Created
March 25, 2024 10:18
-
-
Save robwent/30186093df14bd490ffc5f31f91d7f36 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ### | |
# VERSION INFORMATION # | |
#---------------------- | |
# Version: V4.2019.09 | |
# Updated: 2019-06-28 | |
#---------------------- | |
# VERSION INFORMATION # | |
############################################################################## | |
# _ __ _ # | |
# / |/ /__ _(_)__ __ __ # | |
# / / _ `/ / _ \\ \ / # | |
# /_/|_/\_, /_/_//_/_\_\ # | |
# __/___/ __ ___ __ ___ __ __ # | |
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ # | |
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ # | |
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ # | |
# # | |
############################################################################## | |
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20 | |
# This file must exist on your system or Nginx will fail a reload due to a missing file | |
# For all intensive purpose you can delete everything inside this file and leave it | |
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's | |
# Add IP's you want to blacklist below this line, one per line as per example | |
# Nginx [warn] notices may be reported when you try reload Nginx if you happen to include an | |
# IP here that may already be included by the blocker with it's daily updates | |
# NOTE: It is only an Nginx Warning message and will not cause Nginx to fail a reload. | |
# 111.111.111.111 1; | |
# ------------------------------------------- | |
# Cyveillance / Qwest Communications / PSINET | |
# ------------------------------------------- | |
# I am extensively researching this subject - appears to be US government involved | |
# and also appears to be used by all sorts of law enforcement agencies. For one they | |
# do not obey robots.txt and continually disguise their User-Agent strings. Time will | |
# tell if this is all correct or not. | |
# For now see - https://en.wikipedia.org/wiki/Cyveillance | |
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!! | |
# ********************************************************** | |
# I have done a lot of research on Cyveillance now and through monitoring my logs I know | |
# for sure what companies are using them and what they are actually looking for. | |
# My research has led me to understand that Cyveillance services are used by hundreds | |
# of companies to help them dicsover theft of copyrighted materials like images, movies | |
# music and other materials. I personally believe a lot of block lists who originally recommended | |
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned. | |
# I personally have now unblocked them as image theft is a big problem of mine but if you | |
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1" | |
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft. | |
# If you really do want to block them change all the 0's below to 1. | |
# Use this section at YOUR OWN RISK, you may block some legitimate networks but after many hours of | |
# Research this is now the completely updated list of all IP ranges IPV4 and IPV6 owned Qwest Communications | |
# PSINET and Cyveillance | |
# IMPORTANT NOTE: If you really want to keeps bot and things out of certain parts of your web site | |
# Rather implement a comlex Google Re-Captcha to reach sections of your sites and for people to be able | |
# to access download links. Google Re-Captcha with images is too complex for any bot. | |
38.0.0.0/8 0; | |
206.2.138.0/23 0; | |
208.71.164.0/22 0; | |
4.17.135.32/27 0; | |
63.144.0.0/13 0; | |
65.112.0.0/12 0; | |
65.192.0.0/11 0; | |
# --------------- | |
# Berkely Scanner | |
# --------------- | |
# The Berkeley University has a scanner testing all over the web sending a complex | |
# payload an expecting a reply from servers who are infected or who just respond to such | |
# a payload. The payload looks similar to this | |
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-" | |
# and is sometime VERY long. You may have noticed this in your logs. | |
# I support research projects and all my servers respond with an error to this type of | |
# string so I do not block them but if you want to block just uncomment the following line | |
# or email them asking them not to scan your server. They do respond. | |
# Visit http://169.229.3.91/ for more info | |
# If you really do want to block them change all the 0 below to 1. | |
169.229.3.88/29 0; | |
# ------------ | |
# MY BLACKLIST | |
# ------------ | |
# 111.111.111.111 1; | |
23.226.3.128 1; | |
#79.110.73.63 1; | |
#115.146.190.162 1; | |
35.153.56.178 1; | |
62.233.50.73 1; | |
141.98.81.151 1; | |
185.11.61.246 1; | |
116.213.36.106 1; | |
159.65.134.21 1; | |
# Daily scanners | |
173.245.64.0/24 1; | |
173.245.65.0/24 1; | |
173.245.66.0/24 1; | |
173.245.67.0/24 1; | |
136.0.48.243 1; | |
136.144.19.228 1; | |
192.175.2.0/24 1; | |
103.194.186.170 1; # hong kong data center | |
200.10.43.0/24 1; | |
200.10.44.0/24 1; | |
200.10.45.0/24 1; | |
35.209.183.30 1; | |
35.209.58.205 1; | |
35.208.50.13 1; | |
35.208.59.65 1; | |
35.208.0.32 1; | |
35.208.124.147 1; | |
35.208.201.0 1; | |
35.209.241.241 1; | |
35.209.183.30 1; | |
# Attack 09/11/23 | |
176.113.115.113 1; | |
# Probing subdomain | |
34.41.49.19 1; | |
47.242.224.53 1; | |
91.92.244.206 1; | |
# 18/12/23 | |
104.234.204.183 1; | |
65.155.24.194 1; | |
2604:a880:800:10::c05:1001 1; | |
104.234.204.183 1; | |
# Russian data center sniffing at config files | |
5.45.80.13 1; | |
# Login attempts | |
91.92.245.194 1; | |
171.244.33.124 1; | |
80.88.91.245 1; | |
167.172.250.224 1; | |
5.9.139.235 1; | |
2a06:9500:1001:0:185:118:196:22 1; | |
193.142.146.226 1; | |
159.13.43.34 1; | |
78.142.18.92 1; | |
34.93.16.66 1; | |
92.63.206.145 1; | |
151.106.38.166 1; | |
35.204.172.12 1; | |
190.96.76.26 1; | |
195.88.87.137 1; | |
# Hong Kong SQL | |
176.113.115.111 1; | |
# Hong Kong Scraper | |
47.76.35.19 1; | |
# Fake crawlers 08/02/2024 | |
157.254.236.106 1; | |
# Fake Facebook 11/02/2024 | |
2605:6440:1012:d002::2da 1; | |
# Starlink scan 11/02/2024 | |
2a0d:3344:1997:8310:5da1:e9ec:6770:d045 1; | |
# MS server Dublin 53 user agents, not bing | |
40.127.190.245 1; | |
20.234.105.173 1; | |
# Fake crawlers | |
198.23.158.134 1; | |
104.249.130.162 1; | |
# Checking for known vunerabilities | |
20.110.136.130 1; | |
4.242.133.115 1; | |
23.81.204.32 1; | |
4.227.80.38 1; | |
# Excessive ad clicks from bing | |
96.60.222.240 1; | |
# SQL injection | |
2a01:4f9:2a:547::2 1; | |
176.123.8.160 1; | |
62.122.184.126 1; | |
138.199.19.180 1; | |
176.111.174.225 1; | |
# Scraper, possible VPN | |
2602:ffc8:4:b:55f1:60e0:970e:f26c 1; | |
# General bad behaviour | |
185.246.210.16 1; | |
# NOTE: If you blacklist your own IP by mistake whitelist-ips.conf will completely over-ride this. | |
# whitelist-ips.conf will always WIN and over-ride anything here and in the blocker | |
include /etc/nginx/bots.d/abuseipdb; | |
# BingBot | |
13.66.139.0/24 0; | |
13.66.144.0/24 0; | |
13.67.10.16/28 0; | |
13.69.66.240/28 0; | |
13.71.172.224/28 0; | |
139.217.52.0/28 0; | |
157.55.39.0/24 0; | |
191.233.204.224/28 0; | |
199.30.24.0/23 0; | |
20.125.163.80/28 0; | |
20.15.133.160/27 0; | |
20.36.108.32/28 0; | |
20.43.120.16/28 0; | |
20.74.197.0/28 0; | |
20.79.107.240/28 0; | |
207.46.13.0/24 0; | |
40.77.139.0/25 0; | |
40.77.167.0/24 0; | |
40.77.177.0/24 0; | |
40.77.178.0/23 0; | |
40.77.188.0/22 0; | |
40.77.202.0/24 0; | |
40.79.131.208/28 0; | |
40.79.186.176/28 0; | |
51.105.67.0/28 0; | |
52.167.144.0/24 0; | |
52.231.148.0/28 0; | |
65.55.210.0/24 0; | |
# Googlebot | |
192.178.5.0/27 0; | |
2001:4860:4801:10::/64 0; | |
2001:4860:4801:11::/64 0; | |
2001:4860:4801:12::/64 0; | |
2001:4860:4801:13::/64 0; | |
2001:4860:4801:14::/64 0; | |
2001:4860:4801:15::/64 0; | |
2001:4860:4801:16::/64 0; | |
2001:4860:4801:17::/64 0; | |
2001:4860:4801:18::/64 0; | |
2001:4860:4801:19::/64 0; | |
2001:4860:4801:1a::/64 0; | |
2001:4860:4801:1b::/64 0; | |
2001:4860:4801:1c::/64 0; | |
2001:4860:4801:1d::/64 0; | |
2001:4860:4801:1e::/64 0; | |
2001:4860:4801:20::/64 0; | |
2001:4860:4801:21::/64 0; | |
2001:4860:4801:22::/64 0; | |
2001:4860:4801:23::/64 0; | |
2001:4860:4801:24::/64 0; | |
2001:4860:4801:25::/64 0; | |
2001:4860:4801:26::/64 0; | |
2001:4860:4801:27::/64 0; | |
2001:4860:4801:28::/64 0; | |
2001:4860:4801:29::/64 0; | |
2001:4860:4801:2::/64 0; | |
2001:4860:4801:2a::/64 0; | |
2001:4860:4801:2b::/64 0; | |
2001:4860:4801:2c::/64 0; | |
2001:4860:4801:2d::/64 0; | |
2001:4860:4801:2e::/64 0; | |
2001:4860:4801:2f::/64 0; | |
2001:4860:4801:30::/64 0; | |
2001:4860:4801:31::/64 0; | |
2001:4860:4801:32::/64 0; | |
2001:4860:4801:33::/64 0; | |
2001:4860:4801:34::/64 0; | |
2001:4860:4801:35::/64 0; | |
2001:4860:4801:36::/64 0; | |
2001:4860:4801:37::/64 0; | |
2001:4860:4801:38::/64 0; | |
2001:4860:4801:39::/64 0; | |
2001:4860:4801:3::/64 0; | |
2001:4860:4801:3a::/64 0; | |
2001:4860:4801:3b::/64 0; | |
2001:4860:4801:3c::/64 0; | |
2001:4860:4801:3d::/64 0; | |
2001:4860:4801:3e::/64 0; | |
2001:4860:4801:40::/64 0; | |
2001:4860:4801:41::/64 0; | |
2001:4860:4801:42::/64 0; | |
2001:4860:4801:43::/64 0; | |
2001:4860:4801:44::/64 0; | |
2001:4860:4801:45::/64 0; | |
2001:4860:4801:46::/64 0; | |
2001:4860:4801:47::/64 0; | |
2001:4860:4801:48::/64 0; | |
2001:4860:4801:49::/64 0; | |
2001:4860:4801:4a::/64 0; | |
2001:4860:4801:50::/64 0; | |
2001:4860:4801:51::/64 0; | |
2001:4860:4801:53::/64 0; | |
2001:4860:4801:54::/64 0; | |
2001:4860:4801:55::/64 0; | |
2001:4860:4801:60::/64 0; | |
2001:4860:4801:61::/64 0; | |
2001:4860:4801:62::/64 0; | |
2001:4860:4801:63::/64 0; | |
2001:4860:4801:64::/64 0; | |
2001:4860:4801:65::/64 0; | |
2001:4860:4801:66::/64 0; | |
2001:4860:4801:67::/64 0; | |
2001:4860:4801:68::/64 0; | |
2001:4860:4801:69::/64 0; | |
2001:4860:4801:6a::/64 0; | |
2001:4860:4801:6b::/64 0; | |
2001:4860:4801:6c::/64 0; | |
2001:4860:4801:6d::/64 0; | |
2001:4860:4801:6e::/64 0; | |
2001:4860:4801:6f::/64 0; | |
2001:4860:4801:70::/64 0; | |
2001:4860:4801:71::/64 0; | |
2001:4860:4801:72::/64 0; | |
2001:4860:4801:73::/64 0; | |
2001:4860:4801:74::/64 0; | |
2001:4860:4801:75::/64 0; | |
2001:4860:4801:76::/64 0; | |
2001:4860:4801:77::/64 0; | |
2001:4860:4801:78::/64 0; | |
2001:4860:4801:79::/64 0; | |
2001:4860:4801:80::/64 0; | |
2001:4860:4801:81::/64 0; | |
2001:4860:4801:82::/64 0; | |
2001:4860:4801:83::/64 0; | |
2001:4860:4801:84::/64 0; | |
2001:4860:4801:85::/64 0; | |
2001:4860:4801:86::/64 0; | |
2001:4860:4801:87::/64 0; | |
2001:4860:4801:88::/64 0; | |
2001:4860:4801:90::/64 0; | |
2001:4860:4801:91::/64 0; | |
2001:4860:4801:92::/64 0; | |
2001:4860:4801:93::/64 0; | |
2001:4860:4801:c::/64 0; | |
2001:4860:4801:f::/64 0; | |
34.100.182.96/28 0; | |
34.101.50.144/28 0; | |
34.118.254.0/28 0; | |
34.118.66.0/28 0; | |
34.126.178.96/28 0; | |
34.146.150.144/28 0; | |
34.147.110.144/28 0; | |
34.151.74.144/28 0; | |
34.152.50.64/28 0; | |
34.154.114.144/28 0; | |
34.155.98.32/28 0; | |
34.165.18.176/28 0; | |
34.175.160.64/28 0; | |
34.176.130.16/28 0; | |
34.22.85.0/27 0; | |
34.64.82.64/28 0; | |
34.65.242.112/28 0; | |
34.80.50.80/28 0; | |
34.88.194.0/28 0; | |
34.89.10.80/28 0; | |
34.89.198.80/28 0; | |
34.96.162.48/28 0; | |
35.247.243.240/28 0; | |
66.249.64.0/27 0; | |
66.249.64.128/27 0; | |
66.249.64.160/27 0; | |
66.249.64.192/27 0; | |
66.249.64.224/27 0; | |
66.249.64.32/27 0; | |
66.249.64.64/27 0; | |
66.249.64.96/27 0; | |
66.249.65.0/27 0; | |
66.249.65.160/27 0; | |
66.249.65.192/27 0; | |
66.249.65.224/27 0; | |
66.249.65.32/27 0; | |
66.249.65.64/27 0; | |
66.249.65.96/27 0; | |
66.249.66.0/27 0; | |
66.249.66.128/27 0; | |
66.249.66.160/27 0; | |
66.249.66.192/27 0; | |
66.249.66.32/27 0; | |
66.249.66.64/27 0; | |
66.249.66.96/27 0; | |
66.249.68.0/27 0; | |
66.249.68.32/27 0; | |
66.249.68.64/27 0; | |
66.249.69.0/27 0; | |
66.249.69.128/27 0; | |
66.249.69.160/27 0; | |
66.249.69.192/27 0; | |
66.249.69.224/27 0; | |
66.249.69.32/27 0; | |
66.249.69.64/27 0; | |
66.249.69.96/27 0; | |
66.249.70.0/27 0; | |
66.249.70.128/27 0; | |
66.249.70.160/27 0; | |
66.249.70.192/27 0; | |
66.249.70.224/27 0; | |
66.249.70.32/27 0; | |
66.249.70.64/27 0; | |
66.249.70.96/27 0; | |
66.249.71.0/27 0; | |
66.249.71.128/27 0; | |
66.249.71.160/27 0; | |
66.249.71.192/27 0; | |
66.249.71.224/27 0; | |
66.249.71.32/27 0; | |
66.249.71.64/27 0; | |
66.249.71.96/27 0; | |
66.249.72.0/27 0; | |
66.249.72.128/27 0; | |
66.249.72.160/27 0; | |
66.249.72.192/27 0; | |
66.249.72.224/27 0; | |
66.249.72.32/27 0; | |
66.249.72.64/27 0; | |
66.249.72.96/27 0; | |
66.249.73.0/27 0; | |
66.249.73.128/27 0; | |
66.249.73.160/27 0; | |
66.249.73.192/27 0; | |
66.249.73.224/27 0; | |
66.249.73.32/27 0; | |
66.249.73.64/27 0; | |
66.249.73.96/27 0; | |
66.249.74.0/27 0; | |
66.249.74.128/27 0; | |
66.249.74.32/27 0; | |
66.249.74.64/27 0; | |
66.249.74.96/27 0; | |
66.249.75.0/27 0; | |
66.249.75.128/27 0; | |
66.249.75.160/27 0; | |
66.249.75.192/27 0; | |
66.249.75.224/27 0; | |
66.249.75.32/27 0; | |
66.249.75.64/27 0; | |
66.249.75.96/27 0; | |
66.249.76.0/27 0; | |
66.249.76.128/27 0; | |
66.249.76.160/27 0; | |
66.249.76.192/27 0; | |
66.249.76.224/27 0; | |
66.249.76.32/27 0; | |
66.249.76.64/27 0; | |
66.249.76.96/27 0; | |
66.249.77.0/27 0; | |
66.249.77.128/27 0; | |
66.249.77.160/27 0; | |
66.249.77.192/27 0; | |
66.249.77.224/27 0; | |
66.249.77.32/27 0; | |
66.249.77.64/27 0; | |
66.249.77.96/27 0; | |
66.249.78.0/27 0; | |
66.249.78.32/27 0; | |
66.249.79.0/27 0; | |
66.249.79.128/27 0; | |
66.249.79.160/27 0; | |
66.249.79.192/27 0; | |
66.249.79.224/27 0; | |
66.249.79.32/27 0; | |
66.249.79.64/27 0; | |
66.249.79.96/27 0; | |
# Custom overrides | |
40.77.167.41 0; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment