403Webshell
Server IP : 199.250.200.62  /  Your IP : 216.73.216.68
Web Server : Apache
System : Linux vps37394.inmotionhosting.com 3.10.0-1160.119.1.vz7.224.4 #1 SMP Mon Sep 30 15:36:27 MSK 2024 x86_64
User : jasonp18 ( 1000)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /etc/apache2/conf.d/imh-modsec/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /etc/apache2/conf.d/imh-modsec/19_bad_bots.conf
# all.conf
# Bad Bots and User Agents

# Deny Googlebot crawling temp mod_userdir URLs and falsely flagging
# the IMH/WHH corp site as hacked
SecRule REQUEST_HEADERS:User-Agent "Googlebot" \
    "chain,deny,log,auditlog,status:404,\
    msg:'Googlebot user agent crawling a temp url',id:13394"
SecRule REQUEST_HEADERS:Host "(webhostinghub|inmotionhosting|servconfig)\.com" "chain"
SecRule REQUEST_URI "^/~"

# Rule to prevent user agents identifying themselves as bingbot from POSTing
SecRule REQUEST_METHOD "^POST$" \
    "chain,deny,log,auditlog,status:406,\
    msg:'Bingbot user agent making POST requests',id:'13382',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "bingbot/2\.0;[+]http://www\.bing\.com/bingbot\.htm" \
    "t:lowercase,t:removeWhitespace"

# Block user agents identifying themselves as "Mozilla/5.0" when they POST to
# PHP scripts in a particular path
SecRule REQUEST_METHOD "^POST$" \
    "chain,deny,log,auditlog,status:406,\
    msg:'Suspicious user agent making POST requests',id:'13383',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "^Mozilla/5.0$" "t:removeWhitespace,chain"
SecRule REQUEST_URI "/images/.*\.php"

# Block BLEXbot user agent
SecRule HTTP_User-Agent "BLEXBot" "deny,log,auditlog,status:406,\
    msg:'Malicious user agent BLEXBot',id:'13072',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"

# Block GbPlugin user agent
SecRule REQUEST_HEADERS:User-Agent "GbPlugin" \
    "deny,log,auditlog,status:406,msg:'Malicious user agent GbPlugin',id:'13066',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"

# Block GSLFbot user agent
SecRule HTTP_User-Agent "GSLFbot" "deny,log,auditlog,status:406,\
    msg:'Malicious user agent GSLFbot',id:'13067',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"

# Block "Indy Library" UA
SecRule REQUEST_METHOD "GET|POST" "chain,deny,log,auditlog,status:406,\
    msg:'Indy Library agent making POST requests',id:'13401',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "indylibrary" t:lowercase,t:removeWhitespace

# Block common bittorrent user agents
SecRule HTTP_User-Agent \
    "uTorrent|Bittorrent|BitComet|BitTorrent|qqdownload|NP0202_0_0|Azureus"\
    "deny,log,auditlog,status:406,msg:'Bit torrent user agent',id:'13728',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"

#https://trac.imhtech.net/T3/ticket/5850 : Malicious robot, attacks Joomla 1.5 com_jce
SecRule HTTP_User-Agent \
    "BOT/0.1\(BOTforJCE\)"\
    "deny,log,auditlog,t:removeWhitespace,status:406,msg:'Malicious robot',id:'13729',\
    tag:'WEB_ATTACK/INJECTION',severity:'4'"

# https://jira.imhdev.com/browse/T3O-4239
SecRule HTTP_User-Agent "Mozilla/5\.0 \(X11; Ubuntu; Linux x86_64; rv:62\.0\) Gecko/20100101 Firefox/62\.0" \
    "deny,log,auditlog,t:none,status:406,msg:'EOL Firefox',\
    msg:'T3O-4239',id:'13730',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"

# https://imh-internal.atlassian.net/browse/T3O2-3624
SecRule HTTP_User-Agent "Mozilla/5\.0 \(X11; Fedora; Linux x86_64; rv:94\.0\) Gecko/20100101 Firefox/95\.0" \
    "deny,log,auditlog,t:none,status:406,msg:'EOL Firefox',\
    msg:'https://imh-internal.atlassian.net/browse/T3O2-3624',id:'13731',\
    tag:'WEB_ATTACK/BRUTE FORCE',severity:'4'"
# both.conf
# shared and v/dedicated rules

# Holds rules to block malicious or otherwise un-wanted bots and to
# control bad behavior (e.g. Bingbot trying to log into WordPress)

# --- Collective bot budget ---
# AI crawlers share a collective budget per domain.
# Bot list in bot_budget_bots.txt, bot table injected into Lua by assembler.
# To add a bot: add one line to bot_budget_bots.txt.
#
# Per-bot: X requests per Y min window (see lua)
# Total: shared budget across all bots (calculated from bot count)
# Lua handles per-bot + total counters with fixed-window decay.

SecRule REQUEST_HEADERS:User-Agent "@pmFromFile bot_budget_bots.txt" \
    "id:13075,phase:2,nolog,pass,\
    setuid:%{request_headers.host},\
    setvar:tx.bot_ua=%{request_headers.user-agent},\
    exec:/etc/apache2/conf.d/imh-modsec/bot_ratelimit.lua"

SecRule TX:BOT_BLOCK "@streq 1" \
    "id:13076,phase:2,deny,status:429,log,\
    msg:'BOT RATELIMITED %{tx.bot_block_reason} for %{request_headers.host}'"

# --- Hard ratelimits (1 req/3s) ---

# Limit Scrapy hits by user agent to one hit per 3 seconds
SecRule REQUEST_HEADERS:User-Agent "@pm Scrapy" \
    "id:13085,phase:2,nolog,pass,setuid:%{request_headers.host},setvar:user.ratelimit_scrapy=+1,expirevar:user.ratelimit_scrapy=3"
SecRule USER:RATELIMIT_SCRAPY "@gt 1" \
    "chain,id:13086,phase:2,deny,status:429,setenv:RATELIMITED_SCRAPY,log,msg:'RATELIMITED SCRAPY'"
    SecRule REQUEST_HEADERS:User-Agent "@pm Scrapy"
Header always set Retry-After "3" env=RATELIMITED_SCRAPY

Youez - 2016 - github.com/yon3zu
LinuXploit