Comments (7)
mitchellkrogza
commented on July 30, 2024
1
Can you post the IP addresses that bot is using so we can establish that they belong to Facebook/Meta and is not an impersonator using their User Agent to trick people.
from nginx-ultimate-bad-bot-blocker.
melroy89
commented on July 30, 2024
This is the same bot that is blocked in the robots.txt file under: FacebookBot (and also facebookscraper).
from nginx-ultimate-bad-bot-blocker.
melroy89
commented on July 30, 2024
I found many IPs from this block: 173.252.64.0/18. For example 173.252.83.23 is one of them, but instead of posting individual IPs, I gave you a full subnet.
Another one besides 173.252.64.0/18 would be: 66.220.144.0/20, and also: 69.171.224.0/19... to get you started. A single 19 subnet prefix can have more than 8000+ hosts in theory. 18 subnet prefix can even hold more than 16k IPs.
from nginx-ultimate-bad-bot-blocker.
Oreolek
commented on July 30, 2024
I got hits from:
2a03:2880::
66.220.149.0
173.252.83.0
173.252.107.0
69.171.249.0
57.141.0.0
from nginx-ultimate-bad-bot-blocker.
mitchellkrogza
commented on July 30, 2024
I got hits from:
2a03:2880:: 66.220.149.0 173.252.83.0 173.252.107.0 69.171.249.0 57.141.0.0
These all resolve to Facebook so are legitimate. How much crawling are they doing can you post some log examples?
from nginx-ultimate-bad-bot-blocker.
mitchellkrogza
commented on July 30, 2024
I found many IPs from this block: 173.252.64.0/18. For example 173.252.83.23 is one of them, but instead of posting individual IPs, I gave you a full subnet.
Another one besides 173.252.64.0/18 would be: 66.220.144.0/20, and also: 69.171.224.0/19... to get you started. A single 19 subnet prefix can have more than 8000+ hosts in theory. 18 subnet prefix can even hold more than 16k IPs.
These also are IP owned by Facebook --- what exactly were they crawling that they used up 50GB ????
from nginx-ultimate-bad-bot-blocker.
mitchellkrogza
commented on July 30, 2024
For now you will have to add that user agent to your own custom include file with a value of 3 and reload nginx, this will block it outright. Unfortunately this can't be done for the thousands using this blocker as this would be a seriously breaking change
"~*(?:\b)facebookexternalhit(?:\b)" 3;
GitHub
Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail f...
from nginx-ultimate-bad-bot-blocker.
Related Issues (20)
- [User-Agent] BrandVerity HOT 1
- [User-Agent] AwarioBot HOT 3
- [User-Agent] Bytespider, Bytedance didn't get to block after install bad bot blocker
- linkfluence HOT 4
- AwarioBot Addition HOT 1
- [INSTALLATION] nginx -t return warn HOT 1
- Whitelist Yahoo HOT 2
- [User-Agent] InternetMeasurement
- [BUG] Nginx logs shows permissions denied error to /etc/nginx/conf.d/globalblacklist.conf HOT 1
- New "super rate limiting" zone (1r/m) in addition of the current one (2r/s) HOT 14
- blacklist-ips.conf does not do anything for me
- [User-Agent] GeedoProductSearch
- [User-Agent] Information Security Team InfraSec Scanner
- [INSTALLATION] Fail2ban/crowdsec and their interaction with this project, worth it? HOT 1
- [BUG] (Please add a way to uninstall completely) HOT 2
- [BUG] iptables-common.conf not in fail2ban v1.1.0
- [BUG] Certbot fails
- [User-Agent] ClaudeBot - Bad AI user-agent HOT 1
- OAI-SearchBot Whitelisting
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-ultimate-bad-bot-blocker.