From 675b24d265cea265c45a641833cdd797cda98eb6 Mon Sep 17 00:00:00 2001 From: Caleb Mazalevskis Date: Wed, 21 Aug 2024 15:13:15 +0800 Subject: [PATCH] Modules update. --- modules/module_badhosts.php | 55 +++++++++++++++---------------------- modules/module_botua.php | 24 ++++++---------- modules/modules.dat | 8 +++--- 3 files changed, 34 insertions(+), 53 deletions(-) diff --git a/modules/module_badhosts.php b/modules/module_badhosts.php index 5a56cec..f3253f5 100644 --- a/modules/module_badhosts.php +++ b/modules/module_badhosts.php @@ -8,7 +8,7 @@ * License: GNU/GPLv2 * @see LICENSE.txt * - * This file: Bad hosts blocker module (last modified: 2023.12.01). + * This file: Bad hosts blocker module (last modified: 2024.08.21). * * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High » */ @@ -76,19 +76,19 @@ $Trigger(preg_match('~captch|dbcapi\.me~', $HN), 'CAPTCHA cracker host'); // 2017.01.21 $Trigger(preg_match( - '~prking\.com\.au$|(?:qvt|telsp)\.net\.br$|(?:\.(?:giga-dns|oodle|po' . - 'intandchange|solidseo(?:dedicated|vps)?|topsy|vadino)|23gb|35up|acc' . - 'elovation|barefruit|bestprice|colo\.iinet|detangled|kimsufi|lightsp' . - 'eedsystems|lipperhey|mantraonline|netcomber|onlinehome-server\.myfo' . - 'rexvps|page-store|setooz|technicolor)\.com$|poneytelecom\.eu$|(?:4u' . - '|netadvert|onlinehome-server)\.info$|mobilemarketingaid\.info|(?:3f' . - 'n|buyurl|dragonara|isnet|mfnx|onlinehome-server)\.net$|seomoz\.org$' . - '|(?:dimargroup|itrack|mail|rulinki|vipmailoffer)\.ru$|(?:2kom|solom' . - 'ono)\.ru|\.v4\.ngi\.it|awcheck|b(?:oardreader|reakingtopics|uysells' . - 'ales)|c(?:eptro|heapseovps|yber-uslugi)|drugstore|liwio\.|luxuryhan' . - 'dbag|s(?:emalt|mileweb\.com\.ua|quider|tartdedicated\.)|exabot~', + '~prking\.com\.au$|(?:qvt|telsp)\.net\.br$|' . + '(?:\.(?:giga-dns|oodle|pointandchange|solidseo(?:dedicated|vps)?|to' . + 'psy|vadino)|23gb|35up|accelovation|barefruit|bestprice|colo\.iinet|' . + 'detangled|kimsufi|lightspeedsystems|lipperhey|mantraonline|netcombe' . + 'r|myforexvps|page-store|setooz|stretchoid|technicolor)\.com$|' . + 'poneytelecom\.eu$|(?:4u|netadvert|onlinehome-server)\.info$|(?:3fn|' . + 'buyurl|dragonara|isnet|mfnx|onlinehome-server)\.net$|' . + 'seomoz\.org$|(?:dimargroup|itrack|mail|rulinki|vipmailoffer)\.ru$|b' . + '(?:oardreader|reakingtopics|uysellsales)|c(?:eptro|heapseovps|yber-' . + 'uslugi)|drugstore|liwio\.|luxuryhandbag|s(?:emalt|mileweb\.com\.ua|' . + 'quider|tartdedicated\.)|exabot~', $HN - ), 'SEO/Bothost/Scraper/Spamhost'); // 2020.11.15 mod 2023.01.27 + ), 'SEO/Bothost/Scraper/Spamhost'); // 2024.08.21 $Trigger(preg_match('~cjh-law\.com$~', $HN), 'Phisher / Phishing Host'); // 2017.02.14 @@ -111,7 +111,7 @@ $Trigger(preg_match('~anchorfree|hotspotsheild|esonicspider\.com$~', $HN), 'Hostile/esonicspider'); // 2018.09.15 $Trigger(preg_match( - '~megacom\.biz$|ideastack\.com$|dotnetdotcom\.org$|controlyourself\.online|seeweb\.it~', + '~megacom\.biz$|ideastack\.com$|dotnetdotcom\.org$|controlyourself\.online~', $HN ), 'Hostile/Unauthorised'); // 2017.02.14 mod 2021.06.28 @@ -121,7 +121,7 @@ // Caught attempting to brute-force WordPress logins (2020.11.09). $Trigger(preg_match('~\.domainserver\.ne\.jp$~', $HN), 'Cloud/Webhosting') || - // 2022.12.19 + // 2022.12.19 mod 2024.08.21 $Trigger(preg_match( '~i(?:g|nsite)\.com\.br$|terra\.cl$|acetrophies\.co\.uk$|adsinmedia\.co\.' . 'in$|(?:webfusion|xcalibre)\.co\.uk$|(?:\.(?:appian|cloud|ctera|dyn|emc|f' . @@ -155,18 +155,13 @@ 'essfactory|inkgos|oughtexpress)|rustsaas)|utilitystatus|v(?:aultscape|er' . 'tica|mware|ordel)|web(?:faction|hosting\.uk|hostinghub|scalesolutions|si' . 'tewelcome)|xactlycorp|xlhost|xythos|z(?:embly|imory|manda|oho|uora))\.co' . - 'm$|(?:alxagency|capellahealthcare|host(?:gator|ingprod)|instantdedicated' . - '|khavarzamin|link88\.seo|securityspace|serve(?:path|rbuddies))\.com|serv' . - 'er4u\.cz$|(?:(?:\.|kunden)server|clanmoi|fastwebserver|optimal|server4yo' . - 'u|your-server)\.de$|eucalyptus\.cs\.uscb\.edu$|candycloud\.eu$|cyberresi' . - 'lience\.io$|server\.lu$|starnet\.md$|(?:\.(?:above|akpackaging|bhsrv|box' . - '|propagation|voxel)|1978th|collab|enkiconsulting|incrediserve|jkserv|rec' . - 'yber|reliablesite|shared-server|techajans)\.net$|hitech-hosting\.nl$|(?:' . - '\.terracotta|beowulf|iboss|opennebula|xen)\.org$|mor\.ph$|(?:ogicom|vamp' . - 'ire)\.pl$|(?:cyber-host|slaskdatacenter)\.pl|(?:serverhub|rivreg|tkvprok' . - '|vpsnow|vympelstroy)\.ru$|g\.ho\.st$|bergdorf-group|cloudsigma|dreamhost' . - '|ipxserver|linode|money(?:mattersnow|tech\.mg)|psychz|requestedoffers|sc' . - 'opehosts|s(?:p?lice|teep)host~', + 'm$|server4u\.cz$|(?:(?:\.|kunden)server|clanmoi|fastwebserver|optimal|se' . + 'rver4you|your-server)\.de$|candycloud\.eu$|cyberresilience\.io$|server\.' . + 'lu$|starnet\.md$|(?:\.(?:above|akpackaging|bhsrv|box|propagation|voxel)|' . + '1978th|collab|enkiconsulting|incrediserve|jkserv|recyber|reliablesite|sh' . + 'ared-server|techajans)\.net$|hitech-hosting\.nl$|(?:\.terracotta|beowulf' . + '|iboss|opennebula|xen)\.org$|mor\.ph$|(?:ogicom|vampire)\.pl$|(?:serverh' . + 'ub|rivreg|tkvprok|vpsnow|vympelstroy)\.ru$|g\.ho\.st$~', $HN ), 'Cloud/Webhosting') || @@ -196,12 +191,6 @@ $Trigger(preg_match('~(?\]]/', $UA), 'Spam UA'); // 2017.01.02 - $Trigger(preg_match('/^\.?=/', $UANoSpace), 'Spam UA'); // 2017.01.07 - $Trigger(strpos($UANoSpace, '/how-') !== false, 'Spam UA'); // 2017.01.04 - $Trigger(strpos($UANoSpace, '>click') !== false, 'Spam UA'); // 2017.01.04 $Trigger(strpos($UANoSpace, 'ruru)') !== false, 'Spam UA'); // 2017.01.07 - $Trigger(preg_match( - '~a(?:btasty|llsubmitter|velox)|' . + '~^\.?=|/how-|>click|' . + 'a(?:btasty|llsubmitter|velox)|' . 'b(?:ad-neighborhood|dsm|ea?stiality|iloba|ork-edition|uyessay)|' . 'c(?:asino|ialis|igar|heap|oursework)|' . 'deltasone|dissertation|drugs|' . @@ -130,7 +126,7 @@ 'xanax|' . 'zdorov~', $UANoSpace - ), 'Spam UA'); // 2022.07.09 + ), 'Spam UA'); // 2022.07.09 mod 2024.08.21 $Trigger(preg_match( '/(?: (audit|href|mra |quibids )|\\(build 5339\\))/', @@ -265,14 +261,10 @@ $CIDRAM['BlockInfo']['UA'] ), 'Unauthorised'); // 2023.09.15 mod 2024.08.14 - if ($Trigger(preg_match('~ivre-|masscan~', $UANoSpace), 'Port scanner and synflood tool detected')) { - $CIDRAM['Reporter']->report([14, 15, 19], ['MASSCAN port scanner and synflood tool detected.'], $CIDRAM['BlockInfo']['IPAddr']); - } // 2024.07.28 - - $Trigger(preg_match( - '~^(?:bot|java|msie|windows-live-social-object-extractor)|\\((?:java|\w:\d{2,})~', - $UANoSpace - ), 'Fake UA'); // 2019.06.30 + $Trigger(( + preg_match('~^(?:bot|java|msie|windows-live-social-object-extractor)|\\((?:java|\w:\d{2,})~', $UANoSpace) || + preg_match('~^go +\d|movable type|msie ?(?:\d{3,}|[2-9]\d|[0-8]\.)~i', $UA) + ), 'Fake UA'); // 2019.06.30 mod 2024.08.15 $Trigger(preg_match( '~^go +\d|movable type|msie ?(?:\d{3,}|[2-9]\d|[0-8]\.)~i', diff --git a/modules/modules.dat b/modules/modules.dat index e0aefee..186e1bd 100644 --- a/modules/modules.dat +++ b/modules/modules.dat @@ -138,7 +138,7 @@ module_abuseipdb.php: module_badhosts.php: Name: "Bad hosts blocker module" False Positive Risk: "Medium" - Version: "2023.334.0" + Version: "2024.233.0" Dependencies: PHP: "^5.4|^7|^8" CIDRAM Core: "^1.13.1|^2.0.1" @@ -150,7 +150,7 @@ module_badhosts.php: To: - "module_badhosts.php" Checksum: - - "a7711b83330e09e3346af05288a1ab5afef1ed3141dac4fbe74785621ebe1c77:15780" + - "c05d2f98d6b3cbd4f617679f5c98affa9a02f73216f6d963d0548efa48514246:14906" Used with: "modules" Reannotate: "modules.dat" module_badtlds.php: @@ -197,7 +197,7 @@ module_bgpview.php: module_botua.php: Name: "Bot user agents module" False Positive Risk: "Medium" - Version: "2024.226.0" + Version: "2024.233.0" Dependencies: PHP: "^5.4|^7|^8" CIDRAM Core: "^1.13.1|^2.0.1" @@ -209,7 +209,7 @@ module_botua.php: To: - "module_botua.php" Checksum: - - "56dbc96d3ea241e15e1f475c0e645a647f070b4b8b674cf7107a4698e005c897:27837" + - "5f9321e8805b42677af46002301844bea3f8a8f59c96a39c8290861bce7f05a6:27483" Used with: "modules" Reannotate: "modules.dat" module_cookies.php: