November 2, 2019

Centmin mod and NGINX BAD BOT BLOCKER

Centmin Mod LEMP stack auto installer is an optimized Nginx, MariaDB, PHP-FPM & CSF Firewall stack for CentOS 6 & 7 developed and maintained by George Liu (eva2000). Nginx & PHP version management, adding Nginx vhost sites and WordPress auto installer with WordPress caching via a shell menu based.

The Ultimate Nginx Bad Bot, User-Agent, Spam Referrer Blocker, Adware, Malware and Ransomware Blocker, Click jacking Blocker, Click Re-Directing Blocker, SEO Companies and Bad IP Blocker with Anti DDOS System, Nginx Rate Limiting and WordPress Theme Detector Blocking. It Stops and Block all kinds of bad internet traffic and even Fake Googlebots before they reach your websites.

Last Update 07/12/2019

There seems to be an error with the update function, it needs to be changed manual, so don’t use this manual anymore.
A new manual is coming up soon!

To install these together I wrote a small manual that almost works out of the box.

The installation of the Centin Mod Lemp stack is easy, start a new fresh server and run the auto installer. Afterwards configure, add domains and subscribe on the community.centminmod.com to get updated and free support of the community. Learn many new things even if you are a newbie (noob in  other words). Soon you will be an expert in this Linux stack.

The Ultimate Nginx Bad Bot is a excellent protection for your server, written by Mitchell Krogg, daily updated. His github contains more useful utilities that are free to use and to protect you. More about his project can be found here https://github.com/mitchellkrogza

Let’s start and combine these two excellent must have tools for a very secure web server and WordPress site or other sites.

I assume in this tutorial that you already have installed the Cenmin Mod Lemp stack.

Step 1

wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker
sudo chmod +x /usr/local/sbin/install-ngxblocker

Step 2

Now run the install-nginx blocker script in DRY-MODE which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet.

The install-nginx blocker will download all required files including the setup and update scripts. It’s adjusted for Centmin, but the DRY-MODE just checks if everything is ok with your installation. Nothing will change until you run the same first sudo ending with an -x (execute)


cd /usr/local/sbin sudo ./install-ngxblocker -c /usr/local/nginx/conf -b /usr/local/nginx/conf/ultimate-badbot-blocker Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt ** Dry Run ** | not updating files | run as 'install-ngxblocker -x' to install files. REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /usr/local/nginx/conf/globalblacklist.conf Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /usr/local/nginx/conf/botblocker-nginx-settings.conf REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/blockbots.conf Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/ddos.conf Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/custom-bad-referrers.conf Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/bad-referrer-words.conf Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/blacklist-ips.conf Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/blacklist-user-agents.conf Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/whitelist-domains.conf Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /usr/local/nginx/conf/ultimate-badbot-blocker/whitelist-ips.conf REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker

Step 3

Now it’s party time, and we install the script with the same first command including -x (execute)

sudo ./install-ngxblocker -c /usr/local/nginx/conf -b /usr/local/nginx/conf/ultimate-badbot-blocker -x

The same message will appear and the domains that are installed on your system. The setup will give you a message that it fixes something. But here comes a manual part

setup will fix conflict from: 'server_names_hash_bucket_size' in /usr/local/nginx/conf/botblocker-nginx-settings.conf
disabling 'server_names_hash_bucket_size' in: /usr/local/nginx/conf/botblocker-nginx-settings.conf
disabled OK

setup will fix conflict from: 'server_names_hash_max_size' in /usr/local/nginx/conf/botblocker-nginx-settings.conf
disabling 'server_names_hash_max_size' in: /usr/local/nginx/conf/botblocker-nginx-settings.conf
disabled OK

setup will fix conflict from: 'limit_req_zone' in /usr/local/nginx/conf/botblocker-nginx-settings.conf
disabling 'limit_req_zone' in: /usr/local/nginx/conf/botblocker-nginx-settings.conf
disabled OK
gives error on nginx -t
manual to fix in /usr/local/nginx/conf/botblocker-nginx-settings.conf
#server_names_hash_bucket_size 256;
#server_names_hash_max_size 4096;
#variables_hash_max_size 4096;
#variables_hash_bucket_size 4096;
#limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
limit_conn_zone $binary_remote_addr zone=addr:50m;

manual to fix in nginx.conf

add / changes values
variables_hash_max_size 4096;
variables_hash_bucket_size 4096;
add to line 25 of nginx.conf
limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
setting lower rate can brake WordPress sites

And then just restart nginx

nginx -t
nprestart
To keep the nginx bad bot blocker up to date, create a cronjob, here in the example every 8 hours, there are someday that Mitchell pushes out many commits, so you want to keep up to date.
00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -e [email protected]

Now you are ready, you can test if it works when you visit the GitHub here on step 11, Only turn the Cloud to Grey if you are using Cloudflare when testing and make sure that you use another server that the one you just used to install the Nginx Bad bot Blocker. Otherwise, these test won’t work and give you a false result.

Now you have two very nice things, one is Centmin with a very fine community and one of the fastest Linux Stacks & security that you can get and a server that is protected from everything bad on the internet before it reaches your server. You can even redirect these bad bots to your Facebook account and see a high increase in page visitors.

If you have any nice thing to tell or want to notify me about a changed setup or anything else, please leave your comments in the section below and I will keep this post up to date.

 

Centmin mod and NGINX BAD BOT BLOCKER - techlabs.technology

Centmin Mod LEMP stack auto installer is an optimized Nginx, MariaDB, PHP-FPM & CSF Firewall. Nginx Bad Bot, Stops and Block all kinds of bad internet traffic

Operating System: Centos Linux

Application Category: Security

Share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *