Add user-agent `my-tiny-bot` to block list

[Sebbo94BY]

The my-tiny-bot is a bot, which requests every second partially very specific URLs:

...
/var/log/nginx/rankbot.example.com-access.log:100.21.24.205 - - [04/Nov/2023:23:06:35 +0000] "GET /stats/list_rankup.php?order=desc&search=filter:lastseen:%26gt;:1698972556:&seite=5&sort=lastseen&user=25 HTTP/1.1" 499 0 "-" "my-tiny-bot"
/var/log/nginx/rankbot.example.com-access.log:52.25.208.208 - - [04/Nov/2023:23:06:37 +0000] "GET /stats/list_rankup.php?order=desc&search=filter:lastseen:%26gt;:1698454281:&seite=4&sort=lastseen&user=25 HTTP/1.1" 499 0 "-" "my-tiny-bot"
...

On one of my servers this bot caused ~26k requests within 24 hours from three different IP addresses:

$ grep "my-tiny-bot" /var/log/nginx/*.log | cut -d " " -f 1 | sort | uniq -c
     17 /var/log/nginx/example.com-access.log:100.21.24.205
     16 /var/log/nginx/example.com-access.log:44.230.252.91
      7 /var/log/nginx/example.com-access.log:52.25.208.208
   8811 /var/log/nginx/rankbot.example.com-access.log:100.21.24.205
   8517 /var/log/nginx/rankbot.example.com-access.log:44.230.252.91
   8609 /var/log/nginx/rankbot.example.com-access.log:52.25.208.208

Those IP addresses could be potentially also added to the block list, but those are from AWS, so I personally would avoid this and only block the user agent.

Other admins also report these associated IP addresses as evil:

• https://www.abuseipdb.com/check/100.21.24.205
• https://www.abuseipdb.com/check/44.230.252.91
• https://www.abuseipdb.com/check/52.25.208.208

[gabrieleolmi]

100% confidence of abuse on AbuseIPDB. It seems that the bot also uses other user-agents, as can be seen on AbuseIPDB and listed here: https://udger.com/resources/ua-list/bot-detail?bot=my-tiny-bot