Antiscan is an add-on module that extends the IP address blocking module (version 1.x-1.0.5 or newer) to automatically block anyone who trying to access paths defined as restricted.
Usually this is a bad crawler looking for known potentially vulnerable paths, such as "wp-admin.php", "xmlrpc.php" and so on.
Since version 1.x-1.0.5 of this module, you can also block bad bots using their known user-agent strings and spam referrer domains.
Since version version 1.x-1.0.4 a new option "Report to AbuseIPDB" can be enabled for automatically report blocked scanner activity to AbuseIPDB.
You need to install AbuseIPDB report module to see and use this option.
You can also see the description of the module on the page of this site: Report to AbuseIPDB
Administration page is available from Administration > Configuration > User accounts > Antiscan menu (admin/config/people/antiscan) and can be used to:
- add your patterns for paths to be restricted (some useful patterns are already added out of the box);
- set user-agent strings to block;
- specify referrer spam domains to block;
- enable automatic reporting to AbuseIPDB about blocked scanner activity ("AbuseIPDB report" module should be installed);
- enable logging of blocked access attempts (enabled by default);
- select the time after which the blocked IP will be automatically unblocked;
- enable "Test Mode" to test your patterns, your current IP will not be blocked, but you may see a message when you try to visit the restricted path;
- specify paths or parts of paths that will NOT be restricted to avoid self-blocking;
- for locations with many people sharing the same IP you can set threshold limit for wrong attempts.
Log of module activity:
An example of the block with information about the number of currently blocked IPs:
