Ahhh Mb2345Browser bot! I was hit by that one last week!Nick225 wrote: ↑Mon Nov 11, 2019 10:28 pmI enter the IP 159.138* and I keep getting an error message that No IP as been provided.
I tried 159.138.* and still the same error. Doesn't go through. the only way to work is to enter the entire IP.
But there are tons of them starting with that string, with agents looking like this:that's weirdCode: Select all
Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv) AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/42.0.2311.138 Mobile Safari/537.36 Mb2345Browser/9.0
These are the same Chinese bots attacking everyone's boards at the moment.Nick225 wrote: ↑Mon Nov 11, 2019 10:28 pmI enter the IP 159.138* and I keep getting an error message that No IP as been provided.
I tried 159.138.* and still the same error. Doesn't go through. the only way to work is to enter the entire IP.
But there are tons of them starting with that string, with agents looking like this:that's weirdCode: Select all
Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv) AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/42.0.2311.138 Mobile Safari/537.36 Mb2345Browser/9.0
EXACTLY!
CPanel -> IP Blocker
Code: Select all
110.240.0.0/12 110.240.0.0 110.255.255.255
111.224.0.0/14 111.224.0.0 111.227.255.255
36.110.162.63 36.110.162.63 36.110.162.63
I don't like Cloudflare besides Apache has a mod_geoip module and if this is installed/activated then you can use this;
Code: Select all
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MemoryCache
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(AF|PK|IN|TW|CN)$
RewriteRule ^.* - [F,L]
Would it make sense to add all of these to ACP->Spiders/Robots so that rather than multiple sessions for each, they'd be somewhat managed?WelshPaul wrote: ↑Mon Nov 11, 2019 10:36 pmThese are the one's doing the rounds at present:I was hit by 98,000 different IP's all coming from those user agents!
- Mb2345Browser
- LieBaoFast
- MicroMessenger
- Kinza
- Mozilla/5.0(Linux;U;Android 5.1.1;zh-CN;OPPO A33 Build/LMY47V) AppleWebKit/537.36(KHTML,like Gecko) Version/4.0 Chrome/40.0.2214.89 UCBrowser/11.7.0.953 Mobile Safari/537.36
It certainly would not do any harm but it will not stop the problem as they will still be accessing your board. These types of bots need stopping at server level (or before)
I have an extensive list of bots in the ACP->Spiders/Robots section on my board, in this case though, no.
To react to myself... Don't need to be bothered to install new libs. Just convert new database format to the old one. Someone already is doing that;
I've understood this from the beginning but for those of us on shared hosting plans our options are limited on how to stop them early.