-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update bad bots #3678
base: master
Are you sure you want to change the base?
Update bad bots #3678
Conversation
… apache-badbots.conf file
…-bad-bot-blocker repository
I never understand the necessity for filters like this (don't like the idea to ban only by the agent, and then even as a blacklist). Let alone it is easy for other party to change the agent to something more browser specific. In my opinion a prevention against bothering bots should look like:
But OK, since we provided this filter already, one can also update it occasionally. |
Yeah, I agree. However, it seems like many people are using the list because of the #1950 issue. So it might be a good idea to update it. |
This is not what can be improved in fail2ban... More or less this is individual solution. |
Ah, I see now. Ok, thank you. Would you please merge the PR, or there is something else we should do? |
Well, possibly one could update the RE (in order to make it a bit less "vulnerable", as well as accept another levels than - failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
+ requri = /\S*
+ rescode = \d+
+ failregex = ^<ADDR> [^"]*"[A-Z]+\s+%(requri)s\s+[^"]*" %(rescode)s \d+ "[^"]*" "(?:%(badbots)s|%(badbotscustom)s)"$ (where |
Apologies for the delay. |
Regarding the last change (REs) - it looks good, but... I'm still unsure about this PR as is: there are the lot of new bots now and therefore:
For instance since when exactly I know people using that, etc... And it is already ugly filter right now... But we have surely no intention to make it more ugly. |
I propose updating the bad-bots list in the Apache configuration. While we are waiting for a complex solution in #1950, I would like to see the relevant list of bad-bots as soon as possible.
Therefore, we could update the currently used configuration file. This change is based on https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker and inspired by the commentary from the noted issue.