Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

INSTANTLY stop WORTHLESS traffic


Guest

Recommended Posts

This cut hack attempts and worthless traffic on one of my servers OVERNIGHT. If you dont care about or sell to any of these, this will cut down your server LOAD overnight as these are the biggest offenders of hacks, spam and general tom-foolery.

 

* USE IN APACHE .HTACCESS FILES YOU CAN GET ANY FORMAT YOU LIKE WITH LINKS BELOW. E.G. WORKING AT SERVER LEVEL WITH IP TABLES AND/OR SOFT OR HARDWARE FIREWALLS

 

#http://www.wizcrafts.net/
#
#http://www.wizcrafts.net/chinese-blocklist.html (this alone is worth its weight in gold)
<Files *>
order deny,allow

# Chinese (CN) IP addresses follow:
deny from 27.8.0.0/13 27.16.0.0/12 27.36.0.0/14 27.40.0.0/13 58.16.0.0/15 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15 58.34.0.0/16 58.37.0.0/16 58.38.0.0/16 58.42.0.0/16 58.44.0.0/14 58.56.0.0/15 58.58.0.0/16 58.59.0.0/17 58.60.0.0/14 58.82.0.0/15 58.100.0.0/15 58.208.0.0/12 58.242.0.0/15 58.246.0.0/15 58.248.0.0/13 59.32.0.0/13 59.40.0.0/15 59.42.0.0/16 59.44.0.0/14 59.51.0.0/16 59.52.0.0/14 59.56.0.0/13 59.108.0.0/15 60.0.0.0/13 60.11.0.0/16 60.12.0.0/16 60.28.0.0/15 60.160.0.0/11 60.194.0.0/15 60.208.0.0/13 60.216.0.0/15 60.220.0.0/14 61.4.64.0/20 61.4.80.0/22 61.4.176.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16 61.136.0.0/18 61.139.128.0/18 61.145.73.208/28 61.147.0.0/16 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16 61.177.0.0/16 61.179.0.0/16 61.183.0.0/16 61.184.0.0/16 61.185.219.232/29 61.187.0.0/16 61.188.0.0/16 61.191.0.0/16 61.232.0.0/14 61.236.0.0/15 110.6.0.0/15 110.96.0.0/11 110.240.0.0/12 111.0.0.0/10 112.0.0.0/10 112.64.0.0/14 112.111.0.0/16 112.224.0.0/11 113.0.0.0/13 113.8.0.0/15 113.16.0.0/15 113.62.0.0/15 113.64.0.0/10 113.128.0.0/15 114.28.0.0/16 114.80.0.0/12 114.104.0.0/14 114.216.0.0/13 114.224.0.0/11 115.24.0.0/15 115.32.0.0/14 115.48.0.0/12 115.84.0.0/18 115.100.0.0/15 115.168.0.0/14 115.239.228.0/22 116.1.0.0/16 116.2.0.0/15 116.4.0.0/14 116.8.0.0/14 116.16.0.0/12 116.76.0.0/15 116.204.0.0/15 116.208.0.0/14 117.21.0.0/16 117.22.0.0/15 117.24.0.0/13 117.32.0.0/13 117.40.0.0/14 117.44.0.0/15 117.80.0.0/12 118.72.0.0/13 118.112.0.0/13 118.132.0.0/14 118.144.0.0/14 118.180.0.0/14 118.192.0.0/16 118.248.0.0/13 119.0.0.0/13 119.8.0.0/15 119.10.0.0/17 119.18.192.0/20 119.88.0.0/14 119.120.0.0/13 119.128.0.0/12 119.144.0.0/14 119.164.0.0/14 119.176.0.0/12 120.0.0.0/12 120.32.0.0/13 121.0.16.0/20 121.8.0.0/13 121.16.0.0/12 121.32.0.0/14 121.60.0.0/14 121.76.0.0/15 121.204.0.0/14 122.51.128.0/17 122.64.0.0/11 122.136.0.0/13 122.156.0.0/14 122.198.0.0/16 122.200.64.0/18 122.224.0.0/12 123.4.0.0/14 123.52.0.0/14 123.64.0.0/11 123.97.128.0/17 123.100.0.0/19 123.112.0.0/12 123.128.0.0/13 123.152.0.0/13 123.164.0.0/14 123.184.0.0/14 123.232.0.0/14 124.42.64.0/18 124.64.0.0/15 124.114.0.0/15 124.128.0.0/13 124.163.0.0/16 124.200.0.0/13 124.236.0.0/14 124.248.0.0/17 125.40.0.0/13 125.64.0.0/12 125.80.0.0/13 125.88.0.0/13 125.115.0.0/16 159.226.0.0/16 182.112.0.0/12 183.0.0.0/10 221.204.0.0/15 202.43.144.0/22 202.66.0.0/16 202.96.0.0/12 202.111.160.0/19 202.112.0.0/14 202.117.0.0/16 202.165.176.0/20 203.69.0.0/16 203.93.0.0/16 203.169.160.0/19 210.5.0.0/19 210.14.128.0/19 210.21.0.0/16 210.32.0.0/14 210.51.0.0/16 210.52.0.0/15 210.192.96.0/19 211.76.96.0/20 211.78.208.0/20 211.90.0.0/15 211.92.0.0/14 211.96.0.0/15 211.136.0.0/13 211.144.12.0/22 211.144.96.0/19 211.144.160.0/20 211.147.208.0/20 211.152.14.0/24 211.154.128.0/19 211.155.24.0/22 211.157.32.0/19 211.160.0.0/13 211.233.70.0/24 218.0.0.0/11 218.56.0.0/13 218.64.0.0/11 218.88.0.0/13 218.96.0.0/14 218.102.0.0/16 218.104.0.0/14 218.194.80.0/20 218.240.0.0/13 219.128.0.0/11 219.232.0.0/16 219.154.0.0/15 220.160.0.0/11 220.181.0.0/16 220.192.0.0/12 220.228.70.0/24 220.248.0.0/14 220.250.0.0/19 220.252.0.0/16 221.0.0.0/12 221.122.0.0/15 221.176.0.0/13 221.192.0.0/14 221.200.0.0/14 221.204.0.0/15 221.207.0.0/16 221.208.0.0/14 221.212.0.0/16 221.214.0.0/15 221.216.0.0/13 221.224.0.0/13 221.228.0.0/14 221.238.0.0/15 222.32.0.0/11 222.64.0.0/12 222.80.0.0/12 222.132.0.0/14 222.136.0.0/13 222.166.0.0/16 222.168.0.0/13 222.172.222.0/24 222.176.0.0/13 222.184.0.0/13 222.241.0.0/19 222.245.0.0/16

# Hong Kong (HK)
deny from 58.65.232.0/21 59.148.0.0/15 112.121.160.0/19 113.252.0.0/14 121.127.224.0/19 123.242.229.0/24 202.69.64.0/19 202.85.128.0/19 202.133.8.0/21 203.218.0.0/16 210.176.0.0/19 210.176.48.0/20 210.176.64.0/18 210.176.128.0/17 210.177.0.0/16 218.103.0.0/16 218.252.0.0/14 219.76.0.0/14 222.166.0.0/16

# India (IN), Bangladesh (BD) and Pakistan (PK)
deny from 59.88.0.0/13 59.96.0.0/14 59.164.0.0/16 9.176.0.0/13 59.184.0.0/15 61.247.238.0/24 112.110.40.0/21 115.108.0.0/14 115.240.0.0/12 116.72.0.0/14 117.192.0.0/10 120.56.0.0/13 121.240.0.0/13 122.160.0.0/14 122.164.0.0/15 122.166.0.0/15 122.167.0.0/16 122.169.0.0/16 122.170.0.0/17 122.173.0.0/16 122.174.0.0/16 122.176.0.0/13 123.236.0.0/14 124.124.0.0/15 124.247.235.0/24 182.64.0.0/12 182.176.0.0/12 193.53.87.0/24 202.63.160.0/19 202.154.224.0/24 203.115.80.0/20 203.188.247.0/24 203.197.0.0/16 218.248.0.0/20

# Indonesia (ID)
deny from 110.136.176.0/20 110.139.0.0/16 118.96.0.0/15 119.110.68.0/24 125.164.64.0/19 125.165.128.0/18

# Japan (JP) (hacking, scraping, or spamming)
deny from 58.188.0.0/14 59.146.0.0/15 61.112.0.0/12 118.0.0.0/12 118.86.0.0/15 118.106.0.0/16 122.200.192.0/18 122.208.0.0/12 123.216.0.0/13 126.0.0.0/8 150.70.84.41 210.248.0.0/13 211.19.0.0/16 218.216.0.0/13 218.224.0.0/13 219.94.128.0/17 219.96.0.0/11 221.121.160.0/20 222.231.64.0/18 222.231.128.0/17 222.144.0.0/13

# Korea (KR) IP addresses follow:
deny from 58.72.0.0/13 58.120.0.0/13 58.140.0.0/14 58.148.0.0/14 58.180.40.0/21 58.224.0.0/12 59.0.0.0/11 59.86.192.0/18 59.186.0.0/15 61.32.0.0/13 61.72.0.0/14 61.76.0.0/15 61.96.0.0/12 61.110.16.0/20 61.248.0.0/13 110.8.0.0/13 110.45.0.0/16 112.159.224.0/20 113.30.64.0/18 114.29.0.0/17 114.108.128.0/18 114.200.0.0/13 115.0.0.0/12 115.16.0.0/13 115.40.0.0/15 115.68.0.0/16 115.88.0.0/13 116.40.0.0/16 116.45.176.0/20 116.93.192.0/19 116.120.0.0/13 117.110.0.0/15 118.32.0.0/11 118.128.0.0/14 118.216.0.0/13 119.64.0.0/13 119.192.0.0/11 120.50.64.0/18 121.88.0.0/16 121.101.224.0/19 121.127.64.0/18 121.127.128.0/18 121.128.0.0/10 121.254.0.0/16 122.44.112.0/20 122.99.128.0/17 123.111.0.0/16 123.140.0.0/14 123.212.0.0/14 123.248.0.0/16 124.0.0.0/15 124.50.87.161 124.136.0.0/14 125.128.0.0/11 125.176.0.0/12 125.240.0.0/13 125.248.0.0/14 143.248.0.0/16 166.104.0.0/16 168.188.0.0/16 175.112.0.0/12 202.30.0.0/15 202.133.16.0/20 202.179.176.0/21 203.226.0.0/15 203.228.0.0/14 203.244.0.0/14 203.248.0.0/13 210.93.0.0/16 210.94.0.0/15 210.108.0.0/14 210.112.0.0/14 210.117.128.0/18 210.118.216.192/26 210.124.0.0/14 210.178.0.0/15 210.180.0.0/15 210.204.0.0/15 210.210.192.0/18 210.219.0.0/16 210.220.0.0/14 211.32.0.0/12 211.48.0.0/15 211.50.0.0/15 211.52.0.0/16 211.62.35.0/24 211.104.0.0/13 211.112.0.0/13 211.168.0.0/13 211.176.0.0/12 211.192.0.0/12 211.208.0.0/14 211.216.0.0/13 211.224.0.0/13 211.232.0.0/13 211.240.0.0/12 218.36.0.0/14 218.48.0.0/13 218.144.0.0/12 218.209.0.0/16 218.232.0.0/14 218.236.0.0/14 219.240.0.0/15 219.248.0.0/13 219.250.88.0/21 220.72.0.0/13 220.80.0.0/13 220.95.88.0/24 220.118.0.0/16 220.119.0.0/16 221.128.0.0/12 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24 222.96.0.0/12 222.112.0.0/13 222.120.0.0/15 222.122.0.0/16 222.231.0.0/18 222.232.0.0/13

# Yahoo-Korea (provides free email services used by some spammers)
deny from 123.0.0.0/20

# Neighboring Asian countries:

# Malaysia (MY)
deny from 27.131.32.0/24 60.48.0.0/14 60.52.0.0/15 60.54.0.0/16 110.159.0.0/16 112.137.160.0/20 113.23.128.0/17 115.132.0.0/14 116.197.0.0/17 116.206.0.0/16 120.50.48.0/20 120.140.0.0/15 124.82.0.0/16 124.217.224.0/19 202.58.80.0/20 202.71.96.0/20 202.75.32.0/19 202.190.0.0/16 203.106.0.0/16 203.223.128.0/19 210.187.49.0/25 218.111.0.0/16 218.208.12.64/27

# Philippines (PH)
deny from 85.92.152.0/21 112.201.128.0/17 112.202.0.0/16 120.28.64.0/18 125.60.128.0/17 202.52.54.0/23 202.133.192.0/24 222.127.32.0/19 222.127.64.0/19

# Singapore (SG)
deny from 59.189.0.0/16 116.14.0.0/15 121.6.0.0/15 165.21.0.0/16 180.210.200.0/21 192.169.40.0/23 203.92.64.0/18 203.117.0.0/24 218.186.0.0/16 218.212.0.0/16 219.74.0.0/15 219.75.0.0/17

# Taiwan (TW)
deny from 59.124.0.0/14 60.198.0.0/15 60.249.0.0/16 60.250.0.0/15 61.31.0.0/16 61.59.0.0/16 61.67.128.0/17 61.220.0.0/14 61.224.0.0/14 61.228.0.0/14 110.24.0.0/13 110.50.128.0/18 111.240.0.0/12 114.24.0.0/14 114.32.0.0/12 115.80.0.0/14 115.85.144.0/20 118.160.0.0/13 122.116.0.0/15 122.120.0.0/13 123.240.0.0/15 124.8.0.0/14 140.109.0.0/16 140.110.0.0/15 140.112.0.0/12 140.128.0.0/13 140.136.0.0/15 140.138.0.0/16 163.24.0.0/16 203.64.0.0/14 203.71.0.0/16 203.72.0.0/16 210.59.0.0/17 210.240.0.0/16 211.20.0.0/15 211.23.0.0/16 211.75.0.0/16 211.76.160.0/20 211.79.32.0/20 218.160.0.0/12 219.84.0.0/15 219.90.3.0/24 220.128.0.0/12

# Thailand (TH)
deny from 1.46.0.0/15 58.8.0.0/16 58.9.0.0/16 58.10.0.0/16 58.137.13.0/24 61.19.64.0/18 61.19.205.0/24 61.19.240.0/20 61.47.0.0/17 113.53.0.0/17 115.87.128.0/17 117.47.0.0/16 118.172.0.0/14 123.242.128.0/18 124.120.0.0/16 124.121.0.0/16 124.122.0.0/16 125.25.0.0/19 202.28.0.0/15 202.44.135.0/24 202.133.128.0/18 202.143.128.0/18 203.107.142.0/24 203.113.0.0/17 203.130.149.0/24 203.144.128.0/17 203.148.128.0/17 203.149.0.0/18 203.150.128.0/17 203.151.38.0/24 203.155.0.0/16 203.158.96.0/19 203.158.128.0/17 203.172.128.0/17 203.185.128.0/19 210.213.0.0/18 222.123.0.0/16

# Vietnam (VN)
deny from 58.186.0.0/16 58.187.96.0/20 58.187.112.0/20 112.78.0.0/20 112.213.80.0/20 113.22.0.0/16 113.23.0.0/17 113.160.0.0/11 115.72.0.0/13 115.84.176.0/22 116.96.0.0/12 117.0.0.0/13 118.68.0.0/14 123.16.0.0/12 125.234.0.0/15 183.81.0.0/17 183.91.0.0/19 202.78.227.0/24 203.113.128.0/18 203.162.0.0/16 203.210.192.0/18 210.245.80.0/21 220.231.124.0/22 222.252.0.0/14

# End Chinese-Korean blocklist

# Add other blocked domain names or IP addresses here, starting with "deny from " without quotes

# If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0

# Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag.

# Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive.

# Russia (RU), Ukraine (UA), Belarus (BY), Bulgaria (BG), Czech Republic (CZ), Romania (RO), Latvia (LV), Estonia (EE), Kazakstan (KZ), Moldavia/Moldova (MD), Poland (PL), Serbia (RS), Siberia, Slovakia (SK), Slovenia (SL)
deny from 62.16.96.0/19 62.21.0.0/17 62.64.64.0/18 62.69.0.0/19 62.76.126.0/24 62.85.0.0/17 62.129.192.0/18 62.133.128.0/19 62.141.64.0/18 62.168.224.0/19 62.182.104.0/21 62.213.64.0/18 62.221.64.0/19 62.233.142.0/26 70.85.189.224/29 77.37.128.0/17 77.41.0.0/17 77.43.128.0/17 77.45.128.0/17 77.46.128.0/17 77.51.0.0/18 77.51.64.0/18 77.75.8.0/21 77.79.128.0/18 77.79.192.0/18 77.87.152.0/21 77.88.0.0/18 77.91.224.0/21 77.94.124.0/22 77.120.0.0/14 77.221.0.0/16 77.222.56.0/22 77.222.128.0/19 77.233.160.0/19 77.234.0.0/19 77.234.192.0/19 77.235.96.0/20 77.244.208.0/20 77.252.0.0/14 78.26.128.0/18 78.31.176.0/21 78.36.0.0/15 78.85.0.0/16 78.96.0.0/15 78.106.0.0/15 78.108.86.0/23 78.108.176.0/20 78.109.16.0/20 78.110.48.0/20 78.110.160.0/20 78.157.128.0/19 79.96.0.0/16 79.98.208.0/21 79.99.216.0/21 79.105.0.0/16 79.111.0.0/16 79.112.0.0/13 79.120.0.0/17 79.126.0.0/18 79.135.128.0/19 79.136.128.0/17 79.139.0.0/16 79.140.64.0/20 79.140.160.0/20 79.162.128.0/18 79.163.0.0/16 80.48.0.0/13 80.70.96.0/20 80.71.240.0/20 80.73.0.0/20 80.73.64.0/21 80.77.80.0/24 80.82.160.0/20 80.85.176.0/20 80.86.96.0/19 80.86.240.0/21 80.91.160.0/19 80.93.48.0/21 80.233.128.0/17 80.235.0.0/17 80.251.112.0/20 81.5.96.0/20 81.9.0.0/20 81.16.80.0/20 81.19.64.0/19 81.21.0.0/20 81.30.176.0/20 81.88.208.0/20 81.89.112.0/20 81.90.224.0/20 81.94.32.0/20 81.95.144.0/20 81.176.0.0/15 81.180.64.0/20 81.181.16.0/22 81.195.0.0/16 81.196.0.0/16 81.200.0.0/20 81.222.128.0/20 82.76.0.0/14 82.103.64.0/18 82.114.64.0/19 82.114.224.0/19 82.138.6.128/25 82.138.32.0/19 82.140.64.0/18 82.144.192.0/19 82.146.40.0/21 82.146.56.0/21 82.151.112.0/21 82.160.203.0/24 82.179.0.0/16 82.198.160.0/19 82.199.96.0/19 82.204.128.0/17 83.0.0.0/11 83.69.114.0/23 83.69.240.0/21 83.102.128.0/17 83.139.128.0/18 83.142.184.0/21 83.148.64.0/18 83.166.192.0/19 83.167.96.0/19 83.170.192.0/18 83.174.192.0/18 83.219.129.0/24 83.222.0.0/19 83.222.160.0/19 83.222.192.0/19 83.229.128.0/17 83.237.0.0/16 84.17.0.0/19 84.21.64.0/19 84.51.64.0/19 84.253.64.0/18 85.12.192.0/18 85.14.35.0/24 85.21.0.0/16 85.29.192.0/18 85.90.192.0/19 85.93.32.0/19 85.93.128.0/19 85.94.0.0/19 85.94.32.0/19 85.112.112.0/20 85.113.128.0/19 85.121.180.0/23 85.140.0.0/15 85.142.0.0/15 85.186.0.0/16 85.192.60.0/23 85.204.24.0/23 85.207.0.0/16 85.249.0.0/16 85.254.0.0/16 85.255.0.0/20 85.255.112.0/20 86.34.0.0/16 86.35.0.0/21 86.35.128.0/17 86.55.120.0/22 86.57.128.0/17 86.61.0.0/17 86.105.172.0/22 86.120.0.0/13 87.99.64.0/19 87.103.192.0/20 87.103.208.0/20 87.110.0.0/16 87.117.0.0/18 87.118.128.0/18 87.119.224.0/19 87.120.16.0/20 87.204.0.0/15 87.226.0.0/17 87.229.128.0/17 87.242.116.0/23 87.244.128.0/18 87.248.160.0/19 87.251.128.0/19 87.253.192.0/19 88.81.248.0/21 88.147.128.0/17 88.200.128.0/17 88.201.128.0/17 88.205.128.0/17 88.212.192.0/18 89.18.16.0/21 89.20.128.0/19 89.21.128.0/19 89.28.0.0/17 89.32.152.0/21 89.33.72.0/21 89.35.64.0/21 89.37.144.0/21 89.38.112.0/20 89.38.128.0/21 89.41.176.0/20 89.44.142.0/23 89.104.64.0/19 89.106.96.0/19 89.108.64.0/19 89.108.120.0/22 89.109.0.0/18 89.110.0.0/18 89.110.64.0/18 89.111.160.0/20 89.111.176.0/20 89.113.72.0/21 89.114.0.0/15 89.121.128.0/17 89.122.0.0/16 89.123.0.0/16 89.136.0.0/15 89.149.0.0/17 89.161.128.0/17 89.165.128.0/17 89.175.0.0/16 89.178.0.0/15 89.186.0.0/19 89.187.48.0/23 89.187.128.0/19 89.189.0.0/19 89.189.128.0/19 89.190.224.0/19 89.204.0.0/17 89.208.160.0/19 89.212.0.0/17 89.216.0.0/16 89.218.0.0/16 89.222.128.0/17 89.223.0.0/16 89.230.0.0/16 89.232.192.0/18 89.239.128.0/18 89.251.96.0/20 89.253.0.0/18 90.150.112.0/20 90.150.128.0/20 90.151.128.0/20 90.156.128.0/17 90.176.0.0/13 90.188.64.0/19 91.76.0.0/14 91.122.0.0/16 91.123.0.0/19 91.124.0.0/16 91.135.192.0/22 91.143.160.0/20 91.149.157.0/24 91.149.180.0/24 91.188.32.0/19 91.189.80.0/21 91.189.128.0/21 91.191.64.0/18 91.192.68.0/22 91.193.140.0/22 91.194.10.0/23 91.197.128.0/22 91.200.164.0/22 91.200.228.0/22 91.200.232.0/22 91.201.28.0/22 91.201.64.0/22 91.201.196.0/22 91.203.4.0/22 91.203.92.0/22 91.204.84.0/22 91.205.120.0/21 91.206.200.0/23 91.206.226.0/23 91.207.4.0/22 91.207.60.0/23 91.208.228.0/24 91.211.64.0/22 91.211.68.0/22 91.212.41.0/24 91.212.65.0/24 91.212.226.0/24 91.212.132.0/24 91.212.198.0/24 91.213.33.0/24 91.213.117.0/24 91.213.121.0/24 91.216.122.0/24 91.216.141.0/24 91.216.215.0/24 92.36.0.0/17 92.46.0.0/15 92.48.126.128/25 92.48.201.0/26 92.50.128.0/18 92.53.104.0/22 92.80.0.0/13 92.112.0.0/15 92.114.128.0/17 92.124.0.0/14 92.241.160.0/19 92.243.64.0/19 92.244.224.0/19 92.255.0.0/16 93.80.0.0/15 93.84.0.0/15 93.86.0.0/15 93.89.208.0/20 93.92.32.0/21 93.99.0.0/16 93.113.27.0/24 93.120.128.0/18 93.124.0.0/17 93.125.99.0/24 93.159.0.0/18 93.170.0.0/15 93.183.128.0/18 94.25.0.0/17 94.26.0.0/17 94.41.0.0/17 94.50.0.0/15 94.73.192.0/18 94.79.0.0/18 94.100.181.128/25 94.103.80.0/20 94.112.0.0/14 94.142.128.0/21 94.176.96.0/24 94.178.0.0/15 94.180.0.0/16 94.188.0.0/17 94.189.128.0/17 94.229.65.160/27 94.230.0.0/20 94.231.160.0/20 94.232.232.0/21 94.233.192.0/18 94.247.0.0/21 95.24.0.0/13 95.32.0.0/16 95.40.0.0/14 95.52.0.0/14 95.56.0.0/14 95.78.128.0/19 95.84.192.0/18 95.86.128.0/18 95.108.128.0/17 95.132.0.0/14 95.142.46.0/24 95.165.0.0/16 95.168.160.0/19 95.169.160.0/19 95.179.0.0/17 95.188.0.0/14 109.72.112.0/20 109.86.0.0/15 109.92.0.0/15 109.95.112.0/22 109.96.0.0/13 109.122.0.0/18 109.124.0.0/18 109.167.0.0/16 109.169.192.0/18 109.194.0.0/18 109.194.64.0/19 109.196.16.0/20 109.196.128.0/20 109.243.0.0/16 141.85.0.0/16 158.197.0.0/16 160.99.0.0/16 178.46.32.0/19 178.88.0.0/14 178.92.0.0/14 178.120.0.0/13 178.129.0.0/16 178.154.0.0/17 178.184.0.0/14 178.206.0.0/16 178.220.0.0/14 178.234.0.0/16 188.18.16.0/20 188.18.64.0/19 188.18.240.0/20 188.24.0.0/14 188.47.64.0/18 188.92.72.0/21 188.95.152.0/21 188.115.128.0/18 188.120.32.0/20 188.131.0.0/17 188.187.128.0/18 192.129.3.0/24 193.19.244.0/22 193.25.112.0/23 193.37.138.0/24 193.37.156.0/23 193.39.113.0/24 193.47.166.0/24 193.77.64.0/18 193.104.27.0/24 193.104.41.0/24 193.104.94.0/24 193.105.0.0/24 193.105.154.0/24 193.105.210.0/24 193.108.38.0/23 193.108.248.0/22 193.111.48.0/22 193.169.12.0/23 193.178.144.0/22 193.178.228.0/23 193.200.50.0/23 193.223.101.0/24 193.227.226.0/23 193.230.232.0/24 193.238.74.0/23 193.238.128.0/22 193.239.24.0/22 193.239.36.0/22 193.239.44.0/22 193.239.64.0/21 193.239.72.0/22 194.0.88.0/22 194.8.156.0/22 194.8.250.0/23 194.28.44.0/22 194.29.60.0/22 194.44.0.0/16 194.54.88.0/22 194.85.88.0/21 194.85.128.0/19 194.102.114.0/24 194.114.136.0/22 194.114.144.0/22 194.146.136.0/22 194.160.0.0/16 194.169.126.0/24 194.176.176.0/24 194.181.0.0/16 194.186.0.0/16 194.187.108.0/22 195.2.96.0/19 195.2.240.0/23 195.2.252.0/23 195.3.148.0/22 195.5.32.0/19 195.5.116.0/23 195.5.161.0/24 195.9.0.0/16 195.14.112.0/23 195.28.32.0/19 195.34.208.0/22 195.34.224.0/19 195.42.160.0/19 195.60.174.0/23 195.78.124.0/23 195.88.32.0/23 195.93.218.0/23 195.93.218.0/24 195.95.218.0/23 195.95.228.0/23 195.112.96.0/19 195.116.0.0/16 195.128.16.0/22 195.128.48.0/21 195.131.0.0/16 195.137.200.0/23 195.138.64.0/19 195.138.198.0/24 195.170.192.0/19 195.189.246.0/23 195.190.13.0/24 195.208.0.0/15 195.209.32.0/19 195.209.224.0/19 195.211.100.0/22 195.216.243.0/24 195.225.64.0/22 195.225.176.0/22 195.239.0.0/16 195.242.98.0/23 195.242.232.0/22 195.244.128.128/25 195.245.112.0/23 195.245.208.0/24 204.9.184.0/21 212.1.224.0/19 212.9.224.0/19 212.24.32.0/19 212.33.224.0/19 212.44.64.0/20 212.44.80.0/22 212.44.128.0/19 212.58.192.0/19 212.87.160.0/19 212.92.128.0/18 212.95.54.0/24 212.96.160.0/19 212.118.32.0/19 212.158.160.0/20 212.178.0.0/19 212.220.0.0/16 213.5.128.0/21 213.25.0.0/16 213.35.224.0/23 213.91.128.0/17 213.140.96.0/19 213.141.128.0/19 213.142.192.0/19 213.154.192.0/19 213.155.0.0/19 213.156.192.0/24 213.170.64.0/19 213.180.147.0/24 213.186.192.0/19 213.215.64.0/18 213.233.101.0/24 213.242.12.0/22 213.248.0.0/18 217.12.112.0/20 217.12.240.0/20 217.16.16.0/20 217.18.240.0/20 217.20.160.0/20 217.23.128.0/19 217.27.144.0/20 217.28.208.0/21 217.65.0.0/20 217.65.208.0/20 217.67.16.0/20 217.69.128.0/20 217.77.208.0/20 217.79.0.0/20 217.106.0.0/15 217.114.224.0/20 217.146.240.0/20 217.147.0.0/19 217.149.240.0/20 217.173.64.0/20 217.174.96.0/20 217.197.240.0/20
# Start second list to avoid Apache Server 500 error for exceeding allowable line length (~8193)
deny from 2.132.0.0/14 31.170.168.0/21 46.4.240.0/27 46.16.240.0/21 46.72.0.0/15 46.109.0.0/16 46.175.200.0/21 46.191.128.0/18 62.24.64.0/19 62.122.64.0/21 62.140.224.0/19 62.152.32.0/19 62.213.32.0/19 69.175.104.218 77.34.0.0/15 77.65.0.0/17 77.87.32.0/20 77.87.168.0/21 77.87.192.0/21 77.93.0.0/18 77.94.192.0/19 77.239.224.0/19 77.241.160.0/20 77.243.96.0/22 78.29.0.0/18 78.111.48.0/20 78.137.0.0/19 79.101.0.0/16 79.133.128.0/19 79.184.0.0/13 80.77.160.0/20 80.239.224.0/19 82.193.128.0/19 82.200.0.0/17 83.228.0.0/17 83.234.0.0/16 84.53.192.0/18 85.26.184.0/22 85.172.0.0/14 85.222.0.0/17 86.35.15.0/24 86.55.140.0/24 86.55.210.0/23 86.111.240.0/21 88.213.192.0/18 89.23.0.0/19 89.33.252.0/22 89.37.120.0/21 89.39.200.0/21 89.45.14.0/24 89.47.224.0/21 89.116.0.0/15 89.189.176.0/20 89.238.192.0/18 91.148.128.0/18 91.193.80.0/22 91.204.16.0/21 91.204.24.0/22 91.204.36.0/22 91.204.40.0/21 91.204.48.0/20 91.204.64.0/22 91.204.128.0/22 91.207.44.0/23 91.210.104.0/22 91.211.16.0/22 91.211.248.0/22 91.213.174.0/24 92.38.128.0/17 92.115.0.0/16 92.248.128.0/17 92.249.64.0/18 93.72.0.0/13 94.19.128.0/17 94.45.160.0/19 94.60.176.0/22 94.75.0.0/18 94.77.0.0/19 94.181.0.0/18 94.232.48.0/21 94.232.144.0/21 95.64.0.0/16 95.65.0.0/17 95.67.128.0/17 95.68.128.0/17 95.129.60.0/22 95.168.192.0/19 95.171.96.0/19 95.172.32.0/19 95.220.0.0/16 108.62.150.0/24 109.95.224.0/21 109.110.32.0/19 109.120.128.0/18 109.126.136.0/21 109.126.192.0/18 109.229.0.0/19 109.230.0.0/18 109.161.0.0/17 109.165.0.0/17 109.171.0.0/17 109.184.0.0/16 109.227.64.0/18 109.254.0.0/16 178.34.128.0/18 178.45.0.0/20 178.73.0.0/18 178.130.0.0/16 178.150.0.0/15 178.159.80.0/20 178.159.208.0/20 178.216.32.0/21 178.217.160.0/21 178.218.96.0/20 188.16.192.0/18 188.129.128.0/17 188.143.128.0/17 188.163.0.0/16 188.186.128.0/17 188.229.0.0/17 188.235.128.0/18 193.9.28.0/24 193.30.248.0/22 193.93.228.0/22 193.106.136.0/22 193.110.120.0/22 193.169.86.0/23 193.238.0.0/22 193.243.168.0/22 194.50.7.0/24 194.79.60.0/22 194.247.24.0/23 195.22.104.0/22 195.78.108.0/23 195.190.157.0/24 195.191.54.0/23 195.242.161.0/24 195.245.96.0/23 212.27.192.0/19 212.59.96.0/19 212.91.160.0/19 212.160.0.0/16 213.108.144.0/21 213.171.0.0/19 213.191.0.0/19 217.77.48.0/20 217.117.208.0/20 217.196.160.0/20 217.197.0.0/20

# Turkey (TR): web hosts and Turk Telekom customers - scammers, spammers, phishing websites and server script exploiters:
deny from 62.248.0.0/17 77.79.64.0/18 77.92.128.0/19 78.160.0.0/11 79.135.160.0/19 81.6.64.0/18 81.213.0.0/16 81.214.0.0/16 81.215.0.0/16 82.222.0.0/16 84.51.0.0/18 85.96.0.0/12 85.100.128.0/17 85.101.0.0/17 85.103.0.0/17 85.105.0.0/17 85.106.128.0/17 85.110.0.0/16 88.226.0.0/16 88.229.0.0/16 88.231.0.0/16 88.232.0.0/16 88.233.0.0/16 88.234.0.0/16 88.238.0.0/16 88.239.0.0/17 88.241.128.0/17 88.243.0.0/17 88.245.0.0/16 88.247.128.0/17 88.248.0.0/13 88.255.0.0/16 89.106.0.0/19 89.113.72.0/21 92.44.0.0/15 92.63.0.0/20 93.186.112.0/20 93.187.200.0/21 94.78.64.0/18 95.0.128.0/17 95.65.128.0/17 95.130.168.0/21 160.75.0.0/16 178.242.0.0/15 188.3.0.0/16 188.38.0.0/16 188.56.0.0/14 188.124.0.0/19 188.132.128.0/17 194.27.48.0/23 194.54.32.0/19 195.155.0.0/16 195.174.0.0/15 195.175.0.0/17 212.15.0.0/19 212.95.40.0/23 212.174.113.0/24 212.175.0.0/16 213.248.128.0/18 217.195.192.0/20

# German (DE) ISPs used by hackers and spammers including 1&1internet DE, Deutsche Telekom AG, NetDirekt and Schlund & Partners
deny from 77.176.0.0/12 78.46.0.0/15 78.159.96.0/19  79.192.0.0/10 80.128.0.0/11 82.165.128.0/20 83.138.64.0/21 83.169.40.0/21 85.214.0.0/16 87.106.0.0/16 87.118.64.0/18 87.247.192.0/22 89.149.192.0/18 89.200.168.0/21 91.0.0.0/10 91.213.217.0/24 93.186.192.0/20 93.192.0.0/10 188.72.192.0/18 188.102.0.0/15 212.95.32.0/19 212.227.0.0/16 213.133.96.0/19 217.72.192.0/20

# Iran (IR)
deny from 86.109.32.0/19 109.122.192.0/18 178.131.0.0/16

</Files>

Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...
  • 2 weeks later...

I guess below is better approach

 



#BADENGINE
SetEnvIfNoCase User-Agent (^$|\<|\>|\'|\%|\_iRc|\_Works|\@\$x|\<\?|\$x0e|\+select\+|\+union\+|1\,\1\,1\,|2icommerce|3GSE|4all|59\.64\.153\.|88\.0\.106\.|85\.17\.|A\_Browser|ABAC|Abont|abot|Accept|Access|Accoo|AceFTP|Acme|ActiveTouristBot|Address|Adopt|adress|adressendeutschland|ADSARobot|ah\-ha|Ahead|AESOP\_com\_SpiderMan|aipbot|Alarm|Albert|Alek|Alexibot|Alligator|AllSubmitter|alma|almaden|ALot|Alpha|aktuelles|Akregat|Amfi|amzn\_assoc|Anal|Anarchie|andit|Anon|AnotherBot|Ansearch|AnswerBus|antivirx|Apexoo|appie|Aqua_Products|Arachmo|archive|arian|ASPSe|ASSORT|Atari|ATHENS|AtHome|Atlocal|Atomic_Email_Hunter|Atomz|Atrop|^attach|attrib|autoemailspider|autohttp|axod|batch|b2w|Back|BackDoorBot|BackStreet|BackWeb|Badass|Bali|Bandit|Barry|BasicHTTP|BatchFTP|bdfetch|beat|Become|Beij|BenchMark|berts|bew|big\.brother|Bigfoot|Bilgi|Bison|Bitacle|Biz360|Black|Black\.Hole|BlackWidow|bladder\.fusion|Blaiz|Blog\.Checker|Blogl|BlogPeople|Blogshares\.Spiders|Bloodhound|Blow|bmclient|Board|BOI|boitho|Bond|Bookmark\.search\.tool|boris|Bost|Boston\.Project|BotRightHere|Bot\.mailto:craftbot@yahoo\.com|BotALot|botpaidtoclick|botw|brandwatch|BravoBrian|Brok|Bropwers|Broth|browseabit|BrowseX|Browsezilla|Bruin|bsalsa|Buddy|Build|Built|Bulls|bumblebee|Bunny|Busca|Busi|Buy|bwh3) BADENGINE
SetEnvIfNoCase User-Agent (c\-spider|CafeK|Cafi|camel|Cand|captu|Catch|cd34|Ceg|CFNetwork|cgichk|Cha0s|Chang|chaos|Char|char\(32\,35\)|charlotte|CheeseBot|Chek|CherryPicker|chill|ChinaClaw|CICC|Cisco|Cita|Clam|Claw|Click\.Bot|clipping|clshttp|Clush|COAST|ColdFusion|Coll|Comb|commentreader|Compan|contact|Control|contype|Conc|Conv|Copernic|Copi|Copy|Coral|Corn|core-project|cosmos|costa|cr4nk|crank|craft|Crap|Crawler0|Crazy|Cres|cs\-CZ|cuill|Custo|Cute|CSHttp|Cyber|cyberalert|^DA$|daoBot|DARK|Data|Daten|Daum|dcbot|dcs|Deep|DepS|Detect|Deweb|Diam|Digger|Digimarc|digout4uagent|DIIbot|Dillo|Ding|DISC|discobot|Disp|Ditto|DLC|DnloadMage|DotBot|Doubanbot|Download|Download\.Demon|Download\.Devil|Download\.Wonder|Downloader|drag|DreamPassport|Drec|Drip|dsdl|dsok|DSurf|DTAAgent|DTS|Dual|dumb|DynaWeb) BADENGINE
SetEnvIfNoCase User-Agent (e\-collector|eag|earn|EARTHCOM|EasyDL|ebin|EBM-APPLE|EBrowse|eCatch|echo|ecollector|Edco|edgeio|efp\@gmx\.net|EirGrabber|email|Email\.Extractor|EmailCollector|EmailSearch|EmailSiphon|EmailWolf|Emer|empas|Enfi|Enhan|Enterprise\_Search|envolk|erck|EroCr|ESurf|Eval|Evil|Evere|EWH|Exabot|Exact|EXPLOITER|Expre|Extra|ExtractorPro|EyeN|FairAd|Fake|FANG|FAST|fastlwspider|FavOrg|Favorites\.Sweeper|Faxo|FDM\_1|FDSE|FEZhead|Filan|FileHound|find|Firebat|Firs|Flam|Flash|FlickBot|Flip|fluffy|flunky|focus|Foob|Fooky|Forex|Forum|ForV|Fost|Foto|Foun|Franklin\.Locator|freefind|FreshDownload|FrontPage|FSurf|Fuck|Fuer|futile|Fyber|Gais|GalaxyBot|Galbot|Gamespy\_Arcade|GbPl|Gener|geni|Geona|Get|gigabaz|Gira|Ginxbot|gluc|glx\.?v|gnome|Go\.Zilla|Goldfire|Got\-It|GOFORIT|gonzo|GornKer|GoSearch|^gotit$|gozilla|grab|Grabber|GrabNet|Grub|Grup|Graf|Green\.Research|grub|grub\-client|gsa\-cra|GSearch|GT\:\:WWW|GuideBot|guruji|gvfs|Gyps|hack|haha|hailo|Harv|Hatena|Hax|Head|Helm|herit|hgre|hhjhj\@yahoo|Hippo|hloader|HMView|holm|holy|HomePageSearch|HooWWWer|HouxouCrawler|HMSE|HPPrint|htdig|HTTPConnect|httpdown|http\.generic|HTTPGet|httplib|HTTPRetriever|HTTrack|human|Huron|hverify|Hybrid|Hyper|ia\_archiver|iaskspi|IBM\_Planetwide|iCCra|ichiro|ID\-Search|IDA|IDBot|IEAuto|IEMPT|iexplore\.exe|iGetter|Ilse|Iltrov|Image\.Stripper|Image\.Sucker|imagefetch|iimds\_monitor|Incutio|IncyWincy|Indexer|Industry\.Program|Indy|InetURL|informant|InfoNav|InfoTekies|Ingelin|Innerpr|Inspect|InstallShield\.DigitalWizard|Insuran\.|Intellig|Intelliseek|InterGET|Internet\.Ninja|Internet\.x|Internet\_Explorer|InternetLinkagent|InternetSeer\.com|Intraf|IP2|Ipsel|Iria|IRLbot|Iron33|Irvine|ISC\_Sys|iSilo|ISRCCrawler|ISSpi|IUPUI\.Research\.Bot|Jady|Jaka|Jam|^Java|java\/|Java\(tm\)|JBH\.agent|Jenny|JetB|JetC|jeteye|jiro|JoBo|JOC|jupit|Just|Jyx|Kapere|kash|Kazo|KBee|Kenjin|Kernel|Keywo|KFSW|KKma|Know|kosmix|KRAE|KRetrieve|Krug|ksibot|ksoap|Kum|KWebGet) BADENGINE
SetEnvIfNoCase User-Agent (Lachesis|lanshan|Lapo|larbin|leacher|leech|LeechFTP|LeechGet|leipzig\.de|Lets|Lexi|lftp|Libby|libcrawl|libfetch|libghttp|libWeb|libwhisker|libwww|libwww\-FM|libwww\-perl|LightningDownload|likse|Linc|Link\.Sleuth|LinkextractorPro|Linkie|LINKS\.ARoMATIZED|LinkScan|linktiger|LinkWalker|Lint|List|lmcrawler|LMQ|LNSpiderguy|loader|LocalcomBot|Locu|London|lone|looksmart|loop|Lork|LTH\_|lwp\-request|LWP|lwp-request|lwp-trivial|Mac\.Finder|Macintosh\;\.I\;\.PPC|Mac\_F|magi|Mag\-Net|Magnet|Magp|Mail\.Sweeper|main|majest|Mam|Mana|MarcoPolo|mark\.blonin|MarkWatch|MaSagool|Mass|Mass\.Downloader|Mata|mavi|McBot|Mecha|MCspider|^Memo|MetaProducts\.Download\.Express|Metaspin|Mete|Microsoft\.Data\.Access|Microsoft\.URL|Microsoft\_Internet\_Explorer|MIDo|MIIx|miner|Mira|MIRE|Mirror|Miss|Missauga|Missigua\.Locator|Missouri\.College\.Browse|Mist|Mizz|MJ12|mkdb|mlbot|MLM|MMMoCrawl|MnoG|moge|Moje|Monster|Monza\.Browser|Mooz|Moreoverbot|MOT\-MPx220|mothra\/netscan|mouse|MovableType|Mozdex|Mozi\!|Mp3Bot|MPF|MRA|MS\.FrontPage|MS\.?Search|MSFrontPage|MSIECrawler|msnbot\-media|msnbot\-Products|MSNPTC|MSProxy|MSRBOT|multithreaddb|musc|MVAC|MWM|My\_age|MyApp|MyDog|MyEng|MyFamilyBot|MyGetRight|MyIE2|mysearch|myurl|NAG|NAMEPROTECT|NASA\.Search|nationaldirectory|Naver|Navr|Near|NetAnts|netattache|Netcach|NetCarta|Netcraft|NetCrawl|NetMech|netprospector|NetResearchServer|NetSp|Net\.Vampire|netX|NetZ|Neut|newLISP|NewsGatorInbox|NEWT|NEWT\.ActiveX|Next|^NG|NICE|nikto|Nimb|Ninja|Ninte|NIPGCrawler|Noga|nogo|Noko|Nomad|Norb|noxtrumbot|NPbot|NuSe|Nutch|Nutex|NWSp|Obje|Ocel|Octo|ODI3|oegp|Offline|Offline\.Explorer|Offline\.Navigator|OK\.Mozilla|omg|Omni|Onfo|onyx|OpaL|OpenBot|Openf|OpenTextSiteCrawler|OpenU|Orac|OrangeBot|Orbit|Oreg|osis|Outf|Owl) BADENGINE
SetEnvIfNoCase User-Agent (P3P|PackRat|PageGrabber|PagmIEDownload|pansci|Papa|Pars|Patw|pavu|Pb2Pb|pcBrow|PEAR|PEER|PECL|pepe|Perl|PerMan|PersonaPilot|Persuader|petit|PHP\.vers|PHPot|Phras|PicaLo|Piff|Pige|pigs|^Ping|Pingd|PingALink|Pipe|Plag|Plant|playstarmusic|Pluck|Pockey|POE\-Com|Poirot|Pomp|Port\.Huron|Post|powerset|Preload|press|Privoxy|Probe|Program\.Shareware|Progressive\.Download|ProPowerBot|prospector|Provider\.Protocol\.Discover|ProWebWalker|Prowl|Proxy|Prozilla|psbot|PSurf|psycheclone|^puf$|Pulse|Pump|PushSite|PussyCat|PuxaRapido|Pyth|PyQ|QuepasaCreep|Query|Quest|QRVA|Qweer|radian|Radiation|Rambler|RAMP|RealDownload|Reap|Recorder|RedCarpet|RedKernel|ReGet|^Mozilla$|Mozilla\:|Mozilla\/Firefox|^Mozilla\.*Indy|^Mozilla\.*NEWT|^Mozilla*MSIECrawler|relevantnoise|replacer|Repo|requ|Rese|Retrieve|Rip|Rix|RMA|Roboz|Rogue|Rover|RPT\-HTTP|Rsync|RTG30|\.ru\)|ruby|Rufus|Salt|Sample|SAPO|Sauger|savvy|SBIder|SBP|SCAgent|scan|SCEJ\_|Sched|Schizo|Schlong|Schmo|Scout|Scooter|Scorp|ScoutOut|SCrawl|screen|script|SearchExpress|searchhippo|Searchme|searchpreview|searchterms|Second\.Street\.Research|Security\.Kol|Seekbot|Sega|Sensis|Sept|Serious|Sezn|Shai|Share|Sharp|Shaz|shell|shelo|Sherl|Shim|Shiretoko|ShopWiki|SickleBot|Simple|Siph|sitecheck|SiteCrawler|SiteSnagger|Site\.Sniper|SiteSucker|sitevigil|SiteX|Sleip|Slide|Slurpy\.Verifier|Sly|Smag|SmartDownload|Smurf|sna\-|snag|Snake|Snapbot|Snip|Snoop|So\-net|SocSci|sogou|Sohu|solr|sootle|Soso|SpaceBison|Spad|Span|spanner|Speed|Spegla|Sphere|Sphider|SpiderBot|SpiderEngine|SpiderView|Spin|sproose|Spurl|Spyder|Squi|SQ\.Webscanner|sqwid|Sqworm|SSM\_Ag|Stack|Stamina|stamp|Stanford|Statbot|State|Steel|Strateg|Stress|Strip|studybot|Style|subot|Suck|Sume|sun4m|Sunrise|SuperBot|SuperBro|Supervi|Surf4Me|SuperHTTP|Surfbot|SurfWalker|Susi|suza|suzu|Sweep|sygol|syncrisis|Systems|Szukacz) BADENGINE
SetEnvIfNoCase User-Agent (Tagger|Tagyu|tAke|Talkro|TALWinHttpClient|tamu|Tandem|Tarantula|tarspider|tBot|TCF|Tcs\/1|TeamSoft|Tecomi|Teleport|Telesoft|Templeton|Tencent|Terrawiz|Test|TexNut|trivial|Turnitin|The\.Intraformant|TheNomad|Thomas|TightTwatBot|Timely|Titan|TMCrawler|TMhtload|toCrawl|Todobr|Tongco|topic|Torrent|Track|translate|Traveler|TREEVIEW|True|Tunnel|turing|Turnitin|TutorGig|TV33\_Mercator|Twat|Tweak|Twice|Twisted\.PageGetter|Tygo|ubee|UCmore|UdmSearch|UIowaCrawler|Ultraseek|UMBC|unf|UniversalFeedParser|unknown|UPG1|UtilMind|URLBase|URL\.Control|URL\_Spider\_Pro|urldispatcher|URLGetFile|urllib|URLSpiderPro|URLy|User\-Agent|UserAgent|USyd|Vacuum|vagabo|Valet|Valid|Vamp|vayala|VB\_|VCI|VERI\~LI|versus|via|Viewer|virtual|visibilitygap|Visual|vobsub|Void|VoilaBot|voyager|vspider|VSyn|w\:PACBHO60|w0000t|W3C|w3m|w3search|walhello|Walker|Wand|WAOL|WAPT|Watch|Wavefire|wbdbot|Weather|web\.by\.mail|Web\.Data\.Extractor|Web\.Downloader|Web\.Ima|Web\.Mole|Web\.Sucker|Web2Mal|Web2WAP|WebaltBot|WebAuto|WebBandit|WebCapture|WebCat|webcraft\@bea|Webclip|webcollage|WebCollector|WebCopier|WebCopy|WebCor|webcrawl|WebDat|WebDav|webdevil|webdownloader|Webdup|WebEMail|WebEMailExtrac|WebEnhancer|WebFetch|WebGo|WebHook|Webinator|WebInd|webitpr|WebFilter|WebFountain|WebLea|WebmasterWorldForumBot|WebMin|WebMirror|webmole|webpic|WebPin|WebPix|WebReaper|WebRipper|WebRobot|WebSauger|Website\.eXtractor|Website\.Quester|WebSnake|webspider|Webster|WebStripper|websucker|WebTre|WebVac|webwalk|WebWasher|WebWeasel|WebWhacker|WebZIP|Wells|WEP\_S|WEP\.Search\.00|WeRelateBot|wget|Whack|Whacker|whiz|WhosTalking|Widow|Win67|window\.location|Windows\.95\;|Windows\.98\;|Winodws|Wildsoft\.Surfer|WinHT|winhttp|WinHttpRequest|WinHTTrack|Winnie\.Poh|WISEbot|wisenutbot|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW\.Mechanize|www\.ranks\.nl|wwwster|^x$|X12R1|x\-Tractor|Xaldon|Xenu|XGET|xirq|Y\!OASIS|Y\!Tunnel|yacy|YaDirectBot|Yahoo\-MMAudVid|YahooYSMcm|Yamm|Yand|yang|Yeti|Yoono|yori|Yotta|YTunnel|Zade|zagre|ZBot|Zeal|ZeBot|zerx|Zeus|ZIPCode|Zixy|zmao|Zyborg) BADENGINE
SetEnvIfNoCase User-Agent (cyberpatrol\.com|Macintosh\;\s+) !BADENGINE
#SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE

#BADFILE
SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE
SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE
SetEnvIfNoCase Request_URI "(entry(.*)\.txt|categories\.dat|categories(.*)\.dat|index(.*)\.dat|css\.js|css(.*)\.js|panels\.prototypes\.php|core\.config\.php|core\.static\.php)" BADFILE

#BADCALL
SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL
SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL
SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol)  BADCALL

#Someone trying to $_POST not from mydomain
#SetEnvIfNoCase Host (.*) this_host=$1
#SetEnvIfNoCase Request_Method (POST) BLOCKPOST

#Someone trying to put/delete something
#SetEnvIfNoCase Request_Method (PUT|DELETE) BLOCKPUT

#MAKE SOME TEST HERE
#SetEnvIfNoCase Request_Method "(POST)" BLOCKPOSTTEST
#SetEnvIfNoCase Request_URI "!(\/$|index\.php)" !BLOCKPOSTTEST


<LimitExcept CONNECT>
Order Allow,Deny
Allow from all
#Deny from env=BLOCKPOSTTEST
Deny from env=BLOCKPOST
Deny from env=BADCALL
Deny from env=BADFILE
Deny from env=BADGUESTBOOK
Deny from env=BADENGINE
Deny from env=BLOCKPUT

#deny_from_specific_ip_address_below
Deny from 66.225.201.*
Deny from 67.228.235.52
</LimitExcept>

Link to comment
Share on other sites

If you want to allow robot (BADENGINE) to read robots.txt, just uncomment one line above that mentioned it.

 

SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE

 

@zaenal

Link to comment
Share on other sites

If you experienced your admin page not render correctly, try to commented one of below lines or edit it as you want...

 

#BADFILE
#SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE
SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE
#SetEnvIfNoCase Request_URI "(some\.suspicious\.files)" BADFILE

 

@zaenal

Link to comment
Share on other sites

Here another version of bad robots (BADENGINE) from askapache.com

http://www.askapache...h-htaccess.html

 

I modified askapache.com trap to make it works with my version

#BADENGINE from ASKAPACHE
SetEnvIfNoCase User-Agent .*(aesop_com_spiderman|alexibot|backweb|bandit|batchftp|bigfoot) BADENGINE
SetEnvIfNoCase User-Agent .*(black.?hole|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye) BADENGINE
SetEnvIfNoCase User-Agent .*(cheesebot|cherrypicker|chinaclaw|collector|copier|copyrightcheck) BADENGINE
SetEnvIfNoCase User-Agent .*(cosmos|crescent|curl|custo|da|diibot|disco|dittospyder|dragonfly) BADENGINE
SetEnvIfNoCase User-Agent .*(drip|easydl|ebingbong|ecatch|eirgrabber|emailcollector|emailsiphon) BADENGINE
SetEnvIfNoCase User-Agent .*(emailwolf|erocrawler|exabot|eyenetie|filehound|flashget|flunky) BADENGINE
SetEnvIfNoCase User-Agent .*(frontpage|getright|getweb|go.?zilla|go-ahead-got-it|gotit|grabnet) BADENGINE
SetEnvIfNoCase User-Agent .*(grafula|harvest|hloader|hmview|httplib|httrack|humanlinks|ilsebot) BADENGINE
SetEnvIfNoCase User-Agent .*(infonavirobot|infotekies|intelliseek|interget|iria|jennybot|jetcar) BADENGINE
SetEnvIfNoCase User-Agent .*(joc|justview|jyxobot|kenjin|keyword|larbin|leechftp|lexibot|lftp|libweb) BADENGINE
SetEnvIfNoCase User-Agent .*(likse|linkscan|linkwalker|lnspiderguy|lwp|magnet|mag-net|markwatch) BADENGINE
SetEnvIfNoCase User-Agent .*(mata.?hari|memo|microsoft.?url|midown.?tool|miixpc|mirror|missigua) BADENGINE
SetEnvIfNoCase User-Agent .*(mister.?pix|moget|mozilla.?newt|nameprotect|navroad|backdoorbot|nearsite) BADENGINE
SetEnvIfNoCase User-Agent .*(net.?vampire|netants|netcraft|netmechanic|netspider|nextgensearchbot) BADENGINE
SetEnvIfNoCase User-Agent .*(attach|nicerspro|nimblecrawler|npbot|octopus|offline.?explorer) BADENGINE
SetEnvIfNoCase User-Agent .*(offline.?navigator|openfind|outfoxbot|pagegrabber|papa|pavuk) BADENGINE
SetEnvIfNoCase User-Agent .*(pcbrowser|php.?version.?tracker|pockey|propowerbot|prowebwalker) BADENGINE
SetEnvIfNoCase User-Agent .*(psbot|pump|queryn|recorder|realdownload|reaper|reget|true_robot) BADENGINE
SetEnvIfNoCase User-Agent .*(repomonkey|rma|internetseer|sitesnagger|siphon|slysearch|smartdownload) BADENGINE
SetEnvIfNoCase User-Agent .*(snake|snapbot|snoopy|sogou|spacebison|spankbot|spanner|sqworm|superbot) BADENGINE
SetEnvIfNoCase User-Agent .*(superhttp|surfbot|asterias|suzuran|szukacz|takeout|teleport) BADENGINE
SetEnvIfNoCase User-Agent .*(telesoft|the.?intraformant|thenomad|tighttwatbot|titan|urldispatcher) BADENGINE
SetEnvIfNoCase User-Agent .*(turingos|turnitinbot|urly.?warning|vacuum|vci|voideye|whacker) BADENGINE
SetEnvIfNoCase User-Agent .*(widow|wisenutbot|wwwoffle|xaldon|xenu|zeus|zyborg|anonymouse) BADENGINE
SetEnvIfNoCase User-Agent .*web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) BADENGINE
SetEnvIfNoCase User-Agent .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) BADENGINE
SetEnvIfNoCase User-Agent .*(libwww-perl|aesop_com_spiderman) BADENGINE

#ALLOW BADENGINE to ACCESS robots.txt
SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE

 

@zaenal

Link to comment
Share on other sites

  • 2 weeks later...

If you experienced your admin page not render correctly, try to commented one of below lines or edit it as you want...

 

#BADFILE
#SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE
SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE
#SetEnvIfNoCase Request_URI "(some\.suspicious\.files)" BADFILE

 

@zaenal

Hi There,

My admin page did not render correctly after that I have uploaded your file to catalog/.htaccess. I commented all the 3 lines suggested and still I have problems..any ideas??

Link to comment
Share on other sites

Hi There,

My admin page did not render correctly after that I have uploaded your file to catalog/.htaccess. I commented all the 3 lines suggested and still I have problems..any ideas??

 

You should also try to commented others env. I suspected some of your js or css blocked by following code:

 

#BADCALL
SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL
SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL
SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol)  BADCALL

 

@zaenal

Link to comment
Share on other sites

  • 2 months later...

I guess below is better approach

 



#BADENGINE
SetEnvIfNoCase User-Agent (^$|\<|\>|\'|\%|\_iRc|\_Works|\@\$x|\<\?|\$x0e|\+select\+|\+union\+|1\,\1\,1\,|2icommerce|3GSE|4all|59\.64\.153\.|88\.0\.106\.|85\.17\.|A\_Browser|ABAC|Abont|abot|Accept|Access|Accoo|AceFTP|Acme|ActiveTouristBot|Address|Adopt|adress|adressendeutschland|ADSARobot|ah\-ha|Ahead|AESOP\_com\_SpiderMan|aipbot|Alarm|Albert|Alek|Alexibot|Alligator|AllSubmitter|alma|almaden|ALot|Alpha|aktuelles|Akregat|Amfi|amzn\_assoc|Anal|Anarchie|andit|Anon|AnotherBot|Ansearch|AnswerBus|antivirx|Apexoo|appie|Aqua_Products|Arachmo|archive|arian|ASPSe|ASSORT|Atari|ATHENS|AtHome|Atlocal|Atomic_Email_Hunter|Atomz|Atrop|^attach|attrib|autoemailspider|autohttp|axod|batch|b2w|Back|BackDoorBot|BackStreet|BackWeb|Badass|Bali|Bandit|Barry|BasicHTTP|BatchFTP|bdfetch|beat|Become|Beij|BenchMark|berts|bew|big\.brother|Bigfoot|Bilgi|Bison|Bitacle|Biz360|Black|Black\.Hole|BlackWidow|bladder\.fusion|Blaiz|Blog\.Checker|Blogl|BlogPeople|Blogshares\.Spiders|Bloodhound|Blow|bmclient|Board|BOI|boitho|Bond|Bookmark\.search\.tool|boris|Bost|Boston\.Project|BotRightHere|Bot\.mailto:craftbot@yahoo\.com|BotALot|botpaidtoclick|botw|brandwatch|BravoBrian|Brok|Bropwers|Broth|browseabit|BrowseX|Browsezilla|Bruin|bsalsa|Buddy|Build|Built|Bulls|bumblebee|Bunny|Busca|Busi|Buy|bwh3) BADENGINE
SetEnvIfNoCase User-Agent (c\-spider|CafeK|Cafi|camel|Cand|captu|Catch|cd34|Ceg|CFNetwork|cgichk|Cha0s|Chang|chaos|Char|char\(32\,35\)|charlotte|CheeseBot|Chek|CherryPicker|chill|ChinaClaw|CICC|Cisco|Cita|Clam|Claw|Click\.Bot|clipping|clshttp|Clush|COAST|ColdFusion|Coll|Comb|commentreader|Compan|contact|Control|contype|Conc|Conv|Copernic|Copi|Copy|Coral|Corn|core-project|cosmos|costa|cr4nk|crank|craft|Crap|Crawler0|Crazy|Cres|cs\-CZ|cuill|Custo|Cute|CSHttp|Cyber|cyberalert|^DA$|daoBot|DARK|Data|Daten|Daum|dcbot|dcs|Deep|DepS|Detect|Deweb|Diam|Digger|Digimarc|digout4uagent|DIIbot|Dillo|Ding|DISC|discobot|Disp|Ditto|DLC|DnloadMage|DotBot|Doubanbot|Download|Download\.Demon|Download\.Devil|Download\.Wonder|Downloader|drag|DreamPassport|Drec|Drip|dsdl|dsok|DSurf|DTAAgent|DTS|Dual|dumb|DynaWeb) BADENGINE
SetEnvIfNoCase User-Agent (e\-collector|eag|earn|EARTHCOM|EasyDL|ebin|EBM-APPLE|EBrowse|eCatch|echo|ecollector|Edco|edgeio|efp\@gmx\.net|EirGrabber|email|Email\.Extractor|EmailCollector|EmailSearch|EmailSiphon|EmailWolf|Emer|empas|Enfi|Enhan|Enterprise\_Search|envolk|erck|EroCr|ESurf|Eval|Evil|Evere|EWH|Exabot|Exact|EXPLOITER|Expre|Extra|ExtractorPro|EyeN|FairAd|Fake|FANG|FAST|fastlwspider|FavOrg|Favorites\.Sweeper|Faxo|FDM\_1|FDSE|FEZhead|Filan|FileHound|find|Firebat|Firs|Flam|Flash|FlickBot|Flip|fluffy|flunky|focus|Foob|Fooky|Forex|Forum|ForV|Fost|Foto|Foun|Franklin\.Locator|freefind|FreshDownload|FrontPage|FSurf|Fuck|Fuer|futile|Fyber|Gais|GalaxyBot|Galbot|Gamespy\_Arcade|GbPl|Gener|geni|Geona|Get|gigabaz|Gira|Ginxbot|gluc|glx\.?v|gnome|Go\.Zilla|Goldfire|Got\-It|GOFORIT|gonzo|GornKer|GoSearch|^gotit$|gozilla|grab|Grabber|GrabNet|Grub|Grup|Graf|Green\.Research|grub|grub\-client|gsa\-cra|GSearch|GT\:\:WWW|GuideBot|guruji|gvfs|Gyps|hack|haha|hailo|Harv|Hatena|Hax|Head|Helm|herit|hgre|hhjhj\@yahoo|Hippo|hloader|HMView|holm|holy|HomePageSearch|HooWWWer|HouxouCrawler|HMSE|HPPrint|htdig|HTTPConnect|httpdown|http\.generic|HTTPGet|httplib|HTTPRetriever|HTTrack|human|Huron|hverify|Hybrid|Hyper|ia\_archiver|iaskspi|IBM\_Planetwide|iCCra|ichiro|ID\-Search|IDA|IDBot|IEAuto|IEMPT|iexplore\.exe|iGetter|Ilse|Iltrov|Image\.Stripper|Image\.Sucker|imagefetch|iimds\_monitor|Incutio|IncyWincy|Indexer|Industry\.Program|Indy|InetURL|informant|InfoNav|InfoTekies|Ingelin|Innerpr|Inspect|InstallShield\.DigitalWizard|Insuran\.|Intellig|Intelliseek|InterGET|Internet\.Ninja|Internet\.x|Internet\_Explorer|InternetLinkagent|InternetSeer\.com|Intraf|IP2|Ipsel|Iria|IRLbot|Iron33|Irvine|ISC\_Sys|iSilo|ISRCCrawler|ISSpi|IUPUI\.Research\.Bot|Jady|Jaka|Jam|^Java|java\/|Java\(tm\)|JBH\.agent|Jenny|JetB|JetC|jeteye|jiro|JoBo|JOC|jupit|Just|Jyx|Kapere|kash|Kazo|KBee|Kenjin|Kernel|Keywo|KFSW|KKma|Know|kosmix|KRAE|KRetrieve|Krug|ksibot|ksoap|Kum|KWebGet) BADENGINE
SetEnvIfNoCase User-Agent (Lachesis|lanshan|Lapo|larbin|leacher|leech|LeechFTP|LeechGet|leipzig\.de|Lets|Lexi|lftp|Libby|libcrawl|libfetch|libghttp|libWeb|libwhisker|libwww|libwww\-FM|libwww\-perl|LightningDownload|likse|Linc|Link\.Sleuth|LinkextractorPro|Linkie|LINKS\.ARoMATIZED|LinkScan|linktiger|LinkWalker|Lint|List|lmcrawler|LMQ|LNSpiderguy|loader|LocalcomBot|Locu|London|lone|looksmart|loop|Lork|LTH\_|lwp\-request|LWP|lwp-request|lwp-trivial|Mac\.Finder|Macintosh\;\.I\;\.PPC|Mac\_F|magi|Mag\-Net|Magnet|Magp|Mail\.Sweeper|main|majest|Mam|Mana|MarcoPolo|mark\.blonin|MarkWatch|MaSagool|Mass|Mass\.Downloader|Mata|mavi|McBot|Mecha|MCspider|^Memo|MetaProducts\.Download\.Express|Metaspin|Mete|Microsoft\.Data\.Access|Microsoft\.URL|Microsoft\_Internet\_Explorer|MIDo|MIIx|miner|Mira|MIRE|Mirror|Miss|Missauga|Missigua\.Locator|Missouri\.College\.Browse|Mist|Mizz|MJ12|mkdb|mlbot|MLM|MMMoCrawl|MnoG|moge|Moje|Monster|Monza\.Browser|Mooz|Moreoverbot|MOT\-MPx220|mothra\/netscan|mouse|MovableType|Mozdex|Mozi\!|Mp3Bot|MPF|MRA|MS\.FrontPage|MS\.?Search|MSFrontPage|MSIECrawler|msnbot\-media|msnbot\-Products|MSNPTC|MSProxy|MSRBOT|multithreaddb|musc|MVAC|MWM|My\_age|MyApp|MyDog|MyEng|MyFamilyBot|MyGetRight|MyIE2|mysearch|myurl|NAG|NAMEPROTECT|NASA\.Search|nationaldirectory|Naver|Navr|Near|NetAnts|netattache|Netcach|NetCarta|Netcraft|NetCrawl|NetMech|netprospector|NetResearchServer|NetSp|Net\.Vampire|netX|NetZ|Neut|newLISP|NewsGatorInbox|NEWT|NEWT\.ActiveX|Next|^NG|NICE|nikto|Nimb|Ninja|Ninte|NIPGCrawler|Noga|nogo|Noko|Nomad|Norb|noxtrumbot|NPbot|NuSe|Nutch|Nutex|NWSp|Obje|Ocel|Octo|ODI3|oegp|Offline|Offline\.Explorer|Offline\.Navigator|OK\.Mozilla|omg|Omni|Onfo|onyx|OpaL|OpenBot|Openf|OpenTextSiteCrawler|OpenU|Orac|OrangeBot|Orbit|Oreg|osis|Outf|Owl) BADENGINE
SetEnvIfNoCase User-Agent (P3P|PackRat|PageGrabber|PagmIEDownload|pansci|Papa|Pars|Patw|pavu|Pb2Pb|pcBrow|PEAR|PEER|PECL|pepe|Perl|PerMan|PersonaPilot|Persuader|petit|PHP\.vers|PHPot|Phras|PicaLo|Piff|Pige|pigs|^Ping|Pingd|PingALink|Pipe|Plag|Plant|playstarmusic|Pluck|Pockey|POE\-Com|Poirot|Pomp|Port\.Huron|Post|powerset|Preload|press|Privoxy|Probe|Program\.Shareware|Progressive\.Download|ProPowerBot|prospector|Provider\.Protocol\.Discover|ProWebWalker|Prowl|Proxy|Prozilla|psbot|PSurf|psycheclone|^puf$|Pulse|Pump|PushSite|PussyCat|PuxaRapido|Pyth|PyQ|QuepasaCreep|Query|Quest|QRVA|Qweer|radian|Radiation|Rambler|RAMP|RealDownload|Reap|Recorder|RedCarpet|RedKernel|ReGet|^Mozilla$|Mozilla\:|Mozilla\/Firefox|^Mozilla\.*Indy|^Mozilla\.*NEWT|^Mozilla*MSIECrawler|relevantnoise|replacer|Repo|requ|Rese|Retrieve|Rip|Rix|RMA|Roboz|Rogue|Rover|RPT\-HTTP|Rsync|RTG30|\.ru\)|ruby|Rufus|Salt|Sample|SAPO|Sauger|savvy|SBIder|SBP|SCAgent|scan|SCEJ\_|Sched|Schizo|Schlong|Schmo|Scout|Scooter|Scorp|ScoutOut|SCrawl|screen|script|SearchExpress|searchhippo|Searchme|searchpreview|searchterms|Second\.Street\.Research|Security\.Kol|Seekbot|Sega|Sensis|Sept|Serious|Sezn|Shai|Share|Sharp|Shaz|shell|shelo|Sherl|Shim|Shiretoko|ShopWiki|SickleBot|Simple|Siph|sitecheck|SiteCrawler|SiteSnagger|Site\.Sniper|SiteSucker|sitevigil|SiteX|Sleip|Slide|Slurpy\.Verifier|Sly|Smag|SmartDownload|Smurf|sna\-|snag|Snake|Snapbot|Snip|Snoop|So\-net|SocSci|sogou|Sohu|solr|sootle|Soso|SpaceBison|Spad|Span|spanner|Speed|Spegla|Sphere|Sphider|SpiderBot|SpiderEngine|SpiderView|Spin|sproose|Spurl|Spyder|Squi|SQ\.Webscanner|sqwid|Sqworm|SSM\_Ag|Stack|Stamina|stamp|Stanford|Statbot|State|Steel|Strateg|Stress|Strip|studybot|Style|subot|Suck|Sume|sun4m|Sunrise|SuperBot|SuperBro|Supervi|Surf4Me|SuperHTTP|Surfbot|SurfWalker|Susi|suza|suzu|Sweep|sygol|syncrisis|Systems|Szukacz) BADENGINE
SetEnvIfNoCase User-Agent (Tagger|Tagyu|tAke|Talkro|TALWinHttpClient|tamu|Tandem|Tarantula|tarspider|tBot|TCF|Tcs\/1|TeamSoft|Tecomi|Teleport|Telesoft|Templeton|Tencent|Terrawiz|Test|TexNut|trivial|Turnitin|The\.Intraformant|TheNomad|Thomas|TightTwatBot|Timely|Titan|TMCrawler|TMhtload|toCrawl|Todobr|Tongco|topic|Torrent|Track|translate|Traveler|TREEVIEW|True|Tunnel|turing|Turnitin|TutorGig|TV33\_Mercator|Twat|Tweak|Twice|Twisted\.PageGetter|Tygo|ubee|UCmore|UdmSearch|UIowaCrawler|Ultraseek|UMBC|unf|UniversalFeedParser|unknown|UPG1|UtilMind|URLBase|URL\.Control|URL\_Spider\_Pro|urldispatcher|URLGetFile|urllib|URLSpiderPro|URLy|User\-Agent|UserAgent|USyd|Vacuum|vagabo|Valet|Valid|Vamp|vayala|VB\_|VCI|VERI\~LI|versus|via|Viewer|virtual|visibilitygap|Visual|vobsub|Void|VoilaBot|voyager|vspider|VSyn|w\:PACBHO60|w0000t|W3C|w3m|w3search|walhello|Walker|Wand|WAOL|WAPT|Watch|Wavefire|wbdbot|Weather|web\.by\.mail|Web\.Data\.Extractor|Web\.Downloader|Web\.Ima|Web\.Mole|Web\.Sucker|Web2Mal|Web2WAP|WebaltBot|WebAuto|WebBandit|WebCapture|WebCat|webcraft\@bea|Webclip|webcollage|WebCollector|WebCopier|WebCopy|WebCor|webcrawl|WebDat|WebDav|webdevil|webdownloader|Webdup|WebEMail|WebEMailExtrac|WebEnhancer|WebFetch|WebGo|WebHook|Webinator|WebInd|webitpr|WebFilter|WebFountain|WebLea|WebmasterWorldForumBot|WebMin|WebMirror|webmole|webpic|WebPin|WebPix|WebReaper|WebRipper|WebRobot|WebSauger|Website\.eXtractor|Website\.Quester|WebSnake|webspider|Webster|WebStripper|websucker|WebTre|WebVac|webwalk|WebWasher|WebWeasel|WebWhacker|WebZIP|Wells|WEP\_S|WEP\.Search\.00|WeRelateBot|wget|Whack|Whacker|whiz|WhosTalking|Widow|Win67|window\.location|Windows\.95\;|Windows\.98\;|Winodws|Wildsoft\.Surfer|WinHT|winhttp|WinHttpRequest|WinHTTrack|Winnie\.Poh|WISEbot|wisenutbot|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW\.Mechanize|www\.ranks\.nl|wwwster|^x$|X12R1|x\-Tractor|Xaldon|Xenu|XGET|xirq|Y\!OASIS|Y\!Tunnel|yacy|YaDirectBot|Yahoo\-MMAudVid|YahooYSMcm|Yamm|Yand|yang|Yeti|Yoono|yori|Yotta|YTunnel|Zade|zagre|ZBot|Zeal|ZeBot|zerx|Zeus|ZIPCode|Zixy|zmao|Zyborg) BADENGINE
SetEnvIfNoCase User-Agent (cyberpatrol\.com|Macintosh\;\s+) !BADENGINE
#SetEnvIfNoCase Request_URI "robots\.txt" !BADENGINE

#BADFILE
SetEnvIfNoCase Request_URI "\/fp\-(.*)+" BADFILE
SetEnvIfNoCase Request_URI "css(.*)\.js" BADFILE
SetEnvIfNoCase Request_URI "(entry(.*)\.txt|categories\.dat|categories(.*)\.dat|index(.*)\.dat|css\.js|css(.*)\.js|panels\.prototypes\.php|core\.config\.php|core\.static\.php)" BADFILE

#BADCALL
SetEnvIfNoCase Request_URI (base64_encode.*\(.*\)|(\<|%3C).*script.*(\>|%3E)|(\<|%3C).*iframe.*(\>|%3E)|(;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).*|GLOBALS(=|\[|\%[0-9A-Z]{0,2})|_REQUEST(=|\[|\%[0-9A-Z]{0,2})) BADCALL
SetEnvIfNoCase Request_URI ([\+]{3,}|Result\:|\>|\<|\.inc|ftp\:|\.\$url|\/\$url|\/\$link|\/includes\/) BADCALL
SetEnvIfNoCase Request_URI (\/path\_to\_script\/|ImpEvData\.|head\_auth\.|db\_connect\.|check\_proxy\.|doeditconfig\.|submit\_links\.|change\_action\.|send\_reminders\.|comment\-template\.|syntax\_highlight\.|admin\_db\_utilities\.|admin\.webring\.docs\.|function\.main|function\.mkdir|function\.opendir|function\.require|function\.array\-rand|ref\.outcontrol)  BADCALL

#Someone trying to $_POST not from mydomain
#SetEnvIfNoCase Host (.*) this_host=$1
#SetEnvIfNoCase Request_Method (POST) BLOCKPOST

#Someone trying to put/delete something
#SetEnvIfNoCase Request_Method (PUT|DELETE) BLOCKPUT

#MAKE SOME TEST HERE
#SetEnvIfNoCase Request_Method "(POST)" BLOCKPOSTTEST
#SetEnvIfNoCase Request_URI "!(\/$|index\.php)" !BLOCKPOSTTEST


<LimitExcept CONNECT>
Order Allow,Deny
Allow from all
#Deny from env=BLOCKPOSTTEST
Deny from env=BLOCKPOST
Deny from env=BADCALL
Deny from env=BADFILE
Deny from env=BADGUESTBOOK
Deny from env=BADENGINE
Deny from env=BLOCKPUT

#deny_from_specific_ip_address_below
Deny from 66.225.201.*
Deny from 67.228.235.52
</LimitExcept>

 

@Zaenal

 

If you ever feel like developing this out to be an addon, see if there are any ideas in the code below that might help. This was something I was working on a while back but never really got finished playing with.

 


########## osC_Sec for HTACCESS Version 1.0 #################

Options +FollowSymlinks

# disable the server signature
ServerSignature Off

# set the server administrator email
SetEnv SERVER_ADMIN [email protected]

# disable directory browsing
Options All -Indexes

# prevent folder listing
IndexIgnore *

# ~~~~ START OF FILTERING ~~~~~ #

# secure htaccess and other files
<FilesMatch "\.(htaccess|htpasswd|ini|phps|log)$">
Order Allow,Deny
Deny from all
</FilesMatch>

<IfModule mod_rewrite.c>
RewriteEngine On

# server request method
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD|OPTIONS) [OR]

# osCommerce 2.2x
RewriteCond %{THE_REQUEST} ^.*\.php/login\.php.*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*login.php\?action\=backupnow.*$ [NC,OR]

# _REQUEST
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} %20HTTP/1. [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\./\.\.//?)+ [OR]
RewriteCond %{THE_REQUEST} (showimg=|cookies=|passwd) [NC,OR]
RewriteCond %{THE_REQUEST} (eval\%28|eval\%2528|eval\(|base64_(en|de)code[^(]*\([^)]*\)|base64_encode.*\(.*\)) [NC,OR]
RewriteCond %{THE_REQUEST} (JHs\=|replace\(|return\%20clk|boot\.ini|php\/password_for|announce\?info_hash) [NC,OR]
RewriteCond %{THE_REQUEST} (\,0x3a\,|unescape\(|fromcharcode|pwtoken_get|php_uname|passthru\() [NC,OR]
RewriteCond %{THE_REQUEST} (allow_url_fopen|\%23include\+\<|get_defined_vars\(|\%22\'\%2f|error_reporting\(0\)) [NC,OR]
RewriteCond %{THE_REQUEST} (fwrite\(|waitfor\%20delay|shell_exec|gzinflate\(|prompt\(|php_value\%20auto) [NC,OR]
RewriteCond %{THE_REQUEST} (file_get_contents\(|setcookie\() [NC,OR]
RewriteCond %{THE_REQUEST} (onmouseover|onmousedown|ct\(this) [NC,OR]
RewriteCond %{THE_REQUEST} (\_START\_|\=alert\(|mysql\_query|\.\.\/cmd|rush\=|EXTRACTVALUE\(|phpinfo\() [NC,OR]
RewriteCond %{THE_REQUEST} (ftp\:\/\/|1\=1\-\-|current\_user\(\)|\%3Cform|sha1\(|self\/environ|JHs\=) [NC,OR]
RewriteCond %{THE_REQUEST} (\<\%3Fphp|\%\%|1\+and\+1|\/iframe|\$\_GET|document\.cookie|onload\%3d|onunload\%3d) [NC,OR]
RewriteCond %{THE_REQUEST} (\%00|hex\_ent|ob\_starting|PHP\_SELF|etc\/passwd|shell\_exec|data\:\/\/|\$\_SERVER|\$\_POST) [NC,OR]
RewriteCond %{THE_REQUEST} (\/frameset|\$\_SESSION|\$\_REQUEST|\$HTTP\_|mosConfig\_|inurl\:|\/iframe|onload\=) [NC,OR]
RewriteCond %{THE_REQUEST} (\@\@datadir|\@\@version|version\(\)|localhost|\}\)\%3B|Set\-Cookie|\%253C\%2Fscript\%253E) [NC,OR]
RewriteCond %{THE_REQUEST} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

# http referer
RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]

# mysql related
RewriteCond %{THE_REQUEST} (null\,null|outfile|load_file) [NC,OR]
RewriteCond %{THE_REQUEST} \bunion\b([^s]*s)+elect [NC,OR]
RewriteCond %{THE_REQUEST} \bunion\b([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{THE_REQUEST} (\bdelete\b|\bupdate\b|\bcreate\b|\balter\b|\bdeclare\b|\border\b|\bscript\b|\bset\B) [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR]
RewriteCond %{THE_REQUEST} (/\*|union|select|insert|drop).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR]

# cookies
RewriteCond %{HTTP_COOKIE} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_COOKIE} (eval\%28|eval\%2528|eval\(|information_schema) [NC,OR]
RewriteCond %{HTTP_COOKIE} (null\,null|outfile) [NC,OR]
RewriteCond %{HTTP_COOKIE} \bunion\b([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{HTTP_COOKIE} (\bdelete\b|\bupdate\b|\bcreate\b|\balter\b|\bdeclare\b|\border\b|\bscript\b|\bset\B) [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR]
RewriteCond %{HTTP_COOKIE} (/\*|union|select|insert|drop).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR]

# misc
RewriteCond %{QUERY_STRING} PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 [NC]

RewriteRule ^(.*)$ - [F,L]
</IfModule>

# ~~~~ END OF FILTERING ~~~~~ #
# OPTIONAL EXTRAS
# Uncomment and use.
# If Error 500 encountered then comment out

# php_value session.use_trans_sid 0

# auto keep the config file read only
# chmod configure.php files 444

# turn off magic_quotes_gpc
# <ifmodule mod_php4.c>
# php_flag magic_quotes_gpc off
# </ifmodule>

########## osC_Sec for HTACCESS #################

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...