New User Agents to Block

[vxsh4d0w]

Added new rule rules to block nikto user agent and sql injections attempts

[drego85]

So, the new UAs to block would be:

libwww-perl
wget
python
nikto
curl
scan
java
winhttp
HTTrack
clshttp
archiver
loader
email
harvest
extract
grab
miner

Thanks for this very interesting list. But I don't think I want to block them all.

For example "curl" or "wget" are often used to invoke wp-cron.php and update WP Core, Themes or Plugin.

What software uses "email", "harvest", "archiver" as user agent? I find nothing potentially malicious...

[Mte90]

A website that use wget to run wp-cron deserve to be blocked as there are better ways to do it in a more performant way without using a call to a webserver 😂

The wp-cron file can be executed with php from cli or with wp-cli https://developer.wordpress.org/cli/commands/cron/event/run/

[drego85]

@Mte90 you are absolutely right!

But the project was born with the intention of not being invasive; I don't want to risk interrupting the update processes of some installations.

[Mte90]

Maybe you can do 2 sets of rules like basic and advanced

[drego85]

Good point!

[drego85]

We may select other user agents of interest from: https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker

[stramargio]

We may select other user agents of interest from: https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker

Here too: https://perishablepress.com/ultimate-htaccess-blacklist/

[drego85]

Other user agent I would like to add:

Nuclei - Open-source project (github.com/projectdiscovery/nuclei)

[drego85]

Another UA likely to be blocked:

ltx71