Hi everyone,
This week, my peertube instance is the target of a huge spam attack. Bot were creating account every 9 minutes.
Many of them have IP from countries like indonesia, malaysia, etc.
So I used the nginx geoip module to block registration for IPs coming from there countries.
Following instructions are for debian.
First, to list countries :
- install
geoip-bin
package -
grep register /var/log/nginx/your_access.log | awk '{print $1}' | while read i; do echo "$i: "; geoiplookup $i; done
If you find many IPs from the same country… You got it !
To block these countries :
Check your nginx has geoip module with the command: nginx -V
In your /etc/nginx/nginx.conf, in the http block, and before any include:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
PH no;
MYS no;
}
this is if you want a blacklist. If you want a whitelist, just exchange ‘yes’ and ‘no’
And in your /etc/nginx/sites-enabled/peertube
:
Replace
location / { ....
By:
location /api/v1/users/register {
if ( $allowed_country = no ) {
return 403 '{"error":"Your country is not allowed due to spam reasons. Please use the contact form."}';
}
try_files /dev/null @peertube;
}
location / {
try_files /dev/null @peertube;
}
location @peertube { ...
Users from blacklist countries can still use your instance. Only the registration form will be forbidden, and they will get the message you choose when they try to submit it.