▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Security Tips by UnderCode :
It is necessary to understand how hackers usually do this? :
This is why the platforms of large companies do not like to use third-party frameworks
twitter.com/UnderCodeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Download database files remotely: The use of this method of dragging the library is mainly due to the lack of security awareness of the administrator. When doing database backups or to facilitate data transfer, the database files are directly placed in the Web directory. The Web directory does not have permission control., Anyone can access; there is some open source programs on the website, without modifying the default database; in fact, hackers scan the major websites crazy every day using scanning tools, when your backup file name falls in Hackers' dictionaries can be easily scanned and downloaded by the hacker.

2) Using web application vulnerabilities to drag libraries: With the mature development of open source projects, the emergence of various web open source applications, and open source development frameworks, many start-up companies will directly introduce those open source applications in order to reduce development costs, but they will not Concerned about its subsequent security, hackers will conduct in-depth analysis and research on the target code after they know it. When high-risk zero-day vulnerabilities are discovered, these websites will be in danger of dragging the library.

3) Utilizing web server (Apache, IIS, Tomcat, etc.) vulnerabilities to drag libraries: Web security is actually a combination of web application and web server security; while web server security is composed of two parts: web container and system security. System security is usually It will be processed through an external firewall and shielded external service ports, but the web container must be developed externally. Therefore, if the web container exposes a vulnerability, the website will also be in danger of dragging the library.

4) Use the website to hang a horse and drag the library: A hacker will use software or system vulnerabilities to hang a horse on a specific website. If the website administrator accidentally visits these websites while maintaining the system, without a patch, they will Being implanted in a Trojan can also lead to the risk of subsequent dragging.

5) Spreading malicious files and dragging libraries: hackers will use some anti-killing Trojans, bind them with some software commonly used by administrators, and then spread them on the Internet. When the webmaster downloads and runs, it will also cause the server to implant the Trojan. , Triggering the risk of subsequent dragging.

6) Insiders leak database: Of course, some webmasters will not be able to withstand the temptation of money and sell their maintained database
Social worker website administrator: Perform engineering measures to the administrator of the target website, and obtain some sensitive background user names and passwords, which will cause subsequent drags.

7) Using website phishing: Sometimes hackers will also use website phishing to deceive users to enter the account information in order to obtain some account information. However, this method can only obtain the real information of some accounts and does not invade the server.
Usually, if you explode, you first scan the server several times with a tool.

8) If the blasting is successful, multiple remote control Trojans will be implanted in the server according to the environment and then become their springboard. Usually, multiple administrators are secretly created , which is equivalent to being equipped with a gate. The key is in and out at any time, but at that time, it will not be operated, so it is usually difficult to monitor. Many companies that store user data and information are attacked by various attacks every day. If it is leaked, in addition to the crisis of dishonesty, the company also There may be legal risks.

Written by Under Code
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to explode the library ?
T.me/UnderCodeTesting

1) Common BK methods are: 3CKU, \, conn.asp, ddos, DNS string explosion, etc., and more advanced ones include DouX, Ket2, LX2, etc ...

2) Let's take a few websites to test and understand how their security protection is. Many websites do not modify the default database and port, so using mining chicken can almost find the vulnerabilities that the website should have. The results are as follows:

🦑 A forum website as example :

> Results: bbs1.mbd, bbs2.mbd

> Directory group: / temp, / data, / databackup,

> A voting website vulnerability:

> File names: toupiao.asp, about.asp

> Directory group: / wishdb, / toupiao, / backup

> As expected, we got the results we wanted.

3) The principle of the above database explosion vulnerability: This type of website is relatively simple. The database explosion usually adds \ or inc to make the system call data error, and then return to the database to prompt the call data error.

4) The error data generally contains the absolute path of the database. Change the last slash (/) of the URL to \, and finally there will be a correct path in the error.

5) Remember to apply patches in time to fix high-risk vulnerabilities, and use strong passwords and passwords to stop unused ports.

Written by Under Code
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Agency Tip - Proxy service-squid user authentication settings
twitter.com/UnderCodeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> By default, Squid does not have any authentication procedures, but user authentication can be achieved through external authentication procedures .
Generally there are the following authentication procedures: LDAP authentication, SMB authentication, mysql-based authentication, sock5-based password authentication,
and Radius-based authentication. The following describes the commonly used ncsa authentication. Ncsa is
one of the authentication programs that comes with the Squid source code package . The implementation steps are as follows:

1) Enter the / usr / local / squid / auth_modules / NCSA directory and execute:
make
make install

2) After the compilation is successful, the ncsa_auth executable file is generated, and the generated executable file is copied to the / usr / bin directory.

3) Modify the options in the squid.conf file.
acl auth_user proxy_auth REQUIRED
http_access allow auth_user
authenticate_program / usr / local / squid / bin / ncsa_auth
/ usr / local / squid / etc / passwd

4) Use the tool htpasswd carried by Apache to generate a password file under / usr / locad / squid / etc. And add phase
Corresponding user information. Each line of the password file contains information about one user, namely the username and password. For example, use
htpasswd to generate a password file passwd and add the user me:
htpasswd -c / usr / local / squid / etc / passwd me

5) Restart Squid and the password authentication will take effect.

Written by Under Code
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Proxy Service-Access Control by URL in Squid :
pinterest.com/UnderCOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> The method of access control in Squid through the URL of the visited site:

> In Squid, you can It is convenient to perform access control through the URL of the visited site. An example is as follows:

> Suppose you want to prevent users from accessing all sites with sex in the URL. You can do this:

1) Define a new acl via dstdom_regex. In this example we assume that this new acl is called badrul:
acl badurl dstdom_regex sex

2) Add the corresponding access control items. It should be noted that because Squid checks the legality of access one by one, you must add
http_access deny items (that is, prohibited items) before http_acces allow
to ensure that Squid can Check the project. For example:
http_access deny badurl
http_access allow all
http_access deny ...
and so on.

3) 　In this way, when the URL of the user accessing the site contains the word xxx, Squid will prohibit their access and give an error message of forbidden access.


Written by Under Code
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Configuration -del Domain Name Service-Setting up DNS server on Linux UnderCode Tutorial :
instagram.com/UnderCodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) As we all know, the DNS system used on the Internet was bind4, and
bind8 is the latter version of bind4. And bind4 compared, bind8 better, managers

2) can more fully control its behavior, but the difference between the two is still very large, changing
not only the format, you can have a lot of new concepts. The statements available in bind8 are logging,
options, zone, acl, key, trusted-keys, server, controls, include.

3) The instructions in it can be in the format of c, c ++, or shell / perl. I would like to introduce major
primary, secondary domain name server method of basic configuration to work with bind8 (they are on the internet

🦑 two kinds of domain name servers used mainly), if interested can refer to a deeper understanding of man and

> RFC 882, RFC 883 , RFC 973, RFC 974, RFC 1033, RFC 1034, RFC1035,

> RFC 1123, RFC 2308 "Name Server Operations Guide for BIND".


🦑 Necessary conditions for the master DNS server to work properly:

1) Install the bind8 software, which is available in many unix distributions You can find it in version,

2) Several required configuration files:
named.conf
named.ca
named.local
mater file (that is, the zone file

in bind4) Among these configuration files, the most important is named.conf. Under / etc,
it is the default startup file when named is started. A typical The named.conf file includes at least
options, and zones. For example:

options {
directory "/ var / named";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};

"." Zone in {
type hint;
File "the named.ca";
};

Zone "99.cn.net" in {
type Master;
File "db.99.cn.net";
};

3) in it, options to define the path of the master file is stored, corresponds to a certain
field, here will find the named data files, require a wwwexmaple site..net if the request,
the named will arrive at / var / named find db.99 .cn. net this file, find the ip of www.examplesite ...net.

4) zone define a domain, such as 99.cn.net this field, type type custom domain name server, master
stated that this is a primary domain name server, the first zone is defined as a local server to send back its own domain
master server, will address 127.0 .0.1 mapping to localhost, in almost all types of domain name servers where
you can see all this domain. The second zone is used to define a cache initialization file, in named.net

> contain at least the name and address (these root servers will change) root servers in general named.ca do not need to
modify, named.local in just Modify the domain and contacts in the SOA record. (Some books say
that the NS record in named.local is a display, but I suggest it is better to have this sentence) file defines
the master file of the domain 99.cn.net . The following is the content of this master file:


@ IN SOA ns .your.domain. Root.your.domain. (
1999110901; Serial Number
10800; Refresh after 3 hours
3600; Retry after 1 hour
3600000; Expire after 6 weeks
86400); Minimum TTL of 1 day

@ IN NS ns.your.domain .
localhost IN A 127.0.0.1
www IN A 202.98.xxy.xy

🦑 Here @ defines the current domain, that is, your.domain, IN defines that this is an Internet-

1) type record, SOA (start of authority) marks the beginning of an authorized domain, and ns.your.domain.
Is the server that created the domain, you can use the primary domain name server, root.your.domain. custom contact,
after the root. is in the email @, brackets and a few numbers define several parameters related to this field, the unit

2) is seconds, the first four parameters secondary domain name server for updated master file, which; the latter is explained, Serial
Number the secondary domain name server for the primary domain name server to determine whether to update the master file, so if
you have a secondary domain name server, you should modify the master file after each modify this sequence number, so that the secondary domain name

3) server to update master file of this domain. refresh defined secondary domain name server refresh time,

4) the retry is defined if the primary server does not respond, the secondary server retry interval, the expire specify the domain
expiration time is that if the secondary server 42 consecutive days did not get from the primary server to the domain
information, the secondary server discards area. The fifth parameter defines the domain name server's cache other

5) validity period, after this time other name servers will come here again relevant information.

6) NS indicates that the domain name server for this domain is ns.your.domain. There can be multiple NS records.
The meaning of the two A records of localhost and www is to resolve localhost to 127.0.0.1 and

7) www.your.domainResolved to 202.98.xxy.xy, a basic master domain name server is now set up,
but it needs to be noted that in the master file, the s.your.domain. Is followed by
this. This indicates that this is a complete record, otherwise The server will automatically add the current domain to you.
For example, www means www.your.domain, and www.your.domain will become
www.your.domain.your.domain . The correct method can be www or www. .your.domain.
If you don't pay enough attention to this, it is easy to make mistakes.

8) If you need to maintain a lot of domains, you can add the corresponding zone in named.conf, and then
establish a master file of the domain in the / var / named, finally SIGHUP to reload domain name server.

9) If you need to make reverse analysis, you can follow the above named.conf carried out in the first zone, in which corresponding
the master file in use PTR pointer ip converted to a domain name.

10) The secondary DNS server to establish

a method to establish the secondary and the primary domain name server's domain name server substantially the same, the main difference
lies in the zone named.conf type, it is Slave type, the following is a secondary name server
named.conf:

Options {
Directory "/ var / named";
};


zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};

zone "." in {
type hint;
file "named.ca";
};

zone "example.net" in {
type slave;
file "db.exmaple .NET ";
Masters {202.98.xxy.xy};

12) As can be seen, the difference between the profile of the primary domain name server, salve type defined by
the server, supplemented domain name server, and then indicate the primary domain name server ip. But the need to pay attention to the first
zone of the type still master. Another difference is that the secondary domain name server's master file without
manually build it they will pass over from the primary domain name server, named-xfer default time pass 10 fields.
The master file of the secondary domain name server is basically the same as the master file of the primary domain name server.
Such a working

Written by Under Code
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Windows hacking remontly tutorial :
> LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
T.me/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) download the zip file on your android or linux

2) unzip in non root folder

3) IOpen "LimeRAT.sln"

4) Set Compiler to "Release" mode

5) On Solution Explorer, Right click on "Solution LimeRAT Project" and press "Rebuild Solution"

7) Everything will be under "\Project_EXE\Release"

8) Convert stub.exe to stub.il, using Ildasm

🦑Creating plugin example:

VB.NET
'Easy to create a DLL plugin
Public Class Main
'Simple Msgbox
Public Shared Sub CN(ByVal H As String, ByVal P As Integer, ByVal K As String, ByVal SP As String, ByVal PW As String, ByVal FP As String, ByVal HW As String, ByVal BT As String, ByVal PB As String)

Msgbox("Hello Client!")

Send("MSG" + SPL + "Hello Server!")
'Client will send msg back to server, MSG will be showen in [LOG] Tab

End Sub
End Class

@UnderCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Why apk encryption and hardening :
> Android applications are mainly based on Java development
instagram.com/UnderCodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Easily cracked

>Make an impact

> Code or key interfaces exposed

> It has even been repackaged and released by others, including advertisements and viruses.

>Huge risks for companies and users

>The most convenient and effective way to deal with cracking
Reinforce

> Through reinforcement, the effects of decompilation and preventing secondary packaging can be achieved to a certain extent
Some other reasons

> For learning purposes, I want to understand, analyze, and learn the internal design and code logic of an Android app

>So need to decompile and crack

>So to prevent others from cracking it is necessary to encrypt and strengthen

>But there are some disadvantages to reinforcement:

>Impact on the application after strengthening
volume
>Startup speed
compatibility

>All platforms can run normally without crashing
The cost

>Charges for some reinforcement schemes

>Customer service response speed

>Some platforms have different response speeds after encryption problems

Wrten by UnderCode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cracking apk- start decomp[ile - Android developement turtorial by UnderCode Testing
t.me/UnderCodeTesting
> How to deobfuscate :
Background: using the decompiler tool, you can only see the code structure after obfuscation, but not the original code before obfuscation.

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) If yes: mapping.txtfile
Opportunity to deobfuscate, restore and restore the original code
background:

2) The developers of the Android project only have (generating) the mapping.txt file when tossing ProGuard.

3) In fact: as a person to crack, often there is no
If yes: source file and line number file

4) Opportunity to deobfuscate, restore and restore the original code
background:

5) In order to save the source file class name, line number and other information in the event of a crash, many APK developers will add the following rules to keep the source file information when the APK is confused

-keepattributes SourceFile, LineNumberTable

🦑 In fact: as a person to crack, often there is no
»»Some anti-obfuscation tools

>JEB = JEB Decompiler

> JEB2 is called anti-obfuscation artifact

> Some plugins for anti-obfuscation

> S3cuRiTy-Er1C / JebScripts: Jeb public scripts
flankerhqd / jebPlugins: Various Jeb plugins, including obfuscation restore
enovella / jebscripts: A set of JEB Python / Java scripts for reverse engineering Android obfuscated code

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 XML Tutorial by undercode :
XML is an extension (suffix) of extensible markup language files. It is a markup language used to mark electronic files with a structure. It is used to transfer and store data. Content.pakMany important files are XML files, so you need to understand this kind of file deeply
twitter.com/undercodetc

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

>First look at the following XML example


<bookstore>
<book category = "Fantasy" >
<title lang = "en" > The Chronicles of Narnia </ title>
<author> Clive Staples Lewis </ author>
<year> 1950 </ year>
<series order = " 7 " />
</ book>
<book category = " SF " selected >
<title lang = " zh " > The Three Body Problem </ title>
<author> Big Liu </ author>
<year>2008 </ year>
<series order = "3" />
</ book>
</ bookstore>

1) In this example, the first line <bookstore>is referred to as the root element , row 2 and row 8 is the root element of the two sub-elements ,

2) the two sub-elements are contained in the root element start tag to the end of label between the same token, a element has , , , four sub-elements; for these sub-elements, it is their parent element, and because they have the same parent element, so they called each other

3) compatriots parent element parent element of an element, or the parent element , Or even higher, can be called the ancestor of this element , for example , the same as the ancestor of all , the child of an element, or the child of its child, or the lower, can be called this Descendants of the element<bookcategory="Fantasy"><bookcategory="SF"selected><bookstore></bookstore>
<book…><title…><author…><year…><series…><book…>

<bookstore><bookcategory="Fantasy"><titlelang="en">

🦑Elements ¶
The element refers to the part from the beginning (label) to the end (label). For the convenience of description, only the start tag is taken in the description.

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Speed ​​Optimization-Use tmpfs to speed up your Linux server
pinterest.com/undercodeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :
>cache files today and learned a trick is to use the virtual disk to store squid and seesion of php. A lot faster!
The default system will load / dev / shm, which is the so-called tmpfs. Some people say that it is different from ramdisk (virtual disk). Like a virtual disk, tmpfs can use your RAM, but it can also use your swap partition for storage. Moreover, the traditional virtual disk is a block device and requires a command such as mkfs to really use it. Tmpfs is a file system, not a block device; you just install it and it will work.
tmpfs has the following advantages:

1) The size of the dynamic file system;

2) Another major benefit of tmpfs is its lightning speed. Because a typical tmpfs file system resides entirely in RAM, reading and writing can be almost instantaneous;

3) tmpfs data is not retained after a restart, because virtual memory is inherently volatile. So it is necessary to do some scripts for operations such as loading and binding.

Okay, let ’s talk about some road principles, everyone is annoying, let ’s talk about my application :)
First, create a tmp folder in / dev / shm, and then bind it with the actual / tmp:
mkdir / dev / shm / tmp
chmod 1777 / dev / shm / tmp
mount --bind / dev / shm / tmp / tmp
Application example: 1. Squid cache directory settings
vi /etc/squid/squid.conf
Modify it to
cache_dir ufs / tmp 256 16 256
The first 256 here means using 256M memory, I think the method of using ramdisk
>shtml is not as good Use tmpfs directly, at least without using mkfs each time, and can also change the size dynamically. / Tmp at this time is actually dev / shm / tmp.
Then restart the service, ok, now all squid cache files are saved in the tmpfs file system, soon.

🦑 Optimization of PHP performance

1) For a website with a large number of visits to Apache + PHP, there may be many temporary files under tmp, such as seesion or some cache files, then you can save it to a tmpfs file.

2) The way to save the seesion is very simple, just modify php.ini. Since I have bound / dev / stm / tmp to / tmp, it is not necessary to rewrite. As for the cache file generated by the php program, it can only be changed Php program :)

3) As for other applications of tmpfs, I think everyone may be inspired by this tutorial

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CraftingRecipes resolve
>CraftingRecipes.xmlXml file storing all synthetic tables
This undercode tutorial will explain the file structure and content of the file in detail :
T.me/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Recipe element¶
The <Recipes>element names of multiple sub- elements under the root element of the xml file are used to express classifications. Each of the many element names under these "classification" elements Recipestores a synthesis table in the game. Below is one of the element names. as Recipeelements:

<Recipe Result = "StonePickaxeBlock" ResultCount = "1" RequiredHeatLevel = "0" a = "stick" b = "cobblestone" Description = "Make a stone tool" >
"bbb"
"a"
"a"
</ Recipe>

🦑Detailed properties:
Attribute name translation Detailed
Result product The attribute value BlocksData.txtis one of the squaresClass Name
ResultCount Yield Requires an attribute value less than that of the blockMaxStacking
ResultCount Yield Requires an attribute value less than that of the blockMaxStacking
Required
HeatLevel Demand fuel grade If the attribute value is equal to 0, can be synthesized in a backpack and synthetic station, not produced in the furnace
, if more than 0, only synthesized in the furnace, and the fuel box FuelHeatLevelmust be greater than or equal to the property value
a, b, etc. Raw materials
a, b, etc. Attribute value of the blockCraftingId
Description description The description of the interface display in the game synthesis table

🦑The text part of this element is how the raw materials are placed. Some things to note:
Blanks represent blanks, no raw materials can be placed in this position
For Required a synthetic table with an attribute value of 0, if the number of columns and columns is less than 3, it can be synthesized in both the backpack and the synthesis table
There is also a synthetic table with the following two attributes

🦑Attribute name translation Detailed

>Remains Remaining And Result similar, can be seen as a second product

>Remains
Count Remaining number Requires an attribute value less than that of the blockMaxStacking


Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 open source software Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
instagram.com/UnderCodeTestingCompany

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ 𝔸ℕ𝔻 ℝ𝕌ℕ
linux

1) Download install-ngxblocker to your /usr/local/sbin/directory and make the script executable.

2) sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/3) install-ngxblocker
3) sudo chmod +x /usr/local/sbin/install-ngxblocker
If your Linux distribution does not have wget you can replace the wget command above using curl as follows:

4) curl -sL https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -o /usr/local/sbin/install-ngxblocker
🦑 FreeBSD
Install the package.
1) pkg install www/nginx-ultimate-bad-bot-blocker
Alternatively install via portmaster:
2) portmaster www/nginx-ultimate-bad-bot-blocker

3) Now run the install-ngxblocker script in DRY-MODE which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet.

4) The install-ngxblocker downloads all required files including the setup and update scripts.

cd /usr/local/sbin
sudo ./install-ngxblocker
This will show you output as follows of the changes that will be made (NOTE: this is only a DRY-RUN no changes have been made)
5) Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt

Dry Run | not updating files | run as 'install-ngxblocker -x' to install files.

6) Creating directory: /etc/nginx/bots.d

REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master

Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf
Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf

REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master

Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf
Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf
Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf
Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf
Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf
Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf
Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf
Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf

REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master

Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker
Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.

7) Run any of the setup, install or update scripts with --help or -h to view options.
8) Now run the install script with the -x parameter to download all the necessary files from the repository:

cd /usr/local/sbin/
sudo ./install-ngxblocker -x
This will give you the following output:

Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt
8) Creating directory: /etc/nginx/bots.d

REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master

Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf...OK
Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf...OK

REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master

9) Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf...OK
Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf...OK
Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf...OK
Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf...OK
Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf...OK
Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf...OK
Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf...OK
Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf...OK

REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master

10) Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker...OK
Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker...OK
All the required files have now been downloaded to the correct folders on Nginx for you direct from the repository.

11) MAKE SURE you set your setup and update scripts to be executable by running the following two commands. This is important before continuing with Step 4 and onwards.

sudo chmod +x /usr/local/sbin/setup-ngxblocker
sudo chmod +x /usr/local/sbin/update-ngxblocker
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.

Run any of the setup, install or update scripts with --help or -h to view options.

12) Now run the setup-ngxblocker script in DRY-MODE which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet.

cd /usr/local/sbin/
sudo ./setup-ngxblocker
This will give you output as follows (this output below assumes your nginx.conf file already has the default include of /etc/nginx/conf.d/*) All Nginx installations I know of have this default include in the nginx.conf file distributed with all versions.

13) Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt

Dry Run | not updating files | run as 'setup-ngxblocker -x' to setup files.

INFO: /etc/nginx/conf.d/* detected => /etc/nginx/nginx.conf
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain1.com.vhost

Whitelisting ip: x.x.x.x => /etc/nginx/bots.d/whitelist-ips.conf
This script also whitelists your IP in the whitelist-ips.conf file for you. Further IP's or IP ranges can be added to your customizable whitelits-ips.conf file located in /etc/nginx/bots.d/whitelist-ips.conf.

setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.
🦑 Run any of the setup, install or update scripts with --help or -h to view options.

1) Now run the setup script with the -x parameter to make all the n ecessary changes to your nginx.conf (if required) and also to add the required includes into all your vhost files.

2) This setup-ngxblocker script assumes that all your vhost files located in /etc/nginx/sites-available end in an extension .vhost. It is good practice to make all your vhost config files end with a .vhost extension but if you prefer to stick what you already have eg .conf you can simply modify run setup-ngxblocker using the -e parameter to specify the extension you use for your vhost files.

3) For instance if your vhost files end in .conf you will change this execute setup-ngxblocker with an additional command line parameter as follows:

sudo ./setup-ngxblocker -x -e conf
4) So now let's run the setup script and let it make all the changes we need to make the Bot Blocker active on all your sites.

cd /usr/local/sbin/
sudo ./setup-ngxblocker -x
You will see output as follows:

Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt

INFO: /etc/nginx/conf.d/* detected => /etc/nginx/nginx.conf
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain2.com.vhost
inserting: include /etc/nginx/bots.d/blockbots.conf; => /etc/nginx/sites-available/mydomain1.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf; => /etc/nginx/sites-available/mydomain1.com.vhost

5) Whitelisting ip: x.x.x.x => /etc/nginx/bots.d/whitelist-ips.conf
You will note it has done the includes in all the .vhost files on my test bed server and also whitelisted your own IP address in the whitelist-ips.conf file for you. Further IP's or IP ranges can be added to your customizable whitelits-ips.conf file located in /etc/nginx/bots.d/whitelist-ips.conf.

What this setup script has done has simply added the following include statements into your .vhost files for you, it also adds /etc/nginx/conf.d/* to the includes in nginx.conf (if not already in nginx.conf), otherwise, the whole script will fail.

🦑 Bad Bot Blocker
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
setup-ngxblocker, install-ngxblocker and update-ngxblocker can all be configured with custom installation / update locations from the command line.

Run any of the setup, install or update scripts with --help or -h to view options.



Now test your nginx configuration

sudo nginx -t

and you should see

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful


Now simply reload / restart Nginx and the Bot Blocker will immediately be active and protecting all your web sites.

sudo nginx -t && sudo nginx -s reload

or

sudo service nginx restart

That's it, the blocker is now active and protecting your sites from thousands of malicious bots and domains.



Now setup cron to automatically update the blocker for you every day so you always have the latest up to date protection.

sudo crontab -e

Add the following line at the end of your crontab file. Note adding the -e command line parameter to specify your email address where the update report is sent to. Obviously substitute yourname@youremail.com with your real email address or you will not receive the email when the script has updated.

00 22 * * * sudo /usr/local/sbin/update-ngxblocker -e yourname@youremail.com

This will update the blocker every night for you at 10 PM.

If you want it to update more frequently (as sometimes I push out 3-4 updates a day) you can set it as follows to run the cron every 8 hours, although just once a day is more than enough.

00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -e yourname@youremail.com

If you don't want any email notification after an update (not advisable in case Nginx ever has an EMERG when reloading), then simply run your cron as follows.

00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -n

If you would rather send e-mail via mailgun then run your cron as so:

00 22 * * * sudo /usr/local/sbin/update-ngxblocker -g yourname@yourdomain.com -d yourdomain.com -a mailgun api key -f from@yourdomain.com

That's it, the blocker will automatically keep itself up to date and also reload Nginx once it has downloaded the latest version of the globalblacklist.conf file.



You can now customize any of the following files below to suit your environment or requirements. These include files never get modified during an update using the auto update script above so whatever customizations you do here will never be overwritten during an update.

/etc/nginx/bots.d/whitelist-ips.conf
/etc/nginx/bots.d/whitelist-domains.conf
/etc/nginx/bots.d/blacklist-user-agents.conf
/etc/nginx/bots.d/blacklist-ips.conf
/etc/nginx/bots.d/bad-referrer-words.conf
/etc/nginx/bots.d/custom-bad-referrers.conf
Let's say for some "obscure" reason you actually want to block GoogleBot from accessing your site. You would simply add it to the /etc/nginx/bots.d/blacklist-user-agents.conf file and it will over-ride the default whitelist for GoogleBot. the same applies to any other bots that are whitelisted by default.

🦑Tested and recommended by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁