Code to block mal user agents

Home Forums BulletProof Security Pro Code to block mal user agents

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #38397
    Rami M
    Participant

    Is there a code to block a list of user agents known to be used for attacks / scans?

    I see this in my log:

    [403 GET Request: December 17, 2019 7:58 pm]
    BPS Pro: 14.3
    WP: 5.3.1
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: ...
    Host Name: ...
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /
    QUERY_STRING:
    HTTP_USER_AGENT: masscan/1.0 (https://github.com/robertdavidgraham/masscan)
    #38398
    AITpro Admin
    Keymaster

    Actually the Request is already being blocked since a 403 error was logged. BPS is blocking masscan with this Query String Exploits security rule below. “scan” in the User Agent security rule below will match “masscan”.

    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

    To block other User Agents you can use this code below.

    1. Copy the code below into this BPS Root Custom Code text box:  14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
    2. Click the Save Root Custom Code button.
    3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.

    RewriteCond %{HTTP_USER_AGENT} (another-user-agent|another-user-agent|another-user-agent|another-user-agent) [NC]
    RewriteRule ^(.*)$ - [F]
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.