIfNoCase Request_Method (PUT|DELETE) BLOCKPUT #MAKE SOME TEST HERE #SetEnvIfNoCase Request_Method "(POST)" BLOCKPOSTTEST #SetEnvIfNoCase Request_URI "!(\/$|index\.php)" !BLOCKPOSTTEST <LimitExcept CONNECT> Order Allow,Deny Allow from all #Deny from env=BLOCKPOSTTEST Deny from env=BLOCKPOST Deny from env=BADCALL Deny from env=BADFILE Deny from env=BADGUESTBOOK Deny from env=BADENGINE Deny from env=BLOCKPUT #deny_from_specific_ip_address_below Deny from 66.225.201.* Deny from 67.228.235.52 </LimitExcept> recent contributions: mySQLi extension for osc 2.X, OPI: advanced image handling (ajax, thumbnail, watermark, etc), and other contributions all here Link to comment Share on other sites More sharing options...
Parikesit Posted October 3, 2011 Share Posted October 3, 2011 If you want to allow robot (BADENGINE) to read robots.txt, just uncomment one line above that mentioned it. SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE @zaenal recent contributions: mySQLi extension for osc 2.X, OPI: advanced image handling (ajax, thumbnail, watermark, etc), and other contributions all here Link to comment Share on other sites More sharing options...
Parikesit Posted October 5, 2011 Share Posted October 5, 2011 If you experienced your admin page not render correctly, try to commented one of below lines or edit it as you want... #BADFILE #SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE #SetEnvIfNoCase Request_URI "(some\.suspicious\.files)" BADFILE @zaenal recent contributions: mySQLi extension for osc 2.X, OPI: advanced image handling (ajax, thumbnail, watermark, etc), and other contributions all here Link to comment Share on other sites More sharing options...
Parikesit Posted October 5, 2011 Share Posted October 5, 2011 Here another version of bad robots (BADENGINE) from askapache.com http://www.askapache...h-htaccess.html I modified askapache.com trap to make it works with my version #BADENGINE from ASKAPACHE SetEnvIfNoCase User-Agent .*(aesop_com_spiderman|alexibot|backweb|bandit|batchftp|bigfoot) BADENGINE SetEnvIfNoCase User-Agent .*(black.?hole|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye) BADENGINE SetEnvIfNoCase User-Agent .*(cheesebot|cherrypicker|chinaclaw|collector|copier|copyrightcheck) BADENGINE SetEnvIfNoCase User-Agent .*(cosmos|crescent|curl|custo|da|diibot|disco|dittospyder|dragonfly) BADENGINE SetEnvIfNoCase User-Agent .*(drip|easydl|ebingbong|ecatch|eirgrabber|emailcollector|emailsiphon) BADENGINE SetEnvIfNoCase User-Agent .*(emailwolf|erocrawler|exabot|eyenetie|filehound|flashget|flunky) BADENGINE SetEnvIfNoCase User-Agent .*(frontpage|getright|getweb|go.?zilla|go-ahead-got-it|gotit|grabnet) BADENGINE SetEnvIfNoCase User-Agent .*(grafula|harvest|hloader|hmview|httplib|httrack|humanlinks|ilsebot) BADENGINE SetEnvIfNoCase User-Agent .*(infonavirobot|infotekies|intelliseek|interget|iria|jennybot|jetcar) BADENGINE SetEnvIfNoCase User-Agent .*(joc|justview|jyxobot|kenjin|keyword|larbin|leechftp|lexibot|lftp|libweb) BADENGINE SetEnvIfNoCase User-Agent .*(likse|linkscan|linkwalker|lnspiderguy|lwp|magnet|mag-net|markwatch) BADENGINE SetEnvIfNoCase User-Agent .*(mata.?hari|memo|microsoft.?url|midown.?tool|miixpc|mirror|missigua) BADENGINE SetEnvIfNoCase User-Agent .*(mister.?pix|moget|mozilla.?newt|nameprotect|navroad|backdoorbot|nearsite) BADENGINE SetEnvIfNoCase User-Agent .*(net.?vampire|netants|netcraft|netmechanic|netspider|nextgensearchbot) BADENGINE SetEnvIfNoCase User-Agent .*(attach|nicerspro|nimblecrawler|npbot|octopus|offline.?explorer) BADENGINE SetEnvIfNoCase User-Agent .*(offline.?navigator|openfind|outfoxbot|pagegrabber|papa|pavuk) BADENGINE SetEnvIfNoCase User-Agent .*(pcbrowser|php.?version.?tracker|pockey|propowerbot|prowebwalker) BADENGINE SetEnvIfNoCase User-Agent .*(psbot|pump|queryn|recorder|realdownload|reaper|reget|true_robot) BADENGINE SetEnvIfNoCase User-Agent .*(repomonkey|rma|internetseer|sitesnagger|siphon|slysearch|smartdownload) BADENGINE SetEnvIfNoCase User-Agent .*(snake|snapbot|snoopy|sogou|spacebison|spankbot|spanner|sqworm|superbot) BADENGINE SetEnvIfNoCase User-Agent .*(superhttp|surfbot|asterias|suzuran|szukacz|takeout|teleport) BADENGINE SetEnvIfNoCase User-Agent .*(telesoft|the.?intraformant|thenomad|tighttwatbot|titan|urldispatcher) BADENGINE SetEnvIfNoCase User-Agent .*(turingos|turnitinbot|urly.?warning|vacuum|vci|voideye|whacker) BADENGINE SetEnvIfNoCase User-Agent .*(widow|wisenutbot|wwwoffle|xaldon|xenu|zeus|zyborg|anonymouse) BADENGINE SetEnvIfNoCase User-Agent .*web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) BADENGINE SetEnvIfNoCase User-Agent .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) BADENGINE SetEnvIfNoCase User-Agent .*(libwww-perl|aesop_com_spiderman) BADENGINE #ALLOW BADENGINE to ACCESS robots.txt SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE @zaenal recent contributions: mySQLi extension for osc 2.X, OPI: advanced image handling (ajax, thumbnail, watermark, etc), and other contributions all here Link to comment Share on other sites More sharing options...
trauko Posted October 13, 2011 Share Posted October 13, 2011 If you experienced your admin page not render correctly, try to commented one of below lines or edit it as you want... #BADFILE #SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE #SetEnvIfNoCase Request_URI "(some\.suspicious\.files)" BADFILE @zaenal Hi There, My admin page did not render correctly after that I have uploaded your file to catalog/.htaccess. I commented all the 3 lines suggested and still I have problems..any ideas?? Link to comment Share on other sites More sharing options...
Parikesit Posted October 16, 2011 Share Posted October 16, 2011 Hi There, My admin page did not render correctly after that I have uploaded your file to catalog/.htaccess. I commented all the 3 lines suggested and still I have problems..any ideas?? You should also try to commented others env. I suspected some of your js or css blocked by following code: #BADCALL SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol) BADCALL @zaenal recent contributions: mySQLi extension for osc 2.X, OPI: advanced image handling (ajax, thumbnail, watermark, etc), and other contributions all here Link to comment Share on other sites More sharing options...
Taipo Posted December 17, 2011 Share Posted December 17, 2011 I guess below is better approach #BADENGINE SetEnvIfNoCase User-Agent (^$|\<|\>|\'|\%|\_iRc|\_Works|\@\$x|\<\?|\$x0e|\+select\+|\+union\+|1\,\1\,1\,|2icommerce|3GSE|4all|59\.64\.153\.|88\.0\.106\.|85\.17\.|A\_Browser|ABAC|Abont|abot|Accept|Access|Accoo|AceFTP|Acme|ActiveTouristBot|Address|Adopt|adress|adressendeutschland|ADSARobot|ah\-ha|Ahead|AESOP\_com\_SpiderMan|aipbot|Alarm|Albert|Alek|Alexibot|Alligator|AllSubmitter|alma|almaden|ALot|Alpha|aktuelles|Akregat|Amfi|amzn\_assoc|Anal|Anarchie|andit|Anon|AnotherBot|Ansearch|AnswerBus|antivirx|Apexoo|appie|Aqua_Products|Arachmo|archive|arian|ASPSe|ASSORT|Atari|ATHENS|AtHome|Atlocal|Atomic_Email_Hunter|Atomz|Atrop|^attach|attrib|autoemailspider|autohttp|axod|batch|b2w|Back|BackDoorBot|BackStreet|BackWeb|Badass|Bali|Bandit|Barry|BasicHTTP|BatchFTP|bdfetch|beat|Become|Beij|BenchMark|berts|bew|big\.brother|Bigfoot|Bilgi|Bison|Bitacle|Biz360|Black|Black\.Hole|BlackWidow|bladder\.fusion|Blaiz|Blog\.Checker|Blogl|BlogPeople|Blogshares\.Spiders|Bloodhound|Blow|bmclient|Board|BOI|boitho|Bond|Bookmark\.search\.tool|boris|Bost|Boston\.Project|BotRightHere|Bot\.mailto:craftbot@yahoo\.com|BotALot|botpaidtoclick|botw|brandwatch|BravoBrian|Brok|Bropwers|Broth|browseabit|BrowseX|Browsezilla|Bruin|bsalsa|Buddy|Build|Built|Bulls|bumblebee|Bunny|Busca|Busi|Buy|bwh3) BADENGINE SetEnvIfNoCase User-Agent (c\-spider|CafeK|Cafi|camel|Cand|captu|Catch|cd34|Ceg|CFNetwork|cgichk|Cha0s|Chang|chaos|Char|char\(32\,35\)|charlotte|CheeseBot|Chek|CherryPicker|chill|ChinaClaw|CICC|Cisco|Cita|Clam|Claw|Click\.Bot|clipping|clshttp|Clush|COAST|ColdFusion|Coll|Comb|commentreader|Compan|contact|Control|contype|Conc|Conv|Copernic|Copi|Copy|Coral|Corn|core-project|cosmos|costa|cr4nk|crank|craft|Crap|Crawler0|Crazy|Cres|cs\-CZ|cuill|Custo|Cute|CSHttp|Cyber|cyberalert|^DA$|daoBot|DARK|Data|Daten|Daum|dcbot|dcs|Deep|DepS|Detect|Deweb|Diam|Digger|Digimarc|digout4uagent|DIIbot|Dillo|Ding|DISC|discobot|Disp|Ditto|DLC|DnloadMage|DotBot|Doubanbot|Download|Download\.Demon|Download\.Devil|Download\.Wonder|Downloader|drag|DreamPassport|Drec|Drip|dsdl|dsok|DSurf|DTAAgent|DTS|Dual|dumb|DynaWeb) BADENGINE SetEnvIfNoCase User-Agent (e\-collector|eag|earn|EARTHCOM|EasyDL|ebin|EBM-APPLE|EBrowse|eCatch|echo|ecollector|Edco|edgeio|efp\@gmx\.net|EirGrabber|email|Email\.Extractor|EmailCollector|EmailSearch|EmailSiphon|EmailWolf|Emer|empas|Enfi|Enhan|Enterprise\_Search|envolk|erck|EroCr|ESurf|Eval|Evil|Evere|EWH|Exabot|Exact|EXPLOITER|Expre|Extra|ExtractorPro|EyeN|FairAd|Fake|FANG|FAST|fastlwspider|FavOrg|Favorites\.Sweeper|Faxo|FDM\_1|FDSE|FEZhead|Filan|FileHound|find|Firebat|Firs|Flam|Flash|FlickBot|Flip|fluffy|flunky|focus|Foob|Fooky|Forex|Forum|ForV|Fost|Foto|Foun|Franklin\.Locator|freefind|FreshDownload|FrontPage|FSurf|Fuck|Fuer|futile|Fyber|Gais|GalaxyBot|Galbot|Gamespy\_Arcade|GbPl|Gener|geni|Geona|Get|gigabaz|Gira|Ginxbot|gluc|glx\.?v|gnome|Go\.Zilla|Goldfire|Got\-It|GOFORIT|gonzo|GornKer|GoSearch|^gotit$|gozilla|grab|Grabber|GrabNet|Grub|Grup|Graf|Green\.Research|grub|grub\-client|gsa\-cra|GSearch|GT\:\:WWW|GuideBot|guruji|gvfs|Gyps|hack|haha|hailo|Harv|Hatena|Hax|Head|Helm|herit|hgre|hhjhj\@yahoo|Hippo|hloader|HMView|holm|holy|HomePageSearch|HooWWWer|HouxouCrawler|HMSE|HPPrint|htdig|HTTPConnect|httpdown|http\.generic|HTTPGet|httplib|HTTPRetriever|HTTrack|human|Huron|hverify|Hybrid|Hyper|ia\_archiver|iaskspi|IBM\_Planetwide|iCCra|ichiro|ID\-Search|IDA|IDBot|IEAuto|IEMPT|iexplore\.exe|iGetter|Ilse|Iltrov|Image\.Stripper|Image\.Sucker|imagefetch|iimds\_monitor|Incutio|IncyWincy|Indexer|Industry\.Program|Indy|InetURL|informant|InfoNav|InfoTekies|Ingelin|Innerpr|Inspect|InstallShield\.DigitalWizard|Insuran\.|Intellig|Intelliseek|InterGET|Internet\.Ninja|Internet\.x|Internet\_Explorer|InternetLinkagent|InternetSeer\.com|Intraf|IP2|Ipsel|Iria|IRLbot|Iron33|Irvine|ISC\_Sys|iSilo|ISRCCrawler|ISSpi|IUPUI\.Research\.Bot|Jady|Jaka|Jam|^Java|java\/|Java\(tm\)|JBH\.agent|Jenny|JetB|JetC|jeteye|jiro|JoBo|JOC|jupit|Just|Jyx|Kapere|kash|Kazo|KBee|Kenjin|Kernel|Keywo|KFSW|KKma|Know|kosmix|KRAE|KRetrieve|Krug|ksibot|ksoap|Kum|KWebGet) BADENGINE SetEnvIfNoCase User-Agent (Lachesis|lanshan|Lapo|larbin|leacher|leech|LeechFTP|LeechGet|leipzig\.de|Lets|Lexi|lftp|Libby|libcrawl|libfetch|libghttp|libWeb|libwhisker|libwww|libwww\-FM|libwww\-perl|LightningDownload|likse|Linc|Link\.Sleuth|LinkextractorPro|Linkie|LINKS\.ARoMATIZED|LinkScan|linktiger|LinkWalker|Lint|List|lmcrawler|LMQ|LNSpiderguy|loader|LocalcomBot|Locu|London|lone|looksmart|loop|Lork|LTH\_|lwp\-request|LWP|lwp-request|lwp-trivial|Mac\.Finder|Macintosh\;\.I\;\.PPC|Mac\_F|magi|Mag\-Net|Magnet|Magp|Mail\.Sweeper|main|majest|Mam|Mana|MarcoPolo|mark\.blonin|MarkWatch|MaSagool|Mass|Mass\.Downloader|Mata|mavi|McBot|Mecha|MCspider|^Memo|MetaProducts\.Download\.Express|Metaspin|Mete|Microsoft\.Data\.Access|Microsoft\.URL|Microsoft\_Internet\_Explorer|MIDo|MIIx|miner|Mira|MIRE|Mirror|Miss|Missauga|Missigua\.Locator|Missouri\.College\.Browse|Mist|Mizz|MJ12|mkdb|mlbot|MLM|MMMoCrawl|MnoG|moge|Moje|Monster|Monza\.Browser|Mooz|Moreoverbot|MOT\-MPx220|mothra\/netscan|mouse|MovableType|Mozdex|Mozi\!|Mp3Bot|MPF|MRA|MS\.FrontPage|MS\.?Search|MSFrontPage|MSIECrawler|msnbot\-media|msnbot\-Products|MSNPTC|MSProxy|MSRBOT|multithreaddb|musc|MVAC|MWM|My\_age|MyApp|MyDog|MyEng|MyFamilyBot|MyGetRight|MyIE2|mysearch|myurl|NAG|NAMEPROTECT|NASA\.Search|nationaldirectory|Naver|Navr|Near|NetAnts|netattache|Netcach|NetCarta|Netcraft|NetCrawl|NetMech|netprospector|NetResearchServer|NetSp|Net\.Vampire|netX|NetZ|Neut|newLISP|NewsGatorInbox|NEWT|NEWT\.ActiveX|Next|^NG|NICE|nikto|Nimb|Ninja|Ninte|NIPGCrawler|Noga|nogo|Noko|Nomad|Norb|noxtrumbot|NPbot|NuSe|Nutch|Nutex|NWSp|Obje|Ocel|Octo|ODI3|oegp|Offline|Offline\.Explorer|Offline\.Navigator|OK\.Mozilla|omg|Omni|Onfo|onyx|OpaL|OpenBot|Openf|OpenTextSiteCrawler|OpenU|Orac|OrangeBot|Orbit|Oreg|osis|Outf|Owl) BADENGINE SetEnvIfNoCase User-Agent (P3P|PackRat|PageGrabber|PagmIEDownload|pansci|Papa|Pars|Patw|pavu|Pb2Pb|pcBrow|PEAR|PEER|PECL|pepe|Perl|PerMan|PersonaPilot|Persuader|petit|PHP\.vers|PHPot|Phras|PicaLo|Piff|Pige|pigs|^Ping|Pingd|PingALink|Pipe|Plag|Plant|playstarmusic|Pluck|Pockey|POE\-Com|Poirot|Pomp|Port\.Huron|Post|powerset|Preload|press|Privoxy|Probe|Program\.Shareware|Progressive\.Download|ProPowerBot|prospector|Provider\.Protocol\.Discover|ProWebWalker|Prowl|Proxy|Prozilla|psbot|PSurf|psycheclone|^puf$|Pulse|Pump|PushSite|PussyCat|PuxaRapido|Pyth|PyQ|QuepasaCreep|Query|Quest|QRVA|Qweer|radian|Radiation|Rambler|RAMP|RealDownload|Reap|Recorder|RedCarpet|RedKernel|ReGet|^Mozilla$|Mozilla\:|Mozilla\/Firefox|^Mozilla\.*Indy|^Mozilla\.*NEWT|^Mozilla*MSIECrawler|relevantnoise|replacer|Repo|requ|Rese|Retrieve|Rip|Rix|RMA|Roboz|Rogue|Rover|RPT\-HTTP|Rsync|RTG30|\.ru\)|ruby|Rufus|Salt|Sample|SAPO|Sauger|savvy|SBIder|SBP|SCAgent|scan|SCEJ\_|Sched|Schizo|Schlong|Schmo|Scout|Scooter|Scorp|ScoutOut|SCrawl|screen|script|SearchExpress|searchhippo|Searchme|searchpreview|searchterms|Second\.Street\.Research|Security\.Kol|Seekbot|Sega|Sensis|Sept|Serious|Sezn|Shai|Share|Sharp|Shaz|shell|shelo|Sherl|Shim|Shiretoko|ShopWiki|SickleBot|Simple|Siph|sitecheck|SiteCrawler|SiteSnagger|Site\.Sniper|SiteSucker|sitevigil|SiteX|Sleip|Slide|Slurpy\.Verifier|Sly|Smag|SmartDownload|Smurf|sna\-|snag|Snake|Snapbot|Snip|Snoop|So\-net|SocSci|sogou|Sohu|solr|sootle|Soso|SpaceBison|Spad|Span|spanner|Speed|Spegla|Sphere|Sphider|SpiderBot|SpiderEngine|SpiderView|Spin|sproose|Spurl|Spyder|Squi|SQ\.Webscanner|sqwid|Sqworm|SSM\_Ag|Stack|Stamina|stamp|Stanford|Statbot|State|Steel|Strateg|Stress|Strip|studybot|Style|subot|Suck|Sume|sun4m|Sunrise|SuperBot|SuperBro|Supervi|Surf4Me|SuperHTTP|Surfbot|SurfWalker|Susi|suza|suzu|Sweep|sygol|syncrisis|Systems|Szukacz) BADENGINE SetEnvIfNoCase User-Agent (Tagger|Tagyu|tAke|Talkro|TALWinHttpClient|tamu|Tandem|Tarantula|tarspider|tBot|TCF|Tcs\/1|TeamSoft|Tecomi|Teleport|Telesoft|Templeton|Tencent|Terrawiz|Test|TexNut|trivial|Turnitin|The\.Intraformant|TheNomad|Thomas|TightTwatBot|Timely|Titan|TMCrawler|TMhtload|toCrawl|Todobr|Tongco|topic|Torrent|Track|translate|Traveler|TREEVIEW|True|Tunnel|turing|Turnitin|TutorGig|TV33\_Mercator|Twat|Tweak|Twice|Twisted\.PageGetter|Tygo|ubee|UCmore|UdmSearch|UIowaCrawler|Ultraseek|UMBC|unf|UniversalFeedParser|unknown|UPG1|UtilMind|URLBase|URL\.Control|URL\_Spider\_Pro|urldispatcher|URLGetFile|urllib|URLSpiderPro|URLy|User\-Agent|UserAgent|USyd|Vacuum|vagabo|Valet|Valid|Vamp|vayala|VB\_|VCI|VERI\~LI|versus|via|Viewer|virtual|visibilitygap|Visual|vobsub|Void|VoilaBot|voyager|vspider|VSyn|w\:PACBHO60|w0000t|W3C|w3m|w3search|walhello|Walker|Wand|WAOL|WAPT|Watch|Wavefire|wbdbot|Weather|web\.by\.mail|Web\.Data\.Extractor|Web\.Downloader|Web\.Ima|Web\.Mole|Web\.Sucker|Web2Mal|Web2WAP|WebaltBot|WebAuto|WebBandit|WebCapture|WebCat|webcraft\@bea|Webclip|webcollage|WebCollector|WebCopier|WebCopy|WebCor|webcrawl|WebDat|WebDav|webdevil|webdownloader|Webdup|WebEMail|WebEMailExtrac|WebEnhancer|WebFetch|WebGo|WebHook|Webinator|WebInd|webitpr|WebFilter|WebFountain|WebLea|WebmasterWorldForumBot|WebMin|WebMirror|webmole|webpic|WebPin|WebPix|WebReaper|WebRipper|WebRobot|WebSauger|Website\.eXtractor|Website\.Quester|WebSnake|webspider|Webster|WebStripper|websucker|WebTre|WebVac|webwalk|WebWasher|WebWeasel|WebWhacker|WebZIP|Wells|WEP\_S|WEP\.Search\.00|WeRelateBot|wget|Whack|Whacker|whiz|WhosTalking|Widow|Win67|window\.location|Windows\.95\;|Windows\.98\;|Winodws|Wildsoft\.Surfer|WinHT|winhttp|WinHttpRequest|WinHTTrack|Winnie\.Poh|WISEbot|wisenutbot|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW\.Mechanize|www\.ranks\.nl|wwwster|^x$|X12R1|x\-Tractor|Xaldon|Xenu|XGET|xirq|Y\!OASIS|Y\!Tunnel|yacy|YaDirectBot|Yahoo\-MMAudVid|YahooYSMcm|Yamm|Yand|yang|Yeti|Yoono|yori|Yotta|YTunnel|Zade|zagre|ZBot|Zeal|ZeBot|zerx|Zeus|ZIPCode|Zixy|zmao|Zyborg) BADENGINE SetEnvIfNoCase User-Agent (cyberpatrol\.com|Macintosh\;\s+) !BADENGINE #SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE #BADFILE SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE SetEnvIfNoCase Request_URI "(entry(.*)\.txt|categories\.dat|categories(.*)\.dat|index(.*)\.dat|css\.js|css(.*)\.js|panels\.prototypes\.php|core\.config\.php|core\.static\.php)" BADFILE #BADCALL SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol) BADCALL #Someone trying to $_POST not from mydomain #SetEnvIfNoCase Host (.*) this_host=$1 #SetEnvIfNoCase Request_Method (POST) BLOCKPOST #Someone trying to put/delete something #SetEnvIfNoCase Request_Method (PUT|DELETE) BLOCKPUT #MAKE SOME TEST HERE #SetEnvIfNoCase Request_Method "(POST)" BLOCKPOSTTEST #SetEnvIfNoCase Request_URI "!(\/$|index\.php)" !BLOCKPOSTTEST <LimitExcept CONNECT> Order Allow,Deny Allow from all #Deny from env=BLOCKPOSTTEST Deny from env=BLOCKPOST Deny from env=BADCALL Deny from env=BADFILE Deny from env=BADGUESTBOOK Deny from env=BADENGINE Deny from env=BLOCKPUT #deny_from_specific_ip_address_below Deny from 66.225.201.* Deny from 67.228.235.52 </LimitExcept> @Zaenal If you ever feel like developing this out to be an addon, see if there are any ideas in the code below that might help. This was something I was working on a while back but never really got finished playing with. ########## osC_Sec for HTACCESS Version 1.0 ################# Options +FollowSymlinks # disable the server signature ServerSignature Off # set the server administrator email SetEnv SERVER_ADMIN [email protected] # disable directory browsing Options All -Indexes # prevent folder listing IndexIgnore * # ~~~~ START OF FILTERING ~~~~~ # # secure htaccess and other files <FilesMatch "\.(htaccess|htpasswd|ini|phps|log)$"> Order Allow,Deny Deny from all </FilesMatch> <IfModule mod_rewrite.c> RewriteEngine On # server request method RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD|OPTIONS) [OR] # osCommerce 2.2x RewriteCond %{THE_REQUEST} ^.*\.php/login\.php.*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*login.php\?action\=backupnow.*$ [NC,OR] # _REQUEST RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR] RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR] RewriteCond %{THE_REQUEST} %20HTTP/1. [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\./\.\.//?)+ [OR] RewriteCond %{THE_REQUEST} (showimg=|cookies=|passwd) [NC,OR] RewriteCond %{THE_REQUEST} (eval\%28|eval\%2528|eval\(|base64_(en|de)code[^(]*\([^)]*\)|base64_encode.*\(.*\)) [NC,OR] RewriteCond %{THE_REQUEST} (JHs\=|replace\(|return\%20clk|boot\.ini|php\/password_for|announce\?info_hash) [NC,OR] RewriteCond %{THE_REQUEST} (\,0x3a\,|unescape\(|fromcharcode|pwtoken_get|php_uname|passthru\() [NC,OR] RewriteCond %{THE_REQUEST} (allow_url_fopen|\%23include\+\<|get_defined_vars\(|\%22\'\%2f|error_reporting\(0\)) [NC,OR] RewriteCond %{THE_REQUEST} (fwrite\(|waitfor\%20delay|shell_exec|gzinflate\(|prompt\(|php_value\%20auto) [NC,OR] RewriteCond %{THE_REQUEST} (file_get_contents\(|setcookie\() [NC,OR] RewriteCond %{THE_REQUEST} (onmouseover|onmousedown|ct\(this) [NC,OR] RewriteCond %{THE_REQUEST} (\_START\_|\=alert\(|mysql\_query|\.\.\/cmd|rush\=|EXTRACTVALUE\(|phpinfo\() [NC,OR] RewriteCond %{THE_REQUEST} (ftp\:\/\/|1\=1\-\-|current\_user\(\)|\%3Cform|sha1\(|self\/environ|JHs\=) [NC,OR] RewriteCond %{THE_REQUEST} (\<\%3Fphp|\%\%|1\+and\+1|\/iframe|\$\_GET|document\.cookie|onload\%3d|onunload\%3d) [NC,OR] RewriteCond %{THE_REQUEST} (\%00|hex\_ent|ob\_starting|PHP\_SELF|etc\/passwd|shell\_exec|data\:\/\/|\$\_SERVER|\$\_POST) [NC,OR] RewriteCond %{THE_REQUEST} (\/frameset|\$\_SESSION|\$\_REQUEST|\$HTTP\_|mosConfig\_|inurl\:|\/iframe|onload\=) [NC,OR] RewriteCond %{THE_REQUEST} (\@\@datadir|\@\@version|version\(\)|localhost|\}\)\%3B|Set\-Cookie|\%253C\%2Fscript\%253E) [NC,OR] RewriteCond %{THE_REQUEST} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # http referer RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] # mysql related RewriteCond %{THE_REQUEST} (null\,null|outfile|load_file) [NC,OR] RewriteCond %{THE_REQUEST} \bunion\b([^s]*s)+elect [NC,OR] RewriteCond %{THE_REQUEST} \bunion\b([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{THE_REQUEST} (\bdelete\b|\bupdate\b|\bcreate\b|\balter\b|\bdeclare\b|\border\b|\bscript\b|\bset\B) [NC,OR] RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR] RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR] RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR] RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR] RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR] RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR] RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR] RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR] # cookies RewriteCond %{HTTP_COOKIE} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_COOKIE} (eval\%28|eval\%2528|eval\(|information_schema) [NC,OR] RewriteCond %{HTTP_COOKIE} (null\,null|outfile) [NC,OR] RewriteCond %{HTTP_COOKIE} \bunion\b([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{HTTP_COOKIE} (\bdelete\b|\bupdate\b|\bcreate\b|\balter\b|\bdeclare\b|\border\b|\bscript\b|\bset\B) [NC,OR] RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR] RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR] RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR] RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR] RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR] RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR] RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR] RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR] # misc RewriteCond %{QUERY_STRING} PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 [NC] RewriteRule ^(.*)$ - [F,L] </IfModule> # ~~~~ END OF FILTERING ~~~~~ # # OPTIONAL EXTRAS # Uncomment and use. # If Error 500 encountered then comment out # php_value session.use_trans_sid 0 # auto keep the config file read only # chmod configure.php files 444 # turn off magic_quotes_gpc # <ifmodule mod_php4.c> # php_flag magic_quotes_gpc off # </ifmodule> ########## osC_Sec for HTACCESS ################# - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.