Hello Friends, I just found this Ultimate Spam Bots Blocker. It seems that it has relieved some Nginx load from my VPS: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker It also has an Apache version. Here I show you installation on Nginx server. cd /usr/local/src sudo wget https://raw.githubusercontent.com/m...ate-bad-bot-blocker/master/install-ngxblocker sudo mv install-ngxblocker /usr/local/sbin/ cd ~ sudo chmod +x /usr/local/sbin/install-ngxblocker To test installation, run: sudo /usr/local/sbin/install-ngxblocker To install the whole software, run: sudo /usr/local/sbin/install-ngxblocker -x Then, test the setup, run: sudo /usr/local/sbin/setup-ngxblocker To setup the software, run: sudo /usr/local/sbin/setup-ngxblocker -x It will insert new inclusions in all your Nginx vhost files. Reload Nginx and see what happens. To auto-update the software and bad bot library, add this to your /etc/daily.cron: /usr/local/sbin/update-ngxblocker If you tweak your site's ISPConfig3 options, ISPConfig will remove Blocker's included file lists. Then, you have to run this again to add Blocker's include lists again: To test the setup, run: sudo /usr/local/sbin/setup-ngxblocker To setup the software, run: sudo /usr/local/sbin/setup-ngxblocker -x To tweak a site, use these parameter in the Blocker's lists: Code: ### SETTINGS: ### --------------------------------------------- ### 0 = allowed - no limits ### 1 = allowed or rate limited less restrictive ### 2 = rate limited more ### 3 = block completely ### ------------------------ It also has a fail2ban addon. I am yet studying how to use it.
Guys & Girls! This software works very well! Its fail2ban addon worked and it at once banned 39 IPs when I restarted fail2ban! I checked a few of these IPs from the list and they turned out to be 100% abuse result on an Abuse Rate public report! I will tell you the detail later! My public sites seem faster than before and the Nginx load shows less busy.
We have fail2ban in ISPConfig perfect server setup but I think it is just meant for monitoring only, so it is not enabled by default? All I read about it is it bans a lot and a little misconfiguration can cause a lot of headache too. Few threads that were recently opened seemed to talk about it. So I am personally not sure whether this is a good thing to use or otherwise not recommendable for general users. May be, but so far I know default nginx is already good and with only a little fine tuning you can make it better if not the best, thus how can you be sure that what you now achieved is really a good thing in all senses?
This blocker fine-tune the Nginx "limit request" feature. Then, you may enable fail2ban's built-in Nginx "limit request" feature. Furthermore, it also provides another fail2ban addon nginxrepeatoffender. If you enable it, it begins to ban. So you can choose to limit requests or to ban. It won't harm at all. Today, it bans 2 IPs which turn out to be 100% abuse on public reports. One IP was reported as coming from a compromised server.
