Ban Hackers

Back in the day, hackers were unemployed or unemployable programmers or teenagers with nothing to do.
Now days, it's criminal organizations and Programmers (with a capital P) with masters degrees hired by foreign (and not so foreign) governments to hack into every server they can find. They even try to scan every possible IP address for web servers. When they find one, somebody later tries to hack it.
So, I set up a website for them to visit. It says Coming Soon.
Then, it records their IP Address and bans it from the server with iptables. It also adds their IP Address and User Agent string to the database.

Here are the IP addresses I've banned over the last week:
Data would be truncated in mysqli_stmt.fetch. in file /ban_hackers.chp
in ban_hackers.Render in line 108
BannedID IP User Agent String Date Hacked Banned Reason
652912.38.49.132curl/7.88.15/8/2025 08:24:50 PMTried to access http ip directly.
6529020.65.193.225Mozilla/5.0 zgrab/0.x5/8/2025 07:10:22 PMTried to access http ip directly.
65289218.252.221.37Hello-World/1.05/8/2025 07:09:31 PMTried to access http ip directly.
65288104.152.52.131curl/7.61.15/8/2025 05:58:59 PMTried to access http ip directly.
65287180.149.126.17Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.365/8/2025 05:05:58 PMTried to access http ip directly.
65286167.71.162.167Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.365/8/2025 04:01:22 PMTried to access http ip directly.
6528566.63.187.197Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.35/8/2025 03:15:25 PMTried to access http ip directly.
65284118.34.248.191curl/7.88.15/8/2025 02:54:28 PMTried to access http ip directly.
65283176.65.144.168Mozilla5/8/2025 02:14:03 PMEvil 404 /boaform/admin/formLogin
65282183.107.92.79curl/7.88.15/8/2025 02:02:54 PMTried to access http ip directly.
6528189.190.156.143ivre-masscan/1.3 https://github.com/robertdavidgraham/5/8/2025 01:45:53 PMTried to access http ip directly.
65280165.227.44.82Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);5/8/2025 01:13:47 PMEvil 404 .env (AWS vulnerability)
65279185.247.137.51Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)5/8/2025 12:50:52 PMTried to access http ip directly.
6527861.82.106.32curl/7.88.15/8/2025 12:45:51 PMTried to access http ip directly.
65277211.107.243.14curl/7.88.15/8/2025 11:10:06 AMTried to access http ip directly.
65276142.93.148.10Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.365/8/2025 09:52:35 AMTried to access http ip directly.
6527599.98.64.107curl/7.88.15/8/2025 09:03:42 AMTried to access http ip directly.
65274113.31.148.100masscan/1.0 (https://github.com/robertdavidgraham/masscan)5/8/2025 08:50:19 AMTried to access http ip directly.
65273199.45.154.143Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)5/8/2025 08:49:38 AMTried to access http ip directly.
6527242.236.17.103Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36; 360Spider5/8/2025 08:41:23 AMTried to access http ip directly.
6527159.9.72.24curl/7.88.15/8/2025 05:11:49 AMTried to access http ip directly.
6527040.80.204.149Mozilla/5.0 zgrab/0.x5/8/2025 05:03:06 AMUser Agent Mozilla/5.0 zgrab/0.x
65269209.38.121.172Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);5/8/2025 03:37:09 AMEvil 404 .env (AWS vulnerability)
65268185.196.242.232Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.365/8/2025 01:09:39 AMTried to access http ip directly.
6526761.111.244.168Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)5/8/2025 12:37:34 AMTried to access http ip directly.
65266162.216.150.85Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan5/7/2025 11:53:44 PMTried to access http ip directly.
6526579.37.188.50curl/7.88.15/7/2025 11:20:19 PMTried to access http ip directly.
6526474.235.100.130Mozilla/5.0 zgrab/0.x5/7/2025 10:59:46 PMTried to access http ip directly.
65263198.12.66.102Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.365/7/2025 10:38:10 PMEvil 404 .env (AWS vulnerability)
65262147.185.132.126Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan5/7/2025 10:00:50 PMTried to access http ip directly.
6526180.66.75.121Mozilla/5.0 zgrab/0.x5/7/2025 09:17:14 PMTried to access http ip directly.
6526034.72.200.154Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.365/7/2025 09:10:11 PMEvil 404 /wp-includes/wlwmanifest.xml
6525985.208.84.69Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.365/7/2025 06:10:29 PMTried to access http ip directly.
6525845.58.159.254Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.365/7/2025 05:24:46 PMTried to access http ip directly.
65257153.207.227.44curl/7.88.15/7/2025 03:51:26 PMTried to access http ip directly.
6525620.38.33.240Mozilla/5.0 zgrab/0.x5/7/2025 03:12:30 PMUser Agent Mozilla/5.0 zgrab/0.x
65255157.245.74.22Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);5/7/2025 02:38:39 PMEvil 404 .env (AWS vulnerability)
6525459.42.120.177Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.05/7/2025 02:19:44 PMEvil 404 /wp-login.php
65253176.65.148.61Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.05/7/2025 02:10:11 PMEvil 404 /boaform/admin/formLogin
65252154.83.103.107Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.365/7/2025 10:36:17 AMEvil 404 /wp-admin/install.php
65251103.115.125.160Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.365/7/2025 10:29:06 AMTried to access http ip directly.
65250218.31.112.75Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.365/7/2025 10:18:55 AMTried to access http ip directly.
6524918.188.52.3Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.365/7/2025 09:17:37 AMTried to access http ip directly.
652483.23.61.94Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.365/7/2025 08:09:36 AMTried to access http ip directly.
65247162.216.150.218Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan5/7/2025 07:19:12 AMTried to access http ip directly.
65246201.20.104.54Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.365/7/2025 06:50:19 AMTried to access http ip directly.
65245193.106.57.246Mozilla/5.05/7/2025 04:18:51 AMTried to access http ip directly.
65244178.128.84.189Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.365/7/2025 03:45:52 AMEvil 404 /wp-includes/ID3/license.txt
6524339.77.172.207Hello-World/1.05/7/2025 03:39:12 AMTried to access http ip directly.
65242206.189.216.174Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);5/7/2025 03:27:20 AMEvil 404 .env (AWS vulnerability)
6524120.221.72.102Mozilla/5.0 zgrab/0.x5/7/2025 03:23:47 AMUser Agent Mozilla/5.0 zgrab/0.x