banned AhrefsBot - been attacking us similarly like baidubot

[sidv220]

Hi Blue,

I hope you are feeling well.
I know about Notepad++. I use it, as well as Codelobster which is also free.
The code for zbblock customsig.inc should lock out Ukraine and Chinese nasty bots. I added Those custom signatures over the time after monitoring log file.
Also my htaccess modifications should lock out a lot of bad agents. You should consider adding my code to your htaccess file.

[sidv220]

Blue,

Sorry, I noticed the following in the customsig.inc code I posted

Code: Select all

 $ax -= (rmatch($hoster,"gator1412.hostgator.com","Hostgator Bypass. "));
$ax -= (rmatch($hoster,"bstnma.fios.verizon.net","Hostgator Bypass. "));

This is specific to my ISP. Either delete it or change gator1412.hostgator.com and "bstnma.fios.verizon.net with your Server (e.g. bluefrost.org for hostgator and your ISP info for bstnma.fios.verizon.net). This signature is to whitelist myself, so accidentally zzblock do not ban me :-) You do not want whitelist me on your server - lol.

[Blue Frost]

is alright sid, I have yet to put it in place. not felt like doing much other than deal with life stuff.
I hope I can get it together soon though.

Hey have a great Friday, and weekend.

[sidv220]

is alright sid, I have yet to put it in place. not felt like doing much other than deal with life stuff.
I hope I can get it together soon though.

Hey have a great Friday, and weekend.

Thanks.... let me know if it worked or not.

[sidv220]

is alright sid, I have yet to put it in place. not felt like doing much other than deal with life stuff.
I hope I can get it together soon though.

Hey have a great Friday, and weekend.

I have updated my customsig.inc yesterday. I had a warning from one of my hosting account company that one of my website was consuming too much bandwidth because of spam and hacking bots probing site constantly.
So below is cusomsig.inc with a lot of new additions to block several bad bots. You can use this instead of previous one, by adding at the end of your customsig.inc file before ?>

Code: Select all

if(($zbwhitelisted) && (substr_count($whyblockout,"(QU-206)") > 0) && ($ax > 0)){$ax -=1; $whyblockout = $whyblockout . "(QU-206) admin bypass. ";}
if(($zbwhitelisted) && (substr_count($whyblockout,"(QU-229)") > 0) && ($ax > 0)){$ax -=1; $whyblockout = $whyblockout . "(QU-229) admin bypass. ";}
$ax += inmatch($hoster,"asianet","asianet.co.th (HN-120). ");
if (substr_count($whyblockout,"Rapidswitch")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,"vpzzo")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,"Asianet")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,"163data")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,"utel.net.ua")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
$ax += (regexmatch($requesturi,"\?author=\d+","Phishing for admin usernames is not allowed. "));
$ax += cidrblock($address,"115.87.206.0/24","Asianet Thailand is banned. Stay in Thailand Ghetto ONY! Asianet is Banned due to hacking attempts. ");
$ax += cidrblock($address,"110.168.252.0/24","Asianet Thailand is banned. Stay in Thailand Ghetto ONY! Asianet is Banned due to hacking attempts. ");
$ax += cidrblock($address,"109.169.0.0/17","RapidSwitch is INSTA-BANNED. ");
$ax += cidrblock($address,"120.38.0.0/17","163data.com.cn is INSTA-BANNED. Stay in Chinese ghetto. You are not welcome elsewhere ");
$ax += cidrblock($address,"124.115.0.0/17","Sosospider is INSTA-BANNED. Stay in Chinese ghetto. You are not welcome elsewhere ");
$ax += cidrblock($address,"111.143.81.0/24","Chinese Hackers Jerks are INSTA-BANNED. Stay in Chinese ghetto. You are not welcome elsewhere ");
$ax += cidrblock($address,"213.186.127.0/24","Bandwidth eating Ukranian bot. Stay in Ukrainian ghetto. You are not welcome elsewhere ");
if (substr_count($whyblockout,"choopa")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
$ax += lmatch($address,"188.72.202.63","We have no such file but You can search timthumb.php in your Mama Mia undie. You are banned. (IP-102). ");
$ax += cidrblock($address,"141.105.0.0/16","Hostkey.ru is INSTA-BANNED. Stay in Russian ghetto. You are not welcome elsewhere ");
$ax += lmatch($address," 72.14.190.68","madscientist from secretsearchenginelabs.com is banned. (IP-102). ");
$ax += cidrblock($address,"84.22.161.0/19","IOMart is INSTA-BANNED. ");
$ax += cidrblock($address,"84.22.160.0/19","IOMart is INSTA-BANNED. ");
$ax += cidrblock($address,"	194.153.113.0/24","oBot/2.3.1 is INSTA-BANNED.  Jerks are absolutely not welcome ");
$ax += lmatch($address,"178.255.215.67","Exabot is Permanently Banned. (IP-102). French jerks are absolutely not allowed. ");
$ax += lmatch($address,"67.225.220.210","BASTARD are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior. ");
$ax += lmatch($address,"2.102.209.161","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"94.23.169.80","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"108.166.164.250","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"173.0.60.238","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"99.198.97.242","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"188.165.4.236","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"173.208.29.170","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"173.0.62.166","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"199.15.234.142","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"173.208.29.37","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");
$ax += lmatch($address,"173.236.21.106","Spammers are NOT WELCOME. (IP-102). You are absolutely not allowed because of your bastard behavior on various Internet sites. ");

// WordPress username password reset SQL injection
$ax += regexmatch($querydec,"user_login,\w{4},user_(?:pass|email|activation_key)","Login, Username, Password hacking via injection. ");
if (substr_count($whyblockout,"wap.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,"vip.ird.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,"ukl.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,"twl.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,".mobile.sp1.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,".mobile.ch1.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,".member.mud.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,".member.kr3.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,".member.ird.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,".member.in2.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,".member.cnb.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
if (substr_count($whyblockout,".member.bf1.yahoo.com")){$whyblockout = $whyblockout . "INSTA-BAN. ";}
//$ax += iprange($address,"46.246.89.0","213.248.63.128","Anonymous Proxy are banned.  Use a valid ISP ");
//$ax += iprange($address,"66.85.133.0","66.85.133.255","Anonymous Proxy are banned.  Use a valid ISP ");
//$ax += iprange($address,"65.255.37.0","65.233.37.255","Anonymous Proxy are banned.  Use a valid ISP ");
//$ax += iprange($address,"192.204.197.126","192.204.197.128","Anonymous Proxy are banned.  Use a valid ISP ");
$ax -= minmatch($query,"%22",2,"Bypass (BYP-QU-097). ");

[andy1]

good stuff, sid.

i suspect the reason one of the forums that started around similar time as memebee vancouver forum (forumvancouver.com) was down the past couple of days because they don't control their bot traffic. you simply have to do something about them or they'll crush you, plain and simple:)

[sidv220]

good stuff, sid.

Hi Blue,

i suspect the reason one of the forums that started around similar time as memebee vancouver forum (forumvancouver.com) was down the past couple of days because they don't control their bot traffic. you simply have to do something about them or they'll crush you, plain and simple:)

They are unethical people. I do not mind using bad language for them in the block files. You may have noticed it. The worst are the scrapper bots. They scrap you contents. These are the worsst bandwidth eating bots. ahref from Ukraine, sosospider from China, and ezooms and internetseer from USA are the worst scrapper bots.
It is an ongoing battle. I had not checked log files at one of the server, for almost 7 months. That is from where I got warning :-)

[Blue Frost]

Ahref, and the sosspiders I would love to walk up to their front doors, and smash their heads in, there is no call for them being a nuisance like that.
I would think if someone could find the people who own them they could be sued into the poor house for affecting sites making money.

[Blue Frost]

LOL love the language

[sidv220]

good stuff, sid.

i suspect the reason one of the forums that started around similar time as memebee vancouver forum (forumvancouver.com) was down the past couple of days because they don't control their bot traffic. you simply have to do something about them or they'll crush you, plain and simple:)

Andy,

forumvancouver.com could have been down because of bots. Some of bots sccrap your data, which results in huge server CPU load and bandwidth.

[sidv220]

Ahref, and the sosspiders I would love to walk up to their front doors, and smash their heads in, there is no call for them being a nuisance like that.
I would think if someone could find the people who own them they could be sued into the poor house for affecting sites making money.

Ahrref (from Ukraine), sosospiders (from China), eZooms and Internetseer (from USA) are scrapper bots. They steal your data, put load on your server CPU and constantly consume bandwidth.
I do not allow anyone from Ukraine and China, exception is Baidu from China. Baidu is a respectable search engine and Alexa ranking counts backlinks from its results, which I need for my professional sites.

After making changes to customsig.inc always check zbblock log file killed_log.txt to make sure it was working properly. I also check killed_log.txt file at least oncce a week, and add the nasty bots and hackers IPs to customsig.inc for Instant ban.

[Blue Frost]

I have noticed a lot of difference since putting it in, it works very well thank you .
Still the spammers, and other bots peek in just to be a nuisance for me.
I guess they are not doing much harm, but on mass they sure was lagging us.
For some reason my server lags every night from 12:15 eastern time for an hour, or more, and those bots, especially Ukraine wasn't helping.
My guess is being on a shared server many others are lagging from the bots, and we pay.
The server people tell me my site is running fine, and nothing is wrong.

[sidv220]

I have noticed a lot of difference since putting it in, it works very well thank you .
Still the spammers, and other bots peek in just to be a nuisance for me.
I guess they are not doing much harm, but on mass they sure was lagging us.
For some reason my server lags every night from 12:15 eastern time for an hour, or more, and those bots, especially Ukraine wasn't helping.
My guess is being on a shared server many others are lagging from the bots, and we pay.
The server people tell me my site is running fine, and nothing is wrong.

Blue
Send me name and IP addresses of those bots which are able to peak in. I will send you signatures for your customsig.inc.

If the lag is always for an our around 12:15 EST, then it is most probably your server. Perhaps your hosting company runs either maintenance scripts or backups etc etc at that time. Usually hosting companies run resources intensive jobs in night.

On a shared server, things can slow down for many reasons. Since you are running your forum on a phpBB, not much can be done. Had it been on Wordpress, then I could have helped you speeding up by installing the cache scripts. I will look if cache scripts are also available for phpBB. Server side cache scripts can speed up the page loading a lot.

[Blue Frost]

Hey hi, and happy Monday
Yeah the server always wants to make out it's me, but I let them reinstall a fresh forum because their scripting was off, and I get the same nightly lag for that hour.
They keep acting like it's me, and I need to optimize the sql, but even if I get the lag.
They are the issue, how could it be my part with a new install.

Ill get to that script one day, it's not that important at the moment, I have a lot going on here taking my time.
I appreciate all you did already, I think it helps a lot.
I wish I knew of something that could help you somehow.

[GuardianFlash]

I keep getting Error 503 : Service Temporarily Unavailable on bluefrost.org.