A
Admincraftā€¢2mo ago
Ashank

DDoS/Spam Detection

I've been trying to build up this spam detector to run on my machines, but I've been struggling due to Nginx Proxy Manger / Nginx in general. I've already added 
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
to the advanced config in NPM but it's still detecting packets as from my own IP
No description
19 Replies
Admincraft Meta
Admincraft Metaā€¢2mo ago
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close !close !solved !answered
Requested by ashanki#0
Ashank
AshankOPā€¢2mo ago
not really mc related sry but would be nice
Venerable
Venerableā€¢2mo ago
it seems to be for servers
Ashank
AshankOPā€¢2mo ago
wdym
Venerable
Venerableā€¢2mo ago
looks like hes trying to create a spam detection plugin for mc servers
Ashank
AshankOPā€¢2mo ago
not really... mc
Venerable
Venerableā€¢2mo ago
discord interaction is a thing
Ashank
AshankOPā€¢2mo ago
think you're misinterpreting the use case I run many things, I just want to know where the traffic is coming from / going. I operate a server host So many mc servers, webapplications, apis, cdns etc
Venerable
Venerableā€¢2mo ago
ahhh ok and i just now realized you were the poster, im dead tired lol
Ashank
AshankOPā€¢2mo ago
get some rest
looks like he's
šŸ’€ brother im the OP šŸ˜­ I just read that
Venerable
Venerableā€¢2mo ago
i would but it's 7 am and i dont wanna destroy my sleep schedule by going to bed now
Ashank
AshankOPā€¢2mo ago
šŸ’€ alr ig
SilentBot
SilentBotā€¢2mo ago
How are you detecting packets? Are you using Nginx streams?
Ashank
AshankOPā€¢2mo ago
no, I have 0 idea how thats the thing I'm just using tcpdump, and that can't detect nginx stuff How do I use nginx streams?
SilentBot
SilentBotā€¢2mo ago
tcpdump doesn't understand proxy_protocol so you would need a program which was proxy_protocol aware to do your logging
SilentBot
SilentBotā€¢2mo ago
or something like mmproxy to "undo" the proxy_protocol https://github.com/cloudflare/mmproxy
GitHub
GitHub - cloudflare/mmproxy: mmproxy, the magical PROXY protocol ga...
mmproxy, the magical PROXY protocol gateway. Contribute to cloudflare/mmproxy development by creating an account on GitHub.
SilentBot
SilentBotā€¢2mo ago
I believe you could maybe also do it with tshark with the right path
Ashank
AshankOPā€¢2mo ago
alr ig
SilentBot
SilentBotā€¢2mo ago
I mean, tcpdump doesn't understand proxy_protocol, so there's no way to magically change the source ip back It's why you'd typically run it only on your proxy instead

Did you find this page helpful?