http://pastebin.com/tZZg3RbA/?e=1
This is the access.log file data relevant to that fake googlebot. It
starts with a fake googlebot entry, then goes downhill from there. I
rate limit at 10/s. I only allow the verbs HEAD and GET, so the POST
went to 444 directly.
I replaced the domain with a fake
I doubt I could patch source. (I know my limits.) But reverse DNS seems very
useful. Someone should fix the module.
Original Message
From: A. Schulze
Sent: Monday, September 26, 2016 12:33 AM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: fake googlebots / nginx-http-rdns
lists
lists:
Nginx has a reverse DNS module:
https://github.com/flant/nginx-http-rdns
for an older version from 20140411 I have a patch. That version works
without problems.
--- nginx-1.10.1.orig/nginx-http-rdns-20140411/ngx_http_rdns_module.c
+++
IP2location's data is not accurate in China. This IP is located in Hong
Kong instead of Shanghai, however it does belong to a IDC registered in
Shanghai named 51idc.com. It is just a (misconfigurated) proxy server
and somebody abused it, ban the address in iptables should work.
On 9/26/2016
> That hacker was quite insistent. I got a 414 (large request) for the first
> time. Perhaps a buffer overflow attempt.
In 2016? I _strongly_ doubt it. ;)
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
That looks promising. BTW most Google Image bots are fake. But I don't allow hot linking. A legitimate Google user viewing the reduced resolution image provided by Google can click to see the referring page, so
> Am 25.09.2016 um 23:58 schrieb li...@lazygranch.com:
>
> I got a spoofed googlebot hit. It was easy to detect since there were
> probably a hundred requests that triggered my hacker detection map
> scheme. Only two requests received a 200 return and both were harmless.
>
> 200 118.193.176.53
I got a spoofed googlebot hit. It was easy to detect since there were
probably a hundred requests that triggered my hacker detection map
scheme. Only two requests received a 200 return and both were harmless.
200 118.193.176.53 - - [25/Sep/2016:17:45:23 +] "GET / HTTP/1.1" 847 "-"