Need to install bad-bot-blocker on nginx

[ross-spencer]

We're seeing a lot of hits in the api counter. Looking at the error/access logs of nginx we're seeing corresponding vulnerability bots hitting the server. Example urls they're trying to hit include non-existing wordpress endpoints, sql injections and so forth.

We an install https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker which will help with this.

I've tried installing this tonight but it hasn't worked correctly (various different errors). Will need to look again.

For reference, the updated files were:

inserting: include /etc/nginx/conf.d/globalblacklist.conf;            => /etc/nginx/nginx.conf
inserting: include /etc/nginx/conf.d/botblocker-nginx-settings.conf;  => /etc/nginx/nginx.conf
inserting: include /etc/nginx/bots.d/blockbots.conf;                  => /etc/nginx/sites-available/default
inserting: include /etc/nginx/bots.d/ddos.conf;                       => /etc/nginx/sites-available/default

We're running the reverse proxy from nginx.cong - the includes have been removed from there.

[ross-spencer]

Another useful tutorial on this: https://tonyteaches.tech/nginx-block-bots-tutorial/

[MatthewSzurkowski]

@ross-spencer I found out the reason we are getting so many hits is because the middleware checking to see which endpoints are accessed is also hooked up to the root URL. Any interactions with the UI causes the counter to be increased. In any case, I still think this change is needed, and will be looking into installing the blocker this weekend.

[ross-spencer]

@MatthewSzurkowski nice!

and will be looking into installing the blocker this weekend.

I tried a few weeks back before putting it on the back-burner, but I'm pleased for the second set of eyes! - All I'll say is, a backup of nginx.conf is a good idea. The install didn't work out of the box for me which is where it became a pain. It may almost be worth trying to clear out the api config, setting up nginx without those settings, i.e. plain nginx, running the bad-bot installer, and then adding the api bits after. I was also considering making api.arkly.io a virtual host config as well, but I just didn't have time, and haven't done that before.

[MatthewSzurkowski]

I've tried installing this and it seems like I'm getting the same issue. I installed it on orcfax documentation server, but I did not modify the .conf files which makes me think it isn't installed fully. I've been looking for a solution online, but many sources say these are common errors with bad blocker.

This: https://github.com/centminmod/centminmod-ultimate-bad-bot-blocker

Seems like a good solution and I will try installing it later today!