Re: fake googlebots

2016-09-28 Thread li...@lazygranch.com
http://pastebin.com/tZZg3RbA/?e=1 This is the access.log file data relevant to that fake googlebot. It starts with a fake googlebot entry, then goes downhill from there. I rate limit at 10/s. I only allow the verbs HEAD and GET, so the POST went to 444 directly. I replaced the domain with a fake

Re: fake googlebots / nginx-http-rdns

2016-09-26 Thread lists
I doubt I could patch source. (I know my limits.) But reverse DNS seems very useful. Someone should fix the module.   Original Message   From: A. Schulze Sent: Monday, September 26, 2016 12:33 AM To: nginx@nginx.org Reply To: nginx@nginx.org Subject: Re: fake googlebots / nginx-http-rdns lists

Re: fake googlebots / nginx-http-rdns

2016-09-26 Thread A. Schulze
lists: Nginx has a reverse DNS module: https://github.com/flant/nginx-http-rdns for an older version from 20140411 I have a patch. That version works without problems. --- nginx-1.10.1.orig/nginx-http-rdns-20140411/ngx_http_rdns_module.c +++

Re: fake googlebots

2016-09-25 Thread dommyet
IP2location's data is not accurate in China. This IP is located in Hong Kong instead of Shanghai, however it does belong to a IDC registered in Shanghai named 51idc.com. It is just a (misconfigurated) proxy server and somebody abused it, ban the address in iptables should work. On 9/26/2016

Re: fake googlebots

2016-09-25 Thread Robert Paprocki
> That hacker was quite insistent. I got a 414 (large request) for the first > time. Perhaps a buffer overflow attempt. In 2016? I _strongly_ doubt it. ;) ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: fake googlebots

2016-09-25 Thread lists
That looks promising. BTW most Google Image bots are fake. But I don't allow hot linking. A legitimate Google user viewing the reduced resolution image provided by Google can click to see the referring page, so

Re: fake googlebots

2016-09-25 Thread Rainer Duffner
> Am 25.09.2016 um 23:58 schrieb li...@lazygranch.com: > > I got a spoofed googlebot hit. It was easy to detect since there were > probably a hundred requests that triggered my hacker detection map > scheme. Only two requests received a 200 return and both were harmless. > > 200 118.193.176.53

fake googlebots

2016-09-25 Thread li...@lazygranch.com
I got a spoofed googlebot hit. It was easy to detect since there were probably a hundred requests that triggered my hacker detection map scheme. Only two requests received a 200 return and both were harmless. 200 118.193.176.53 - - [25/Sep/2016:17:45:23 +] "GET / HTTP/1.1" 847 "-"