#NGINX METHBOT AD FRAUD PROTECTION EXAMPLE Example shows how to match IP addreses of "Methbot" ad fraud operation addreses and perform logging into access log and then block the access to your ressource by returning HTTP 500.
More information can be found here: http://nginx.org/en/docs/http/ngx_http_geo_module.html
user nginx;
events {
worker_connections 100;
}
http {
# IP ranges identified as being used by the "Methbot" ad fraud operation from
# October 2016 through December 2016. https://www.whiteops.com/methbot
#
# Provided by White Ops, Inc.
# For questions, please contact threatintel@whiteops.com
# Available at https://www.whiteops.com/methbot/IPs.txt
geo $methbot_match {
ranges;
default 0;
45.33.224.0-45.33.239.255 1;
45.43.128.0-45.43.141.255 1;
45.43.144.0-45.43.191.255 1;
64.137.0.0-64.137.27.255 1;
64.137.30.0-64.137.127.255 1;
104.143.224.0-104.143.255.255 1;
104.222.160.0-104.222.191.255 1;
104.233.0.0-104.233.63.255 1;
104.238.0.0-104.238.31.255 1;
104.239.0.0-104.239.31.255 1;
104.239.32.0-104.239.57.255 1;
104.239.60.0-104.239.127.255 1;
104.243.192.0-104.243.207.255 1;
104.248.0.0-104.249.63.255 1;
104.250.192.0-104.250.223.255 1;
160.184.0.0-160.184.255.255 1;
161.8.128.0-161.8.255.255 1;
165.52.0.0-165.55.255.255 1;
168.211.0.0-168.211.255.255 1;
179.61.129.0-179.61.129.255 1;
179.61.137.0-179.61.137.255 1;
179.61.196.0-179.61.196.255 1;
179.61.202.0-179.61.202.255 1;
179.61.208.0-179.61.208.255 1;
179.61.216.0-179.61.216.255 1;
179.61.218.0-179.61.219.255 1;
179.61.229.0-179.61.229.255 1;
179.61.230.0-179.61.231.255 1;
179.61.233.0-179.61.235.255 1;
179.61.237.0-179.61.237.255 1;
179.61.239.0-179.61.239.255 1;
179.61.242.0-179.61.242.255 1;
181.41.199.0-181.41.200.255 1;
181.41.202.0-181.41.202.255 1;
181.41.204.0-181.41.204.255 1;
181.41.206.0-181.41.208.255 1;
181.41.213.0-181.41.213.255 1;
181.41.215.0-181.41.216.255 1;
181.41.218.0-181.41.218.255 1;
181.214.5.0-181.214.5.255 1;
181.214.7.0-181.214.7.255 1;
181.214.9.0-181.214.9.255 1;
181.214.11.0-181.214.11.255 1;
181.214.13.0-181.214.13.255 1;
181.214.15.0-181.214.15.255 1;
181.214.17.0-181.214.17.255 1;
181.214.19.0-181.214.19.255 1;
181.214.21.0-181.214.21.255 1;
181.214.23.0-181.214.23.255 1;
181.214.25.0-181.214.25.255 1;
181.214.27.0-181.214.27.255 1;
181.214.29.0-181.214.29.255 1;
181.214.31.0-181.214.31.255 1;
181.214.39.0-181.214.39.255 1;
181.214.41.0-181.214.41.255 1;
181.214.43.0-181.214.43.255 1;
181.214.45.0-181.214.45.255 1;
181.214.47.0-181.214.47.255 1;
181.214.49.0-181.214.49.255 1;
181.214.57.0-181.214.57.255 1;
181.214.71.0-181.214.89.255 1;
181.214.94.0-181.214.127.255 1;
181.214.160.0-181.214.173.255 1;
181.214.175.0-181.214.175.255 1;
181.214.176.0-181.214.203.255 1;
181.214.214.0-181.214.243.255 1;
181.215.5.0-181.215.5.255 1;
181.215.7.0-181.215.7.255 1;
181.215.9.0-181.215.9.255 1;
181.215.11.0-181.215.11.255 1;
181.215.13.0-181.215.13.255 1;
181.215.15.0-181.215.15.255 1;
181.215.17.0-181.215.17.255 1;
181.215.19.0-181.215.19.255 1;
181.215.21.0-181.215.21.255 1;
181.215.23.0-181.215.23.255 1;
181.215.25.0-181.215.25.255 1;
181.215.27.0-181.215.27.255 1;
181.215.29.0-181.215.29.255 1;
181.215.31.0-181.215.31.255 1;
181.215.33.0-181.215.33.255 1;
181.215.35.0-181.215.35.255 1;
181.215.37.0-181.215.37.255 1;
181.215.39.0-181.215.39.255 1;
181.215.41.0-181.215.41.255 1;
181.215.43.0-181.215.43.255 1;
181.215.45.0-181.215.45.255 1;
181.215.47.0-181.215.47.255 1;
181.215.50.0-181.215.63.255 1;
181.215.64.0-181.215.87.255 1;
188.42.0.0-188.42.7.255 1;
191.96.0.0-191.96.0.255 1;
191.96.16.0-191.96.16.255 1;
191.96.18.0-191.96.18.255 1;
191.96.21.0-191.96.21.255 1;
191.96.23.0-191.96.23.255 1;
191.96.29.0-191.96.30.255 1;
191.96.39.0-191.96.39.255 1;
191.96.40.0-191.96.41.255 1;
191.96.43.0-191.96.43.255 1;
191.96.44.0-191.96.47.255 1;
191.96.50.0-191.96.62.255 1;
191.96.69.0-191.96.69.255 1;
191.96.70.0-191.96.74.255 1;
191.96.76.0-191.96.92.255 1;
191.96.94.0-191.96.94.255 1;
191.96.96.0-191.96.97.255 1;
191.96.108.0-191.96.110.255 1;
191.96.113.0-191.96.114.255 1;
191.96.116.0-191.96.117.255 1;
191.96.119.0-191.96.122.255 1;
191.96.124.0-191.96.127.255 1;
191.96.133.0-191.96.134.255 1;
191.96.138.0-191.96.138.255 1;
191.96.140.0-191.96.140.255 1;
191.96.145.0-191.96.145.255 1;
191.96.148.0-191.96.148.255 1;
191.96.150.0-191.96.150.255 1;
191.96.152.0-191.96.164.255 1;
191.96.168.0-191.96.168.255 1;
191.96.170.0-191.96.170.255 1;
191.96.172.0-191.96.172.255 1;
191.96.174.0-191.96.174.255 1;
191.96.177.0-191.96.179.255 1;
191.96.182.0-191.96.182.255 1;
191.96.185.0-191.96.187.255 1;
191.96.189.0-191.96.190.255 1;
191.96.193.0-191.96.193.255 1;
191.96.194.0-191.96.194.255 1;
191.96.196.0-191.96.201.255 1;
191.96.203.0-191.96.203.255 1;
191.96.210.0-191.96.210.255 1;
191.96.212.0-191.96.214.255 1;
191.96.221.0-191.96.223.255 1;
191.96.226.0-191.96.227.255 1;
191.96.232.0-191.96.232.255 1;
191.96.234.0-191.96.237.255 1;
191.96.239.0-191.96.239.255 1;
191.96.244.0-191.96.244.255 1;
191.96.246.0-191.96.246.255 1;
191.101.25.0-191.101.25.255 1;
191.101.36.0-191.101.39.255 1;
191.101.40.0-191.101.47.255 1;
191.101.128.0-191.101.134.255 1;
191.101.146.0-191.101.147.255 1;
191.101.148.0-191.101.149.255 1;
191.101.176.0-191.101.177.255 1;
191.101.182.0-191.101.182.255 1;
191.101.184.0-191.101.189.255 1;
191.101.192.0-191.101.197.255 1;
191.101.204.0-191.101.207.255 1;
191.101.216.0-191.101.220.255 1;
191.101.222.0-191.101.223.255 1;
196.62.0.0-196.62.255.255 1;
204.52.96.0-204.52.117.255 1;
204.52.120.0-204.52.121.255 1;
204.52.122.0-204.52.122.255 1;
204.52.124.0-204.52.127.255 1;
206.124.104.0-206.124.111.255 1;
209.192.128.0-209.192.159.255 1;
216.173.64.0-216.173.127.255 1;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
listen 80;
server_name *.dummy.org
server_tokens off;
# Methbot Logging
access_log /var/log/nginx/methbot_dummy.org_access.log main if=$methbot_match;
location / {
root /var/www/html;
# IN CASE ADDR MATCH WE RETURN 500
if ($methbot_match) {
return 500;
}
}
}
}