I have a very problem. My website is spamming through joomla contact form. In nginx access.log I see only:
10.50.0.1 - - [06/Sep/2017:19:57:32 +0200] "GET /index.php/en/kontakt HTTP/1.1" 200 16132 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 10.50.0.1 - - [06/Sep/2017:19:57:32 +0200] "POST /index.php/en/kontakt HTTP/1.1" 301 193 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 10.50.0.1 - - [06/Sep/2017:19:57:34 +0200] "POST /index.php/en/kontakt HTTP/1.1" 301 193 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 10.50.0.1 - - [06/Sep/2017:19:57:34 +0200] "GET /index.php/en/kontakt HTTP/1.1" 301 193 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 10.50.0.1 - - [06/Sep/2017:19:57:34 +0200] "GET /index.php/en/kontakt HTTP/1.1" 301 193 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 10.50.0.1 - - [06/Sep/2017:19:57:36 +0200] "GET /index.php/en/kontakt HTTP/1.1" 200 16132 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 10.50.0.1 - - [06/Sep/2017:19:57:37 +0200] "GET /index.php/en/kontakt HTTP/1.1" 301 193 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 10.50.0.1 - - [06/Sep/2017:19:57:37 +0200] "GET /index.php/en/kontakt HTTP/1.1" 200 16132 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 10.50.0.1 - - [06/Sep/2017:19:57:37 +0200] "GET /index.php/en/kontakt HTTP/1.1" 301 193 "http://polskaszkolaslough.org/index.php/en/kontakt" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
When I open Linux command tail, new request comes one after another. This is shock! My website is very slow. I have private server with public IP. My local IP is: 10.50.0.6 and a gateway is: 10.50.0.1 DNS is at my domain provider and record A forwards a traffic in to my public IP and then a router forward to my local IP. I would like to block ip range which spamming my domain but I don't see there original address. I see only my gateway IP. I installed fail2ban and I added reCaptha to contact form but it not helped. How can I resolve this problem?
You need access to the router.
The router should be capable of logging the address translations that it makes, and by comparing these logs with your nginx logs you should be able to identify the originating IP address. The router should also be capable of implementing an access list so that you can block the originating IP address.