NF don't stop MJ12 ?

  • Resolved gagomap

    (@gagomap)


    9 years, 1 month ago

    Hi,
    NF show me it has stopped a request from MJ12bot in firewall log today

    25/Oct/15 12:54:23 #4653872 medium 531 185.112.42.38 GET /index.php - Suspicious bots/scanners - [HTTP_USER_AGENT = Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)]

    But i still see this line in nginx log (dautu365.com.access.log) :

    185.112.42.38 0.010 MISS [25/Oct/2015:12:54:23 +0700] dautu365.com "GET /robots.txt HTTP/1.0" 403 741 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"

    I have added MJ12bot to nginx server block before.
    Don’t NF stop MJ12bot ?

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter gagomap

    (@gagomap)

    And i see a lot of request in access.log. May be NF don’t stop them. And they was blocked by nginx server block.

    95.211.199.202 - - [25/Oct/2015:05:12:57 +0700] "GET / HTTP/1.1" 200 826 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)"
157.55.39.242 - - [25/Oct/2015:08:21:12 +0700] "GET /so-tay-cho-chuyen-du-lich-sapa-hoan-hao.html HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +https://www.bing.com/bingbot.htm)"
68.180.228.151 - - [25/Oct/2015:09:01:23 +0700] "GET /bo-suu-tap-banh-sinh-nhat-dep-moi-la.html HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; https://help.yahoo.com/help/us/ysearch/slurp)"
207.46.13.142 - - [25/Oct/2015:09:03:26 +0700] "GET /author/nhungnguyen HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +https://www.bing.com/bingbot.htm)"
207.46.13.142 - - [25/Oct/2015:09:17:54 +0700] "GET /robots.txt HTTP/1.1" 404 162 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +https://www.bing.com/bingbot.htm)"
207.46.13.142 - - [25/Oct/2015:09:18:08 +0700] "GET /di-du-lich-ha-long-cho-quen-ghe-qua-pho-hai-san.html HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +https://www.bing.com/bingbot.htm)"
62.210.148.233 - - [25/Oct/2015:09:22:04 +0700] "GET /robots.txt HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
62.210.148.233 - - [25/Oct/2015:09:22:06 +0700] "GET /binh-minh-tren-bien-nha-trang-khoa%CC%89ng-khac-kho-quen.html/feed HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
68.180.228.151 - - [25/Oct/2015:09:57:36 +0700] "GET /nhung-dac-san-dat-mo-di-du-lich-ha-long-khong-the-bo-qua.html HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; https://help.yahoo.com/help/us/ysearch/slurp)"
76.29.80.211 - - [25/Oct/2015:13:39:38 +0700] "GET /robots.txt HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
76.29.80.211 - - [25/Oct/2015:13:39:40 +0700] "GET / HTTP/1.0" 200 826 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
51.254.97.219 - - [25/Oct/2015:13:59:47 +0700] "GET /robots.txt HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
51.254.97.219 - - [25/Oct/2015:13:59:50 +0700] "GET /gia%CC%89i-nhie%CC%A3t-nang-he-voi-bai-tam-quan-lan-hoang-so-hung-vi%CC%83.html HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
51.254.97.219 - - [25/Oct/2015:13:59:52 +0700] "GET /khong-cho-tien-6-thanh-nien-giam-doc-mo-titan-bi-danh-chet.html HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
51.254.97.219 - - [25/Oct/2015:13:59:53 +0700] "GET /vao-tu-vi-ban-giam-dinh-phap-y-oan-trai.html HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
68.180.228.151 - - [25/Oct/2015:14:31:52 +0700] "GET /chuan-doan-doanh-thu-lg-sut-giam-tang-truong-g4-thap.html HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; https://help.yahoo.com/help/us/ysearch/slurp)"
46.165.197.142 - - [25/Oct/2015:14:33:35 +0700] "GET /robots.txt HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
46.165.197.142 - - [25/Oct/2015:14:33:37 +0700] "GET /tag/du-li%CC%A3ch-quan-da%CC%89o-ba-lu%CC%A3a/feed HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
46.165.197.142 - - [25/Oct/2015:14:33:39 +0700] "GET /tag/nhiep-a%CC%89nh-gia-nguoi-y/feed HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
46.165.197.142 - - [25/Oct/2015:14:33:41 +0700] "GET /tag/pho-ha%CC%89i-sa%CC%89n HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
46.165.197.142 - - [25/Oct/2015:14:33:42 +0700] "GET /tag/pho-ha%CC%89i-sa%CC%89n/feed HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
216.145.11.94 - - [25/Oct/2015:16:25:34 +0700] "GET /robots.txt HTTP/1.0" 404 162 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.0.13) Gecko/2009073022 Firefox/3.5.2 (.NET CLR 3.5.30729) SurveyBot/2.3 (DomainTools)"
216.145.11.94 - - [25/Oct/2015:16:25:35 +0700] "GET / HTTP/1.1" 200 509 "https://whois.domaintools.com/tienichmoingay.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.0.13) Gecko/2009073022 Firefox/3.5.2 (.NET CLR 3.5.30729) SurveyBot/2.3 (DomainTools)"
203.113.152.1 - - [25/Oct/2015:16:42:52 +0700] "GET / HTTP/1.1" 200 509 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0"
203.113.152.1 - - [25/Oct/2015:16:42:52 +0700] "GET /bo-suu-tap-banh-sinh-nhat-dep-moi-la.html HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0"
66.249.65.200 - - [25/Oct/2015:18:56:07 +0700] "GET /robots.txt HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
66.249.65.214 - - [25/Oct/2015:18:56:08 +0700] "GET / HTTP/1.1" 200 509 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
136.243.73.82 - - [25/Oct/2015:19:40:40 +0700] "GET /robots.txt HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
136.243.73.82 - - [25/Oct/2015:19:40:42 +0700] "GET /tag/du-li%CC%A3ch-quan-da%CC%89o-ba-lu%CC%A3a HTTP/1.0" 404 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; https://www.majestic12.co.uk/bot.php?+)"
    Plugin Author nintechnet

    (@nintechnet)

    Hi

    It blocks the MJ12 bot from accessing PHP scripts, but what you see here are not PHP scripts but non-existent files (they all return a 404 not found status code). This is managed by your HTTP server, not PHP.

    Thread Starter gagomap

    (@gagomap)

    Thanks,

    But what do you think about my first post ?

    Is it 2 request in one second ? One hit nginx, one hit NF ?

    Plugin Author nintechnet

    (@nintechnet)

    Yes, two simultaneous requests, one blocked by the firewall, the other one by Nginx.

    Thread Starter gagomap

    (@gagomap)

    Thanks,

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘NF don't stop MJ12 ?’ is closed to new replies.