Request protecting player_api.php, get.php and api.php

[nosstreamtv]

Protecting player_api.php, get.php and api.php against attacks from iptv scanners (openbullet and others), in this course you will learn how to activate and analyze nginx logs to create a blacklist where through various configurations your problem with attacks on player_api.php, get.php and api.php will be protected and your high cpu, memory, network and other usage issues will be resolved.

Hi someone have a good instruction about this topic above`?

 

[seagate]

create file block_iptv_attackers.sh

#!/bin/bash

# Configuration
NGINX_LOG="/patch-to/nginx/logs/access.log "  # Path to Nginx log file
NGINX_CONF="/patch-to/bin/nginx/conf/blacklist.conf"  # Path to Nginx blacklist file
BLOCK_LIMIT=10  # Maximum number of allowed requests in a short period
CHECK_INTERVAL=60  # Check interval (in seconds)
LOCK_FILE="/tmp/block_iptv_attackers.lock"  # Prevents script from running multiple times

# Check if the script is already running
if [ -f "$LOCK_FILE" ]; then
    echo "Script is already running."
    exit 1
fi

# Create a lock file to prevent multiple script instances
touch "$LOCK_FILE"

# Extract IPs that accessed player_api.php, get.php, or api.php too many times
echo "Checking Nginx logs for attackers..."

# Find IPs with more than $BLOCK_LIMIT requests within a short time period
SUSPICIOUS_IPS=$(grep -E "player_api.php|get.php|api.php" "$NGINX_LOG" | \
    awk '{print $1}' | sort | uniq -c | sort -nr | awk -v limit="$BLOCK_LIMIT" '$1 > limit {print $2}')

# Check if there are any suspicious IPs to block
if [ -z "$SUSPICIOUS_IPS" ]; then
    echo "No suspicious IPs found."
else
    echo "Suspicious IPs:"
    echo "$SUSPICIOUS_IPS"

    # Add suspicious IPs to the Nginx blacklist if not already blocked
    for IP in $SUSPICIOUS_IPS; do
        if ! grep -q "$IP" "$NGINX_CONF"; then
            echo "Blocking IP: $IP"
            echo "deny $IP;" >> "$NGINX_CONF"
        else
            echo "IP $IP is already blocked."
        fi
    done

    # Reload Nginx configuration to apply the new blacklist
    echo "Reloading Nginx..."
    /patch-to/bin/nginx/sbin/nginx -s reload
fi

# Remove the lock file to allow future script executions
rm -f "$LOCK_FILE"

echo "Script execution finished."

add to nginx.conf

include /patch-to/blacklist.conf;

change

access_log off;

to
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /patch-to/nginx/logs/access.log main;


and add to crontab

* * * * * /path/to/block_iptv_attackers.sh >> /var/log/block_iptv_attackers.log 2>&1

 

[halitvhd]

create file block_iptv_attackers.sh

#!/bin/bash

# Configuration
NGINX_LOG="/patch-to/nginx/logs/access.log "  # Path to Nginx log file
NGINX_CONF="/patch-to/bin/nginx/conf/blacklist.conf"  # Path to Nginx blacklist file
BLOCK_LIMIT=10  # Maximum number of allowed requests in a short period
CHECK_INTERVAL=60  # Check interval (in seconds)
LOCK_FILE="/tmp/block_iptv_attackers.lock"  # Prevents script from running multiple times

# Check if the script is already running
if [ -f "$LOCK_FILE" ]; then
    echo "Script is already running."
    exit 1
fi

# Create a lock file to prevent multiple script instances
touch "$LOCK_FILE"

# Extract IPs that accessed player_api.php, get.php, or api.php too many times
echo "Checking Nginx logs for attackers..."

# Find IPs with more than $BLOCK_LIMIT requests within a short time period
SUSPICIOUS_IPS=$(grep -E "player_api.php|get.php|api.php" "$NGINX_LOG" | \
    awk '{print $1}' | sort | uniq -c | sort -nr | awk -v limit="$BLOCK_LIMIT" '$1 > limit {print $2}')

# Check if there are any suspicious IPs to block
if [ -z "$SUSPICIOUS_IPS" ]; then
    echo "No suspicious IPs found."
else
    echo "Suspicious IPs:"
    echo "$SUSPICIOUS_IPS"

    # Add suspicious IPs to the Nginx blacklist if not already blocked
    for IP in $SUSPICIOUS_IPS; do
        if ! grep -q "$IP" "$NGINX_CONF"; then
            echo "Blocking IP: $IP"
            echo "deny $IP;" >> "$NGINX_CONF"
        else
            echo "IP $IP is already blocked."
        fi
    done

    # Reload Nginx configuration to apply the new blacklist
    echo "Reloading Nginx..."
    /patch-to/bin/nginx/sbin/nginx -s reload
fi

# Remove the lock file to allow future script executions
rm -f "$LOCK_FILE"

echo "Script execution finished."

add to nginx.conf

include /patch-to/blacklist.conf;

change

access_log off;

to
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /patch-to/nginx/logs/access.log main;


and add to crontab

* * * * * /path/to/block_iptv_attackers.sh >> /var/log/block_iptv_attackers.log 2>&1

Not working error nginx.conf

 

[seagate]

I hope you replaced the paths in the script?
show which line it complains about and the config line itself

 

[halitvhd]

I hope you replaced the paths in the script?
show which line it complains about and the config line itself

working change this is cloudflare:

log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$http_cf_connecting_ip"';

cloudfalre to change:
limit_req_zone $binary_remote_addr zone=one:30m rate=20r/s;
change to:
limit_req_zone $http_cf_connecting_ip zone=ip:10m rate=3r/s;
limit_req zone=ip;

limit_conn_status 429;
limit_req_status 429;

 

[alqui82]

working change this is cloudflare:

log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$http_cf_connecting_ip"';

cloudfalre to change:
limit_req_zone $binary_remote_addr zone=one:30m rate=20r/s;
change to:
limit_req_zone $http_cf_connecting_ip zone=ip:10m rate=3r/s;
limit_req zone=ip;

limit_conn_status 429;
limit_req_status 429;

If you use Cloudflare you can use rate limit at CL as well.
Also You can just enter directives and allow access only to your ips as :

location ~ ^/api\.php$ {
allow ip;
...
deny all;

 

[jocker]

Hi Guys the script is working in XUI but way lm gethings this errors all the time did l done something wrong....???
......Have a look

Checking Nginx logs for attackers...
Suspicious IPs:
84.131.4.96
87.227.9.159
87.116.134.205
IP 84.131.4.96 is already blocked.
IP 87.227.9.159 is already blocked.
Blocking IP: 87.116.134.205
Reloading Nginx...
/home/xui/bin/nginx/conf/nginx.conf: line 1: user: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 1: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 2: worker_processes: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 2: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 3: worker_rlimit_nofile: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 3: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 4: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 5: events: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 6: worker_connections: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 6: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 7: use: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 7: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 8: accept_mutex: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 8: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 9: multi_accept: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 9: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 10: $'}\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 11: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 12: thread_pool: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 12: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 13: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 14: http: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 15: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 15: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 16: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 16: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 17: default_type: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 17: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 18: sendfile: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 18: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 19: tcp_nopush: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 19: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 20: tcp_nodelay: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 20: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 21: reset_timedout_connection: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 21: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 22: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 22: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 23: fastcgi_read_timeout: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 23: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 24: log_format: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 25: $'$status $body_bytes_sent "$http_referer" \r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 26: "$http_user_agent" "$http_x_forwarded_for": command not found
/home/xui/bin/nginx/conf/nginx.conf: line 26: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 27: access_log: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 27: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 28: error_log: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 28: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 29: keepalive_timeout: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 29: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 30: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 30: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 31: send_timeout: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 31: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 32: sendfile_max_chunk: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 32: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 33: lingering_close: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 33: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 34: aio: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 34: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 35: client_body_timeout: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 35: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 36: client_header_timeout: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 36: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 37: client_max_body_size: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 37: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 38: proxy_buffer_size: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 38: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 39: proxy_busy_buffers_size: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 39: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 40: proxy_buffers: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 40: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 41: proxy_max_temp_file_size: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 41: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 42: real_ip_header: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 42: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 43: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 43: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 44: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 44: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 45: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 45: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 46: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 46: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 47: limit_req_zone: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 47: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 48: server: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 49: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 49: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 50: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 50: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 51: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 51: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 52: include: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 52: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 53: index: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 53: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 54: try_files: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 54: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 55: root: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 55: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 56: server_tokens: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 56: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 57: chunked_transfer_encoding: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 57: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 58: resolver: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 58: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 59: resolver_timeout: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 59: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 60: absolute_redirect: command not found
/home/xui/bin/nginx/conf/nginx.conf: line 60: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 61: $'\r': command not found
/home/xui/bin/nginx/conf/nginx.conf: line 62: syntax error near unexpected token `('
/home/xui/bin/nginx/conf/nginx.conf: line 62: `        if ($request_method !~ ^(GET|POST)$) {

if is a block_limit on 10 made...then he start blocking the users on the Panel ..any idea what to do .....thanks

 

[mycookiejar]

create file block_iptv_attackers.sh

#!/bin/bash

# Configuration
NGINX_LOG="/patch-to/nginx/logs/access.log "  # Path to Nginx log file
NGINX_CONF="/patch-to/bin/nginx/conf/blacklist.conf"  # Path to Nginx blacklist file
BLOCK_LIMIT=10  # Maximum number of allowed requests in a short period
CHECK_INTERVAL=60  # Check interval (in seconds)
LOCK_FILE="/tmp/block_iptv_attackers.lock"  # Prevents script from running multiple times

# Check if the script is already running
if [ -f "$LOCK_FILE" ]; then
    echo "Script is already running."
    exit 1
fi

# Create a lock file to prevent multiple script instances
touch "$LOCK_FILE"

# Extract IPs that accessed player_api.php, get.php, or api.php too many times
echo "Checking Nginx logs for attackers..."

# Find IPs with more than $BLOCK_LIMIT requests within a short time period
SUSPICIOUS_IPS=$(grep -E "player_api.php|get.php|api.php" "$NGINX_LOG" | \
    awk '{print $1}' | sort | uniq -c | sort -nr | awk -v limit="$BLOCK_LIMIT" '$1 > limit {print $2}')

# Check if there are any suspicious IPs to block
if [ -z "$SUSPICIOUS_IPS" ]; then
    echo "No suspicious IPs found."
else
    echo "Suspicious IPs:"
    echo "$SUSPICIOUS_IPS"

    # Add suspicious IPs to the Nginx blacklist if not already blocked
    for IP in $SUSPICIOUS_IPS; do
        if ! grep -q "$IP" "$NGINX_CONF"; then
            echo "Blocking IP: $IP"
            echo "deny $IP;" >> "$NGINX_CONF"
        else
            echo "IP $IP is already blocked."
        fi
    done

    # Reload Nginx configuration to apply the new blacklist
    echo "Reloading Nginx..."
    /patch-to/bin/nginx/sbin/nginx -s reload
fi

# Remove the lock file to allow future script executions
rm -f "$LOCK_FILE"

echo "Script execution finished."

add to nginx.conf

include /patch-to/blacklist.conf;

change

access_log off;

to
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /patch-to/nginx/logs/access.log main;


and add to crontab

* * * * * /path/to/block_iptv_attackers.sh >> /var/log/block_iptv_attackers.log 2>&1

this works perfectly, nice approach on this subject, I've made the same but used UFW to block the ips, will this not put a unnecessary request on nginx process and by that increasing CPU/RAM usage?