Ban Hackers

Back in the day, hackers were unemployed or unemployable programmers or teenagers with nothing to do.
Now days, it's criminal organizations and Programmers (with a capital P) with masters degrees hired by foreign (and not so foreign) governments to hack into every server they can find. They even try to scan every possible IP address for web servers. When they find one, somebody later tries to hack it.
So, I set up a website for them to visit. It says Coming Soon.
Then, it records their IP Address and bans it from the server with iptables. It also adds their IP Address and User Agent string to the database.

Here are the IP addresses I've banned over the last week:
BannedID IP User Agent String Date Hacked Banned Reason
5769269.63.64.13Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.04/23/2024 12:04:55 PMEvil 404 /wp-login.php
57691139.59.147.218Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.04/23/2024 11:03:59 AMEvil 404 /wp-login.php
5769064.227.150.177curl/8.1.24/23/2024 10:57:03 AMUser Agent curl/8.1.2
5768951.158.205.47masscan/1.3 (https://github.com/robertdavidgraham/masscan)4/23/2024 07:06:45 AMTried to access http ip directly.
5768794.156.71.1194/22/2024 11:59:26 PMToo many failed logon attempts.
5768894.156.71.1764/22/2024 11:59:26 PMToo many failed logon attempts.
57686157.245.140.249curl/8.1.24/22/2024 09:13:05 PMUser Agent curl/8.1.2
57682192.241.195.22Mozilla/5.0 zgrab/0.x4/22/2024 07:00:02 AMUser Agent Mozilla/5.0 zgrab/0.x
5768164.62.156.101Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.04/22/2024 05:51:55 AMTried to access http ip directly.
57680157.245.134.204curl/8.1.24/22/2024 05:49:23 AMUser Agent curl/8.1.2
57679192.241.235.34Mozilla/5.0 zgrab/0.x4/22/2024 05:46:23 AMUser Agent Mozilla/5.0 zgrab/0.x
57678107.170.252.43Mozilla/5.0 zgrab/0.x4/22/2024 02:56:11 AMTried to access http ip directly.
57677167.94.146.52Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)4/22/2024 02:50:28 AMTried to access http ip directly.
57674103.215.80.2184/22/2024 12:53:10 AMToo many failed logon attempts.
5767591.92.245.764/22/2024 12:53:10 AMToo many failed logon attempts.
5767694.156.71.1054/22/2024 12:53:10 AMToo many failed logon attempts.
57673165.22.58.178Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.04/21/2024 08:45:14 PMEvil 404 /wp-login.php
57672194.48.251.17python-requests/2.25.14/21/2024 06:28:00 PMUser Agent python-requests/2.25.1
57669212.103.48.1974/21/2024 05:02:22 PMToo many failed logon attempts.
5767091.92.245.814/21/2024 05:02:22 PMToo many failed logon attempts.
5767194.156.71.364/21/2024 05:02:22 PMToo many failed logon attempts.
57668159.223.233.201curl/8.1.24/21/2024 03:31:27 PMUser Agent curl/8.1.2
57667167.94.145.96Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)4/21/2024 03:29:58 PMTried to access http ip directly.
57666161.35.23.79Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)4/21/2024 10:13:14 AMTried to access http ip directly.
57665192.241.207.47Mozilla/5.0 zgrab/0.x4/21/2024 06:21:25 AMUser Agent Mozilla/5.0 zgrab/0.x
57664199.45.154.22Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)4/21/2024 12:21:31 AMTried to access http ip directly.
57663157.230.6.233curl/8.1.24/20/2024 10:55:45 PMUser Agent curl/8.1.2
5766287.236.176.82Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)4/20/2024 10:08:35 PMTried to access http ip directly.
5766194.156.71.344/20/2024 10:08:24 PMToo many failed logon attempts.
5766094.232.45.1524/20/2024 07:30:05 PMToo many failed logon attempts.
5765946.8.43.78Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.04/20/2024 05:26:12 PMEvil 404 /boaform/admin/formLogin
5765845.83.66.7Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.04/20/2024 11:42:02 AMTried to access http ip directly.
57657167.94.138.33Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)4/20/2024 09:21:51 AMTried to access http ip directly.
57656159.65.39.125curl/8.1.24/20/2024 08:03:22 AMUser Agent curl/8.1.2
57655125.88.198.130Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.364/20/2024 12:33:32 AMTried to access http ip directly.
5765434.175.145.201Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.04/19/2024 09:49:09 PMEvil 404 /wp-login.php
5765354.39.85.55Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.04/19/2024 06:45:29 PMEvil 404 /wp-login.php
57652103.130.219.128Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.04/19/2024 06:00:26 PMEvil 404 /wp-login.php
57651150.95.183.194Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.04/19/2024 04:38:59 PMEvil 404 /wp-login.php
57650165.232.165.79curl/8.1.24/19/2024 04:33:00 PMUser Agent curl/8.1.2
5764935.216.194.252abuse.xmco.fr4/19/2024 12:07:21 PMTried to access http ip directly.
5764882.118.23.8Mozilla/5.0 zgrab/0.x4/19/2024 11:41:01 AMTried to access http ip directly.
5764745.88.90.163Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.04/19/2024 10:51:07 AMEvil 404 .env (AWS vulnerability)
57646213.168.248.223Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.04/19/2024 06:10:00 AMTried to access http ip directly.
5764545.128.232.229Linux Gnu (cow)4/19/2024 04:35:17 AMTried to access http ip directly.
57644146.190.248.234curl/8.1.24/19/2024 02:18:45 AMUser Agent curl/8.1.2
5764335.216.238.182Mozilla/5.04/19/2024 02:06:34 AMTried to access http ip directly.
57642205.209.101.234curl/7.68.04/18/2024 08:06:22 PMTried to access http ip directly.
576415.181.190.250Go-http-client/1.14/18/2024 06:56:23 PMEvil 404 /cgi-bin/luci/;stok=/locale?form=country&operation
57640162.19.74.30Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.04/18/2024 06:42:14 PMTried to access http ip directly.
5763952.191.195.202python-requests/2.31.04/18/2024 05:55:57 PMUser Agent python-requests/2.31.0
57638167.94.138.124Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)4/18/2024 05:43:02 PMTried to access http ip directly.
57637194.48.251.3python-requests/2.25.14/18/2024 02:31:46 PMUser Agent python-requests/2.25.1
57636152.42.241.42curl/8.1.24/18/2024 11:40:30 AMUser Agent curl/8.1.2
5763545.128.232.129ivre-masscan/1.3 https://github.com/robertdavidgraham/4/18/2024 11:08:01 AMTried to access http ip directly.
57634152.32.143.6curl/7.29.04/18/2024 10:06:29 AMTried to access http ip directly.
57633198.199.111.200Mozilla/5.0 zgrab/0.x4/18/2024 12:21:26 AMUser Agent Mozilla/5.0 zgrab/0.x
5763238.95.110.34Go-http-client/1.14/17/2024 11:17:48 PMEvil 404 .env (AWS vulnerability)
57631194.38.23.16ALittle Client4/17/2024 10:55:45 PMEvil 404 /cgi-bin/xmrlpc.php?p=
57630118.194.250.245curl/7.29.04/17/2024 10:15:15 PMTried to access http ip directly.
57629159.65.18.201curl/8.1.24/17/2024 08:59:37 PMUser Agent curl/8.1.2
57628207.154.250.186Go-http-client/1.14/17/2024 08:10:38 PMEvil 404 /solr/admin/info/system
57627138.68.86.188Go-http-client/1.14/17/2024 08:10:38 PMEvil 404 /cgi-bin/authLogin.cgi
5762643.133.133.33curl/7.64.14/17/2024 03:28:42 PMTried to access http ip directly.
57625107.170.229.43Mozilla/5.0 zgrab/0.x4/17/2024 03:26:26 PMUser Agent Mozilla/5.0 zgrab/0.x
57624179.43.190.218Go-http-client/1.14/17/2024 02:53:43 PMEvil 404 /cgi-bin/luci/;stok=/locale?form=country&operation
5762392.118.39.120Mozilla/5.0 (Linux; Linux x86_64; en-US) Gecko/20100101 Firefox/122.04/17/2024 01:29:11 PMEvil 404 /cgi-bin/luci/;stok=/locale?form=country&operation
57622192.241.233.37Mozilla/5.0 zgrab/0.x4/17/2024 10:58:26 AMTried to access http ip directly.
57621104.131.9.132Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.04/17/2024 10:53:07 AMTried to access http ip directly.