You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
unboundedpress/nginx/bots.d/bad-referrer-words.conf

93 lines
4.6 KiB
Plaintext

# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.11
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
# -------------------------------
# !!! WARNING WARNING WARNING !!!
# -------------------------------
# ---------------------------------------
# PLEASE BE VERY CAREFUL HOW YOU USE THIS
# ---------------------------------------
# Here is an example of how one supposed bad word can cause your whole site to go down.
# An issue was logged where the users own domain name was specialisteparquet.com
# Because this list contained the word "cialis" it was detected within his domain name causing
# his entire site to go down and not server any assets.
# That one entry would even cause any site containing a word like "specialist" anywhere in any
# of their sites pages to cause them to be blocked and whitelisting your own domain name in the
# whitelist-domains.conf file will not even bypass this, SO BE CAREFUL PLEASE
# Think very carefully before you add any word here
# -----------------------------------------------------------------------------------------
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# -----------------------------------------------------------------------------------------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# As you can see in the examples below the word "adultgalls" is entered with a preceding (?:\b) and an ending (?:\b)
# this makes it now "(?:\b)adultgalls(?:\b)". It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# "~*(?:\b)adultgalls(?:\b)" 1;
# "~*(?:\b)amateurxpass(?:\b)" 1;
# "~*(?:\b)bigblackbooty(?:\b)" 1;
# "~*(?:\b)blacktits(?:\b)" 1;
# "~*(?:\b)cookie\-law\-enforcement(?:\b)" 1;
# "~*(?:\b)free\-share\-buttons(?:\b)" 1;
# "~*(?:\b)free\-social\-buttons(?:\b)" 1;
# "~*(?:\b)fuck\-paid\-share\-buttons(?:\b)" 1;
# "~*(?:\b)ilovevitaly(?:\b)" 1;
# "~*(?:\b)law\-enforcement\-bot(?:\b)" 1;
# "~*(?:\b)law\-enforcement\-check(?:\b)" 1;
# "~*(?:\b)share\-buttons\-for\-free(?:\b)" 1;
# "~*(?:\b)webfuck(?:\b)" 1;
# "~*(?:\b)xxxrus(?:\b)" 1;
# "~*(?:\b)zeroredirect(?:\b)" 1;
# "~*(?:\b|)x22(?:\b)" 1; (in this string if your own domain name was sex22.com it would be blocked)
# Here is a list of unsanitary words used in referrer strings - used in various injection attacks
# THE RULES BELOW ARE ENABLED BY DEFAULT
# You can disable this default list by switching the values to 0
"~*(?:\b|)mb_ereg_replace(?:\b|)" 1;
# -----------
# PLEASE NOTE
# -----------
# If you whitelist your own domain in whitelist-domains.conf and your own domain is passed in the referrer string with an attack string it will NOT be blocked.
# --------
# EXAMPLE:
# --------
# This string "http://yourwebsite.com/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=gqopu.php&vars[1][]=<?php mb_ereg_replace('.*',@$_REQUEST[_], '', 'e');?>$"
# contains the above 'mb_ereg_replace" attack string
# If your domain is whitelisted in whitelist-domains.conf this string will NOT be detected