Block spammers automatically in nginx
#1
Before you carry on reading this, I must set things straight: to use this guide, you must have root access to your server (so basically, you need a VPS or dedicated hosting); you also must be running the nginx webserver.

Basically, this guide will show you how to drop known email spam IP addresses using the SpamHaus block list automatically from the nginx webserver.

The first thing to do is to run the following commands via SSH:

Code:
$ cd /etc/cron.daily/
$ sudo touch nginx.drop.lasso
$ sudo chmod +x nginx.drop.lasso
$ sudo nano nginx.drop.lasso

Within this file, paste the following code:

PHP Code:
#!/bin/bash
# A Nginx Shell Script To Block Spamhaus Lasso Drop Spam IP Address
# Run this script once a day and drop all spam network IPs (netblock) with http 403 client error.
# The script will get executed every day via /etc/cron.daily (make sure crond
# is running).
# -------------------------------------------------------------------------
# Copyright (c) 2008 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Last updated on Jan/11/2010
# -------------------------------------------------------------------------
# tmp file
FILE="/tmp/drop.lasso.txt.$$"

# nginx config file - path to nginx drop conf file
OUT=/usr/local/nginx/conf/drop.lasso.conf

URL
="http://www.spamhaus.org/drop/drop.lasso"
# reload command
NGINX="/usr/local/nginx/sbin/nginx -s reload"

# remove old file
[[ -f $FILE ]] && /bin/rm -f $FILE

# emply nginx deny file
>$OUT

# get database
/usr/bin/wget --output-document=$FILE "$URL"

# format in nginx deny netblock; format
/bin/egrep -'^;' $FILE  awk '{ print "deny " $1";"}' >>$OUT

# reload nginx
/bin/sync && ${NGINX

Note: you may have to edit the path to save the file if nginx isn't installed to /usr/local/nginx

Now you must edit your nginx configuration. Within your configuration's server block, add the following code:

PHP Code:
include drop.lasso.conf

Now, restart the nginx process and run the cron script:

Code:
$ /etc/init.d/nginx restart
$ /etc/cron.daily/nginx.drop.lasso


Notes

This guide should work, but I can't guarantee the future of the SpamHaus project. Also note that if you use the Config Server Firewall (CSF), it includes the ability to block IPs using the SpamHaus block-list anyway, so it would be wise to enable it within CSF rather than using the above method.
Reply
#2
Thanks for the crazybulk guide Euan. Worked perfectly for me.
euan likes this post
Reply