From 04cb5022dd6890c5cb97017263c09f963d90a9b3 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 26 Jun 2018 12:54:08 +1000 Subject: [PATCH] * filters/nginx-bots.pcre : update --- filters/nginx-bots.pcre | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/filters/nginx-bots.pcre b/filters/nginx-bots.pcre index 5c089d7..e63a873 100644 --- a/filters/nginx-bots.pcre +++ b/filters/nginx-bots.pcre @@ -1,6 +1,25 @@ - .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+sqlite-?(manager)? +# phpmyadmin and variations + .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|sqlite)-?(manager)? .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|pg|sql)-?my-?admin .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+pma[0-9]* - .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+((my|pg)sql|db)-?admin - .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+php-?manager + .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+((my|pg)(sql)?|db|msd?)-?(admin|dumper|dump|manager) +# shit-coded php cms .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*/wp-login.php + .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(joomla|cms)/administrator +# h4x0rs + .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/w00tw00t + .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+Ringing\.at\.your\.dorbell + .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*(wget|curl)(\\x|%)20https?:// + .* "(GET|HEAD|POST) .*/bin/(ba|c|z)?sh( |\\x20|%20)-c + .* "(\\x[0-9a-z]{2,6})+" 400 +# open proxy search + .* "(GET|HEAD|POST) https?://[a-z-\.]+proxyradar\.com + .* "CONNECT [a-z-\.]*proxyradar\.com + .* "CONNECT [a-z-\.]*proxytest\.zmap\.io + .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+testproxy\.php +# search bots + .* "(GET|HEAD|POST) .* "python-(requests|urllib)/[0-9\.]+ + .* "(GET|HEAD|POST) .* "AhrefsBot/[0-9a-z\.]+ + .* "(GET|HEAD|POST) .* "DotBot/[0-9a-z\.]+ + .* "(GET|HEAD|POST) .* "MauiBot + .* "(GET|HEAD|POST) .* SiteExplorer/[0-9a-z\.]+