Antiscan is an add-on module that extends the IP address blocking module (version 1.x-1.0.5 or newest) to automatically block anyone who tries to access paths defined as restricted.
Usually it is a bad crawler looking for known potentially vulnerable paths, such as "wp-admin.php", "xmlrpc.php" and so on.
Also, since version 1.x-1.0.5 of this module, you can block bad bots using their well-known User-Agent strings and spam referrer domains.
Since version version 1.x-1.0.4 new option "Report to AbuseIPDB" can be enabled for automatic reporting to AbuseIPDB about blocked scanners activity.
You need to install AbuseIPDB report module to see and use this option.
You can see description of module on the page of this site too: Report to AbuseIPDB
Administration page is available via menu Administration > Configuration > User accounts > Antiscan (admin/config/people/antiscan) and may be used for:
- add your patterns for paths to be restricted (some usefull patterns are already added out of the box);
- set User-Agent strings, which will be blocked;
- set Referrer spam domains to block;
- enable automatic reporting to AbuseIPDB about blocked scanners activity ("AbuseIPDB report" module should be installed);
- enable logging for blocked access attempts (enabled by default);
- select the time after which the blocked IP will be unblocked automatically;
- enable "Test Mode" to test your patterns, your current IP will not be blocked, but you may see a message when you try to visit the restricted path;
- set paths or portions of paths that will NOT be restricted to avoid self-blocking.
Log of module activity:
An example of the block with information about the number of currently blocked IP:
