Which would the best way to block an ip? I noticed a “blockip” in the nginx setup but started to wonder if i should let nginx handle blocking ips or should i add it to the firewall deny list?
It depends,
I would suggest to use firewall for blocking an particular ip, blocking with nginx will block ip for http/https port.
i see, firewall it is 
I had written a small php script that appended the deny line to an included block.conf file …/webroot (in the same folder as wp-config.php outside of the web root)
// check for IP and make sure not to use the proxy IP
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR']; // IP when through a proxy i.e. cloudflare
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
// set $hack = true if your condition is met
if ($hack) {
$fh = fopen('/var/www/example.com/block.conf', 'a');
fwrite($fh, 'deny '. $ip .'; #'. date('Y-m-d H:i:s') .' hack attack attempt detected'. "\r\n");
header('Location: https://www.youtube.com/watch?v=t3otBjVZzT0'); // send to nice video
exit;
}
output appended during attempt:
deny xxx.xxx.xxx.xxx; #2015-03-17 Brute force hack attempt
I couldn’t trigger nginx to reload from the php script even with exec, I tried iwatch and others to monitor the file for changes then reload, but left with a cron job, so I just set an interval on a cron job to reload the nginx config file. The cron job ran this.
#! /bin/bash
/usr/sbin/nginx -s reload
It works really well in blocking uses who trigger this script.
Hi @FalconX1
It’s been a long time, and we haven’t heard from you. It looks like your issue is resolved.
I am closing this support topic for now. Feel free to create a new support topic if you have any queries further.