Ban Hackers

Back in the day, hackers were unemployed or unemployable programmers or teenagers with nothing to do.
Now days, it's criminal organizations and Programmers (with a capital P) with masters degrees hired by foreign (and not so foreign) governments to hack into every server they can find. They even try to scan every possible IP address for web servers. When they find one, somebody later tries to hack it.
So, I set up a website for them to visit. It says Coming Soon.
Then, it records their IP Address and bans it from the server with iptables. It also adds their IP Address and User Agent string to the database.

Here are the IP addresses I've banned over the last week:
BannedID IP User Agent String Date Hacked Banned Reason
57354167.99.64.133python-requests/2.21.02/27/2024 10:07:51 PMUser Agent python-requests/2.21.0
57353162.243.138.46Mozilla/5.0 zgrab/0.x2/27/2024 02:20:33 PMUser Agent Mozilla/5.0 zgrab/0.x
57352107.170.252.44Mozilla/5.0 zgrab/0.x2/27/2024 12:59:00 PMUser Agent Mozilla/5.0 zgrab/0.x
57351139.99.237.29Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)2/27/2024 04:38:36 AMTried to access http ip directly.
57350167.172.72.239python-requests/2.21.02/26/2024 09:11:07 PMUser Agent python-requests/2.21.0
57349213.32.39.40Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.02/26/2024 02:59:47 PMTried to access http ip directly.
57348159.223.92.81Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.02/26/2024 12:58:02 AMEvil 404 /wp-admin/css/colors/blue/CasperExV1.php
57347104.152.52.241masscan/1.3 (https://github.com/robertdavidgraham/masscan)2/26/2024 12:38:01 AMTried to access http ip directly.
57346172.93.111.129python-requests/2.31.02/25/2024 11:24:35 PMTried to access http ip directly.
57345109.74.193.65Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.02/25/2024 09:08:20 PMEvil 404 /wp-login.php
57344193.222.96.163Mozilla/5.0 (Linux; Linux x86_64; en-US) Gecko/20100101 Firefox/122.02/25/2024 03:21:09 PMTried to access http ip directly.
5734391.92.246.144Hello World2/25/2024 05:48:32 AMTried to access http ip directly.
5734245.131.195.201Go-http-client/1.12/25/2024 05:35:55 AMEvil 404 /wp-content/themes/about.php
5734145.131.195.244Go-http-client/1.12/25/2024 05:35:35 AMEvil 404 /wp-includes/ID3/about.php
5734045.131.195.224Go-http-client/1.12/25/2024 05:35:19 AMEvil 404 /wp-includes/IXR/themes.php
5733945.131.195.207Go-http-client/1.12/25/2024 05:35:09 AMEvil 404 /wp-content/plugins/backup-backup/includes/backup-
5733845.131.195.173Go-http-client/1.12/25/2024 05:34:23 AMEvil 404 /wp-includes/ID3/wp-login.php
5733745.131.195.92Go-http-client/1.12/25/2024 05:34:13 AMEvil 404 /wp-includes/ID3/about.php
5733645.131.195.213Go-http-client/1.12/25/2024 05:33:47 AMEvil 404 /wp-admin/dropdown.php
5733545.131.195.103Go-http-client/1.12/25/2024 05:33:42 AMEvil 404 /wp-content/shell20211028.php
5733445.131.195.218Go-http-client/1.12/25/2024 05:33:36 AMEvil 404 /wp-admin/images/admin.php
5733345.131.195.202Go-http-client/1.12/25/2024 05:33:26 AMEvil 404 /wp-content/plugins/core/include.php
5733245.131.195.178Go-http-client/1.12/25/2024 05:33:20 AMEvil 404 /wp-content/plugins/backup-backup/includes/backup-
5733145.131.195.211Go-http-client/1.12/25/2024 05:33:05 AMEvil 404 /wp-content/plugins/press/wp-class.php
5733045.131.195.230Go-http-client/1.12/25/2024 05:33:00 AMEvil 404 /wp-includes/customize/amaxx.php
5732945.131.195.188Go-http-client/1.12/25/2024 05:32:24 AMEvil 404 /wp-content/upgrade/edit.php
5732845.131.195.243Go-http-client/1.12/25/2024 05:32:18 AMEvil 404 /wp-admin/network/amaxx.php
5732745.131.195.93Go-http-client/1.12/25/2024 05:32:13 AMEvil 404 //wp-includes/random_compat/about.php
5732691.92.240.76Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.02/25/2024 03:49:49 AMTried to access http ip directly.
5732518.133.182.63'Cloud mapping experiment. Contact research@pdrlabs.net'2/25/2024 02:16:43 AMEvil 404 /admin/index.html
57324176.119.25.150Go-http-client/1.12/24/2024 11:33:05 PMEvil 404 .env (AWS vulnerability)
57323112.26.75.207Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.02/24/2024 10:01:19 PMTried to access http ip directly.
5732245.83.64.151Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.02/24/2024 04:38:11 PMTried to access http ip directly.
5732145.128.232.90Linux Gnu (cow)2/24/2024 01:57:12 PMTried to access http ip directly.
57320209.51.138.138Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.02/24/2024 09:49:03 AMEvil 404 /wp-login.php
57319139.59.209.23Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.02/24/2024 09:19:54 AMEvil 404 /wp-login.php
57318190.211.255.106Linux Gnu (cow)2/24/2024 07:35:17 AMTried to access http ip directly.
57317192.241.222.61Mozilla/5.0 zgrab/0.x2/23/2024 10:07:19 PMTried to access http ip directly.
5731687.98.149.2Mozilla/5.0 (X11; Linux x86_64; en-GB; rv:103.0esr) Gecko/20010619 Firefox/103.0esr2/23/2024 01:05:23 PMTried to access http ip directly.
5731595.111.236.66Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.02/23/2024 10:15:48 AMEvil 404 /wp-login.php
57314167.86.118.78Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.02/23/2024 09:29:36 AMEvil 404 /wp-login.php
573138.218.212.177Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.02/23/2024 08:34:30 AMEvil 404 /wp-login.php
57312198.199.96.8Mozilla/5.0 zgrab/0.x2/23/2024 08:19:16 AMUser Agent Mozilla/5.0 zgrab/0.x
57311107.170.253.14Mozilla/5.0 zgrab/0.x2/23/2024 04:04:44 AMUser Agent Mozilla/5.0 zgrab/0.x
57310178.79.138.191Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.02/23/2024 12:28:11 AMTried to access http ip directly.
5730943.246.208.201Download Demon/3.5.0.112/22/2024 02:19:53 PMTried to access http ip directly.
5730843.157.198.205curl/7.64.12/22/2024 01:35:12 PMTried to access http ip directly.
57307188.215.235.121Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.02/22/2024 01:07:44 PMEvil 404 .env (AWS vulnerability)
57306162.243.146.69Mozilla/5.0 zgrab/0.x2/22/2024 10:55:43 AMTried to access http ip directly.
5730545.136.6.209Go-http-client/1.12/22/2024 05:46:48 AMTried to access http ip directly.
5730443.225.141.138Mozilla/5.0 zgrab/0.x2/22/2024 02:59:04 AMTried to access http ip directly.
5730345.55.197.43Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.02/22/2024 12:39:51 AMTried to access http ip directly.
5730235.216.158.209abuse.xmco.fr2/21/2024 11:45:21 PMTried to access http ip directly.
57301206.189.87.183Linux Gnu (cow)2/21/2024 08:29:43 PMTried to access http ip directly.
57300118.194.250.180curl/7.29.02/21/2024 08:20:55 PMTried to access http ip directly.
5729994.74.90.173Mozilla/5.0 zgrab/0.x2/21/2024 07:10:37 PMTried to access http ip directly.
57298190.92.217.79Mozilla/5.0 zgrab/0.x2/21/2024 06:02:49 PMTried to access http ip directly.
5729794.74.88.143Mozilla/5.0 zgrab/0.x2/21/2024 04:56:52 PMTried to access http ip directly.
5729694.74.120.130Mozilla/5.0 zgrab/0.x2/21/2024 02:44:01 PMTried to access http ip directly.
5729580.94.95.243Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.12/21/2024 02:15:40 PMTried to access http ip directly.
5729446.249.35.225Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.02/21/2024 10:45:54 AMTried to access http ip directly.
57293128.199.52.28Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.02/21/2024 09:23:35 AMTried to access http ip directly.