Closed sarukuku closed 7 years ago
Heya,
I personally use them for production on quite few servers. The IP blacklist sadly I don't have enough time to update as often as I would want but the rest is updated as soon as a new "badbot" appears. I'm thinking to write a script which will automatically build and update the IP blacklist list soon. Also if you have any issues you can just ping me and I would be more than happy to help.
Hi, great work with the maintenance on this. I hope the users will monitor for any false positives. Can do more harm than good when that happens.
At the time of reading this I see two files, globalblacklist.conf and blacklist.conf
I'm assuming globalblacklist.conf is the more updated version of the same. Is it not?
@kryptodev It seems to be so. However they just added it yesterday so it could be a WIP still.
Yes, globalblacklist.conf
is a new contribution of @mitchellkrogza. As far as I understood from him is using this for its own servers and I hope that this weekend I will incorporate it to blacklist.conf
.
Hi guys
Yes I modified this based on Marius' original blacklist.conf and then added some snippets and a much more extensive list of bad referers from a list I found on perishable press. Marius was kind enough to allow the PR into his repo.
I also added a list of Cyveillance ( LookingGlass Cyber Solutions) IP's who apparently scan and sniff around for all sorts of stuff. Have included some information from Wikipedia below about them.
I made it a globalblacklist.conf as I hate too many include files lying around Nginx, the less there are, the less places there are to diagnose.
I spent a few hours compiling it and did not take each and every thing I found on the web and just include it, I even stripped out one or two bad referers that had the word "image" or "pic" in it as my main site is all about photos, pics and images so I don't want any false positives there.
Certainly needs monitoring and tweaking as time goes but I think it is pretty solid for most sites.
By all means let me know feedback and log any issues on the repo if you have any.
Have fun with it.
Kind Regards Mitch
Numerous websites have complained about Cyveillance's traffic for the following reasons:
38.100.21.65 - -[05/Jan/2013:17:31:19 -0500] "GET / HTTP/1.1" 200 6163 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2)" 38.100.21.65 - -[05/Jan/2013:17:31:19 -0500] "GET /styles.css HTTP/1.1" 200 5092 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2)"
On 2016/07/12 7:16 AM, Marius Voila wrote:
Yes, |globalblacklist.conf| is a new contribution of @mitchellkrogza https://github.com/mitchellkrogza. As far as I understood from him is using this for its own servers and I hope that this weekend I will incorporate it to |blacklist.conf| .
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mariusv/nginx-badbot-blocker/issues/7#issuecomment-231939501, or mute the thread https://github.com/notifications/unsubscribe/AJgARfdc7By25d26lD1Vtj2Z_9LwzFLVks5qUyMegaJpZM4JH8xK.
I will close this as the question has been answered If you feel like you didn't got the answer please feel free to re-open it.
Thank you!
I'm just thinking if the configs are safe for production use as is.