Take a look at How To Secure Nginx on Ubuntu 14.04

This is where iptables and a little cron job can be useful.

If you’re regularly being hit by the same IP addresses, to block them out make a rule using iptables. With spam, it’s best to simply drop the traffic so try :

iptables -I INPUT -s xx.xx.xx.xx -j DROP

This will block IP address xx.xx.xx.xx accessing your droplet. You can also use CIDR format to block a range of IP Addresses if necessary.

This is not, however, persistent across a reboot so I’d recommend making a little script and run it at boot time as a cron job.

Assuming you’re logged in as root (if not then su as required)

1. Create a file called load_iptables.sh in /root/ :

   nano ~/load_iptables.sh 
   

2. On each line place a rule using iptables. Don’t forget to add the path to iptables!

   /sbin/iptables -I INPUT -s xx.xx.xx.xx -j DROP
   /sbin/iptables -I INPUT -s yy.yy.yy.yy -j DROP
   

3. Save the file and make it executable :

   chmod 700 ~/load_iptables.sh
   

4. Test your script by running it :

   /root/load_iptables.sh
   

5. If all is good, set it as a cron job on reboot :

   crontab -e
   

Then add the following to the crontab that opens :

@reboot    /root/load_iptables.sh

This will then load and run your script as root each time you restart your server. To add new addresses to block, just add a new line to your load_iptables.sh script.

This is a basic way of dealing with spam. If you are comfortable with linux it’s definitely worth looking at something like fail2ban which is a much nicer automated way of snipping spam attacks in the bud :)

I hope that helps!

Regards,
Mike