How to Install NGINX Ultimate Bad Bot Blocker on Ubuntu 20.04

Mitchell Krog created NGINX Ultimate Bad Bot & Referrer Blocker, a Linux Specialist focusing on security, and given his work, you can tell he is one of the good guys. NGINX Ultimate Bad Bot Blocker is, to date, one of the best open free source pieces of software you can deploy to your website free of charge with a continuous update of sometimes twice a day. The work from Mitchell and the community is outstanding.

NGINX Ultimate Bad Bot & Referrer Blocker is jam-packed with features, a run down below:

  • Bad Bots Blocker
  • Bad User-Agents Blocker
  • Spam Referrer Blocker
  • Adware Blocker
  • Ransomware Blocker
  • Clickjacking Blocker
  • SEO Companies and BAD IP Blocker
  • Nginx Rate Limiting Built-in anti-DDoS System
  • WordPress Theme Detector Blocking

In the following tutorial, you will learn how to install Nginx Bad Bot Blocker on Ubuntu 20.04 LTS Focal Fossa.

Advertisement

Prerequisites

Update Operating System

Update your Ubuntu operating system to make sure all existing packages are up to date:

sudo apt update && sudo apt upgrade -y

The tutorial will be using the sudo command and assuming you have sudo status.

To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[joshua@ubuntu ~]$ sudo whoami
root

To set up an existing or new sudo account, visit our tutorial on How to Add a User to Sudoers on Ubuntu.

To use the root account, use the following command with the root password to log in.

su

Install CURL Package

To successfully use Nginx Bad Bot Blocker after installing, you need to make sure you have curl installed on your system.

Run the following command to install.

sudo apt install curl -y

If you are unsure, run the command regardless, as it will cause no harm to your system.

Install Nginx Bad Bot Blocker

The first step to installing the Bad Bot Blocker is downloading the handy installation script from the official Github. This script will handle the process automatically, and in most cases, little intervention afterward is required.

Using the wget command, download the following.

sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker

Example output:

How to Install NGINX Ultimate Bad Bot Blocker on Ubuntu 20.04

Next, navigate to the directory and set the installation script to be executable.

cd /usr/local/sbin
sudo chmod +x install-ngxblocker 

Now check to make sure the permission setting was successful before executing the script.

ls -l
How to Install NGINX Ultimate Bad Bot Blocker on Ubuntu 20.04

If done correctly, you should have x at the end of your permissions, along with install-ngxblocker being green.

Now, execute the script with the following command:

sudo ./install-ngxblocker -x

The required files have been downloaded to the required directories on your NGINX install from the repository.

Next, set NGINX Bad Bot Blocker & Referrer set up and update scripts and executable by the following commands:

sudo chmod +x /usr/local/sbin/setup-ngxblocker
sudo chmod +x /usr/local/sbin/update-ngxblocker

Check chmod permissions, make sure it’s correct.

Example output:

ls -l
How to Install NGINX Ultimate Bad Bot Blocker on Ubuntu 20.04

Install Nginx Bad Bot Blocker now with executing the setup script.

sudo ./setup-ngxblocker -x

The output shows that the script has been added to NGINX vhost configuration files (server blocks). Also, another significant part of this script install will automatically whitelist your IP address in the whitelist-ips.conf file.

Any further required IP addresses needing whitelisting can be added later. Example what it may look like below:

INFO:      /etc/nginx/conf.d/* detected               => /etc/nginx/nginx.conf
inserting: include /etc/nginx/bots.d/blockbots.conf;  => /etc/nginx/sites-available/example.com.vhost
inserting: include /etc/nginx/bots.d/ddos.conf;       => /etc/nginx/sites-available/example.com.vhost

Next, confirm that the bad bot blocker has been included in the nginx.conf configuration file using any text editor.

Example:

sudo nano /etc/nginx/nginx.conf

In the configuration file, the following should be added.

# Bad Bot Blocker
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;

Note, this can appear anywhere in the configuration file, the automatic installation and set up scripts do their best to add the required includes in the best spot. Still, it can be randomized sometimes, but you can adjust it manually in the nginx.conf file.

To finish the installation part, we will do the following commands to test and then restart the NGINX server:

sudo nginx -t

Example output if successful:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Proceed to restart the NGINX server:

sudo systemctl restart nginx

Congratulations, you have successfully installed Nginx Bad Bot Blocker on Ubuntu 20.04.

Advertisement

How to set Cron Job for Automatic Updates

The sources of bad user-agents, IP addresses, domains, and more are often updated twice daily. Hence, it is crucial to set an automatic job to keep checking and updating to protect against the latest threats. The best way to do this is using a cron job.

First, open crontab in your terminal:

sudo crontab -e

Add the following, which is set to 8 hours intervals which are highly recommended given the update script. It’s very lightweight.

00 */8 * * * sudo /usr/local/sbin/update-ngxblocker -e youremail@example.com

Note, if unsure about cron time settings, visit CronTab.Guru is an excellent calculator/test which you can copy/paste.

How to Install NGINX Ultimate Bad Bot Blocker on Ubuntu 20.04

How to Configure Bad Bot Blocker

Nginx Bad Bot Blocker gives you the ability to highly customize itself in many different ways, such as adding your blacklists, whitelists, user-agents, and so on.

For example, modifying the following file /etc/nginx/bots.d/blacklist-ips.conf and adding a custom-made blacklist.

How to Install NGINX Ultimate Bad Bot Blocker on Ubuntu 20.04

Another great benefit is making whitelists for yourself and whitelist specific Search Engine Crawlers to make 100% sure they are not blocked. You can do this by adding single IP addresses or subnets. 

Example:

How to Install NGINX Ultimate Bad Bot Blocker on Ubuntu 20.04

Below is the list of options and their paths you can customize by adding additional data. The most significant point is that updates do not affect these configuration files, so you will not lose the data you added when Nginx Bad Bot Blocker updates itself.

  • /etc/nginx/bots.d/whitelist-domains.conf
  • /etc/nginx/bots.d/blockbots.conf
  • /etc/nginx/bots.d/blacklist-domains.conf
  • /etc/nginx/bots.d/blacklist-user-agents.conf
  • /etc/nginx/bots.d/bad-referrer-words.conf
  • /etc/nginx/bots.d/custom-bad-referrers.conf
  • /etc/nginx/bots.d/ddos.conf

Conclusion and Comments

In the tutorial, you have learned how to install Nginx Bad Bot Blocker on Ubuntu 20.04 LTS server. Overall, this is great for servers with dedicated backend access and is very light and customizable, and if your site has a bot plague problem, this will surely help clean it up.

Subscribe
Notify of
6 Comments
Inline Feedbacks
View all comments
RPWZXC
Guest
Friday, October 15, 2021 1:01 pm

wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker………..comes up with permission denied every time ???
SEE BELOW

user@fxr-i-7:~$ sudo apt update && sudo apt upgrade -y
[sudo] password for user:
Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:2 http://apt.connectify.me speedify InRelease
Hit:3 http://ppa.launchpad.net/flatpak/stable/ubuntu focal InRelease
Hit:4 http://dl.winehq.org/wine-builds/ubuntu focal InRelease
Hit:5 http://us.archive.ubuntu.com/ubuntu focal InRelease
Hit:6 http://archive.canonical.com/ubuntu focal InRelease
Hit:7 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:8 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
Reading package lists… Done
Building dependency tree
Reading state information… Done
All packages are up to date.
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages were automatically installed and are no longer required:
gconf-service gconf-service-backend gconf2-common libappindicator1 libc++1
libc++1-10 libc++abi1-10 libdbusmenu-gtk4 libgconf-2-4 libllvm11
libllvm11:i386
Use ‘sudo apt autoremove’ to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
user@fxr-i-7:~$ wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker
/usr/local/sbin/install-ngxblocker: Permission denied

rpwzxc
Guest
Friday, October 29, 2021 4:08 am

won’t install says needs “curl “

rpwzxc
Guest
Friday, October 29, 2021 4:13 am

when trying to execute , it says needs curl

rpwzxc
Guest
Friday, October 29, 2021 4:27 am

$ sudo ./wget curl
[sudo] password for user:
sudo: ./wget: command not found
user@fxr-i-7:~$ sudo ./wget curl
sudo: ./wget: command not found
user@fxr-i-7:~$ sudo ./wget curl
sudo: ./wget: command not found
user@fxr-i-7:~$ local x= depends_list=”wget curl”
bash: local: can only be used in a function
user@fxr-i-7:~$ x= depends_list=”wget curl”
user@fxr-i-7:~$ -z $(find_binary $x)
find_binary: command not found
-z: command not found
user@fxr-i-7:~$ wget curl
–2021-10-28 13:24:32– http://curl/
Resolving curl (curl)… failed: Name or service not known.
wget: unable to resolve host address ‘curl’
user@fxr-i-7:~$

user@fxr-i-7:~$ local x= depends_list="wget curl"
bash: local: can only be used in a function
user@fxr-i-7:~$ x= depends_list="wget curl"
user@fxr-i-7:~$ -z $(find_binary $x) 
find_binary: command not found
-z: command not found
user@fxr-i-7:~$ wget curl
--2021-10-28 13:24:32--  http://curl/
Resolving curl (curl)... failed: Name or service not known.
wget: unable to resolve host address ‘curl’
adplus-dvertising
6
0
Would love your thoughts, please comment.x
()
x