# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ### # VERSION INFORMATION # #---------------------- # Version: V4.2019.09 # Updated: 2019-06-28 #---------------------- # VERSION INFORMATION # ############################################################################## # _ __ _ # # / |/ /__ _(_)__ __ __ # # / / _ `/ / _ \\ \ / # # /_/|_/\_, /_/_//_/_\_\ # # __/___/ __ ___ __ ___ __ __ # # / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ # # / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ # # /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ # # # ############################################################################## # This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20 # This file must exist on your system or Nginx will fail a reload due to a missing file # For all intensive purpose you can delete everything inside this file and leave it # completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's # Add IP's you want to blacklist below this line, one per line as per example # Nginx [warn] notices may be reported when you try reload Nginx if you happen to include an # IP here that may already be included by the blocker with it's daily updates # NOTE: It is only an Nginx Warning message and will not cause Nginx to fail a reload. # 111.111.111.111 1; # ------------------------------------------- # Cyveillance / Qwest Communications / PSINET # ------------------------------------------- # I am extensively researching this subject - appears to be US government involved # and also appears to be used by all sorts of law enforcement agencies. For one they # do not obey robots.txt and continually disguise their User-Agent strings. Time will # tell if this is all correct or not. # For now see - https://en.wikipedia.org/wiki/Cyveillance # IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!! # ********************************************************** # I have done a lot of research on Cyveillance now and through monitoring my logs I know # for sure what companies are using them and what they are actually looking for. # My research has led me to understand that Cyveillance services are used by hundreds # of companies to help them dicsover theft of copyrighted materials like images, movies # music and other materials. I personally believe a lot of block lists who originally recommended # blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned. # I personally have now unblocked them as image theft is a big problem of mine but if you # do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1" # Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft. # If you really do want to block them change all the 0's below to 1. # Use this section at YOUR OWN RISK, you may block some legitimate networks but after many hours of # Research this is now the completely updated list of all IP ranges IPV4 and IPV6 owned Qwest Communications # PSINET and Cyveillance # IMPORTANT NOTE: If you really want to keeps bot and things out of certain parts of your web site # Rather implement a comlex Google Re-Captcha to reach sections of your sites and for people to be able # to access download links. Google Re-Captcha with images is too complex for any bot. 38.0.0.0/8 0; 206.2.138.0/23 0; 208.71.164.0/22 0; 4.17.135.32/27 0; 63.144.0.0/13 0; 65.112.0.0/12 0; 65.192.0.0/11 0; # --------------- # Berkely Scanner # --------------- # The Berkeley University has a scanner testing all over the web sending a complex # payload an expecting a reply from servers who are infected or who just respond to such # a payload. The payload looks similar to this # "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-" # and is sometime VERY long. You may have noticed this in your logs. # I support research projects and all my servers respond with an error to this type of # string so I do not block them but if you want to block just uncomment the following line # or email them asking them not to scan your server. They do respond. # Visit http://169.229.3.91/ for more info # If you really do want to block them change all the 0 below to 1. 169.229.3.88/29 0; # ------------ # MY BLACKLIST # ------------ # 111.111.111.111 1; # NOTE: If you blacklist your own IP by mistake whitelist-ips.conf will completely over-ride this. # whitelist-ips.conf will always WIN and over-ride anything here and in the blocker