Ban Hackers

Back in the day, hackers were unemployed or unemployable programmers or teenagers with nothing to do.
Now days, it's criminal organizations and Programmers (with a capital P) with masters degrees hired by foreign (and not so foreign) governments to hack into every server they can find. They even try to scan every possible IP address for web servers. When they find one, somebody later tries to hack it.
So, I set up a website for them to visit. It says Coming Soon.
Then, it records their IP Address and bans it from the server with iptables. It also adds their IP Address and User Agent string to the database.

Here are the IP addresses I've banned over the last week:
BannedID IP User Agent String Date Hacked Banned Reason
59604146.190.102.143Custom-AsyncHttpClient10/8/2024 03:24:47 PMEvil 404 /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-st
5960394.156.104.166Mozilla/5.0 zgrab/0.x10/8/2024 02:14:12 PMTried to access http ip directly.
59602172.212.60.167Mozilla/5.0 zgrab/0.x10/8/2024 01:59:13 PMUser Agent Mozilla/5.0 zgrab/0.x
59601104.209.35.6Mozilla/5.0 zgrab/0.x10/8/2024 11:04:25 AMUser Agent Mozilla/5.0 zgrab/0.x
5960047.90.231.84Openwave/ UCWEB7.0.2.37/28/99910/8/2024 10:01:25 AMTried to access http ip directly.
5959957.182.1.5810/8/2024 08:37:24 AMTried to log in as root with no password.
5959881.161.238.213Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.010/8/2024 05:57:27 AMTried to access http ip directly.
5959713.229.44.8810/8/2024 03:40:37 AMTried to log in as root with no password.
5959652.88.93.109curl/7.58.010/7/2024 11:44:58 PMUser Agent curl/7.58.0
59595170.106.141.183Custom-AsyncHttpClient10/7/2024 11:19:40 PMEvil 404 /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-st
5959434.79.246.220python-requests/2.32.310/7/2024 09:44:51 PMTried to access http ip directly.
5959354.67.99.215python-requests/2.31.010/7/2024 09:24:05 PMUser Agent python-requests/2.31.0
5959220.84.51.240python-requests/2.32.310/7/2024 06:27:16 PMUser Agent python-requests/2.32.3
59591149.88.106.158Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.010/7/2024 06:22:52 PMEvil 404 /wp-admin/1.php
5959092.222.181.205Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.010/7/2024 05:57:31 PMEvil 404 /wp-login.php
59589172.232.38.208Go-http-client/1.110/7/2024 05:08:30 PMEvil 404 /cgi-bin/supervisor/Factory.cgi
59588172.235.166.234Hello World10/7/2024 04:33:29 PMTried to access http ip directly.
59587172.232.38.153Linux Gnu (cow)10/7/2024 04:10:12 PMTried to access http ip directly.
59586172.235.166.19Hello World10/7/2024 04:07:39 PMTried to access http ip directly.
59585172.232.38.61Linux Gnu (cow)10/7/2024 04:04:58 PMTried to access http ip directly.
59584172.232.38.150Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.010/7/2024 03:53:17 PMEvil 404 /boaform/admin/formLogin
59583172.232.38.156Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.010/7/2024 03:43:06 PMTried to access http ip directly.
5958234.96.46.215Python-urllib/3.810/7/2024 02:50:34 PMUser Agent Python-urllib/3.8
5958157.152.56.42Mozilla/5.0 zgrab/0.x10/7/2024 01:15:16 PMUser Agent Mozilla/5.0 zgrab/0.x
59580198.44.136.222Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.110/7/2024 10:15:44 AMTried to access http ip directly.
5957934.243.125.128Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info@netcraft.com)10/7/2024 10:06:51 AMTried to access http ip directly.
59578103.186.184.64Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.010/7/2024 09:33:50 AMEvil 404 /wp-login.php
59577206.168.34.39Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)10/7/2024 08:41:28 AMTried to access http ip directly.
59576206.168.34.205Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)10/7/2024 08:15:36 AMTried to access http ip directly.
5957515.204.47.3curl/7.54.010/7/2024 07:57:10 AMTried to access http ip directly.
5957413.64.194.111Mozilla/5.0 zgrab/0.x10/7/2024 06:16:47 AMUser Agent Mozilla/5.0 zgrab/0.x
5957349.12.74.245Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.010/7/2024 03:10:24 AMTried to access http ip directly.
59572203.83.11.193Mozilla/5.010/7/2024 03:06:00 AMTried to access http ip directly.
59571104.248.113.120Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.010/7/2024 02:59:21 AMTried to access http ip directly.
59570118.39.79.16310/7/2024 01:44:46 AMTried to log in as root with no password.
59569118.26.39.231curl/7.29.010/7/2024 01:24:30 AMTried to access http ip directly.
59568152.42.201.58python-requests/2.18.410/7/2024 12:02:03 AMUser Agent python-requests/2.18.4
5956772.13.62.25Mozilla/5.0 (compatible; ips-agent)10/6/2024 11:03:08 PMTried to access http ip directly.
59566104.248.27.105Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)10/6/2024 10:48:16 PMTried to access http ip directly.
59565193.34.214.123() { :; }; echo; /bin/ping -c 6 45.156.25.4910/6/2024 10:30:37 PMEvil 404 /cgi-bin/slogin/login.py
59564152.42.203.145python-requests/2.18.410/6/2024 10:28:17 PMUser Agent python-requests/2.18.4
59563186.64.116.180Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.010/6/2024 06:20:32 PMEvil 404 /wp-login.php
59562101.201.108.203Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.010/6/2024 05:39:28 PMEvil 404 /wp-login.php
59561188.138.1.39Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.010/6/2024 05:03:43 PMEvil 404 /wp-login.php
59560144.217.135.247Mozilla/5.0 (compatible; Dataprovider.com)10/6/2024 04:57:41 PMTried to access http ip directly.
59559149.56.160.178Mozilla/5.0 (compatible; Dataprovider.com)10/6/2024 04:57:20 PMTried to access http ip directly.
5955883.69.230.5Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.010/6/2024 10:26:10 AMEvil 404 /wp-login.php
595578.221.142.130curl/7.64.110/6/2024 06:12:19 AMTried to access http ip directly.
5955635.216.244.73abuse.xmco.fr10/6/2024 06:01:44 AMTried to access http ip directly.
5955564.62.156.84Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.010/6/2024 04:48:32 AMTried to access http ip directly.
59554142.93.169.177Go-http-client/1.110/6/2024 04:37:50 AMEvil 404 /solr/admin/info/system
59553142.93.163.112Go-http-client/1.110/6/2024 04:37:33 AMEvil 404 /cgi-bin/authLogin.cgi
595524.151.38.54Mozilla/5.0 zgrab/0.x10/6/2024 03:01:56 AMTried to access http ip directly.
59551152.42.219.97python-requests/2.18.410/5/2024 11:39:31 PMUser Agent python-requests/2.18.4
59550185.79.28.48Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.110/5/2024 10:31:42 PMTried to access http ip directly.
5954945.125.66.32Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.010/5/2024 10:19:19 PMEvil 404 .env (AWS vulnerability)
59548146.190.109.47Mozilla/5.010/5/2024 08:20:46 PMEvil 404 /wp-login.php
595478.41.221.60python-requests/2.31.010/5/2024 08:18:00 PMUser Agent python-requests/2.31.0
5954695.214.27.33Linux Gnu (cow)10/5/2024 04:14:23 PMTried to access http ip directly.
5954545.83.65.163Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.010/5/2024 02:16:33 PMTried to access http ip directly.
5954435.187.191.130python-requests/2.32.310/5/2024 09:56:56 AMTried to access http ip directly.
5954335.216.181.3Mozilla/5.010/5/2024 08:55:24 AMTried to access http ip directly.
5954254.151.116.138Go-http-client/1.110/5/2024 04:48:41 AMTried to access http ip directly.
59541128.199.130.121Mozilla/5.010/5/2024 12:08:36 AMEvil 404 /wp-login.php
5954095.214.27.9Linux Gnu (cow)10/4/2024 08:53:16 PMTried to access http ip directly.
59539178.128.28.60Mozilla/5.010/4/2024 08:18:15 PMEvil 404 /wp-login.php
59538172.168.41.87Mozilla/5.0 zgrab/0.x10/4/2024 08:11:30 PMTried to access http ip directly.
59537188.166.238.42Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.010/4/2024 03:30:37 PMEvil 404 /wp-login.php
59536152.32.187.176curl/7.4.010/4/2024 02:43:48 PMUser Agent curl/7.4.0
59535101.36.124.220curl/7.29.010/4/2024 11:53:55 AMTried to access http ip directly.
59534199.45.154.151Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)10/4/2024 08:28:35 AMTried to access http ip directly.
5953334.234.94.26Mozilla/5.010/4/2024 07:55:53 AMEvil 404 /wp-login.php
59532165.227.231.168curl/8.1.210/4/2024 07:25:56 AMUser Agent curl/8.1.2
59531162.142.125.206Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)10/4/2024 02:19:32 AMTried to access http ip directly.
59530109.74.194.112Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.010/4/2024 01:46:43 AMTried to access http ip directly.
59529187.235.1.97python-requests/2.27.110/3/2024 10:03:31 PMUser Agent python-requests/2.27.1
5952845.61.55.132Mozilla/5.0 CK={} (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko10/3/2024 07:12:40 PMTried to access http ip directly.
59527206.168.34.222Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)10/3/2024 07:03:38 PMTried to access http ip directly.
59526143.244.152.43Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.010/3/2024 05:05:42 PMTried to access http ip directly.
5952534.38.246.117python-requests/2.32.310/3/2024 04:12:50 PMTried to access http ip directly.
59524104.209.33.93Mozilla/5.0 zgrab/0.x10/3/2024 03:17:18 PMUser Agent Mozilla/5.0 zgrab/0.x
5952345.249.246.153curl/7.4.010/3/2024 02:41:51 PMUser Agent curl/7.4.0
59522178.211.57.76python-requests/2.23.010/3/2024 02:26:27 PMTried to access http ip directly.
59521141.98.11.15Hello10/3/2024 01:03:04 PMEvil 404 /cgi-bin/luci/;stok=/locale
5952040.118.214.20Mozilla/5.0 zgrab/0.x10/3/2024 09:42:51 AMTried to access http ip directly.
59519138.68.73.101Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.010/3/2024 08:58:52 AMEvil 404 /wp-admin/setup-config.php?step=1
59518118.39.79.19210/3/2024 08:14:54 AMTried to log in as root with no password.
59517199.45.154.139Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)10/3/2024 07:37:27 AMTried to access http ip directly.
5951652.228.154.162Mozilla/5.0 zgrab/0.x10/3/2024 05:32:14 AMUser Agent Mozilla/5.0 zgrab/0.x
5951547.236.72.26curl/7.75.010/3/2024 03:06:40 AMUser Agent curl/7.75.0
595144.151.229.13Mozilla/5.0 zgrab/0.x10/3/2024 01:54:57 AMUser Agent Mozilla/5.0 zgrab/0.x
59513109.202.99.36Go-http-client/1.110/3/2024 01:00:32 AMEvil 404 .env (AWS vulnerability)
595128.213.227.121Custom-AsyncHttpClient10/2/2024 03:38:20 PMEvil 404 /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-st
59511104.167.220.149libwww-perl/6.0510/2/2024 02:59:20 PMTried to access http ip directly.
59510194.48.251.199Mozilla/5.0 zgrab/0.x10/2/2024 02:11:34 PMTried to access http ip directly.
5950938.165.44.221python-requests/2.32.310/2/2024 01:46:00 PMUser Agent python-requests/2.32.3
5950837.139.53.67Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.010/2/2024 09:50:01 AMEvil 404 //wp-admin/admin-ajax.php?action=cpabc_appointment
59507193.233.202.190python-requests/2.32.310/2/2024 08:52:31 AMUser Agent python-requests/2.32.3
59506163.44.192.113Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.010/2/2024 06:03:26 AMEvil 404 /wp-login.php
5950587.249.137.12910/2/2024 03:57:25 AMTried to log in as root with no password.
5950434.76.178.141python-requests/2.32.310/2/2024 03:15:42 AMTried to access http ip directly.
595033.255.76.128Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info@netcraft.com)10/2/2024 02:59:19 AMTried to access http ip directly.
59502172.168.41.9Mozilla/5.0 zgrab/0.x10/2/2024 02:10:55 AMUser Agent Mozilla/5.0 zgrab/0.x
59501120.195.30.140Custom-AsyncHttpClient10/2/2024 01:34:36 AMEvil 404 /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-st
59500172.206.142.80Mozilla/5.0 zgrab/0.x10/1/2024 11:43:13 PMTried to access http ip directly.
5949945.33.109.10Mozilla/5.0 zgrab/0.x10/1/2024 09:01:19 PMTried to access http ip directly.
59498206.168.34.53Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)10/1/2024 04:10:20 PMTried to access http ip directly.
59497167.94.138.121Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)10/1/2024 04:06:32 PMTried to access http ip directly.