phamquocbuu · August 14, 2018 06:39
diff --git a/apache-badbots.conf b/apache-badbots.conf
 [Definition]

 badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider
 badbots = atSpider/1\.0|autoemailspider|China Local Browse 2\.6|ContentSmartz|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|MVAClient|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|sogou spider|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|WebVulnCrawl\.blogspot\.com/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00|mj12bot|MJ12bot|AhrefsBot|DotBot|yandex|netEstate|crawler

 # Option:  failregex
 # Notes.:  Regexp to catch known spambots and software alike. Please verify
 #          that it is your intent to block IPs which were driven by
 #          abovementioned bots.
 # Values:  TEXT
 #
 failregex = ^<HOST> .* \".*(%(badbots)s|%(badbotscustom)s).*\"$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
diff --git a/jail.local b/jail.local
 [nginx-http-auth]
 enabled = true
 filter = nginx-http-auth
 port = http,https
 logpath = /var/log/nginx/*.log
 findtime = 6000
 bantime = 9000
 maxretry = 5


 [nginx-badbots]

 enabled  = true
 port     = http,https
 filter   = apache-badbots
 logpath  = /var/log/nginx/*access.log
 maxretry = 1
 bantime  = 864000
diff --git a/nginx-http-auth.conf b/nginx-http-auth.conf
 [Definition]
 failregex = ^<HOST> - - \[.*\] \"POST \/wp\-login\.php(.)*$

 ignoreregex =
	[Definition]

	badbotscustom = EmailCollector\|WebEMailExtrac\|TrackBack/1\.02\|sogou music spider
	badbots = atSpider/1\.0\|autoemailspider\|China Local Browse 2\.6\|ContentSmartz\|DataCha0s/2\.0\|DBrowse 1\.4b\|DBrowse 1\.4d\|Demo Bot DOT 16b\|Demo Bot Z 16b\|DSurf15a 01\|DSurf15a 71\|DSurf15a 81\|DSurf15a VA\|EBrowse 1\.4b\|Educate Search VxB\|EmailSiphon\|EmailWolf 1\.00\|ESurf15a 15\|ExtractorPro\|Franklin Locator 1\.8\|FSurf15a 01\|Full Web Bot 0416B\|Full Web Bot 0516B\|Full Web Bot 2816B\|Industry Program 1\.0\.x\|ISC Systems iRc Search 2\.1\|IUPUI Research Bot v 1\.9a\|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)\|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/\|Lincoln State Web Browser\|LWP\:\:Simple/5\.803\|Mac Finder 1\.0\.xx\|MFC Foundation Class Library 4\.0\|Microsoft URL Control - 6\.00\.8xxx\|Missauga Locate 1\.0\.0\|Missigua Locator 1\.9\|Missouri College Browse\|Mizzu Labs 2\.2\|Mo College 1\.9\|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)\|Mozilla/3\.0 \(compatible; Indy Library\)\|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)\|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)\|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent\|Mozilla/4\.0 efp@gmx\.net\|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)\|MVAClient\|NASA Search 1\.0\|Nsauditor/1\.x\|PBrowse 1\.4b\|PEval 1\.4b\|Poirot\|Port Huron Labs\|Production Bot 0116B\|Production Bot 2016B\|Production Bot DOT 3016B\|Program Shareware 1\.0\.2\|PSurf15a 11\|PSurf15a 51\|PSurf15a VA\|psycheclone\|RSurf15a 41\|RSurf15a 51\|RSurf15a 81\|searchbot admin@google\.com\|sogou spider\|sohu agent\|SSurf15a 11 \|TSurf15a 11\|Under the Rainbow 2\.2\|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)\|WebVulnCrawl\.blogspot\.com/1\.0 libwww-perl/5\.803\|Wells Search II\|WEP Search 00\|mj12bot\|MJ12bot\|AhrefsBot\|DotBot\|yandex\|netEstate\|crawler

	# Option: failregex
	# Notes.: Regexp to catch known spambots and software alike. Please verify
	# that it is your intent to block IPs which were driven by
	# abovementioned bots.
	# Values: TEXT
	#
	failregex = ^<HOST> .* \".(%(badbots)s\|%(badbotscustom)s).\"$

	# Option: ignoreregex
	# Notes.: regex to ignore. If this regex matches, the line is ignored.
	# Values: TEXT
	#
	ignoreregex =
	[nginx-http-auth]
	enabled = true
	filter = nginx-http-auth
	port = http,https
	logpath = /var/log/nginx/*.log
	findtime = 6000
	bantime = 9000
	maxretry = 5


	[nginx-badbots]

	enabled = true
	port = http,https
	filter = apache-badbots
	logpath = /var/log/nginx/*access.log
	maxretry = 1
	bantime = 864000
	[Definition]
	failregex = ^<HOST> - - \[.\] \"POST \/wp\-login\.php(.)$

	ignoreregex =