Nginx Shell Script To Block Spamhaus Lasso Drop Spam IP Address

by Vivek Gite on January 10, 2010

#!/bin/bash
# A Nginx Shell Script To Block Spamhaus Lasso Drop Spam IP Address
# Run this script once a day and drop all spam network IPs (netblock) with http 403 client error.
# The script will get executed every day via /etc/cron.daily (make sure crond
# is running).
# -------------------------------------------------------------------------
# Copyright (c) 2008 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Last updated on Jan/11/2010
# -------------------------------------------------------------------------
# tmp file
FILE="/tmp/drop.lasso.txt.$$"
# nginx config file - path to nginx drop conf file
OUT=/usr/local/nginx/conf/drop.lasso.conf
URL="http://www.spamhaus.org/drop/drop.lasso"
# reload command
NGINX="/usr/local/nginx/sbin/nginx -s reload"
# remove old file
[[ -f $FILE ]] && /bin/rm -f $FILE
# emply nginx deny file
>$OUT
# get database
/usr/bin/wget --output-document=$FILE "$URL"
# format in nginx deny netblock; format
/bin/egrep -v '^;' $FILE  | awk '{ print "deny " $1";"}' >>$OUT
# reload nginx
/bin/sync && ${NGINX}

#!/bin/bash

# A Nginx Shell Script To Block Spamhaus Lasso Drop Spam IP Address

# Run this script once a day and drop all spam network IPs (netblock) with http 403 client error.

# The script will get executed every day via /etc/cron.daily (make sure crond

# is running).

# -------------------------------------------------------------------------

# This script is licensed under GNU GPL version 2.0 or above

# -------------------------------------------------------------------------

# This script is part of nixCraft shell script collection (NSSC)

# Visit http://bash.cyberciti.biz/ for more information.

# -------------------------------------------------------------------------

# Last updated on Jan/11/2010

# -------------------------------------------------------------------------

# tmp file

FILE="/tmp/drop.lasso.txt.$$"

# nginx config file - path to nginx drop conf file

OUT=/usr/local/nginx/conf/drop.lasso.conf

URL="http://www.spamhaus.org/drop/drop.lasso"

# reload command

NGINX="/usr/local/nginx/sbin/nginx -s reload"

# remove old file

[[ -f $FILE ]] && /bin/rm -f $FILE

# emply nginx deny file

>$OUT

# get database

/usr/bin/wget --output-document=$FILE "$URL"

# format in nginx deny netblock; format

/bin/egrep -v '^;' $FILE | awk '{ print "deny " $1";"}' >>$OUT

# reload nginx

/bin/sync && ${NGINX}

How Do I Use This Script?

Download and save this script to /etc/cron.daily/, enter:

cd /etc/cron.daily/
wget http://bash.cyberciti.biz/dl/500.sh.zip
unzip 500.sh.zip
mv 500.sh nginx.drop.lasso
chmod +x nginx.drop.lasso
rm 500.sh.zip

cd /etc/cron.daily/

wget http://bash.cyberciti.biz/dl/500.sh.zip

unzip 500.sh.zip

mv 500.sh nginx.drop.lasso

chmod +x nginx.drop.lasso

rm 500.sh.zip

Edit nginx.conf (/usr/local/nginx/conf/nginx.conf) and add the following line:

## Block lasso spammers ##
  include drop.lasso.conf;
## Block lasso spammers ##

## Block lasso spammers ##

include drop.lasso.conf;

## Block lasso spammers ##

Save and close the file. Run the script:

/etc/cron.daily/nginx.drop.lasso

1	/etc/cron.daily/nginx.drop.lasso

Tagged as: client error, crond, egrep, file bin, format bin, gnu gpl version, http 403, lasso, netblock, nginx, nginx block ips, nginx block lasso ips, nginx block netblocks, nginx blokc large number of IPs, output document, scam, script collection, shell script, spam, sync

{ 2 comments… add one }

Alex December 22, 2013, 4:30 pm
it helps me, just change paths in script.
Reply Link
Enzo November 7, 2011, 5:53 pm
what is the utilitie of this script?, please can you explain a little?
regards, nice blog.
Reply Link

Next Script: Shell Script To Build and Install vnstat Network Traffic Monitor

Previous Script: Shell Script To Add MySQL Database, Username and Password Including Remote Host Access