irigsoft Posted January 22, 2022 Share Posted January 22, 2022 All web crawlers (scanners) show everyone information about the vulnerabilities of your server, I think this should be taken into account and blocked or controlled. That's why I'm raising a new topic on the security of our servers. If some has managed to block them (in the IIS, Apache, or the unigui application itself) and wants to help. Can we apply methods from this topic to block this scanners ? https://community.checkpoint.com/t5/Management/HowTo-Block-IoT-scanners-like-Shodan-Censys-Shadowserver-PAN/td-p/124612 Censys: https://developerinsider.co/censys-find-and-analyze-any-server-and-device-on-the-internet/ Shodan: https://blog.checkpoint.com/2016/01/04/check-point-threat-alert-shodan/ Shadowserver: https://www.shadowserver.org/news/the-scannings-will-continue-until-the-internet-improves/ list of scanners: https://udger.com/resources/ua-list/crawlers why I want to stop scanners: https://www.hackerfactor.com/blog/index.php?/archives/840-Why-I-want-to-block-internet-scanners.html Link to comment Share on other sites More sharing options...
irigsoft Posted January 22, 2022 Author Share Posted January 22, 2022 @Sherzod , Where is "top of your access control" in our unigui app. I test Censys on my server and it returns a lot of information about my headers, html document and so on. Where can I write code to block this scanner (hide information) when it intercepts a sent GET request from the scanner to my server. Is UniGUIServerModuleHTTPCommand "top of your access control"? If I use this UniGUIServerModuleHTTPCommand code in the first place, why does the response from the unigui server have so much returned information? is It possible to clear all responce info ? IF BlockedIPList.Count > 0 then begin if BlockedIPList.IndexOf (ARequestInfo.RemoteIP) > -1 then begin AResponseInfo.ContentText := '<h1>Blocked IP</h1>'; Handled := True; AResponseInfo.CloseSession; GOTO ENDALL; end; end; Link to comment Share on other sites More sharing options...
irigsoft Posted January 23, 2022 Author Share Posted January 23, 2022 Here is list with Ip from link above: https://community.checkpoint.com/t5/Management/HowTo-Block-IoT-scanners-like-Shodan-Censys-Shadowserver-PAN/td-p/124612 Is not complete but get most of IP's from link WebScannersIpList.txt If someone want to add this in BlockedIpList 1 1 Link to comment Share on other sites More sharing options...
Wilton Ergon Posted January 24, 2022 Share Posted January 24, 2022 how did you add all this list, as i tried to play this list of ips, and it only allowed to add 4653 lines and your list has 14870 lines Link to comment Share on other sites More sharing options...
irigsoft Posted January 24, 2022 Author Share Posted January 24, 2022 4 hours ago, Wilton Ergon said: how did you add all this list, as i tried to play this list of ips, and it only allowed to add 4653 lines and your list has 14870 lines Yes, but I dont use BlockedIpList. I was create my own TStringlist and load it from file. OnServermodule.HtmlCommand then check if remoteIp is in list and close the Session. That is how work to me Link to comment Share on other sites More sharing options...
irigsoft Posted January 24, 2022 Author Share Posted January 24, 2022 i have added and check by Useragent too ( to ignore big IP list). I have create other list and load from another file. WebScannersAgents.txt Link to comment Share on other sites More sharing options...
Mohad Posted August 1, 2023 Share Posted August 1, 2023 census1.shodan.io census10.shodan.io census11.shodan.io census12.shodan.io census2.shodan.io census3.shodan.io census4.shodan.io census5.shodan.io census6.shodan.io census7.shodan.io census8.shodan.io census9.shodan.io cloud.census.shodan.io dojo.census.shodan.io flower.census.shodan.io goldfish.census.shodan.io hello.data.shodan.io house.census.shodan.io inspire.census.shodan.io mason.census.shodan.io ninja.census.shodan.io ny.private.shodan.io pacific.census.shodan.io pirate.census.shodan.io rim.census.shodan.io scanner01.project25499.com scanner02.project25499.com scanner03.project25499.com scanner04.project25499.com scanner05.project25499.com shodan.io sky.census.shodan.io turtle.census.shodan.io www.shodan.io 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now