Blocking Bots via .htaccess

Quote

Post by Dhaupin » Thu Sep 11, 2014 10:41 am

Originally, this thread was about 1 bad bot. It has grown though, with massive hits. Lets use it as a general discussion for block, blacklist, ban, honeypots, and beyond. Any input you have, any first response, here is the place.


Original first post:
Checking logs this evening there is this unknown bot IP 62.219.8.239 that hit for 4000+ pages in like 15 minutes. Its from Israel which is rare/interesting. Judging by the other people leaving notes, it may be the fastest bot in the west, but probably some sorta ehhhhhhbot.

This isnt a good thing :) It may crash out your server if it hits when lots of people are on. It used 40 entry processes within 2 minutes from 1 IP. If your DB is not optimized, it will most likely make SQL "gone away" errors and whitepage real visitors. Since it offers nothing, giving ya'll a heads up to ban this thing.

Here is a sample of a 1 second range when it unleashed in the tarpit, it most likely spoofs user agents and/or runs like 20 spam platforms hah:

Code: Select all

@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.68 Safari/537.36 Memory: 1MB Time: 0.32 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (compatible) Memory: 1MB Time: 0.39 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/6.0 (compatible) Memory: 1MB Time: 0.42 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Memory: 1MB Time: 0.44 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36 Memory: 1MB Time: 0.55 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0 Memory: 1MB Time: 0.39 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16 Memory: 1MB Time: 0.36 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Memory: 1MB Time: 0.35 Sec

EDIT: Months later the same bot hit again. Same spoof user agents, same flood 82.80.249.168 and 82.80.249.153
Last edited by Dhaupin on Mon Nov 17, 2014 10:42 pm, edited 3 times in total.

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.

User avatar
Dhaupin
Active Member
Posts
835
Joined
Tue May 13, 2014 3:45 am
Location - PA
Top

Re: 62.219.8.239 - Ban The Fastest BadBot in The West

Quote

Post by imdevlper18 » Thu Sep 11, 2014 2:49 pm

Great info :)
Is this possible to block this bot. Which is the best place to block such bots ?

Opencart Extensions | Professional opencart support | Support Ticket | support@cartbinder.com

User avatar
imdevlper18
Active Member
Posts
858
Joined
Sun May 11, 2014 2:04 pm
Location - Mumbai, India
Top

Re: 62.219.8.239 - Ban The Fastest BadBot in The West

Quote

Post by Dhaupin » Fri Sep 12, 2014 3:07 am

imdevlper18 wrote:Great info :)
Is this possible to block this bot. Which is the best place to block such bots ?
You can block it in 3 ways:

1) You can go into your OC store (or other apps) and add the IP to banlists. In OC its under sales>customers>banned IP


2) You can add a rule to your htaccess to block IP(s). In the bottom of your HTaccess file, make a denied condition like:

Code: Select all

# custom denied lander
<Files 403.html>
order allow,deny
allow from all
</Files>
That will toss them to a 403.html forbidden page. Then add IPs you want to block below that spot like:

Code: Select all

deny from 62.219.8.239

3) If you have a VPS server and/or SSH access, and you have a firewall installed, you can block it there. For example in CentOS VPS most likely you will have APF firewall. The command looks like this:

Code: Select all

apf -d 62.219.8.239

PS: We just got hammered by PacketFlip proxies again, if anyone wants the list so far of their exit points (a few hundred IP's) to block them all. PacketFlip is still clean, havent seen any of their exits in any blacklists, so if they hit they may also fault your server.

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.

User avatar
Dhaupin
Active Member
Posts
835
Joined
Tue May 13, 2014 3:45 am
Location - PA
Top

Re: 62.219.8.239 - Ban The Fastest BadBot in The West

Quote

Post by victorj » Fri Sep 12, 2014 4:34 am

bad bots, email scrapers and chinese companier who collect info to sell you stock and all oter sort of shit are a pain in the well you know.

i decided to block it all using .htaccess here is my deny list, cetainly saves a lot off processor tiem bandwith and headaches

Code: Select all

deny from 212.113.
deny from 213.186.
deny from 211.154.213.122
deny from 31.184.244.100
deny from 85.25.226.150 - 85.25.226.160
deny from 62.141.58.32
deny from 94.102.51.246
deny from 116.254.203.24
deny from 88.191.88.155
deny from 182.118
deny from 101.226
deny from 5.9.159.242
deny from 85.110.14.64
deny from 31.131.75.
deny from 37.112.230.
deny from 37.139.52.23
deny from 38.98.120.
deny from 46.118.
deny from 46.119.
deny from 46.188.
deny from 49.72.
deny from 65.46.75.190
deny from 67.152.29.130
deny from 75.125.151.242
deny from 77.75.77.
deny from 77.78.104.
deny from 80.80.154.
deny from 82.94.179.40
deny from 82.199.102.38
deny from 84.193.143.186
deny from 89.108.102.171
deny from 109.120.157.179
deny from 91.201.64.
deny from 91.207.4.
deny from 91.223.75.
deny from 92.249.127.
deny from 93.159.230.
deny from 94.153.64.
deny from 94.181.240.
deny from 109.74.51.83
deny from 114.218.
deny from 117.26.119.
deny from 117.82.
deny from 119.63.
deny from 119.235.
deny from 120.37.
deny from 173.199.114.
deny from 175.42.
deny from 176.8.91.
deny from 176.49.102.
deny from 178.137.
deny from 178.172.181.
deny from 180.76.5.195
deny from 188.190.127.
deny from 192.162.19.
deny from 193.41.185.
deny from 193.106.136.
deny from 195.242.218.
deny from 208.115.111.247
deny from 209.51.162.
deny from 213.110.133.
deny from 217.69.133.67
deny from 221.194.
deny from 88.238.61.157
deny from 109.72.82.51
deny from 166.78.136.251
deny from 41.66.193.149
deny from 77.222.61.77
deny from 91.219.194.14
deny from 208.93.238.166
deny from 88.198.112.21
deny from 210.89.62.198
deny from 101.71.21.1
deny from 188.165.198.63
deny from 198.143.130.9
deny from 193.107.17.99
deny from 94.101.98.34
deny from 192.99.147.201

# China IP Address Blocks
deny from 58.14.0.0/15 58.16.0.0/13 58.24.0.0/15 58.30.0.0/15 58.32.0.0/11 58.66.0.0/15 58.68.128.0/17 58.82.0.0/15 58.87.64.0/18 58.99.128.0/17 58.100.0.0/15 58.116.0.0/14 58.128.0.0/13 58.144.0.0/16 58.154.0.0/15 58.192.0.0/11 58.240.0.0/12
deny from 59.32.0.0/11 59.64.0.0/13 59.72.0.0/15 59.77.0.0/16 59.78.0.0/15 59.80.0.0/14 59.107.0.0/16 59.108.0.0/14 59.151.0.0/17 59.155.0.0/16 59.172.0.0/14 59.191.0.0/16 59.192.0.0/10
deny from 60.0.0.0/11 60.55.0.0/16 60.63.0.0/16 60.160.0.0/11 60.194.0.0/15 60.200.0.0/13 60.208.0.0/12 60.232.0.0/15 60.235.0.0/16 60.245.128.0/17 60.247.0.0/16 60.252.0.0/16 60.253.128.0/17 60.255.0.0/16
deny from 61.4.80.0/20 61.4.176.0/20 61.8.160.0/20 61.28.0.0/17 61.29.128.0/17 61.45.128.0/18 61.47.128.0/18 61.48.0.0/13 61.87.192.0/18 61.128.0.0/10 61.232.0.0/14 61.236.0.0/15 61.240.0.0/14
deny from 116.1.0.0/16 116.2.0.0/15 116.4.0.0/14 116.8.0.0/14 116.13.0.0/16 116.16.0.0/12 116.52.0.0/14 116.56.0.0/15 116.58.128.0/20 116.58.208.0/20 116.60.0.0/14 116.66.0.0/17 116.69.0.0/16 116.70.0.0/17 116.76.0.0/14 116.89.144.0/20 116.90.184.0/21 116.95.0.0/16 116.112.0.0/14 116.116.0.0/15 116.128.0.0/10 116.192.0.0/16 116.193.16.0/20 116.193.32.0/19 116.194.0.0/15 116.196.0.0/16
deny from 116.198.0.0/16 116.199.0.0/17 116.199.128.0/19 116.204.0.0/15 116.207.0.0/16 116.208.0.0/14 116.212.160.0/20 116.213.64.0/18 116.213.128.0/17 116.214.32.0/19 116.214.64.0/20 116.214.128.0/17 116.215.0.0/16 116.216.0.0/14 116.224.0.0/12 116.242.0.0/15 116.244.0.0/14 116.248.0.0/15 116.252.0.0/15 116.254.128.0/17 116.255.128.0/17
deny from 117.8.0.0/13 117.21.0.0/16 117.22.0.0/15 117.24.0.0/13 117.32.0.0/13 117.40.0.0/14 117.44.0.0/15 117.48.0.0/14 117.53.176.0/20 117.57.0.0/16 117.58.0.0/17 117.59.0.0/16 117.60.0.0/14 117.64.0.0/13 117.72.0.0/15 117.74.64.0/20 117.74.128.0/17 117.75.0.0/16 117.76.0.0/14 117.80.0.0/12 117.100.0.0/15 117.103.16.0/20 117.103.128.0/20 117.106.0.0/15 117.112.0.0/13 117.120.64.0/18 117.120.128.0/17 117.121.0.0/17 117.121.128.0/18 117.121.192.0/21 117.122.128.0/17 117.124.0.0/14 117.128.0.0/10
deny from 118.24.0.0/13 118.64.0.0/15 118.66.0.0/16 118.67.112.0/20 118.72.0.0/13 118.80.0.0/15 118.84.0.0/15 118.88.32.0/19 118.88.64.0/18 118.88.128.0/17 118.89.0.0/16 118.91.240.0/20 118.102.16.0/20 118.112.0.0/13 118.120.0.0/14 118.124.0.0/15 118.126.0.0/16 118.132.0.0/14 118.144.0.0/14 118.178.0.0/16 118.180.0.0/14 118.184.0.0/13 118.192.0.0/12 118.212.0.0/15 118.224.0.0/14 118.228.0.0/15 118.230.0.0/16 118.239.0.0/16 118.242.0.0/16 118.244.0.0/14 118.248.0.0/13
deny from 119.0.0.0/15
deny from 121.0.16.0/20 121.4.0.0/15 121.8.0.0/13 121.16.0.0/12 121.32.0.0/13 121.40.0.0/14 121.46.0.0/15 121.48.0.0/15 121.51.0.0/16 121.52.160.0/19 121.52.208.0/20 121.52.224.0/19 121.55.0.0/18 121.56.0.0/15 121.58.0.0/17 121.58.144.0/20 121.59.0.0/16 121.60.0.0/14 121.68.0.0/14 121.76.0.0/15 121.79.128.0/18 121.89.0.0/16 121.100.128.0/17 121.192.0.0/13 121.201.0.0/16 121.204.0.0/14 121.224.0.0/12 121.248.0.0/14 121.255.0.0/16
deny from 122.0.64.0/18 122.0.128.0/17 122.4.0.0/14 122.8.0.0/13 122.48.0.0/16 122.49.0.0/18 122.51.0.0/16 122.64.0.0/11 122.96.0.0/15 122.102.0.0/20 122.102.64.0/19 122.112.0.0/14 122.119.0.0/16 122.136.0.0/13 122.144.128.0/17 122.156.0.0/14 122.192.0.0/14 122.198.0.0/16 122.200.64.0/18 122.204.0.0/14 122.224.0.0/12 122.240.0.0/13 122.248.48.0/20
deny from 123.0.128.0/18 123.4.0.0/14 123.8.0.0/13 123.49.128.0/17 123.52.0.0/14 123.56.0.0/13 123.64.0.0/11 123.96.0.0/15 123.98.0.0/17 123.99.128.0/17 123.100.0.0/19 123.101.0.0/16 123.103.0.0/17 123.108.128.0/20 123.108.208.0/20 123.112.0.0/12 123.128.0.0/13 123.136.80.0/20 123.137.0.0/16 123.138.0.0/15 123.144.0.0/12 123.160.0.0/12 123.176.80.0/20 123.177.0.0/16 123.178.0.0/15 123.180.0.0/14 123.184.0.0/13 123.196.0.0/15 123.199.128.0/17 123.232.0.0/14 123.244.0.0/14 123.249.0.0/16 123.253.0.0/16
deny from 124.6.64.0/18 124.14.0.0/15 124.16.0.0/15 124.20.0.0/14 124.28.192.0/18 124.29.0.0/17 124.31.0.0/16 124.40.112.0/20 124.40.128.0/18 124.42.0.0/16 124.47.0.0/18 124.64.0.0/15 124.66.0.0/17 124.67.0.0/16 124.68.0.0/14 124.72.0.0/13 124.88.0.0/13 124.108.8.0/21 124.108.40.0/21 124.112.0.0/13 124.126.0.0/15 124.128.0.0/13 124.147.128.0/17 124.156.0.0/16 124.160.0.0/13 124.172.0.0/14 124.192.0.0/15 124.196.0.0/16 124.200.0.0/13 124.220.0.0/14 124.224.0.0/12 124.240.0.0/17 124.242.0.0/16 124.243.192.0/18 124.248.0.0/17 124.249.0.0/16 124.250.0.0/15 124.254.0.0/18
deny from 125.31.192.0/18 125.32.0.0/12 125.58.128.0/17 125.61.128.0/17 125.62.0.0/18 125.64.0.0/11 125.96.0.0/15 125.98.0.0/16 125.104.0.0/13 125.112.0.0/12 125.169.0.0/16 125.171.0.0/16 125.208.0.0/18 125.210.0.0/15 125.213.0.0/17 125.214.96.0/19 125.215.0.0/18 125.216.0.0/13 125.254.128.0/17
deny from 134.196.0.0/16
deny from 159.226.0.0/16
deny from 161.207.0.0/16
deny from 162.105.0.0/16
deny from 166.111.0.0/16
deny from 167.139.0.0/16
deny from 168.160.0.0/16
deny from 192.83.122.0/24 192.124.154.0/24 192.188.170.0/24
deny from 198.17.7.0/24 198.97.132.0/24
deny from 202.0.110.0/24 202.0.160.0/20 202.0.176.0/22 202.4.128.0/19 202.4.252.0/22 202.8.128.0/19 202.10.64.0/20 202.14.88.0/24 202.14.235.0/24 202.14.236.0/23 202.14.238.0/24 202.20.120.0/24 202.22.248.0/21 202.38.0.0/20 202.38.64.0/18 202.38.128.0/21 202.38.136.0/23 202.38.138.0/24 202.38.140.0/22 202.38.144.0/22 202.38.149.0/24 202.38.150.0/23 202.38.152.0/22 202.38.156.0/24 202.38.158.0/23 202.38.160.0/23 202.38.164.0/22 202.38.168.0/21 202.38.176.0/23 202.38.184.0/21 202.38.192.0/18 202.41.152.0/21 202.41.240.0/20 202.46.32.0/19 202.46.224.0/20
deny from 202.60.112.0/20 202.69.4.0/22 202.69.16.0/20 202.70.0.0/19 202.74.8.0/21 202.75.208.0/20 202.85.208.0/20 202.90.0.0/22 202.90.224.0/20 202.90.252.0/22 202.91.0.0/22 202.91.128.0/22 202.91.176.0/20 202.91.224.0/19 202.92.0.0/22 202.92.252.0/22 202.93.0.0/22 202.93.252.0/22 202.94.0.0/19 202.95.0.0/19 202.95.252.0/22 202.96.0.0/12
deny from 202.112.0.0/13 202.120.0.0/15 202.122.0.0/19 202.122.32.0/21 202.122.64.0/19 202.122.112.0/21 202.122.128.0/24 202.123.96.0/20 202.124.24.0/21 202.125.176.0/20 202.127.0.0/18 202.127.112.0/20 202.127.128.0/19 202.127.160.0/21 202.127.192.0/18 202.130.0.0/19 202.130.224.0/19 202.131.16.0/21 202.131.48.0/20 202.131.208.0/20 202.136.48.0/20 202.136.208.0/20 202.136.224.0/20 202.141.160.0/19 202.142.16.0/20 202.143.16.0/20 202.148.96.0/19 202.149.160.0/20 202.149.224.0/19
deny from 202.150.16.0/20 202.152.176.0/20 202.153.48.0/20 202.158.160.0/19 202.160.176.0/20 202.164.0.0/20 202.164.25.0/24 202.165.96.0/21 202.165.176.0/20 202.165.208.0/20 202.168.160.0/19 202.170.128.0/19 202.170.216.0/21 202.173.8.0/21 202.173.224.0/19 202.179.240.0/20 202.180.128.0/19 202.181.112.0/20 202.189.80.0/20 202.192.0.0/12
deny from 203.18.50.0/24 203.79.0.0/20 203.80.144.0/20 203.81.16.0/20 203.83.56.0/21 203.86.0.0/18 203.86.64.0/19 203.88.0.0/22 203.88.32.0/19 203.88.192.0/19 203.89.0.0/22 203.90.0.0/22 203.90.128.0/18 203.90.192.0/19 203.91.32.0/19 203.91.96.0/20 203.91.120.0/21 203.92.0.0/22 203.92.160.0/19 203.93.0.0/16 203.94.0.0/18 203.95.0.0/21 203.95.96.0/19 203.99.16.0/20 203.99.80.0/20
deny from 203.100.32.0/20 203.100.80.0/20 203.100.96.0/19 203.100.192.0/20 203.110.160.0/19 203.118.192.0/19 203.119.24.0/21 203.119.32.0/22 203.128.32.0/19 203.128.96.0/19 203.128.128.0/19 203.130.32.0/19 203.132.32.0/19 203.134.240.0/21 203.135.96.0/19 203.135.160.0/20 203.148.0.0/18 203.152.64.0/19 203.156.192.0/18 203.158.16.0/21 203.161.192.0/19 203.166.160.0/19 203.171.224.0/20 203.174.7.0/24 203.174.96.0/19 203.175.128.0/19 203.175.192.0/18 203.176.168.0/21 203.184.80.0/20 203.187.160.0/19 203.190.96.0/20 203.191.16.0/20 203.191.64.0/18 203.191.144.0/20 203.192.0.0/19 203.196.0.0/22
deny from 203.207.64.0/18 203.207.128.0/17 203.208.0.0/20 203.208.16.0/22 203.208.32.0/19 203.209.224.0/19 203.212.0.0/20 203.212.80.0/20 203.222.192.0/20 203.223.0.0/20
deny from 210.2.0.0/19 210.5.0.0/19 210.5.32.0/20 210.5.144.0/20 210.12.0.0/15 210.14.64.0/19 210.14.112.0/20 210.14.128.0/17 210.15.0.0/17 210.15.128.0/18 210.16.128.0/18 210.21.0.0/16 210.22.0.0/16 210.23.32.0/19 210.25.0.0/16 210.26.0.0/15 210.28.0.0/14 210.32.0.0/12 210.51.0.0/16 210.52.0.0/15 210.56.192.0/19 210.72.0.0/14 210.76.0.0/15 210.78.0.0/16 210.79.64.0/18 210.79.224.0/19 210.82.0.0/15 210.87.128.0/18 210.185.192.0/18 210.192.96.0/19
deny from 211.64.0.0/13 211.80.0.0/12 211.96.0.0/13 211.136.0.0/13 211.144.0.0/12 211.160.0.0/13
deny from 218.0.0.0/11 218.56.0.0/13 218.64.0.0/11 218.96.0.0/14 218.104.0.0/14 218.108.0.0/15 218.192.0.0/12 218.240.0.0/13 218.249.0.0/16
deny from 219.72.0.0/16 219.82.0.0/16 219.128.0.0/11 219.216.0.0/13 219.224.0.0/12 219.242.0.0/15 219.244.0.0/14
deny from 220.101.192.0/18 220.112.0.0/14 220.152.128.0/17 220.154.0.0/15 220.160.0.0/11 220.192.0.0/12 220.231.0.0/18 220.231.128.0/17 220.232.64.0/18 220.234.0.0/16 220.242.0.0/15 220.248.0.0/14
deny from 221.0.0.0/13 221.8.0.0/14 221.12.0.0/17 221.12.128.0/18 221.13.0.0/16 221.14.0.0/15 221.122.0.0/15 221.129.0.0/16 221.130.0.0/15 221.133.224.0/19 221.136.0.0/15 221.172.0.0/14 221.176.0.0/13 221.192.0.0/14 221.196.0.0/15 221.198.0.0/16 221.199.0.0/17 221.199.128.0/18 221.199.192.0/20 221.199.224.0/19 221.200.0.0/13 221.208.0.0/12 221.224.0.0/12
deny from 222.16.0.0/12 222.32.0.0/11 222.64.0.0/11 222.125.0.0/16 222.126.128.0/17 222.128.0.0/12 222.160.0.0/14 222.168.0.0/13 222.176.0.0/12 222.192.0.0/11 222.240.0.0/13 222.248.0.0/16 222.249.0.0/17 222.249.128.0/18 222.249.192.0/19 222.249.224.0/20 222.249.240.0/21 222.249.248.0/23
# Korea IP addresses follow:
deny from 58.72.0.0/13 58.239.0.0/16 58.140.0.0/14 59.0.0.0/11 59.186.0.0/15 61.248.0.0/13 121.128.0.0/10 122.99.128.0/17 124.50.87.161 125.128.0.0/11 125.176.0.0/12 143.248.0.0/16 211.41.224.0/19 211.104.0.0/13 211.112.0.0/13 211.211.36.0/23 218.144.138.0/26 219.240.0.0/15 219.248.0.0/13 221.128.0.0/12 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24
# Malaysia
deny from 60.48.0.0/13 202.71.102.0/24 203.223.128.0/19
# Thailand
deny from 58.137.13.0/24 203.113.13.0/24 203.144.144.0/24 203.149.0.0/18 203.155.0.0/16
# Vietnam
deny from 58.187.112.0/20 125.234.0.0/15 203.113.128.0/18

# Get up-to-date list from http://www.wizcrafts.net/nigerian-blocklist.html
# Nigeria IP Address Blocks
deny from 12.166.96.32/27 41.202.0.0/17 41.202.128.0/19 41.204.0.0/17 41.204.128.0/18 41.204.224.0/19 41.205.160.0/19 41.207.0.0/19 41.207.192.0/19 41.208.128.0/18 41.210.0.0/18 41.211.192.0/18 41.219.192.0/18 41.220.0.0/16 41.222.24.0/21 41.222.40.0/21 41.222.64.0/21 41.223.24.0/22 41.223.248.0/22 41.248.0.0/16 41.250.0.0/16 61.11.230.112/29 62.56.128.0/17 62.56.235.0/24 62.56.236.0/24 62.56.244.0/22 62.56.248.0/24 62.128.160.0/20 62.173.32.0/19 62.192.128.0/19 62.192.140.250 62.193.160.0/19
deny from 63.70.178.0/24 63.73.58.0/24 63.100.193.0/24 63.103.138.0/24 63.103.139.64/26 63.103.140.0/22 63.109.245.168/29 63.109.248.128/25 63.122.154.0/24 64.14.48.128/26 62.24.96.0/19 64.86.155.0/24 64.86.210.0/23 64.110.30.0/24 64.110.31.0/24 64.110.64.16/28 64.110.76.0/23 64.110.81.0/24 64.110.93.16/28 64.110.93.176/28 64.110.147.0/24 64.201.33.0/24 65.209.91.0/24 65.209.92.0/24 66.18.64.0/19 66.110.31.0/24 66.178.0.0/17 66.199.241.82 66.205.20.0/24 77.220.0.0/20
deny from 80.78.16.168/29 80.78.16.176/28 80.78.16.192/28 80.78.17.0/24 80.78.18.88/29 80.78.18.96/27 80.78.18.128/29 80.87.64.0/19 80.88.128.0/20 80.88.129.0/24 80.88.130.0/24 80.88.131.0/24 80.88.132.0/26 80.88.132.64/27 80.88.132.104/29 80.88.132.128/26 80.88.132.192/27 80.88.132.224/28 80.88.132.240/29 80.88.133.0/25 80.88.134.0/26 80.88.134.64/29 80.88.135.0/24 80.88.136.0/24 80.88.137.0/24 80.88.138.0/25 80.88.138.128/26 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28
deny from 80.88.140.0/24 80.88.141.0/25 80.88.141.128/27 80.88.142.0/24 80.88.143.128/24 80.88.144.0/23 80.88.146.0/24 80.88.147.0/24 80.88.148.0/24 80.88.149.0/25 80.88.149.128/26 80.88.149.192/28 80.88.150.0/24 80.88.151.0/24 80.88.152.0/24 80.88.153.0/24 80.88.154.32/27 80.88.154.72/29 80.88.154.80/29 80.88.154.96/28 80.88.155.0/25 80.88.155.128/27 80.88.155.160/29 80.89.176.0/24
deny from 80.179.102.0/24 80.179.107.64/27 80.179.107.224/29 80.179.128.0/17 80.231.4.0/23 80.240.192.0/20 80.247.136.0/24 80.247.137.0/24 80.247.141.32/27 80.247.141.64/26 80.247.141.128/25 80.247.142.0/24 80.247.147.16/28 80.247.147.32/29 80.247.147.64/27 80.247.147.96/28 80.247.151.0/24 80.247.153.0/24 80.247.156.0/26 80.247.156.128/28 80.247.157.0/24 80.247.159.0/24 80.248.0.0/20 80.248.64.0/23 80.248.70.0/20 80.248.64.0/20 80.250.32.0/20
deny from 80.255.40.48/28 80.255.40.96/29 80.255.40.112/28 80.255.40.128/28 80.255.40.192/28 80.255.40.224/27 80.255.40.240/28 80.255.43.0/24 80.255.46.0/29 80.255.46.16/28 80.255.46.64/29 80.255.58.160/27 80.255.58.192/26 80.255.59.19 80.255.59.0/24
deny from 81.18.32.0/20 81.18.40.0/24 81.18.42.0/24 81.23.194.0/27 81.23.194.64/27 81.23.194.128/25 81.23.195.0/24 81.23.196.0/25 81.23.196.128/29 81.23.200.0/21 81.24.0.0/20 81.91.224.0/20 81.199.0.0/16 81.199.6.0/24 81.199.7.0/24 81.199.48.0/20 81.199.72.0/22 81.199.76.0/24 81.199.82.0/23 81.199.84.0/22 81.199.84.0/24 81.199.85.0/24 81.199.86.0/24 81.199.87.0/24 81.199.88.0/24 81.199.89.0/24 81.199.90.0/24 81.199.94.0/23 81.199.108.0/22 81.199.124.0/22 81.199.172.160/27 81.199.240.0/21 82.128.0.0/17 82.205.242.0/23
deny from 83.137.61.0/24 83.138.167.40/29 83.229.0.0/17 84.254.188.3 84.254.128.0/18 155.239.0.0/16 192.116.64.0/18 192.116.128.0/18 192.116.152.0/21 193.110.2.0/23 193.189.0.0/18 193.189.64.0/23 193.189.128.0/24 193.194.64.0/19 193.219.192.0/18 193.220.0.0/16 193.220.26.0/24 193.220.30.0/26 193.220.30.64/27 193.220.31.0/26 193.220.31.64/27 193.220.45.0/25 193.220.47.0/25 193.220.77.0/26 193.220.187.0/26 193.220.187.128/27
deny from 195.8.22.0/24 195.24.192.0/19 195.44.168.0/21 195.44.176.0/21 195.137.13.0/24 195.137.14.0/24 195.166.224.0/19 195.219.176.0/24 195.225.62.0/23 195.245.108.0/23 196.0.0.0/9 196.128.0.0/10 196.192.0.0/12 196.220.0.0/19 198.54.0.0/16
deny from 204.118.170.0/24 208.70.0.0/21 208.78.56.0/21 209.88.163.0/24 209.101.84.0/24 209.159.160.0/20 209.198.240.0/23 209.198.242.16/28 209.198.242.96/29 209.198.242.104/30 209.198.242.108/31 209.198.242.128/27 209.198.246.240/28 212.49.64.0/19 212.60.64.0/19 212.85.192.0/19 212.96.0.0/19 212.100.64.0/19 212.165.128.0/17 212.165.132.64/27 212.165.135.0/24 212.165.140.16/29 212.165.140.64/26 212.165.140.128/25 212.165.141.0/24 212.165.147.0/26 212.165.147.128/26 212.165.183.0/24 212.199.108.0/24 212.199.251.0/24 212.247.93.0/24
deny from 213.136.96.0/19 213.140.62.0/23 213.150.192.0/23 213.154.64.0/19 213.166.160.0/19 213.181.64.0/19 213.185.96.0/21 213.185.106.0/24 213.185.112.0/24 213.185.113.0/26 213.185.113.64/27 213.185.113.96/27 213.185.118.192/26 213.185.124.0/24 213.187.135.0/24 213.187.145.0/24 213.211.128.0/18 213.211.188.0/24 213.232.96.0/24 213.255.193.0/24 213.255.194.0/24 213.255.195.0/24 213.255.198.0/24 213.255.199.0/24
deny from 216.72.104.0/21 216.74.187.0/24 216.118.252.0/24 216.118.253.0/24 216.129.147.128/28 216.129.159.0/24 216.133.174.0/24 216.139.160.0/19 216.139.176.136/29 216.147.132.144/28 216.147.132.160/28 216.147.134.0/24 216.147.159.0/24 216.185.79.0/24 216.236.200.96/28 216.236.202.96/28 216.236.205.0/24 216.236.222.128/26 216.250.195.0/27 216.250.195.64/26 216.250.221.0/24 216.250.222.0/24 216.252.176.0/24 216.252.177.0/24 216.252.231.0/25 216.252.245.0/24
deny from 217.10.163.128/26 217.10.163.192/27 217.10.163.224/27 217.10.166.0/26 217.10.166.64/28 217.10.169.0/24 217.10.170.0/24 217.10.171.0/24 217.10.173.0/26 217.10.182.0/27 217.10.184.0/24 217.14.80.0/20 217.15.124.0/25 217.20.240.0/20 217.20.241.0/25 217.20.241.128/29 217.20.241.136/29 217.20.241.144/28 217.20.241.160/29 217.20.241.168/29 217.20.241.176/29 217.20.241.184/29 217.20.241.192/29 217.20.241.200/29 217.20.241.208/29 217.20.242.0/24 217.20.243.16/28 217.20.243.32/27 217.78.64.0/20
deny from 217.117.0.0/20 217.146.3.144/28 217.146.3.160/28 217.146.3.176/29 217.146.3.224/27 217.146.4.64/26 217.146.5.0/24 217.146.6.0/25 217.146.6.160/27 217.146.7.0/24 217.146.8.0/25 217.146.9.0/24 217.146.10.128/25 217.146.11.0/25 217.146.12.0/24 217.146.13.0/24 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.168.112.0/20 217.194.140.0/22 217.194.144.0/20 217.199.144.0/20 217.212.242.0/23

# Get up-to-date list from http://www.wizcrafts.net/russian-blocklist.html
# Russia and Ukraine and Bulgaria and Romania and Latvia and Estonia
deny from 77.120.0.0/14
deny from 78.106.0.0/15
deny from 79.120.0.0/17
deny from 80.73.64.0/21 80.85.176.0/20
deny from 81.19.64.0/19 81.95.144.0/20 81.176.0.0/15
deny from 82.76.0.0/14 82.103.64.0/18 82.138.6.128/25 82.144.192.0/19 82.151.112.0/21 82.160.203.0/24
deny from 83.219.129.0/24 83.237.0.0/16
deny from 85.14.35.0/24 85.112.112.0/20 85.140.0.0/15 85.142.0.0/15 85.192.60.0/23 85.249.128.0/19 85.255.112.0/20
deny from 86.127.19.0/24
deny from 87.99.64.0/19 87.103.192.0/20 87.120.16.0/20 87.242.116.0/23
deny from 89.122.0.0/16 89.37.144.0/21 89.111.176.0/20 89.175.0.0/16 89.178.0.0/15 89.190.224.0/19
deny from 91.76.0.0/14 91.124.0.0/16
deny from 141.85.0.0/16
deny from 192.129.3.0/24
deny from 193.39.113.0/24 193.47.166.0/24 193.178.144.0/22
deny from 194.44.36.0/24 194.186.0.0/16
deny from 195.28.32.0/19 195.34.224.0/19 195.95.218.0/23 195.5.116.0/23 195.137.200.0/23 195.138.198.0/24 195.189.246.0/23 195.208.0.0/15 195.225.176.0/22 195.239.0.0/16 195.242.98.0/23 195.244.128.128/25 195.245.112.0/23
deny from 212.24.32.0/19 212.58.192.0/19 212.158.160.0/20
deny from 213.91.128.0/17 213.140.96.0/19 213.154.192.0/19 213.242.12.0/22 213.248.48.0/20
deny from 217.12.240.0/20 217.16.16.0/20 217.77.208.0/20 217.174.96.0/20

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

User avatar
victorj
Expert Member
Posts
4299
Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland
Top

Re: 62.219.8.239 - Ban The Fastest BadBot in The West

Quote

Post by Dhaupin » Fri Sep 12, 2014 4:55 am

Cool, thanks for sharing your IP's, added them to our list too. We tried blocking all China and Ukraine too recently. Makes 1 less session every 15-30 seconds. Doesnt seem like alot, but thats hundreds or thousands of bad sessions blocked a day :)

I want to figure out how to block by ASN so certain hosts like OVH can be blocked easily too. They are heavy spammers with est 60% of their IP pool are bad bots/spam/scam. Anyone know how to get all IP's from a host, or how to block by host ASN?

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.

User avatar
Dhaupin
Active Member
Posts
835
Joined
Tue May 13, 2014 3:45 am
Location - PA
Top

Re: 62.219.8.239 - Ban The Fastest BadBot in The West

Quote

Post by victorj » Fri Sep 12, 2014 5:29 am

loads of bad ip s are listed here

http://www.wizcrafts.net

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

User avatar
victorj
Expert Member
Posts
4299
Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland
Top

Re: 62.219.8.239 - Ban The Fastest BadBot in The West

Quote

Post by Dhaupin » Fri Sep 12, 2014 6:02 am

victorj wrote:loads of bad ip s are listed here http://www.wizcrafts.net
Ah cool, how up to date is that? Ive seen that before but the site looked kinda dated so didnt wanna add them (in case they were re-allocated).

We usually use SFS 180 day IP CSV: http://www.stopforumspam.com/downloads/ If they fall off the CSV, they get unbanned until their next offense puts em back in. You can regex it into a HTACCESS list with notepad++.

They dont allow you to use their API as a firewall so this is the alternate. If you set up a register plugin or tarpit to submit back its sorta real time. There is a way to set up APF to auto sync with SFS 180 day using include filters but its quite deep, alot of hosts wont know what youre speaking of and due to support liability wont help much :) One host that does do it by default is rackspace

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.

User avatar
Dhaupin
Active Member
Posts
835
Joined
Tue May 13, 2014 3:45 am
Location - PA
Top

Re: 62.219.8.239 - Ban The Fastest BadBot in The West

Quote

Post by kimbo » Sat Sep 13, 2014 12:24 am

Dhaupin wrote:
imdevlper18 wrote:Great info :)
Is this possible to block this bot. Which is the best place to block such bots ?

2) You can add a rule to your htaccess to block IP(s). In the bottom of your HTaccess file, make a denied condition like:

Code: Select all

# custom denied lander
<Files 403.html>
order allow,deny
allow from all
</Files>
That will toss them to a 403.html forbidden page. Then add IPs you want to block below that spot like:

Code: Select all

deny from 62.219.8.239
Thanks a lot for posting this, I used your solution.

kimbo
The Chloelina All Natural Soap Co.
chloelina.com

kimbo
Active Member
Posts
113
Joined
Thu Aug 29, 2013 10:02 pm
Top

Re: Blocking Bots via .htaccess

Quote

Post by k2tec » Sat Sep 13, 2014 1:23 am

Here is a github https://github.com/bluedragonz/bad-bot- ... /.htaccess
User avatar
k2tec
Active Member
Posts
1172
Joined
Mon Apr 12, 2010 8:06 pm
Top

Re: Blocking Bots via .htaccess

Quote

Post by keyz » Wed Sep 24, 2014 3:45 pm

Where to place the ".htaccess" file ? in Root "/" or my "/shop" dir since I found those dir already has .htaccess file.
keyz
Newbie
Posts
16
Joined
Wed Mar 27, 2013 8:38 am
Top

Re: Blocking Bots via .htaccess

Quote

Post by OSWorX » Wed Sep 24, 2014 3:55 pm

keyz wrote:Where to place the ".htaccess" file ? in Root "/" or my "/shop" dir since I found those dir already has .htaccess file.
Generally each folder can contain a .htaccess.
In that specific case the one in the root is mentioned.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.

User avatar
OSWorX
Guru Member
Posts
7532
Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Top

Re: 62.219.8.239 - Ban The Fastest BadBot in The West

Quote

Post by IP_CAM » Thu Sep 25, 2014 7:20 am

victorj wrote:deny from 85.25.226.150 - 85.25.226.160
not so sure, if this works on all servers.

Enclosed a file, used on my EveryAuction Site, and updated, whenever a new incident occurred.
Some could be blocked by >deny from<, others, it did not work, so, I had to redirect 'em,
to reach 'results', and this href-command sent 'em nowhere!
RewriteRule /*$ http://you.came-in-the-wrong.way [L,R]

Ernie
openshop.li

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.

User avatar
IP_CAM
Legendary Member
Posts
13012
Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Top

Re: Blocking Bots via .htaccess

Quote

Post by Dhaupin » Thu Sep 25, 2014 10:55 am

@IP_CAM thanks man that is a sweet list, really encompassing.

Can i ask why you commented out #RewriteCond %{QUERY_STRING} on line #3594? Never used that directive before in htaccess, is it liability or something?

Also sites like seobook, semrush, etc use 400+ subdomains as referrer, whats the best way to wildcard subdomain RewriteCond %{HTTP_REFERER}? Seen like 4 ways to do it, what is the fastest/cleanest in your opinion?

Thanks

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.

User avatar
Dhaupin
Active Member
Posts
835
Joined
Tue May 13, 2014 3:45 am
Location - PA
Top

Re: Blocking Bots via .htaccess

Quote

Post by IP_CAM » Mon Sep 29, 2014 7:01 am

Dhaupin wrote:@IP_CAM thanks man that is a sweet list, really encompassing.
Can i ask why you commented out #RewriteCond %{QUERY_STRING} on line #3594? Never used that directive before in htaccess, is it liability or something? Seen like 4 ways to do it, what is the fastest/cleanest in your opinion?
Thanks
This Filter-Line probably comes from a hacker freak, a member of our (former) auction forum, we used a rather primitively built 'form_data' contruction as, kind of, Main Command-Center/Link-Builder, for our Software, It was the time, when those RogueSpace (to, i.E. produce visually empty spaces between Characters, not definded by !common! values) JavaScript-Hacks, where popular. I assume, this one prevented certain JS Tags to be USED as such, even, if successfully been placed by user input, in order to avoid Script Commands to execute, if called, wich way ever. But I forgot, it's 10 Years since, and I never was REGEX Pro either, in contrary...

Code: Select all

my ($temp,$buffer,@data,$key,$check,%checks,$RogueSpace);
above some 'form_data' Declaration Goodies...
---
I just took an old htaccess-file, I don't even know, wich one. There are some duplicate IP's in the htaccess, I tried different ways to keep some fellows out, so, if the top first didn't work, I added another way of block or reroute attempt, usually not deleting the former entry. The obviously best way was to reroute 'em to lasvegas.com, until I found out, that every other error-task rerouted my 'legal' visitors to las Vegas as well, some of My GOOGLE-Links where directed to the other Site, without any CLEAR error-message in the Log, the only ones, I checked for a while...I never got anything back fom Las Vegas in return either, for sending them the guys.

The best thing to do would be to know exactly, how the Server htaccess is set by default, what works on one server, is of limited or no use on another one, the same setup possibly even kill's it. This makes it difficult to design a basic, but best possible matching version. It's a trail and error thing.

You all have a good week

Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.

User avatar
IP_CAM
Legendary Member
Posts
13012
Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Top

Re: Blocking Bots via .htaccess

Quote

Post by Dhaupin » Tue Oct 21, 2014 10:30 am

Its a cool thought man, and it sounds like you have been in the game for awhile. Any other progressions in yas botfight? Any IP's worth noting?


On this end, here are a couple heatmaps that make great scope of the habitat: abuse in the IP ranges. Each pixel is a color like weather radar...red is the worst. A pixel represents an IP4 address. A block is assigned above ASN.
http://www.stopforumspam.com/map.png (thanks Pedigree http://www.stopforumspam.com/forum/view ... hp?id=6116)
https://www.team-cymru.org/Monitoring/M ... ml#hilbert


Also we have been working on snagging India SEO mailspammers -- list updated [almost] daily if youre interested: http://forum.opencart.com/viewtopic.php?f=10&t=129778 (will soon include a sublist of Ghana vodafone complete block)

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.

User avatar
Dhaupin
Active Member
Posts
835
Joined
Tue May 13, 2014 3:45 am
Location - PA
Top
Post Reply
Return to “Security & Server”
Who is online

Users browsing this forum: No registered users and 43 guests