Centmin Mod LEMP stack auto installer is an optimized Nginx, MariaDB, PHP-FPM & CSF Firewall stack for CentOS 6 & 7 developed and maintained by George Liu (eva2000). Nginx & PHP version management, adding Nginx vhost sites and WordPress auto installer with WordPress caching via a shell menu based.
The Ultimate Nginx Bad Bot, User-Agent, Spam Referrer Blocker, Adware, Malware and Ransomware Blocker, Click jacking Blocker, Click Re-Directing Blocker, SEO Companies and Bad IP Blocker with Anti DDOS System, Nginx Rate Limiting and WordPress Theme Detector Blocking. It Stops and Block all kinds of bad internet traffic and even Fake Googlebots before they reach your websites.
Last Update 07/12/2019
There seems to be an error with the update function, it needs to be changed manual, so don’t use this manual anymore.
A new manual is coming up soon!
To install these together I wrote a small manual that almost works out of the box.
The installation of the Centin Mod Lemp stack is easy, start a new fresh server and run the auto installer. Afterwards configure, add domains and subscribe on the community.centminmod.com to get updated and free support of the community. Learn many new things even if you are a newbie (noob in other words). Soon you will be an expert in this Linux stack.
The Ultimate Nginx Bad Bot is a excellent protection for your server, written by Mitchell Krogg, daily updated. His github contains more useful utilities that are free to use and to protect you. More about his project can be found here https://github.com/mitchellkrogza
Let’s start and combine these two excellent must have tools for a very secure web server and WordPress site or other sites.
I assume in this tutorial that you already have installed the Cenmin Mod Lemp stack.
wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker
sudo chmod +x /usr/local/sbin/install-ngxblocker
Now run the install-nginx blocker script in DRY-MODE which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet.
The install-nginx blocker will download all required files including the setup and update scripts. It’s adjusted for Centmin, but the DRY-MODE just checks if everything is ok with your installation. Nothing will change until you run the same first sudo ending with an -x (execute)
cd /usr/local/sbinsudo ./install-ngxblocker -c /usr/local/nginx/conf -b /usr/local/nginx/conf/ultimate-badbot-blocker Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt ** Dry Run ** | not updating files | run as 'install-ngxblocker -x' to install files. REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /usr/local/nginx/conf/globalblacklist.conf Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /usr/local/nginx/conf/botblocker-nginx-settings.conf REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/blockbots.conf Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/ddos.conf Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/custom-bad-referrers.conf Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/bad-referrer-words.conf Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/blacklist-ips.conf Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/blacklist-user-agents.conf Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/whitelist-domains.conf Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/whitelist-ips.conf REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker
Now it’s party time, and we install the script with the same first command including -x (execute)
sudo ./install-ngxblocker -c /usr/local/nginx/conf -b /usr/local/nginx/conf/ultimate-badbot-blocker -x
The same message will appear and the domains that are installed on your system. The setup will give you a message that it fixes something. But here comes a manual part
setup will fix conflict from: 'server_names_hash_bucket_size' in /usr/local/nginx/conf/botblocker-nginx-settings.conf disabling 'server_names_hash_bucket_size' in: /usr/local/nginx/conf/botblocker-nginx-settings.conf disabled OK setup will fix conflict from: 'server_names_hash_max_size' in /usr/local/nginx/conf/botblocker-nginx-settings.conf disabling 'server_names_hash_max_size' in: /usr/local/nginx/conf/botblocker-nginx-settings.conf disabled OK setup will fix conflict from: 'limit_req_zone' in /usr/local/nginx/conf/botblocker-nginx-settings.conf disabling 'limit_req_zone' in: /usr/local/nginx/conf/botblocker-nginx-settings.conf disabled OK
#server_names_hash_bucket_size 256; #server_names_hash_max_size 4096; #variables_hash_max_size 4096; #variables_hash_bucket_size 4096; #limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s; limit_conn_zone $binary_remote_addr zone=addr:50m;
manual to fix in nginx.conf
variables_hash_max_size 4096; variables_hash_bucket_size 4096;
limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s; setting lower rate can brake WordPress sites
And then just restart nginx
nginx -t nprestart
00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -e [email protected]
Now you are ready, you can test if it works when you visit the GitHub here on step 11, Only turn the Cloud to Grey if you are using Cloudflare when testing and make sure that you use another server that the one you just used to install the Nginx Bad bot Blocker. Otherwise, these test won’t work and give you a false result.
If you have any nice thing to tell or want to notify me about a changed setup or anything else, please leave your comments in the section below and I will keep this post up to date.