# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###

# VERSION INFORMATION #
#----------------------
# Version: V4.2019.09
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #


##############################################################################                                                                
#       _  __     _                                                          #
#      / |/ /__ _(_)__ __ __                                                 #
#     /    / _ `/ / _ \\ \ /                                                 #
#    /_/|_/\_, /_/_//_/_\_\                                                  #
#       __/___/      __   ___       __     ___  __         __                #
#      / _ )___ ____/ /  / _ )___  / /_   / _ )/ /__  ____/ /_____ ____      #
#     / _  / _ `/ _  /  / _  / _ \/ __/  / _  / / _ \/ __/  '_/ -_) __/      #
#    /____/\_,_/\_,_/  /____/\___/\__/  /____/_/\___/\__/_/\_\\__/_/         #
#                                                                            #
##############################################################################                                                                

# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's

# Add IP's you want to blacklist below this line, one per line as per example
# Nginx [warn] notices may be reported when you try reload Nginx if you happen to include an
# IP here that may already be included by the blocker with it's daily updates
# NOTE: It is only an Nginx Warning message and will not cause Nginx to fail a reload.

# 111.111.111.111	1;

# -------------------------------------------
# Cyveillance / Qwest Communications / PSINET
# -------------------------------------------

# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they 
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance

# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
  
# If you really do want to block them change all the 0's below to 1.
# Use this section at YOUR OWN RISK, you may block some legitimate networks but after many hours of
# Research this is now the completely updated list of all IP ranges IPV4 and IPV6 owned Qwest Communications
# PSINET and Cyveillance

# IMPORTANT NOTE: If you really want to keeps bot and things out of certain parts of your web site
# Rather implement a comlex Google Re-Captcha to reach sections of your sites and for people to be able
# to access download links. Google Re-Captcha with images is too complex for any bot.

	38.0.0.0/8			0;
	206.2.138.0/23		0;
	208.71.164.0/22		0;
	4.17.135.32/27		0;
	63.144.0.0/13		0;
	65.112.0.0/12		0;
	65.192.0.0/11		0;

# ---------------
# Berkely Scanner
# ---------------

# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line 
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info

# If you really do want to block them change all the 0 below to 1.

	169.229.3.88/29		0;

# ------------
# MY BLACKLIST
# ------------

# 111.111.111.111	1;


# NOTE: If you blacklist your own IP by mistake whitelist-ips.conf will completely over-ride this.
# whitelist-ips.conf will always WIN and over-ride anything here and in the blocker