Ban Hackers

Back in the day, hackers were unemployed or unemployable programmers or teenagers with nothing to do.
Now days, it's criminal organizations and Programmers (with a capital P) with masters degrees hired by foreign (and not so foreign) governments to hack into every server they can find. They even try to scan every possible IP address for web servers. When they find one, somebody later tries to hack it.
So, I set up a website for them to visit. It says Coming Soon.
Then, it records their IP Address and bans it from the server with iptables. It also adds their IP Address and User Agent string to the database.

Here are the IP addresses I've banned over the last week:
Data would be truncated in mysqli_stmt.fetch. in file /ban_hackers.chp
in ban_hackers.Render in line 108
BannedID IP User Agent String Date Hacked Banned Reason
6697613.221.198.166Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.367/6/2025 03:56:30 PMTried to access http ip directly.
66975175.170.190.19Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.367/6/2025 02:50:56 PMTried to access http ip directly.
66974162.243.33.191curl/8.1.27/6/2025 02:27:43 PMUser Agent curl/8.1.2
66972185.36.81.36Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.50 Safari/537.367/6/2025 02:27:22 PMEvil 404 /admin/fileman/php/upload.php
66971185.36.81.36Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.50 Safari/537.367/6/2025 02:27:22 PMEvil 404 /admin/FCKeditor/editor/filemanager/upload/php/upl
66973185.36.81.36Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.50 Safari/537.367/6/2025 02:27:22 PMEvil 404 /admin/ckeditor/fileman/php/upload.php
66970207.167.67.14Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.367/6/2025 01:38:25 PMEvil 404 .env (AWS vulnerability)
66969134.209.195.151Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/6/2025 01:11:45 PMEvil 404 .env (AWS vulnerability)
6696846.186.220.159Hello-World/1.07/6/2025 12:12:55 PMTried to access http ip directly.
6696720.55.36.63Mozilla/5.0 zgrab/0.x7/6/2025 12:09:29 PMUser Agent Mozilla/5.0 zgrab/0.x
6696678.189.239.197/6/2025 11:30:03 AMTried to log in as root with no password.
66965185.36.190.74Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.597/6/2025 10:07:32 AMEvil 404 .env (AWS vulnerability)
66964193.24.123.66Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.07/6/2025 09:40:00 AMTried to access http ip directly.
6696343.154.127.188Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.17/6/2025 06:51:02 AMTried to access http ip directly.
66962196.251.83.236Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.367/6/2025 04:16:43 AMEvil 404 .env (AWS vulnerability)
66961167.99.182.131Mozilla/5.0 (X11; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.07/6/2025 03:42:40 AMTried to access http ip directly.
669605.79.105.22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.367/6/2025 03:39:53 AMTried to access http ip directly.
66959146.190.151.98curl/8.1.27/6/2025 02:37:41 AMUser Agent curl/8.1.2
66958162.240.110.167Mozilla/5.0 (X11; Linux x86_64)7/6/2025 01:45:21 AMEvil 404 .env (AWS vulnerability)
66957138.68.156.107Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/6/2025 12:54:06 AMEvil 404 .env (AWS vulnerability)
66956104.234.115.166'Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; +https://www.nokia.com/genomecrawler)'7/6/2025 12:20:30 AMTried to access http ip directly.
6695543.134.186.61Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.17/6/2025 12:00:44 AMTried to access http ip directly.
6695420.65.194.112Mozilla/5.0 zgrab/0.x7/5/2025 08:50:17 PMUser Agent Mozilla/5.0 zgrab/0.x
66953201.71.6.137Hello-World/1.07/5/2025 08:19:24 PMTried to access http ip directly.
66952140.84.191.2087/5/2025 08:05:03 PMTried to log in as root with no password.
6695134.55.102.107Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.07/5/2025 07:25:22 PMTried to access http ip directly.
66950109.72.206.80Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.77/5/2025 06:33:02 PMTried to access http ip directly.
66949185.218.84.29Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.467/5/2025 05:21:33 PMTried to access http ip directly.
66948206.123.145.151Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.367/5/2025 04:50:07 PMEvil 404 .env (AWS vulnerability)
66947185.218.86.12Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.467/5/2025 04:42:56 PMTried to access http ip directly.
6694652.2.25.77Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.367/5/2025 03:49:47 PMTried to access http ip directly.
6694588.151.192.197Mozilla/5.0 zgrab/0.x7/5/2025 03:06:22 PMTried to access http ip directly.
66944143.198.145.58curl/8.1.27/5/2025 02:35:15 PMUser Agent curl/8.1.2
66943159.223.56.73Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/5/2025 02:33:34 PMEvil 404 .env (AWS vulnerability)
6694234.38.6.152python-requests/2.32.47/5/2025 12:39:59 PMTried to access http ip directly.
6694120.80.88.167Mozilla/5.0 zgrab/0.x7/5/2025 11:22:53 AMUser Agent Mozilla/5.0 zgrab/0.x
6694077.37.141.157Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.367/5/2025 10:53:39 AMTried to access http ip directly.
66939111.7.96.158Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.367/5/2025 09:31:27 AMTried to access http ip directly.
669388.219.8.175curl/7.64.17/5/2025 09:30:24 AMTried to access http ip directly.
6693720.169.105.72Mozilla/5.0 zgrab/0.x7/5/2025 09:18:16 AMUser Agent Mozilla/5.0 zgrab/0.x
66936212.33.229.239Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.367/5/2025 06:56:25 AMTried to access http ip directly.
66935185.247.137.68Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)7/5/2025 06:36:11 AMTried to access http ip directly.
66934160.250.180.19Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.07/5/2025 06:22:27 AMEvil 404 /boaform/admin/formLogin
6693345.194.66.7Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.467/5/2025 05:28:42 AMTried to access http ip directly.
6693235.203.211.251Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan7/5/2025 04:25:08 AMTried to access http ip directly.
66931170.64.165.248curl/8.1.27/5/2025 02:53:29 AMUser Agent curl/8.1.2
66930114.35.189.115Hello-World/1.07/5/2025 01:27:38 AMTried to access http ip directly.
66929178.128.122.73Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/5/2025 12:56:20 AMEvil 404 .env (AWS vulnerability)
66928103.79.165.143Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.367/5/2025 12:53:04 AMTried to access http ip directly.
66927147.185.132.30Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan7/5/2025 12:43:12 AMTried to access http ip directly.
66926117.208.254.241Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.367/5/2025 12:11:51 AMTried to access http ip directly.
66925143.198.95.213Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.367/4/2025 11:47:11 PMEvil 404 /wp-includes/ID3/license.txt
66924170.106.187.106Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.17/4/2025 10:49:32 PMTried to access http ip directly.
669231.24.16.222Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.367/4/2025 07:52:07 PMTried to access http ip directly.
66922103.1.179.757/4/2025 06:35:06 PMTried to log in as root with no password.
66921135.233.96.197Mozilla/5.0 zgrab/0.x7/4/2025 04:16:36 PMUser Agent Mozilla/5.0 zgrab/0.x
66920185.177.72.104Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.367/4/2025 02:49:25 PMTried to access http ip directly.
66919159.89.156.108Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/4/2025 02:40:22 PMEvil 404 .env (AWS vulnerability)
66918118.194.228.1677/4/2025 02:39:39 PMTried to log in as root with no password.
6691764.227.173.129curl/8.1.27/4/2025 02:08:52 PMUser Agent curl/8.1.2
6691643.166.244.192Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.17/4/2025 01:47:04 PMTried to access http ip directly.
6691544.220.185.212Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebKit/537.32.36 (KHTML, live Gecko) Chrome/53.0.3015.53 Safari/537.327/4/2025 01:14:36 PMTried to access http ip directly.
6691444.220.185.10Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebKit/537.32.36 (KHTML, live Gecko) Chrome/59.0.3035.96 Safari/537.327/4/2025 01:09:24 PMTried to access http ip directly.
6691384.200.17.134Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/538.41 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.367/4/2025 12:23:18 PMTried to access http ip directly.
66912194.36.80.223Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.367/4/2025 10:49:13 AMTried to access http ip directly.
66911124.78.64.130Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.367/4/2025 09:35:40 AMTried to access http ip directly.
66910167.99.251.122Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)7/4/2025 08:34:13 AMTried to access http ip directly.
66909138.68.67.34Go-http-client/1.17/4/2025 08:34:13 AMEvil 404 /solr/admin/info/system
66908134.209.238.47Go-http-client/1.17/4/2025 08:34:13 AMEvil 404 /cgi-bin/authLogin.cgi
6690720.127.195.254Mozilla/5.0 zgrab/0.x7/4/2025 07:46:55 AMUser Agent Mozilla/5.0 zgrab/0.x
6690664.62.156.172Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/109.07/4/2025 04:15:19 AMTried to access http ip directly.
6690520.65.177.158Mozilla/5.0 zgrab/0.x7/4/2025 03:55:24 AMUser Agent Mozilla/5.0 zgrab/0.x
6690488.83.61.162Hello-World/1.07/4/2025 03:23:29 AMTried to access http ip directly.
6690368.183.27.230Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.07/4/2025 03:00:41 AMTried to access http ip directly.
66902194.113.245.1127/4/2025 02:30:11 AMTried to log in as root with no password.
66901178.79.133.22Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.07/4/2025 12:59:57 AMTried to access http ip directly.
66900159.223.83.4Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/4/2025 12:50:55 AMEvil 404 .env (AWS vulnerability)
6689964.227.169.91curl/8.1.27/4/2025 12:42:03 AMUser Agent curl/8.1.2
66898162.216.150.33Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan7/3/2025 11:07:41 PMTried to access http ip directly.
66897205.169.39.20Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.367/3/2025 10:17:42 PMTried to access http ip directly.
6689634.140.165.75python-requests/2.32.47/3/2025 08:14:14 PMTried to access http ip directly.
66895159.223.227.175Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.367/3/2025 07:57:06 PMTried to access http ip directly.
6689467.205.152.1Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.367/3/2025 07:01:44 PMEvil 404 /wp-content/plugins/litespeed-cache/readme.txt
6689345.194.66.6Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.467/3/2025 06:04:46 PMTried to access http ip directly.
66892162.128.129.121Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.367/3/2025 04:59:26 PMTried to access http ip directly.
66891147.185.132.234Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan7/3/2025 04:38:16 PMTried to access http ip directly.
6689054.209.243.67Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.367/3/2025 03:48:40 PMTried to access http ip directly.