# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ### ############################################################################## # ___ __ # # / _ | ___ ___ _____/ / ___ # # / __ |/ _ \/ _ `/ __/ _ \/ -_) # # /_/ |_/ .__/\_,_/\__/_//_/\__/ # # __/_/ __ ___ __ ___ __ __ # # / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ # # / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ # # /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ # # # ############################################################################## # This is merely an example and gets auto included as since Version 2.2017.05 introduced on 2017-04-19 # This file must exist on your system or Apache will fail a reload due to a missing file # For all intents and purposes you can delete everything inside this file and leave it # completely blank if you do not want your Apache Blocker to do any blocking of bad IP's deny from 104.223.37.150 deny from 104.5.92.27 deny from 107.150.63.170 deny from 109.236.83.247 deny from 137.74.49.205 deny from 137.74.49.208 deny from 146.0.74.150 deny from 148.251.54.44 deny from 149.56.151.180 deny from 149.56.232.146 deny from 150.70.0.0/16 deny from 151.80.27.90 deny from 151.80.99.90 deny from 151.80.99.91 deny from 154.16.199.144 deny from 154.16.199.34 deny from 154.16.199.48 deny from 154.16.199.78 deny from 158.69.142.34 deny from 166.62.80.172 deny from 173.212.192.219 deny from 173.234.11.105 deny from 173.234.153.106 deny from 173.234.153.30 deny from 173.234.175.68 deny from 173.234.31.9 deny from 173.234.38.25 deny from 176.126.245.213 deny from 178.238.234.1 deny from 185.35.63.128 deny from 185.100.87.238 deny from 185.115.125.99 deny from 185.119.81.11 deny from 185.119.81.63 deny from 185.119.81.77 deny from 185.119.81.78 deny from 185.130.225.65 deny from 185.130.225.66 deny from 185.130.225.83 deny from 185.130.225.90 deny from 185.130.225.94 deny from 185.130.225.95 deny from 185.130.226.105 deny from 185.153.197.103 deny from 185.159.36.6 deny from 185.183.96.33 deny from 185.47.62.199 deny from 185.62.190.38 deny from 185.70.105.161 deny from 185.70.105.164 deny from 185.85.239.156 deny from 185.85.239.157 deny from 185.86.13.213 deny from 185.86.5.199 deny from 185.86.5.212 deny from 185.92.72.88 deny from 185.93.185.11 deny from 185.93.185.12 deny from 188.209.52.101 deny from 190.152.223.27 deny from 191.96.249.29 deny from 192.69.89.173 deny from 193.201.224.205 deny from 195.154.183.190 deny from 195.229.241.174 deny from 200.7.105.43 deny from 210.212.194.60 deny from 216.218.147.194 deny from 220.227.234.129 deny from 23.253.230.158 deny from 23.89.159.176 deny from 31.170.160.209 deny from 45.32.186.11 deny from 45.76.21.179 deny from 46.249.38.145 deny from 46.249.38.146 deny from 46.249.38.148 deny from 46.249.38.149 deny from 46.249.38.150 deny from 46.249.38.151 deny from 46.249.38.152 deny from 46.249.38.153 deny from 46.249.38.154 deny from 46.249.38.159 deny from 51.255.172.22 deny from 5.39.218.232 deny from 5.39.219.24 deny from 5.39.222.18 deny from 5.39.223.134 deny from 54.213.16.154 deny from 54.213.9.111 deny from 62.210.146.49 deny from 62.210.88.4 deny from 65.98.91.181 deny from 69.162.124.237 deny from 69.64.147.24 deny from 72.8.183.202 deny from 77.247.178.191 deny from 77.247.178.47 deny from 77.247.181.219 deny from 78.31.184.0/21 deny from 78.31.211.0/24 deny from 79.110.128.17 deny from 79.110.128.63 deny from 79.110.128.252 deny from 79.110.128.128 deny from 80.87.205.10 deny from 80.87.205.11 deny from 85.17.230.23 deny from 85.17.26.68 deny from 91.185.190.172 deny from 91.200.12.0/22 deny from 91.200.12.15 deny from 91.200.12.49 deny from 91.200.12.91 deny from 92.222.66.137 deny from 93.104.209.11 deny from 93.158.200.103 deny from 93.158.200.105 deny from 93.158.200.115 deny from 93.158.200.124 deny from 93.158.200.126 deny from 93.158.200.66 deny from 93.158.200.68 deny from 93.238.202.44 # Cyveillance / Qwest Communications / PSINET # ******************************************* # I am extensively researching this subject - appears to be US government involved # and also appears to be used by all sorts of law enforcement agencies. For one they # do not obey robots.txt and continually disguise their User-Agent strings. Time will # tell if this is all correct or not. # For now see - https://en.wikipedia.org/wiki/Cyveillance # IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!! # ********************************************************** # I have done a lot of research on Cyveillance now and through monitoring my logs I know # for sure what companies are using them and what they are actually looking for. # My research has led me to understand that Cyveillance services are used by hundreds # of companies to help them dicsover theft of copyrighted materials like images, movies # music and other materials. I personally believe a lot of block lists who originally recommended # blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned. # I personally have now unblocked them as image theft is a big problem of mine but if you # do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1" # Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft. # If you really do want to block them change all the 0's below to 1. # Use this section at YOUR OWN RISK, you may block some legitimate networks but after many hours of # Research this is now the completely updated list of all IP ranges IPV4 and IPV6 owned Qwest Communications # PSINET and Cyveillance # IMPORTANT NOTE: If you really want to keeps bot and things out of certain parts of your web site # Rather implement a comlex Google Re-Captcha to reach sections of your sites and for people to be able # to access download links. Google Re-Captcha with images is too complex for any bot. # Only uncomment the lines below if you want to block these ranges otherwise rather just leave it as is. #deny from 4.17.135.32/27 #deny from 38.0.0.0/8 #deny from 63.144.0.0/13 #deny from 65.112.0.0/12 #deny from 65.192.0.0/11 #deny from 206.2.138.0/23 #deny from 208.71.164.0/22 # BERKELEY SCANNER # **************** # The Berkeley University has a scanner testing all over the web sending a complex # payload an expecting a reply from servers who are infected or who just respond to such # a payload. The payload looks similar to this # "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-" # and is sometime VERY long. You may have noticed this in your logs. # I support research projects and all my servers respond with an error to this type of # string so I do not block them but if you want to block just uncomment the following line # or email them asking them not to scan your server. They do respond. # Visit http://169.229.3.91/ for more info # If you really do want to block them uncomment the line below. #deny from 169.229.3.88/29