Simple spam control

Thu, 31 Jul 2008 10:53:49 -0000

If you manage a website that allows anonymous posting, spam will always find you, soon or later. What's the easiest way to filter spams without doing chunk of work?

Deny by IP

location / {
    deny    124.XXX.XXX.XXX/24;
    deny     58.XXX.XXX.XXX/24;
}

after I added that and reloaded the nginx, spam stopped.

Prior to this, I added captcha check for posting, but that didn't stop the spam at all. Because spam originates from Bangkok, thailand, I wonder if they hired those low cost laborer to send out spam manually, or at least semi-automatically. With ip deny trick, at least it works for now.

Reference

http://wiki.codemongers.com/NginxHttpAccessModule

How to setup godaddy SSL certificate on Nginx

Tue, 15 Sep 2009 04:14:20 -0000

1. Generate SSL request

First create key, replace "mysite.com" with your site domain name.
openssl genrsa -out www.mysite.com.key 2048
then the request,
openssl req -new -key www.mysite.com.key -out www.mysite.com.csr

that command will prompt a few questions, like below


Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:Your town
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Corporation
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:www.mysite.com
Email Address []:someone@mysite.com

the Common Name is the most important field, that should be the exact domain name for which you are requesting SSL, in most cases, it should be "www.mysite.com". If you are buying for a subdomain, then it should be something like "secured.mysite.com". If for wildcard, it should be "*.mysite.com".

After you finish, you should have 2 files now, www.mysite.com.key and www.mysite.com.csr.

2. Buy the SSL on Godaddy

Now goto godaddy's site, and buy the ssl. If it's for a new website, I highly recommend to buy just one year version first. Their cheapest one is just $19.99/year. The reason is you never know if the new site is going to work out or not, or you may need to create secured subdomains a few months later. Because of all these uncertainties, it's better just to pay a tad more for one year only.

The process of buying SSL is quite involved:

You pay for the SSL order first, and you get 1 ssl credit in Godaddy account.
You configure the credit, and submit the whole body text from mysite.csr.
Download the ssl, select type "other" in the dropdown, since I use nginx.

3. Install SSL on Nginx

Godaddy email you the zip file contains 2 files: www.mysite.com.crt and gd_bundle.crt. You need to combine both files into one file, with your domain ssl file on top. so unzip the zip file and combine them.
cat www.mysite.com.crt gd_bundle.crt > mysite_combined.crt

If you don't combine them, browser will not be able to verify certificate authority (CA), and popup dialog or warning messages, which will certainly scare your site visitors away.

Now copy both combined crt and www.mysite.com.key files to your ssl folder on the server, and edit your nginx.conf


server {
    listen          443;
    server_name     www.mysite.com;

    ssl on;
    ssl_certificate         /your/ssl/folder/mysite_combined.crt;
    ssl_certificate_key     /your/ssl/folder/www.mysite.com.key;
    ...
}

then reload the processes to make the change take effect.
/etc/init.d/nginx reload

That's it.

Reference

http://wiki.codemongers.com/NginxHttpSslModule http://blog.imperialdune.com/2007/3/31/setting-up-godaddy-turbo-ssl-on-nginx

Nginx articles

Simple spam control

Deny by IP

Reference

How to setup godaddy SSL certificate on Nginx

1. Generate SSL request

2. Buy the SSL on Godaddy

3. Install SSL on Nginx

Reference