Modules update.

CIDRAM · Aug 21, 2024 · 675b24d · 675b24d
1 parent c0d58ae
commit 675b24d
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 53 deletions.
diff --git a/modules/module_badhosts.php b/modules/module_badhosts.php
@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Bad hosts blocker module (last modified: 2023.12.01).
+ * This file: Bad hosts blocker module (last modified: 2024.08.21).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -76,19 +76,19 @@
     $Trigger(preg_match('~captch|dbcapi\.me~', $HN), 'CAPTCHA cracker host'); // 2017.01.21
 
     $Trigger(preg_match(
-        '~prking\.com\.au$|(?:qvt|telsp)\.net\.br$|(?:\.(?:giga-dns|oodle|po' .
-        'intandchange|solidseo(?:dedicated|vps)?|topsy|vadino)|23gb|35up|acc' .
-        'elovation|barefruit|bestprice|colo\.iinet|detangled|kimsufi|lightsp' .
-        'eedsystems|lipperhey|mantraonline|netcomber|onlinehome-server\.myfo' .
-        'rexvps|page-store|setooz|technicolor)\.com$|poneytelecom\.eu$|(?:4u' .
-        '|netadvert|onlinehome-server)\.info$|mobilemarketingaid\.info|(?:3f' .
-        'n|buyurl|dragonara|isnet|mfnx|onlinehome-server)\.net$|seomoz\.org$' .
-        '|(?:dimargroup|itrack|mail|rulinki|vipmailoffer)\.ru$|(?:2kom|solom' .
-        'ono)\.ru|\.v4\.ngi\.it|awcheck|b(?:oardreader|reakingtopics|uysells' .
-        'ales)|c(?:eptro|heapseovps|yber-uslugi)|drugstore|liwio\.|luxuryhan' .
-        'dbag|s(?:emalt|mileweb\.com\.ua|quider|tartdedicated\.)|exabot~',
+        '~prking\.com\.au$|(?:qvt|telsp)\.net\.br$|' .
+        '(?:\.(?:giga-dns|oodle|pointandchange|solidseo(?:dedicated|vps)?|to' .
+        'psy|vadino)|23gb|35up|accelovation|barefruit|bestprice|colo\.iinet|' .
+        'detangled|kimsufi|lightspeedsystems|lipperhey|mantraonline|netcombe' .
+        'r|myforexvps|page-store|setooz|stretchoid|technicolor)\.com$|' .
+        'poneytelecom\.eu$|(?:4u|netadvert|onlinehome-server)\.info$|(?:3fn|' .
+        'buyurl|dragonara|isnet|mfnx|onlinehome-server)\.net$|' .
+        'seomoz\.org$|(?:dimargroup|itrack|mail|rulinki|vipmailoffer)\.ru$|b' .
+        '(?:oardreader|reakingtopics|uysellsales)|c(?:eptro|heapseovps|yber-' .
+        'uslugi)|drugstore|liwio\.|luxuryhandbag|s(?:emalt|mileweb\.com\.ua|' .
+        'quider|tartdedicated\.)|exabot~',
         $HN
-    ), 'SEO/Bothost/Scraper/Spamhost'); // 2020.11.15 mod 2023.01.27
+    ), 'SEO/Bothost/Scraper/Spamhost'); // 2024.08.21
 
     $Trigger(preg_match('~cjh-law\.com$~', $HN), 'Phisher / Phishing Host'); // 2017.02.14
 
@@ -111,7 +111,7 @@
     $Trigger(preg_match('~anchorfree|hotspotsheild|esonicspider\.com$~', $HN), 'Hostile/esonicspider'); // 2018.09.15
 
     $Trigger(preg_match(
-        '~megacom\.biz$|ideastack\.com$|dotnetdotcom\.org$|controlyourself\.online|seeweb\.it~',
+        '~megacom\.biz$|ideastack\.com$|dotnetdotcom\.org$|controlyourself\.online~',
         $HN
     ), 'Hostile/Unauthorised'); // 2017.02.14 mod 2021.06.28
 
@@ -121,7 +121,7 @@
         // Caught attempting to brute-force WordPress logins (2020.11.09).
         $Trigger(preg_match('~\.domainserver\.ne\.jp$~', $HN), 'Cloud/Webhosting') ||
 
-        // 2022.12.19
+        // 2022.12.19 mod 2024.08.21
         $Trigger(preg_match(
             '~i(?:g|nsite)\.com\.br$|terra\.cl$|acetrophies\.co\.uk$|adsinmedia\.co\.' .
             'in$|(?:webfusion|xcalibre)\.co\.uk$|(?:\.(?:appian|cloud|ctera|dyn|emc|f' .
@@ -155,18 +155,13 @@
             'essfactory|inkgos|oughtexpress)|rustsaas)|utilitystatus|v(?:aultscape|er' .
             'tica|mware|ordel)|web(?:faction|hosting\.uk|hostinghub|scalesolutions|si' .
             'tewelcome)|xactlycorp|xlhost|xythos|z(?:embly|imory|manda|oho|uora))\.co' .
-            'm$|(?:alxagency|capellahealthcare|host(?:gator|ingprod)|instantdedicated' .
-            '|khavarzamin|link88\.seo|securityspace|serve(?:path|rbuddies))\.com|serv' .
-            'er4u\.cz$|(?:(?:\.|kunden)server|clanmoi|fastwebserver|optimal|server4yo' .
-            'u|your-server)\.de$|eucalyptus\.cs\.uscb\.edu$|candycloud\.eu$|cyberresi' .
-            'lience\.io$|server\.lu$|starnet\.md$|(?:\.(?:above|akpackaging|bhsrv|box' .
-            '|propagation|voxel)|1978th|collab|enkiconsulting|incrediserve|jkserv|rec' .
-            'yber|reliablesite|shared-server|techajans)\.net$|hitech-hosting\.nl$|(?:' .
-            '\.terracotta|beowulf|iboss|opennebula|xen)\.org$|mor\.ph$|(?:ogicom|vamp' .
-            'ire)\.pl$|(?:cyber-host|slaskdatacenter)\.pl|(?:serverhub|rivreg|tkvprok' .
-            '|vpsnow|vympelstroy)\.ru$|g\.ho\.st$|bergdorf-group|cloudsigma|dreamhost' .
-            '|ipxserver|linode|money(?:mattersnow|tech\.mg)|psychz|requestedoffers|sc' .
-            'opehosts|s(?:p?lice|teep)host~',
+            'm$|server4u\.cz$|(?:(?:\.|kunden)server|clanmoi|fastwebserver|optimal|se' .
+            'rver4you|your-server)\.de$|candycloud\.eu$|cyberresilience\.io$|server\.' .
+            'lu$|starnet\.md$|(?:\.(?:above|akpackaging|bhsrv|box|propagation|voxel)|' .
+            '1978th|collab|enkiconsulting|incrediserve|jkserv|recyber|reliablesite|sh' .
+            'ared-server|techajans)\.net$|hitech-hosting\.nl$|(?:\.terracotta|beowulf' .
+            '|iboss|opennebula|xen)\.org$|mor\.ph$|(?:ogicom|vampire)\.pl$|(?:serverh' .
+            'ub|rivreg|tkvprok|vpsnow|vympelstroy)\.ru$|g\.ho\.st$~',
             $HN
         ), 'Cloud/Webhosting') ||
 
@@ -196,12 +191,6 @@
 
     $Trigger(preg_match('~(?<!ssg-corp\.)zetta\.net$|(?<!\.user\.)veloxzone\.com\.br$|12bot\.com$~', $HN), 'Server farm'); // 2022.12.19
 
-    $Trigger(empty($CIDRAM['Ignore']['SoftLayer']) && preg_match('/softlayer\.com$/', $HN) && (
-        !substr_count($CIDRAM['BlockInfo']['UALC'], 'disqus') &&
-        !substr_count($CIDRAM['BlockInfo']['UA'], 'Superfeedr bot/2.0') &&
-        !substr_count($CIDRAM['BlockInfo']['UA'], 'Feedbot')
-    ), 'SoftLayer'); // 2017.01.21 (ASN 36351) modified 2020.01.11
-
     $Trigger(preg_match(
         '~(?:starlogic|temka)\.biz$|ethymos\.com\.br$|(?:amplilogic|astranig' .
         'ht|borderfreehosting|creatoor|dl-hosting|hosting-ie|idknet|ipilum|k' .

diff --git a/modules/module_botua.php b/modules/module_botua.php
@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Bot user agents module (last modified: 2024.08.14).
+ * This file: Bot user agents module (last modified: 2024.08.21).
  *
  * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High »
  */
@@ -86,7 +86,6 @@
 
     $Trigger(strpos($UANoSpace, 'captch') !== false, 'CAPTCHA cracker UA', '', $UnmarkCaptcha); // 2017.01.08 mod 2021.04.29
 
-
     $Trigger(preg_match(
         '~(?:^b55|-agent-|auto_?http|bigbrother|cybeye|d(?:(?:iavol|ragoste)a|own' .
         'loaddemon)|e(?:ak01ag9|catch)|i(?:ndylibrary|ntelium)|k(?:angen|mccrew)|' .
@@ -99,13 +98,10 @@
     $Trigger(preg_match('/(?: obot|ie 5\.5 compatible browser)/', $UA), 'Probe UA'); // 2017.02.02
 
     $Trigger(preg_match('/[<\[](?:a|link|url)[ =>\]]/', $UA), 'Spam UA'); // 2017.01.02
-    $Trigger(preg_match('/^\.?=/', $UANoSpace), 'Spam UA'); // 2017.01.07
-    $Trigger(strpos($UANoSpace, '/how-') !== false, 'Spam UA'); // 2017.01.04
-    $Trigger(strpos($UANoSpace, '>click') !== false, 'Spam UA'); // 2017.01.04
     $Trigger(strpos($UANoSpace, 'ruru)') !== false, 'Spam UA'); // 2017.01.07
-
     $Trigger(preg_match(
-        '~a(?:btasty|llsubmitter|velox)|' .
+        '~^\.?=|/how-|>click|' .
+        'a(?:btasty|llsubmitter|velox)|' .
         'b(?:ad-neighborhood|dsm|ea?stiality|iloba|ork-edition|uyessay)|' .
         'c(?:asino|ialis|igar|heap|oursework)|' .
         'deltasone|dissertation|drugs|' .
@@ -130,7 +126,7 @@
         'xanax|' .
         'zdorov~',
         $UANoSpace
-    ), 'Spam UA'); // 2022.07.09
+    ), 'Spam UA'); // 2022.07.09 mod 2024.08.21
 
     $Trigger(preg_match(
         '/(?: (audit|href|mra |quibids )|\\(build 5339\\))/',
@@ -265,14 +261,10 @@
         $CIDRAM['BlockInfo']['UA']
     ), 'Unauthorised'); // 2023.09.15 mod 2024.08.14
 
-    if ($Trigger(preg_match('~ivre-|masscan~', $UANoSpace), 'Port scanner and synflood tool detected')) {
-        $CIDRAM['Reporter']->report([14, 15, 19], ['MASSCAN port scanner and synflood tool detected.'], $CIDRAM['BlockInfo']['IPAddr']);
-    } // 2024.07.28
-
-    $Trigger(preg_match(
-        '~^(?:bot|java|msie|windows-live-social-object-extractor)|\\((?:java|\w:\d{2,})~',
-        $UANoSpace
-    ), 'Fake UA'); // 2019.06.30
+    $Trigger((
+        preg_match('~^(?:bot|java|msie|windows-live-social-object-extractor)|\\((?:java|\w:\d{2,})~', $UANoSpace) ||
+        preg_match('~^go +\d|movable type|msie ?(?:\d{3,}|[2-9]\d|[0-8]\.)~i', $UA)
+    ), 'Fake UA'); // 2019.06.30 mod 2024.08.15
 
     $Trigger(preg_match(
         '~^go +\d|movable type|msie ?(?:\d{3,}|[2-9]\d|[0-8]\.)~i',

diff --git a/modules/modules.dat b/modules/modules.dat
@@ -138,7 +138,7 @@ module_abuseipdb.php:
 module_badhosts.php:
  Name: "Bad hosts blocker module"
  False Positive Risk: "Medium"
- Version: "2023.334.0"
+ Version: "2024.233.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -150,7 +150,7 @@ module_badhosts.php:
   To:
    - "module_badhosts.php"
   Checksum:
-   - "a7711b83330e09e3346af05288a1ab5afef1ed3141dac4fbe74785621ebe1c77:15780"
+   - "c05d2f98d6b3cbd4f617679f5c98affa9a02f73216f6d963d0548efa48514246:14906"
  Used with: "modules"
  Reannotate: "modules.dat"
 module_badtlds.php:
@@ -197,7 +197,7 @@ module_bgpview.php:
 module_botua.php:
  Name: "Bot user agents module"
  False Positive Risk: "Medium"
- Version: "2024.226.0"
+ Version: "2024.233.0"
  Dependencies:
   PHP: "^5.4|^7|^8"
   CIDRAM Core: "^1.13.1|^2.0.1"
@@ -209,7 +209,7 @@ module_botua.php:
   To:
    - "module_botua.php"
   Checksum:
-   - "56dbc96d3ea241e15e1f475c0e645a647f070b4b8b674cf7107a4698e005c897:27837"
+   - "5f9321e8805b42677af46002301844bea3f8a8f59c96a39c8290861bce7f05a6:27483"
  Used with: "modules"
  Reannotate: "modules.dat"
 module_cookies.php: