Browse Source

* tune nginx filters

master
Alex 'AdUser' Z 3 years ago
parent
commit
b9c9619a54
  1. 20
      filters/nginx-bots.pcre

20
filters/nginx-bots.pcre

@ -1,11 +1,4 @@
# phpmyadmin and variations
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|sqlite)-?(manager)?
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|pg|sql)-?my-?admin
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+pma[0-9]*
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+((my|pg)(sql)?|db|msd?)-?(admin|dumper|dump|manager)
# shit-coded php cms
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*/wp-login.php
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(joomla|cms)/administrator
# set: defscore=15
# h4x0rs
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/(shell|cmd|x)\.(php|cgi)
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/w00tw00t
@ -13,11 +6,19 @@
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*(wget|curl)(\\x|%)20https?://
<HOST> .* "(GET|HEAD|POST) .*/bin/(ba|c|z)?sh( |\\x20|%20)-c
<HOST> .* "(\\x[0-9a-z]{2,6})+" 400
# set: defscore=10
# phpmyadmin and variations
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|sqlite)-?(manager)?
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|pg|sql)-?my-?admin
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+pma[0-9]*
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+((my|pg)(sql)?|db|msd?)-?(admin|dumper|dump|manager)
# set: defscore=5
# open proxy search
<HOST> .* "(GET|HEAD|POST) https?://[a-z-\.]+proxyradar\.com
<HOST> .* "CONNECT [a-z-\.]*proxyradar\.com
<HOST> .* "CONNECT [a-z-\.]*proxytest\.zmap\.io
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+testproxy\.php
# set: defscore=2
# search bots
<HOST> .* "(GET|HEAD|POST) .* "python-(requests|urllib)/[0-9\.]+
<HOST> .* "(GET|HEAD|POST) .* "AhrefsBot/[0-9a-z\.]+
@ -26,3 +27,6 @@
<HOST> .* "(GET|HEAD|POST) .* SiteExplorer/[0-9a-z\.]+
<HOST> .* "(GET|HEAD|POST) .* MJ12bot
<HOST> .* "(GET|HEAD|POST) .* WebIndex
# shit-coded php cms
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*/wp-login.php
<HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(joomla|cms)/administrator

Loading…
Cancel
Save