1. Forum
  2. Newsgroups
  3. comp.security.misc

  • Blocking faux broswers in nginx

    From doctor@doctor@doctor.nl2k.ab.ca (The Doctor) to comp.infosystems.www.servers.unix,comp.security.unix,comp.security.misc on Mon Feb 24 04:31:49 2025
    From Newsgroup: comp.security.misc

    I just notice in my Web Access LogFile

    154.30.107.175 - - [23/Feb/2025:21:21:30 -0700] "GET /usage/28Februray2017/ref_201702.phtml/trackback/ HTTP/1.1" 404 27117 "https://gogolix.kyiv.ua/user/GenevaE940/" "PHP/5.3.99"
    200.10.47.215 - - [23/Feb/2025:21:25:55 -0700] "POST /blog/comment.php?type=trackback&entry_id=1683 HTTP/1.1" 200 98 "https://www.lawyersclubindia.com/profile.asp?member_id=1053802" "PHP/5.3.90"
    200.10.47.215 - - [23/Feb/2025:21:25:56 -0700] "GET /blog/index.php?/archives/1683-Bank-of-Montreal-Phish-via-Bell-Canada.html HTTP/1.1" 200 72893 "-" "PHP/5.3.90"
    196.247.40.80 - - [23/Feb/2025:21:27:15 -0700] "POST /blog/comment.php?type=trackback&entry_id=1477 HTTP/1.1" 200 98 "https://businessdaily.gitbook.io/untitled" "PHP/5.3.55"
    196.247.40.80 - - [23/Feb/2025:21:27:16 -0700] "GET /blog/index.php?/archives/1477-More-Whos-Who-spam.html HTTP/1.1" 301 162 "-" "PHP/5.3.55"
    196.247.40.80 - - [23/Feb/2025:21:27:19 -0700] "GET /blog/index.php?/archives/1477-More-Whos-Who-spam.html HTTP/1.1" 200 72609 "http://www.edmontoninternetserviceprovider.ca/" "PHP/5.3.55"
    200.10.47.215 - - [23/Feb/2025:21:28:05 -0700] "POST /blog/comment.php?type=trackback&entry_id=1 HTTP/1.1" 200 98 "https://sitereport.netcraft.com/?url=http://businessdaily.click" "PHP/5.3.84"
    200.10.47.215 - - [23/Feb/2025:21:28:07 -0700] "GET /blog/index.php?/archives/1-NetKnow-goes-BLOG%21.html HTTP/1.1" 200 64315 "-" "PHP/5.3.84"

    How do I do a universal block on bogus browsers on nginx?
    --
    Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
    Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
    Ontario vote for the Liberals - The best Anti-Trump option!
    --- Synchronet 3.20c-Linux NewsLink 1.2
  • From Marco Moock@mm+usenet-es@dorfdsl.de to comp.infosystems.www.servers.unix,comp.security.unix,comp.security.misc on Mon Feb 24 10:12:05 2025
    From Newsgroup: comp.security.misc

    On 24.02.2025 04:31 Uhr The Doctor wrote:

    How do I do a universal block on bogus browsers on nginx?

    You can only block on the User-Agent header that can be changed to
    whatever the attacker wants.

    To block it at the nginx: https://stackoverflow.com/questions/22144092/how-to-block-a-specific-user-agent-in-nginx-config

    I also recommend banning the source IP using fail2ban.
    --
    kind regards
    Marco

    Send spam to 1740367909muell@stinkedores.dorfdsl.de

    --- Synchronet 3.20c-Linux NewsLink 1.2
  • From doctor@doctor@doctor.nl2k.ab.ca (The Doctor) to comp.infosystems.www.servers.unix,comp.security.unix,comp.security.misc on Mon Feb 24 16:47:14 2025
    From Newsgroup: comp.security.misc

    In article <20250224101205.7fc11abf@ryz.dorfdsl.de>,
    Marco Moock <mm+usenet-es@dorfdsl.de> wrote:
    On 24.02.2025 04:31 Uhr The Doctor wrote:

    How do I do a universal block on bogus browsers on nginx?

    You can only block on the User-Agent header that can be changed to
    whatever the attacker wants.

    To block it at the nginx: >https://stackoverflow.com/questions/22144092/how-to-block-a-specific-user-agent-in-nginx-config

    I also recommend banning the source IP using fail2ban.


    Got you.

    Also what does 2FA and FA really stand for?

    2FA Dual-failed authentication

    MFA Multiple falied authentication.

    --
    kind regards
    Marco

    Send spam to 1740367909muell@stinkedores.dorfdsl.de

    --
    Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
    Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
    Ontario vote for the Liberals - The best Anti-Trump option!
    --- Synchronet 3.20c-Linux NewsLink 1.2
  • From =?UTF-8?Q?Colin_Paul_de_Glouce=C5=BFter?=@Master_Fontaine_is_dishonest@Strand_in_London.Gov.UK to comp.infosystems.www.servers.unix,comp.security.unix,comp.security.misc on Wed Mar 5 23:12:35 2025
    From Newsgroup: comp.security.misc

    One can also use
    robots.txt
    with any webserver. As Mister Moock remarks, this shall not do anything
    about IP addresses.

    Cf.
    HTTP://WWW.robotsTxt.org

    I am not overwhelmed by crawlers downloading from a website by me, but I
    did add to robots.txt . . .
    User-agent: Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/) User-agent: Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)
    User-agent: Mozilla/5.0 (compatible; Bytespider; spider-feedback@bytedance.com) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.0.0 Safari/537.36
    User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5 (Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)
    User-agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)
    User-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.0; +https://openai.com/gptbot)
    User-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.119 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.119 Mobile Safari/537.36 (compatible; GoogleOther)
    User-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36
    User-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
    User-agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)
    User-agent: netEstate NE Crawler (+http://www.website-datenbank.de/) User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.108 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: COIBotLinkSaver/2.0
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.69 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.89 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.139 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.69 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.116 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.137 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 (compatible; SemrushBot-BA; +http://www.semrush.com/bot.html)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.85 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 (compatible; archive.org_bot +http://archive.org/details/archive.org_bot)
    User-agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.99 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.58 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    User-agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    Disallow: /drochdhliodoiri/mu/Rioghachd_Aonaichte_na_Breatainne_Moire_agus_na_h-Eireann_a_Tuath/mun_Chuimrigh_agus_mu_Shasainn/PC_EH_Hills/South-Yorkshire_police_perpetrates_subornations_de_perjuries_for_malicious_prosecutions.webm
    Disallow: /stailc_teanga/La_Eile_gan_ghraiscinteacht.webm

    On Mon, 24 Feb 2025, The Doctor wrote:
    "Also what does 2FA and FA really stand for?

    2FA Dual-failed authentication

    MFA Multiple falied authentication."

    :)
    --- Synchronet 3.20c-Linux NewsLink 1.2